Download Print this page

Alcatel-Lucent OmniSwitch AOS Release 7 Manual

Network configuration guide

Hide thumbs Also See for OmniSwitch AOS Release 7:

Manual (204 pages)

,

Manual (30 pages)

Table Of Contents

page of 720

/ 720
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Part No. 060319-10, Rev. B

March 2011

OmniSwitch AOS Release 7

Network Configuration Guide

www.alcatel-lucent.com

OmniSwitch AOS Release 7 Network Configuration Guide

March 2011

i

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the OmniSwitch AOS Release 7 and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel-Lucent OmniSwitch AOS Release 7

Page 1 Part No. 060319-10, Rev. B March 2011 OmniSwitch AOS Release 7 Network Configuration Guide www.alcatel-lucent.com OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 2 This user guide documents release 7.1.1 of the OmniSwitch 10K. The functionality described in this guide is subject to change without notice. Copyright © 2011 by Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel-Lucent.
Page 3: Table Of Contents
Configuring Flood Rate Limiting ................1-6 Configuring Flow Control ..................1-6 Chapter 2 Configuring UDLD ...................... 2-1 In This Chapter ........................2-1 UDLD Specifications ......................2-2 UDLD Defaults ......................2-2 Quick Steps for Configuring UDLD ................2-3 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 4 Assigning Ports to VLANs ....................4-6 Changing the Default VLAN Assignment for a Port ..........4-7 Using 802.1Q Tagging .....................4-7 Enabling/Disabling Spanning Tree for a VLAN .............4-9 Enabling/Disabling Source Learning ................4-9 Configuring VLAN Router Interfaces ................4-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 5 Configuring Port Priority ..................5-36 Configuring Port Path Cost ..................5-37 Configuring Port Mode ..................5-40 Configuring Port Connection Type ................5-41 Configuring the Edge Port Status ................5-42 Restricting Port Roles (Root Guard) ..............5-43 Restricting TCN Propagation .................5-43 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 6 Configuring Ports to Join and Removing Ports in a Dynamic Aggregate Group ..7-10 Modifying Dynamic Link Aggregate Group Parameters ..........7-12 Modifying Dynamic Aggregate Group Parameters ..........7-12 Modifying Dynamic Link Aggregate Actor Port Parameters ........7-17 Modifying Dynamic Aggregate Partner Port Parameters ........7-21 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 7 Creating the Virtual Fabric Link (VFL) ..............8-25 Configuring MC-LAG Aggregates ................8-25 Configuring the VIP VLAN ...................8-25 Recommended Configuration Parameters ..............8-26 Verifying Parameter Consistency ................8-26 MC-LAG Configuration Example ................8-28 Displaying MC-LAG Configuration and Statistics ............8-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 8 Aging Time ......................10-9 Configuring 802.1AB ....................10-10 Configuring LLDPDU Flow ................10-10 Enabling and Disabling Notification ..............10-10 Enabling and Disabling Management TLV ............10-10 Enabling and Disabling 802.1 TLV ..............10-11 Enabling and Disabling 802.3 TLV ..............10-11 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 9 Displaying TCP Information ................11-33 Displaying UDP Information ................11-33 Tunneling ........................11-34 Generic Routing Encapsulation ................11-34 IP Encapsulation within IP ...................11-34 Tunneling operation .....................11-35 Configuring a Tunnel Interface ................11-35 Verifying the IP Configuration ...................11-37 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 10 Removing an IPv6 Interface .................13-14 Assigning IPv6 Addresses ...................13-15 Removing an IPv6 Address ..................13-16 Configuring IPv6 Tunnel Interfaces ................13-17 Creating an IPv6 Static Route ..................13-18 Configuring the Route Preference of a Router ............13-19 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 11 Configuring the RIP Invalid Timer ..............15-10 Configuring the RIP Garbage Timer ..............15-10 Configuring the RIP Hold-Down Timer ..............15-10 Reducing the Frequency of RIP Routing Updates ..........15-10 Enabling a RIP Host Route ..................15-11 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 12 Internal DHCP Relay .....................17-8 DHCP Relay Implementation ..................17-9 Global DHCP ......................17-9 Per-VLAN DHCP ....................17-9 Configuring BOOTP/DHCP Relay Parameters ...........17-10 Setting the Forward Delay ..................17-10 Setting Maximum Hops ..................17-11 Setting the Relay Forwarding Option ..............17-11 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 13 Setting Preemption for VRRPv3 Virtual Routers ..........18-22 Enabling/Disabling a VRRPv3 Virtual Router ............18-23 Setting VRRPv3 Traps ..................18-23 Verifying the VRRPv3 Configuration ................18-24 Creating Tracking Policies ..................18-25 Associating a Tracking Policy with a VRRPv2/VRRPv3 Virtual Router ...18-25 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 14 Displaying Server Load Balancing Status and Statistics ..........19-22 Chapter 20 Configuring IP Multicast Switching ..............20-1 In This Chapter ......................20-1 IPMS Specifications ......................20-2 IPMSv6 Specifications ....................20-2 IPMS Default Values ....................20-3 IPMSv6 Default Values ....................20-4 IPMS Overview ......................20-5 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 15 Enabling and Disabling the MLD Zapping ............20-33 Limiting MLD Multicast Groups .................20-34 IPMS Application Example ..................20-36 IPMSv6 Application Example ..................20-38 Displaying IPMS Configurations and Statistics ............20-40 Displaying IPMSv6 Configurations and Statistics ............20-41 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 16 Creating Policy Actions ..................21-42 Creating Policy Rules ...................21-43 Verifying Policy Configuration ................21-47 Using Condition Groups in Policies ................21-48 Sample Group Configuration ................21-48 Creating Network Groups ..................21-49 Creating Services ....................21-50 Creating Service Groups ..................21-51 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 17 Configuring a Secure Socket Layer for a Policy Server ........22-6 Loading Policies From an LDAP Server ..............22-6 Removing LDAP Policies From the Switch ............22-6 Interaction With CLI Policies ................22-7 Verifying the Policy Server Configuration ..............22-7 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 18 Configuring Unidirectional Port Mapping .............24-4 Restoring Bidirectional Port Mapping ..............24-4 Sample Port Mapping Configuration ................24-5 Example Port Mapping Overview ................24-5 Example Port Mapping Configuration Steps ............24-6 Verifying the Port Mapping Configuration ..............24-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 19 Switch Health Overview .....................26-12 Switch Health Specifications ................26-12 Switch Health Defaults ..................26-13 Quick Steps for Configuring Switch Health ............26-13 Port Mirroring ......................26-14 What Ports Can Be Mirrored? ................26-14 How Port Mirroring Works ..................26-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 20 Configuring Resource Thresholds ................26-43 Displaying Health Threshold Limits ..............26-44 Configuring Sampling Intervals ................26-45 Viewing Sampling Intervals .................26-45 Viewing Health Statistics for the Switch .............26-46 Viewing Health Statistics for a Specific Interface ..........26-47 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 21 Displaying Switch Logging Records ..............28-12 Appendix A Software License and Copyright Statements ............. A-1 Alcatel-Lucent License Agreement ................A-1 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT ......A-1 Third Party Licenses and Notices .................. A-4 Index ........................Index-1 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 22 Contents OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 23: About This Guide
About This Guide This OmniSwitch AOS Release 7 Network Configuration Guide describes basic attributes of your switch and basic switch administration tasks. The software features described in this manual are shipped standard with your switches. These features are used when readying a switch for integration into a live network environment.
Page 24: What Is In This Manual
Many chapters include tutorials or application examples that help convey how CLI commands can be used together to set up a particular feature. page xxii OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 25: Documentation Roadmap
Stage 3: Integrating the Switch Into a Network Pertinent Documentation: OmniSwitch AOS Release 7 Network Configuration Guide OmniSwitch AOS Release 7 Advanced Routing Configuration Guide When you are ready to connect your switch to the network, you will need to learn how the OmniSwitch implements fundamental software features, such as 802.1Q, VLANs, Spanning Tree, and network routing...
Page 26 CLI-to-MIB variable mapping information for all CLI commands supported by the switch. This guide can be consulted anytime during the configuration process to find detailed and specific information on each CLI command. page xxiv OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 27: Related Documentation
(authenticated VLANs), Quality of Service (QoS), link aggregation, and server load balancing. • OmniSwitch AOS Release 7 Advanced Routing Configuration Guide Includes network configuration procedures and descriptive information on all the software features and protocols included in the advanced routing software package. Chapters cover multicast routing (DVMRP and PIM-SM), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP).
Page 28: Technical Support
With 24-hour access to Alcatel-Lucent’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel-Lucent’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals.
Page 29: Chapter 1 Configuring Ethernet Ports
“Ethernet Ports Overview” on page 1-3 • “Configuring Ethernet Port Parameters” on page 1-3 For information about CLI commands that can be used to view Ethernet port parameters, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1-1...
Page 30: Ethernet Specifications
None configured Maximum Frame Size interfaces max-frame- 1553 (untagged) Ethernet packets size 1553 (tagged) Ethernet packets 9216 Gigabit Ethernet packets Digital Diagnostics Monitoring interfaces ddm Disabled (DDM) page 1-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 31: Ethernet Ports Overview
MDI (Media Dependent Interface), which is the standard for end stations. For example: -> interfaces 2/1 crossover auto -> interfaces 2/2-5 crossover mdi -> interfaces 3 crossover mdix OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1-3...
Page 32: Setting Interface Line Speed
CLI are cleared; SNMP values are not cleared and continue to main- tain cumulative totals. For example: -> clear interfaces 2/1-3 l2-statistics cli Note that when the cli parameter is not specified both CLI and SNMP statistics are cleared. page 1-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 33: Enabling And Disabling Interfaces
-> interfaces ddm enable Traps can be enabled using the interfaces ddm-trap if any of the above values crosses the pre-defined low or high thresholds of the transceiver. For example: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1-5...
Page 34: Configuring Flood Rate Limiting
PAUSE frames from peer switches and temporarily stop sending traf- fic to the peer. Do not transmit PAUSE frames to peer switches. • tx-and-rx—Transmit and honor PAUSE frames when traffic congestion occurs between peer switches. page 1-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 35 -> interfaces 1/1-10 pause tx-and-rx To disable flow control for one or more ports, specify the disable parameter with the interfaces pause command. For example: -> interfaces 1/10 pause disable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1-7...
Page 36 Configuring Ethernet Port Parameters Configuring Ethernet Ports page 1-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 37: Chapter 2 Configuring Udld
• “Clearing UDLD Statistics” on page 2-8. • “Verifying the UDLD Configuration” on page 2-8. • “Verifying the UDLD Configuration” on page 2-8. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2-1...
Page 38: Udld Specifications
Disabled UDLD status of a port udld port Disabled UDLD operational mode udld mode Normal Probe-message advertisement timer udld probe-timer 15 seconds Echo-based detection timer udld echo-wait-timer 8 seconds page 2-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 39: Quick Steps For Configuring Udld
-> show udld statistics port 1/42 UDLD Port Statistics Hello Packet Send Echo Packet Send Flush Packet Recvd UDLD Neighbor Statistics Neighbor ID Hello Pkts Recv Echo Pkts Recv --------------+--------------------+-------------- OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2-3...
Page 40: Udld Overview
On fiber-optic or twisted-pair links, one of the interfaces cannot send or receive traffic. • On fiber-optic or twisted-pair links, one of the interfaces is down while the other is up. • One of the fiber strands in the cable is disconnected. page 2-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 41: Mechanisms To Detect Unidirectional Links
UDLD restarts the link-up sequence to re-synchronize with potentially out-of-sync neighbors. UDLD shuts down the port, after the continuous messages, if the link state is undetermined. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2-5...
Page 42: Configuring Udld
To disable UDLD on a port, use the udld port command with the disable parameter. For example, the following command disables UDLD on a range of ports: -> udld port 5/21-24 disable page 2-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 43: Configuring The Operational Mode
Use the no form of this command to reset the timer. For example, the following command resets the timer for port 6 of slot 4: -> no udld port 4/6 echo-wait-timer The following command resets the timer for multiple ports: -> no udld port 1/8-21 echo-wait-timer OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2-7...
Page 44: Clearing Udld Statistics
Guide. An example of the output for the show udld configuration port and show udld statistics port commands is also given in “Quick Steps for Configuring UDLD” on page 2-3. page 2-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 45: In This Chapter
“Configuring MAC Address Table Aging Time” on page 3-7. • “Configuring the Source Learning Status” on page 3-8. • “Increasing the MAC Address Table Size” on page 3-9. • “Displaying Source Learning Information” on page 3-10. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 3-1...
Page 46: Managing Source Learning
Static MAC address operating mode mac-learning vlan static mac-address bridging MAC address aging timer mac-learning aging-time 300 seconds MAC source learning status per port mac-learning enabled MAC source learning mode mac-learning mode centralized page 3-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 47: Mac Address Table Overview
MAC address in the display output. The asterisk indicates that this is an invalid MAC address. When the port link comes up, however, the MAC address is then considered valid and the asterisk no longer appears next to the address in the display. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 3-3...
Page 48: Configuring Static Mac Addresses
-> mac-learning vlan 1 linkagg 1 static mac-address 00:00:02:CE:10:37 bridging For more information about configuring a link aggregate of ports, see Chapter 6, “Configuring Static Link Aggregation” Chapter 7, “Configuring Dynamic Link Aggregation.” page 3-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 49: Using Static Multicast Mac Addresses
-> mac-learning vlan 20 port 1/1 multicast mac-address 01:25:9a:5c:2f:10 Use the no form of the mac-learning vlan multicast mac-address command to delete static multicast MAC address entries: -> no mac-learning vlan 20 port 1/1 multicast mac-address 01:25:9a:5c:2f:10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 3-5...
Page 50: Static Multicast Mac Addresses On Link Aggregate Ports
ID. For example, the following command assigns a static multicast MAC address to link aggregate ID 2 associated with VLAN 455: -> mac-learning vlan 455 linkagg 2 multicast mac-address 01:95:2A:00:3E:4c page 3-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 51: Configuring Mac Address Table Aging Time
VLANs back to the default value: -> mac-learning aging-time default To display the aging time value use the show mac-learning aging-time command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 3-7...
Page 52: Configuring The Source Learning Status
Statically configured MAC addresses are not cleared when source learning is disabled for the port or aggregate. In addition, configuring a new static MAC address is allowed even when source learning is disabled. page 3-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 53: Increasing The Mac Address Table Size
Note. All three of the above configuration steps are required to enable or disable the MAC mode. If any of the above steps are skipped, the status of the mode is not changed. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 54: Displaying Source Learning Information
Displays the current status of the distributed MAC source learning mode. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. page 3-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 55: Configuring Vlans
In a switch-based network, such as one comprised of Alcatel-Lucent switching systems, a broadcast domain, or VLAN can span multiple physical switches and can include ports from a variety of media types. For example, a single VLAN could span three different switches located in different buildings and include a variety of Ethernet port configu- rations, such as 802.1q tagged VLAN member ports and/or a link aggregate of ports.
Page 56: Vlan Specifications
VLAN Spanning Tree state spantree vlan admin-state Enabled VLAN IP router interface ip interface None VLAN port associations vlan members untagged All ports initially associated with default VLAN 1. page 4-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 57: Sample Vlan Configuration
To verify that ports 3/2-4 were assigned to VLAN 100, use the show vlan members command. For example: -> show vlan 100 members port type status --------+---------+-------------- default inactive default inactive default inactive OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 4-3...
Page 58: Vlan Management Overview
VLAN. Creating/Modifying VLANs The initial configuration for all Alcatel-Lucent switches consists of a default VLAN 1 and all switch ports are initially assigned to this VLAN. When a switching module is added to the switch, the physical ports are also related to the assigned VLAN 1. If additional VLANs are not configured on the switch, then the entire switch is treated as one large broadcast domain.
Page 59: Adding/Removing A Vlan
4-10. To view a list of VLANs already configured on the switch, use the show vlan command. See “Verifying the VLAN Configuration” on page 4-13 for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 4-5...
Page 60: Enabling/Disabling The Vlan Administrative Status
“Using 802.1Q Tagging” on page 4-7. • Configuring ports as members of a link aggregate that is assigned to a configured default VLAN. (See Chapter 6, “Configuring Static Link Aggregation” for more information.) page 4-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 61: Changing The Default Vlan Assignment For A Port
If the packet is not tagged at all, the packet is placed into the default VLAN to which the port that received the packet is assigned. The following diagram illustrates a simple network by using tagged and untagged traffic: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 4-7...
Page 62 To display all VLANs, enter the following command: -> show vlan port Note. The link aggregation group must be created first before it can be set to use 802.1Q tagging page 4-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 63: Enabling/Disabling Spanning Tree For A Vlan
For example, the following command disabled source learning on VLAN 10: -> mac-learning vlan 10 disable Disabling source learning on a VLAN causes the VLAN to be flooded with unknown unicast traffic. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 4-9...
Page 64: Configuring Vlan Router Interfaces
IP - 21.0.0.10. Alcatel-Lucent switches support routing of IP traffic. A VLAN is available for routing when at least one router interface is defined for that VLAN and at least one active port is associated with the VLAN. Up to eight IP interfaces can be configured for each VLAN.
Page 65: Bridging Vlans Across Multiple Switches
The Spanning Tree algorithm determined that if all connections between switches were active, a network loop would exist that could cause unnecessary broadcast traffic on the network. The path between Switch OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 66 This is how a logical grouping of users can traverse a physical network setup without routing and is one of the many benefits of using VLANs. page 4-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 67: Chapter 26 Diagnosing Switch Problems
Does not apply to fixed ports. The following example displays VPA information for all ports in VLAN 200: -> show vlan 200 members port type status --------+---------+-------------- 3/24 default inactive 5/12 qtagged blocking OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 4-13...
Page 68 VLAN 200 is an 802.1Q-tagged VLAN for port 5/12, which is an active port but currently blocked from forwarding traffic. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. page 4-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 69: Chapter 5 Configuring Spanning Tree Parameters
STP helps to provide data path redundancy and network scalability. The Alcatel-Lucent STP implementation, based on the IEEE 802.1D standard, distributes the Spanning Tree load between the primary management module and the network interface modules. This functionality...
Page 70: In This Chapter
5-20. • Configuring Spanning Tree bridge parameters on page 5-25. • Configuring Spanning Tree port parameters on page 5-33. • Configuring an example Spanning Tree topology on page 5-44. page 5-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 71: Spanning Tree Specifications
Maximum flat mode Multiple Spanning 16 MSTI, in addition to the Common and Internal Spanning Tree Instances (MSTI) per switch Tree instance (also referred to as MSTI 0). OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-3...
Page 72: Spanning Tree Bridge Parameter Defaults
Type of BPDU to be used on a port when spantree pvst+compatibil- auto (IEEE BPDUs are used per vlan PVST+ mode is enabled until a PVST+ BPDU is detected) page 5-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 73: Multiple Spanning Tree (Mst) Region Defaults
The number of Multiple Spanning Tree spantree msti 0 (flat mode instance) Instances (MSTI) The VLAN to MSTI mapping spantree msti vlan All VLANs are mapped to the Common Internal Spanning Tree (CIST) instance OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-5...
Page 74: Spanning Tree Overview
MSTP is an enhancement to the 802.1Q Common Spanning Tree (CST), which is provided when an Alcatel-Lucent switch is running in the flat Spanning Tree operating mode. The flat mode applies a single spanning tree instance across all VLAN port connections on a switch. MSTP allows the configuration of Multiple Spanning Tree Instances (MSTIs) in addition to the CST instance.
Page 75 Port is included in the active topology. Forwarding Forwarding Port is transmitting and receiving data and is Root, Designated included in the active topology. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-7...
Page 76 When a bridge first comes up, it assumes it is the root and starts transmitting Configuration BPDU on all its active ports advertising its own bridge ID as the root bridge ID. page 5-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 77 BPDU with the TC flag set and the Spanning Tree returns to an active, stable topology. Note. You can restrict the propagation of TCNs on a port. To restrict TCN propagation on a port, see “Configuring STP Port Parameters” on page 5-33. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-9...
Page 78: Topology Examples
If a new switch is added to the network, the Spanning Tree topology is automatically recalculated to include the monitoring of links to the new switch. page 5-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 79 Switch D than the path between Switch B and Switch A. As a result, a network loop is avoided. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 80: Mst General Overview
Spanning Tree (CST). The CST is a single spanning tree that uses 802.1D (STP) or 802.1w (RSTP) to provide a loop-free network topology. The Alcatel-Lucent flat spanning tree mode applies a single CST instance on a per switch basis. The per-VLAN mode is an Alcatel-Lucent proprietary implementation that applies a single spanning tree instance on a per VLAN basis.
Page 81 • The 4/8 to 5/2 connection and the 4/2 to 5/1 connection are considered redundant connections so they are both blocked in favor of the 3/1 to 2/1 connection. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-13...
Page 82 CIST BPDU contains only MSTI information. “Sample MSTI Configuration” on page 5-49 for more information about how to direct VLAN traffic over separate data paths using MSTP. page 5-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 83: Comparing Mstp With Stp And Rstp
What is a Multiple Spanning Tree Instance (MSTI) An MSTI is a single Spanning Tree instance that represents a group of VLANs. Alcatel-Lucent switches support up to 16 MSTIs on one switch. This number is in addition to the Common and Internal Spanning Tree (CIST) instance 0, which is also known as MSTI 0.
Page 84: What Is A Multiple Spanning Tree Region
The maximum number of hops for the region is not one of the attributes that defines membership in the region. See “Sample MST Region Configuration” on page 5-47 for a tutorial on how to configure MST region parameters. page 5-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 85: What Is The Common Spanning Tree
Configure MSTIs – Every switch has a default Common and Internal Spanning Tree (CIST) instance 0, which is also referred to as MSTI 0. Configuration of additional MSTI is required to segment switch OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 86: Mst Interoperability And Migration
Once the protocol is changed, MSTP features are available for configuration. Multiple Spanning Tree Instances (MSTI) are now configurable for defining data paths for VLAN traffic. See “How MSTP Works” on page 5-12 for more information. page 5-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 87 MSTP compliant systems. Migrating from Per-VLAN Mode to Flat Mode MSTP As previously described, the per-VLAN mode is an Alcatel-Lucent proprietary implementation that applies one Spanning Tree instance to each VLAN. For example, if five VLANs exist on the switch, then their are five Spanning Tree instances active on the switch, unless Spanning Tree is disabled on one of the VLANs.
Page 88: Spanning Tree Operating Modes
VLAN configuration or tagged VLAN assignments, are considered part of one Spanning Tree instance. To see an example of a flat mode switch with MSTP (802.1s) as the active protocol, see Chapter 5, “Configuring Spanning Tree Parameters.” page 5-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 89: Using Per-Vlan Spanning Tree Mode
However, if a VLAN appears as the configured default VLAN for the port, then BPDU are not tagged and the single Spanning Tree instance applies. To change the Spanning Tree operating mode to per-VLAN, enter the following command: -> spantree mode per-vlan OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-21...
Page 90: Using Per-Vlan Spanning Tree Mode With Pvst
OmniSwitch or in the Cisco PVST+ mode when connected to a Cisco switch. As a result, both the Alcatel-Lucent per-VLAN and Cisco PVST+ modes can co-exist on the same OmniSwitch and interoperate correctly with a Cisco switch using the standard Spanning Tree protocols (STP or RSTP).
Page 91: Omniswitch Pvst+ Interoperability
BPDU format used by Alcatel-Lucent per-VLAN mode, thus preventing Spanning Tree topologies for tagged VLANs from interoperating over the 802.1Q trunk. In order to interoperate with Cisco PVST+ mode, the current Alcatel-Lucent per-VLAN mode has an option to recognize Cisco's proprietary PVST+ BPDUs. This allows any user port on an OmniSwitch to send and receive PVST+ BPDUs, so that loop-free topologies for the tagged VLANs can be created between OmniSwitch and Cisco switches.
Page 92 Dynamic aggregate link (LACP) functions properly between OmniSwitch and Cisco switches. The Cisco switches send the BPDUs only on one physical link of the aggregate, similar to the OmniSwitch page 5-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 93: Using Spanning Tree Configuration Commands
RSTP (1w) Per Vlan PVST+ (1d) Per Switch Using Spanning Tree Configuration Commands The Alcatel-Lucent Spanning Tree implementation uses commands that contain one of the following keywords to specify the type of Spanning Tree instance to modify: • cist – command applies to the Common and Internal Spanning Tree instance. The CIST is the single Spanning Tree flat mode instance that is available on all switches.
Page 94: Configuring Stp Bridge Parameters
Configuring the forward delay time value for the flat mode CIST instance or a per-VLAN mode VLAN instance. spantree bpdu-switching Configuring the BPDU switching status for a VLAN. page 5-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 95: Selecting The Spantree Protocol
Multiple Spanning Tree Instance (MSTI). In both cases, the default priority value is assigned. Note that priority value for an MSTI must be a multiple of 4096. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 96: Configuring The Bridge Hello Time
(per-VLAN or flat). For example, the following commands change the hello time value for the flat mode instance to 10: page 5-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 97: Configuring The Bridge Max-Age Time
Therefore, if this value is changed for the root bridge, all other bridges associated with the same instance adopt this value as well. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 98: Enabling/Disabling The Vlan Bpdu Switching Status
For example, the following commands enable BPDU switching on VLAN 10 and disable it on VLAN 20: -> spantree vlan 10 bpdu-switching enable -> spantree vlan 20 bpdu-switching disable page 5-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 99: Configuring The Path Cost Mode
In the above diagram, port 4/2 is the Root port and port 5/1 is a Designated port for MSTI 1. AVC is not enabled. If another link with the same speed and lower port numbers is added to default VLAN 1 on both OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 100 The exception to this is if the port path cost is administratively set to zero, which resets the path cost to the default value. In addition, AVC does not have any effect on root bridges. page 5-32 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 101: Configuring Stp Port Parameters
Common and Internal Spanning Tree (CIST). spantree vlan admin-edge Configures the connection type for a port or an aggregate of ports for a per-VLAN mode VLAN instance. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-33...
Page 102: Enabling/Disabling Spanning Tree On A Port
(per-VLAN or flat). For exam- ple, the following command disables the Spanning Tree status on port 1/24 for the flat mode instance: -> spantree cist port 1/24 disable page 5-34 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 103: Spanning Tree On Link Aggregate Ports
-> spantree vlan 755 linkagg 10 disable For more information about configuring an aggregate of ports, see Chapter 6, “Configuring Static Link Aggregation,” Chapter 7, “Configuring Dynamic Link Aggregation.” OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-35...
Page 104: Configuring Port Priority
-> spantree vlan 755 linkagg 10 priority 9 For more information about configuring an aggregate of ports, see Chapter 6, “Configuring Static Link Aggregation,” Chapter 7, “Configuring Dynamic Link Aggregation.” page 5-36 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 105: Configuring Port Path Cost
To change the port path cost value for the flat mode instance regardless of which mode (per-VLAN or flat) is active for the switch, use the spantree cist path-cost command. For example, the following command OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-37...
Page 106: Path Cost For Link Aggregate Ports
Note that for Gigabit ports the aggre- gate size is not applicable in this case: Aggregate Size Default Path Link Speed (number of links) Cost Value 10 Mbps page 5-38 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 107 -> spantree vlan 755 linkagg 10 path-cost 19 For more information about configuring an aggregate of ports, see Chapter 6, “Configuring Static Link Aggregation,” Chapter 7, “Configuring Dynamic Link Aggregation.” OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-39...
Page 108: Configuring Port Mode
-> spantree vlan 755 linkagg 10 mode blocking For more information about configuring an aggregate of ports, see Chapter 6, “Configuring Static Link Aggregation,” Chapter 7, “Configuring Dynamic Link Aggregation.” page 5-40 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 109: Configuring Port Connection Type
For example, the following command defines the connection type for port 8/1 associated with VLAN 10. -> spantree vlan 10 port 8/1 connection autoptp OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-41...
Page 110: Configuring The Edge Port Status
-> spantree vlan 10 port 8/23 auto-edge enable -> spantree vlan 10 port 8/23 admin-edge disable Note. If auto-edge is enabled on a port, then the admin-edge value is overridden. page 5-42 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 111: Restricting Port Roles (Root Guard)
Both of these commands apply to all ports and link aggregates and are supported when the switch is running in either the per-VLAN mode or the flat mode. For example: -> spantree cist txholdcount 5 -> spantree vlan 10 txholdcount 5 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-43...
Page 112: Sample Spanning Tree Configuration
Ports 2/1-3, 2/8-10, 3/1-3, and 3/8-10 provide connections to other switches and are all assigned to VLAN 255 on their respective switches. The Spanning Tree administrative status for each port is enabled by default. page 5-44 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 113: Example Network Configuration Steps
-> vlan 255 members port 2/1-3 untagged Change the Spanning Tree protocol for VLAN 255 to RSTP (Rapid Spanning Tree Protocol) on each switch using the following command: -> spantree vlan 255 protocol rstp OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-45...
Page 114 Cnx Edg Desig Bridge ID -----+---+---+----+----+-----+-----+----+-----+---+---+---------------------- 7 ENA FORW ROOT NPT Edg 000A-00:d0:95:00:00:01 7 ENA BLOCK BACK NPT No 8000-00:d0:95:00:00:04 3/10 7 ENA BLOCK ALTN 3/10 NPT No 8000-00:d0:95:00:00:03 page 5-46 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 115: Sample Mst Region Configuration
(VLAN-to-MSTI mapping). The following steps are performed on each switch to define Alcatel-Lucent Marketing as the MST region name, 2000 as the MST region revision level, map exiting VLANs to existing MSTIs, and 3 as the...
Page 116 Revision Max hops = 3, Cist Instance Number All switches configured with the exact same values as shown in the above example are considered members of the Alcatel-Lucent Marketing MST region. page 5-48 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 117: Sample Msti Configuration
200, and 250 on Switch A: -> vlan 100 members port 3/1 untagged -> vlan 150 members port 4/2 untagged -> vlan 200 members port 4/8 untagged -> vlan 250 members port 2/12 untagged OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-49...
Page 118 MSTI 1 selects one of the data paths between its VLANs as the best path, rather than the CIST data paths, as shown in the diagram on page 5-51. page 5-50 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 119 Another solution to this scenario is to assign all VLANs to an MSTI, leaving no VLANs controlled by the CIST. As a result, the CIST BPDU contains only MSTI information. See “How MSTP Works” on page 5-12 for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 5-51...
Page 120: Verifying The Spanning Tree Configuration
Guide. An example of the output for the show spantree vlan and show spantree vlan ports commands is also given in “Example Network Configuration Steps” on page 5-45. page 5-52 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 121: Configuring Static Link Aggregation
6 Configuring Static Link Aggregation Alcatel-Lucent’s static link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation provides the following benefits: • Scalability. It is possible to configure a maximum number of link aggregation groups as mentioned in “Static Link Aggregation Specifications”...
Page 122: Static Link Aggregation Specifications
The table below lists default values and the commands to modify them for static aggregate groups. Parameter Description Command Default Value/Comments Administrative State linkagg static agg admin-state enabled Group Name linkagg static agg name No name configured page 6-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 123: Quick Steps For Configuring Static Link Aggregation
-> linkagg static port 1/9-12 agg 1 Create a VLAN for this static link aggregate group with the vlan members command. For example: -> vlan 10 members default 1 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 6-3...
Page 124 And an example of what these commands look like entered sequentially on the command line on the remote switch: -> linkagg static agg 1 size 4 -> linkagg static port 1/9-12 agg 1 -> vlan 10 port default 1 page 6-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 125: Static Link Aggregation Overview
Load balancing for Layer 2 non-IP packets is on a MAC address basis. However when IP packets are transmitted, the balancing algorithm uses the IP address. Ports must be of the same speed within the same link aggregate group. Alcatel-Lucent’s link aggregation software allows you to configure the following two different types of link aggregation groups: •...
Page 126: Relationship To Other Features
“Quick Steps for Configuring Static Link Aggregation” on page 6-3 for a brief tutorial on configuring these mandatory parameters. Alcatel-Lucent’s link aggregation software is preconfigured with the default values for static aggregate groups as shown in the table in “Static Link Aggregation Default Values” on page 6-2.
Page 127: Creating And Deleting A Static Link Aggregate Group
-> linkagg static agg 5 size 8 name static1 admin-state disable Note. If you want to specify spaces within a name for a static aggregate group the name must be specified within quotes (for example, “Static Aggregate Group 5”). OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 6-7...
Page 128: Adding And Deleting Ports In A Static Aggregate Group
-> no linkagg static port 1/24 -> no linkagg static port 1/23 -> no linkagg static port 1/22 page 6-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 129: Modifying Static Aggregation Group Parameters
To disable a static aggregate group by entering linkagg static agg followed by the number of the group and admin-state disable. For example, to disable static aggregate group 1, enter: -> linkagg static agg 1 admin-state disable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 6-9...
Page 130: Application Example
-> vlan 8 members linkagg 1 tagged Repeat steps 1 through 4 on Switch B. Substitute the port numbers of the commands with the appropriate port numbers of Switch B. page 6-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 131: Displaying Static Link Aggregation Configuration And Statistics
These detailed views provide excellent tools for diagnosing and troubleshooting problems. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 6-11...
Page 132 Port position in the aggregate : 0, Primary port : YES Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. page 6-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 133: Configuring Dynamic Link Aggregation
7 Configuring Dynamic Link Aggregation Alcatel-Lucent’s dynamic link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation provides the following benefits: • Scalability. It is possible to configure up to a maximum number of link aggregation groups as mentioned in “Dynamic Link Aggregation Specifications”...
Page 134: Dynamic Link Aggregation Specifications
Maximum number of link aggregation groups Maximum number of ports per link aggregate Number of ports supported per link aggregate group when 128 linkagg groups are configured Maximum number of linkagg ports per system page 7-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 135: Dynamic Link Aggregation Default Values
Actor Port Priority linkagg lacp port actor port priority Partner Port Administrative Port linkagg lacp port partner admin- port Partner Port Priority linkagg lacp port partner admin port-priority OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-3...
Page 136: Quick Steps For Configuring Dynamic Link Aggregation
-> linkagg lacp port 8/3 actor admin-key 5 Create a VLAN for this dynamic link aggregate group with the vlan command. For example: -> vlan 2 members linkagg 2 page 7-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 137 -> linkagg lacp port 6/1-2 actor admin-key 5 -> linkagg lacp port 7/3 actor admin-key 5 -> linkagg lacp port 8/1 actor admin-key 5 -> vlan 2 port default 2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-5...
Page 138: Dynamic Link Aggregation Overview
IP packets the balancing algorithm uses the IP address as well. Ports must be of the same speed within the same aggregate group. Alcatel-Lucent’s link aggregation software allows you to configure the following two different types of link aggregation groups: •...
Page 139 • two OmniSwitch 10K switches. • an OmniSwitch 10K switch and an early-generation Alcatel-Lucent switch. • an OmniSwitch 10K switch and switch of another vendor, if that vendor supports IEEE 802.3ad LACP. “Configuring Dynamic Link Aggregate Groups” on page 7-8...
Page 140: Relationship To Other Features
Configuring Dynamic Link Aggregate Groups This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to create, modify, and delete dynamic aggregate groups. See “Configuring Mandatory Dynamic Link Aggregate Parameters”...
Page 141: Configuring Mandatory Dynamic Link Aggregate Parameters
For example, Alcatel-Lucent recommends assigning the actor admin key when you create the dynamic aggregate group to help ensure that ports are assigned to the correct group. To create a dynamic aggregate group with aggregate number 3 consisting of two ports with an admin actor key of 10, for example, enter: ->...
Page 142: Configuring Ports To Join And Removing Ports In A Dynamic Aggregate Group
Note. The actor admin-state and partner admin-state keywords have additional parameters, which are described in “Modifying the Actor Port System Administrative State” on page 7-17 “Modifying the Partner Port System Administrative State” on page 7-21, respectively. page 7-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 143: Removing Ports From A Dynamic Aggregate Group
The following is an example of how to delete ports in the proper sequence from the console: -> no linkagg lacp port 4/6 -> no linkagg lacp port 4/5 -> no linkagg lacp port 4/4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-11...
Page 144: Modifying Dynamic Link Aggregate Group Parameters
The table on page 7-3 lists default group and port settings for Alcatel-Lucent Dynamic Link Aggregation software. These parameters ensure compliance with the IEEE 802.3ad specification. For most networks, these default values need not be modified or can be modified automatically by the switch software.
Page 145: Modifying The Dynamic Aggregate Group Name
For example, to disable dynamic aggregate group 4, enter: -> linkagg lacp agg 4 admin-state disable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-13...
Page 146: Modifying The Dynamic Aggregate Group Actor System Priority
For example, to restore the actor system priority to its default value on dynamic aggregate group 4, enter: -> no linkagg lacp agg 4 actor system-priority page 7-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 147: Modifying The Dynamic Aggregate Group Actor System Id
For example, to remove the user-configured partner administrative key from dynamic aggregate group 4, enter: -> no linkagg lacp agg 4 partner admin-key OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-15...
Page 148: Modifying The Dynamic Aggregate Group Partner System Priority
For example, to remove the user-configured partner system ID from dynamic aggregate group 4, enter: -> no linkagg lacp agg 4 partner system-id page 7-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 149: Modifying Dynamic Link Aggregate Actor Port Parameters
When this bit (bit 3) is set by the system, the port is allocated to the correct dynamic aggregation group. If this bit is not set by the system, the port is not allocated to the correct dynamic aggregation group. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-17...
Page 150 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate actor port 2 in slot 5, enter: -> no linkagg lacp port 5/2 actor admin-state active aggregate page 7-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 151: Modifying The Actor Port System Id
For example, to modify the system priority of dynamic aggregate actor port 5 in slot 2 to 200 you would enter: -> linkagg lacp port 2/5 actor system-priority 200 For example, to modify the system priority of dynamic aggregate actor port 5 in slot 2 to 200, enter: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-19...
Page 152: Modifying The Actor Port Priority
(/), the port number, and no actor port priority. For example, to remove a user-configured actor priority from dynamic aggregate actor port 1 in slot 2 you would enter: -> no linkagg lacp port 2/1 actor port-priority page 7-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 153: Modifying Dynamic Aggregate Partner Port Parameters
If this bit is not enabled, the port is not allocated to the correct aggregation group. By default, this value is disabled. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-21...
Page 154 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate partner port 1 in slot 7, enter: -> no linkagg lacp port 7/1 partner admin-state active aggregate page 7-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 155: Modifying The Partner Port Administrative Key
00:00:00:00:00:00. The following subsections describe how to configure a user-specified value and how to restore the value to its default value with the linkagg lacp port partner admin system-id command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-23...
Page 156: Modifying The Partner Port System Priority
For example, to modify the administrative priority of dynamic aggregate partner port 49 in slot 4 to 100 and specify that the port is a Gigabit Ethernet port , enter: -> linkagg lacp port 4/49 partner admin-system-priority 100 page 7-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 157: Modifying The Partner Port Administrative Status
For example, to modify the port priority of dynamic aggregate partner port 3 in slot 4 to 100 you would enter: -> linkagg lacp port 4/3 partner admin-port priority 100 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-25...
Page 158 For example, to remove a user-configured partner port priority from dynamic aggregate partner port 3 in slot 4 you would enter: -> no linkagg lacp port 4/3 partner admin-port priority page 7-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 159: Application Examples
Note. Although you need to configure both the local ( Switch A) and remote ( Switches B and C) switches, only the steps to configure the local switch are provided since the steps to configure the remote switches are similar. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-27...
Page 160: Link Aggregation And Spanning Tree Example
-> spantree vlan 10 linkagg 5 priority 15 Repeat steps 1 through 5 on Switch B. Substitute the port numbers of the commands with the appropriate port numbers of Switch B. page 7-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 161: Link Aggregation And Qos Example
Repeat steps 1 through 9 on Switch C. Use the same commands as mentioned in the previous steps. Substitute the port numbers of the commands with the appropriate port numbers of Switch C. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 162: Displaying Dynamic Link Aggregation Configuration And Statistics
These detailed views provide excellent tools for diagnosing and troubleshooting problems. page 7-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 163 MC-Dynamic Aggregable Port. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 7-31...
Page 164 Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 7-32 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 165: Configuring Multi-Chassis Link Aggregation
A loop or duplicate packet prevention mechanism is implemented so that non-unicast frames received on the Virtual Fabric Link are not flooded out any local MC-LAG ports For more information on components of MC-LAG, see “MC-LAG Concepts and Components” on page 8-9 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-1...
Page 166: Chapter 8 Configuring Multi-Chassis Link Aggregation
“Interaction with Other Features” on page 8-21 • “Configuring MC-LAG” on page 8-22 • “MC-LAG Configuration Example” on page 8-28 • “Displaying MC-LAG Configuration and Statistics” on page 8-30 page 8-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 167: Multi-Chassis Link Aggregation Specifications
Maximum number of ports per MC-LAG aggregate Maximum number of MC-LAG peer switches Valid chassis identifier 1 or 2 Maximum number of Virtual Fabric Links Maximum number of ports per Virtual Fabric Link OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-3...
Page 168: Multi-Chassis Link Aggregation Default Values
4094 VLAN range on the virtual fabric multi-chassis vf-link default- 1-4094 vlan Aggregate Identifier ranges linkagg range local peer multi- Local: 0-47 chassis Remote: 48-95 Multi-chassis: 96-127 page 8-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 169: Quick Steps For Configuring Mc-Lag
Chassis Role Unassigned N/A Status Standalone Hello Interval 1s 1s IPC VLAN 4094 4094 OS10K [Chassis 2] -> show multi-chassis status Multi-Chassis Operational Configured ----------------+-----------+--------- Chassis ID N/A Chassis Role Unassigned N/A OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-5...
Page 170 OS10K [Chassis 1] -> show multi-chassis vf-link member-port VFLink ID Slot/Port Oper Is Primary ---------------+--------------+--------------+------------ Disabled 1/17 Disabled Disabled 3/17 Disabled page 8-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 171 OS10K [Chassis 1] -> show multi-chassis vf-link member-port VFLink ID Slot/Port Oper Is Primary ---------------+--------------+--------------+------------ 1/17 3/17 OS10K [Chassis 2] -> show multi-chassis vf-link member-port VFLink ID Slot/Port Oper Is Primary ---------------+--------------+--------------+------------ 2/17 4/17 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-7...
Page 172 Note. Multi chassis peers in the same domain must maintain identical configuration and operational parameters. Ensure that the mandatory parameters are the same on both peers. For more information, see “Recommended Configuration Parameters” on page 8-26 page 8-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 173: Mc-Lag Overview
MC-LAG aggregate ports and the edge devices attached to MC-LAGs. A Multi-Chassis domain can support up to 128 MC-LAG groups. Multi-Chassis Manager (MCM) is an Alcatel Lucent proprietary application that manages and monitors the multichassis functionality. MCM provides the foundation for inter-chassis communication infrastructure that can be used by applications (e.g.
Page 174: Benefits Of Mc-Lag
MC-LAG delivers active/active forwarding mode whereby both sets of uplinks that are part of the dual homed aggregates are processing traffic to maximize the value of the customer investment. page 8-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 175: Mc-Lag Principle
(multicast, broadcast, unknown traffic) is received by switch SW2 on Port A, it will not be flooded out on either Port B or Port C. Additionally, it cannot be sent back out of the same port where it was received. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-11...
Page 176: Mc-Lag Loop Detection
Loop Detection is flagged when the PDU is returned to the transmitting peer, causing the following to occur. • A log message is sent for loop detect event. • A SNMP trap is generated, and • The offending port is shutdown. page 8-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 177: Mc-Lag Topologies
Tree is not needed in this network because there are no loops. In this topology, the physical loop around the MC-LAG ports and Virtual Fabric Link is prevented by the MC-LAG. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 178 Layer 3 devic es are dual-attached (ECMP L2 Bridging routing) to th e MC-LAG core, but NOT via L3 Routing MC-LAG aggregates. MC-LAG MC-LAG MC-LAG MC-LAG at the Aggregation Layer page 8-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 179: Topologies Not Recommended
In the topology shown below, MC-LAG is not supported since Spanning Tree cannot run with a “back- door” connection and will result in a loop. Spanning tree cannot run on the dual- homed aggregates. MC-LAG MC-LAG MC-LAG Back-door Connection Causing Physical Loop OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-15...
Page 180 This topology introduces the risk of a possible loop indicated by the arrows. Since Spanning Tree will not run over the MC-LAG aggregates, this loop cannot be prevented. L2 Bridging MC-LAG MC-LAG MC-LAG MC-LAG MC-LAG Loop!!! Edge Switch to Multiple MC-LAG Domains page 8-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 181 The following topology illustrates that Switch B is required to keep separate system resources, such as MAC tables, ports, software applications per virtual domain. MC-LAG Pairs: • A – B • B - C MC-LAG MC-LAG Overlapping MC-LAG Switch Pairs OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-17...
Page 182: Mc-Lag Packet Flow
Step 3: MAC Learning • Switch M will learn MAC@= MAC on the MC-LAG aggregate L • Switch M will learn MAC@= MAC on the MC-LAG aggregate L as well. page 8-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 183 IP-based. • MAC addresses learned on an MC-LAG aggregate on one of the MC-LAG peers are also learned on the other peer on the same MC-LAG aggregate. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-19...
Page 184 A loop/duplicate packet prevention mechanism is implemented so that non-unicast frames received on the Virtual Fabric Link are not flooded out any local MC-LAG ports. • Downstream traffic always prefers the local MC-LAG ports, if these are available. page 8-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 185: Interaction With Other Features
Multi-Chassis Virtual IP VLANs can only be configured on MC-LAG aggregates but not on any fixed port or standard aggregate. However, they will always be automatically configured on the VFL link just like all other VLAN types. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-21...
Page 186: Configuring Mc-Lag
ID derived from the chassis ID. • The switch must be rebooted after configuring the chassis ID. For information about configuring the Chassis-ID, see “Configuring the Chassis-ID” on page 8-24 page 8-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 187 VRRP cannot be configured on IP interfaces assigned to a VIP VLAN. • VIP VLANs must have both a management IP and a virtual IP address. For more information on VIP VLAN, see “Configuring the VIP VLAN” on page 8-25 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-23...
Page 188: Configuring The Chassis-Id
The example above modifies the ranges to allow for 10 local, 10 peer, and 108 MC-LAG link aggregates. To configure only MC-LAG aggregate identifiers see the example below: -> linkagg range local none peer none multi-chassis 0-127 page 8-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 189: Creating The Virtual Fabric Link (Vfl)
To configure a switch for MC-LAG and assign a globally unique chassis identifier, enter the ip interface command as shown below: -> ip interface vip-vlan-10 address 10.10.10.1/24 vip-address 10.10.10.100 vlan OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-25...
Page 190: Recommended Configuration Parameters
MC-LAG aggregate parameters prevents a particular MC-LAG or all MC-LAG aggregates from becoming operational. The mandatory parameters for MC- LAG and the impact of their violation are: as follows: page 8-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 191 LACP System Priority (a constant hard-coded value). Even though not widely used, the management interface provides the ability to change these parameters on a per-aggregate basis. As a result, these parameters are always treated as per-MC-LAG aggregate. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-27...
Page 192: Mc-Lag Configuration Example
OS10K [M2] -> ip interface vlan-30 address 30.30.30.1/24 vlan 30 OS10K [M2] -> ip interface vlan-50 address 50.50.50.1/24 vlan 50 [Configure appropriate routing protocol on VLANs 30 and 50] OS10K [S1] -> vlan 10 page 8-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 193 OS10K [S1] -> linkagg lacp port 1/1-2 actor admin-key 1 OS10K [S1] -> linkagg lacp port 1/3-4 actor admin-key 1 OS10K [S1] -> vlan 10 members linkagg 1 untagged OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 8-29...
Page 194: Displaying Mc-Lag Configuration And Statistics
For more information about the output details that result from these commands, see the OmniSwitch CLI Reference Guide. page 8-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 195: Chapter 9 Configuring Erp
“ERP Configuration Overview and Guidelines” on page 9-11. • “Configuring an ERP Ring” on page 9-12. • “Sample Ethernet Ring Protection Configuration” on page 9-17. • “Verifying the ERP Configuration” on page 9-19. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-1...
Page 196: Erp Specifications
The wait-to-restore timer value for erp-ring wait-to-restore 5 minutes the RPL node The guard-timer value for the ring erp-ring guard-timer 50 centi-seconds node The NNI-SVLAN association type. ethernet-service svlan nni page 9-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 197: Erp Overview
When the time runs out, the RPL port is blocked and an R-APS (NR, RB) message is transmitted from both the ring ports to indicate that the RPL is blocked. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-3...
Page 198: How Does Erp Work
(protection switching activated; a ring failure has triggered the RPL into a forwarding state). The following illustration shows an example of an ERP ring operating in the idle mode; all ring nodes are up and the RPL is blocked: page 9-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 199 When the failed link shown in the above illustration recovers, the ring transitions as follows back to the idle mode: • Nodes adjacent to the recovered link initiate an R-APS (NR) message and start the Guard Timer. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-5...
Page 200: Overlapping Protected Vlans Between Erp Rings On Same Node
VLANS. • Traffic for a protected VLAN is not passed if the protected VLAN is deleted from either ERP ring or if the shared node goes down. page 9-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 201: Erp And Rrstp Differences
RRSTP requires a ring of contiguous RRSTP nodes. ERP allows non-ERP nodes to participate in the ring by using the connectivity monitoring capabilities of Ethernet OAM to alert ERP of a link failure through non-ERP nodes. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-7...
Page 202: Interaction With Other Features
Tunneling of STP BPDUs across ERP links is not supported. However, tunneling of STP BPDUs across UNI ports is supported in a VLAN stacking configuration. “Configuring ERP with VLAN Stacking NNIs” on page 9-14 for more information. page 9-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 203: Quick Steps For Configuring Erp With Standard Vlans
-> vlan 11-20 members port 1/1-2 tagged Enable the ERP ring configuration using the erp-ring enable command. -> erp-ring 1 enable Display the ERP configuration using the show erp command. -> show erp OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-9...
Page 204: Quick Steps For Configuring Erp With Vlan Stacking
-> ethernet-service svlan 1002 nni port 1/2-2 Enable the ERP ring configuration using the erp-ring enable command. -> erp-ring 1 enable Display the ERP configuration using the show erp command. -> show erp page 9-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 205: Erp Configuration Overview And Guidelines
The specified service VLAN ID must not participate in a Spanning Tree instance that is associated with non-ERP VLANs. This canrequire changing the Spanning Tree configuration for the VLAN ID prior to using this command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-11...
Page 206: Configuring An Erp Ring
ERP allows a single VLAN or a number of VLANs to participate in a single ERP ring. The vlan members untagged command is used to tag the ring ports of the ERP ring with a VLAN ID. page 9-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 207: Configuring An Rpl Port
For example: -> no erp-ring 1 wait-to-restore To verify the WTR configuration, use the show erp command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-13...
Page 208: Setting The Guard Timer
SVLAN User Network Interface (UNI) associations are not eligible for ERP ring protection. • If the ERP type NNI ports are connected to the STP path via UNI ports, then STP BPDUs can be tunneled with the help of VLAN-stacking mechanism. page 9-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 209: Configuring Erp Protected Svlans
VLAN for the ring. Use the show erp command to verify the configured VLAN Stacking ERP ring configuration. For more information about these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-15...
Page 210: Clearing Erp Statistics
-> clear erp statistics ring 5 linkagg 2 Use the show erp statistics command to verify ERP statistics. For more information about this command, see the OmniSwitch CLI Reference Guide. page 9-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 211: Sample Ethernet Ring Protection Configuration
Assign VLANs 11-20 as a protected VLANs to ERP ring 1. Use the default settings for the guard timer and WTR timer values. These values can be adjusted as necessary. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-17...
Page 212: Example Erp Configuration Steps
Ring Port Type : non-rpl, Ethoam Event : disabled The above command shows the forwarding status of the port, the type of ring port (RPL or non-RPL), and ETHOAM event status. page 9-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 213: Verifying The Erp Configuration
Displays a list of SVLANs configured fro the switch. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 9-19...
Page 214 Verifying the ERP Configuration Configuring ERP page 9-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 215: 10 Configuring 802.1Ab
“Setting the Transmit Delay” on page 10-12. • “Setting the Transmit Fast Start Count” on page 10-13 • “Setting the Reinit Delay” on page 10-13. • “Setting the Notification Interval” on page 10-13. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-1...
Page 216: 802.1Ab Specifications
To control per port notification status about a change in a remote device associated to a port, use the lldp notification command. For example: -> lldp port 2/47 notification enable page 10-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 217 Note. Optional. Verify the LLDP per port statistics by entering the show lldp statistics command. For example: > show lldp statistics ----------+--------------------------------------+---------------------+---------- LLDPDU Device Slot/Port| Errors Discards | Unknown Discards | Ageouts ----------+--------+----------+----------+----------+----------+----------+----- 1/23 2/47 2/48 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-3...
Page 218: Quick Steps For Configuring Lldp-Med Network Policy
-> lldp network-policy 1 application voice vlan 10 l2-priority 5 Bind the network policy to a port associated with a VLAN using the lldp med command. page 10-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 219: 802.1Ab Overview
The mandatory TLVs contained in an LLDPDU are listed below: • Chassis ID TLV • Port ID TLV • VLAN ID TLV • Time to live TLV • End of LLDPDU TLV OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-5...
Page 220: Optional Tlvs
ANSI-TIA LLDP-MED TLV Sets • Network connectivity TLV set • LLDP-MED capabilities TLV • Network Policy TLV • Inventory Management TLV • Location Identification TLV • Extended Power-through-MDI TLV page 10-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 221: Lldp-Media Endpoint Devices
Each network policy can be configured with one application type as a mandatory parameter. The following application types are supported: • Voice • Voice Signaling • Guest Voice • Guest Voice Signaling OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-7...
Page 222 OmniSwitch to advertise the VLAN to the connected IP Phones. For example on how to setup LLDP-MED for IP Phones, see “Enabling and Disabling Notification” on page 10-10 page 10-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 223: Lldp Agent Operation
TTL mentioned in the previous LLDPDU, then the local device discards the related entry from its database. This is called the aging time and can be set by the user. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-9...
Page 224: Configuring 802.1Ab
LLDPDUs on a specific port, a slot, or all ports on a switch. When enabled, the LLDPDU administrative status must be in the transmit state. To enable the management TLV LLDPDU transmission on a switch, enter the lldp tlv management command: page 10-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 225: Enabling And Disabling 802.1 Tlv
-> lldp chassis tlv dot3 mac-phy disable To disable 802.3 TLV on port 5 of slot 3, enter the following command at the CLI prompt: -> lldp port 3/5 tlv dot3 mac-phy disable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-11...
Page 226: Enabling And Disabling Med Tlv
To set the minimum time interval between successive LLDPDUs transmitted, enter the lldp transmit delay command. For example, to set the transmit delay value to 20 seconds, enter: -> lldp transmit delay 20 page 10-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 227: Setting The Transmit Fast Start Count
For example, to set the notification value to 130 seconds, enter: -> lldp notification interval 130 Note: In a specified interval, generating more than one notification-event is not possible. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 10-13...
Page 228: Verifying 802.1Ab Configuration
Displays MED local port information of remote system. For more information about the resulting display, see Chapter 9, “802.1AB Commands,” in the OmniSwitch CLI Reference Guide. page 10-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 229: Chapter 11 Configuring Ip
Chapter 15, “Configuring RIP,” in this manual; or “Configuring OSPF” in the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide. There are two versions of Internet Protocol supported, IPv4 and IPv6. For more information about using IPv6, see Chapter 13, “Configuring IPv6.”...
Page 230 11-34) • Tunneling – Generic Routing Encapsulation (page 11-34) – IP Encapsulation within IP (page 11-34) – Tunneling operation (page 11-35) – Configuring a Tunnel Interface (page 11-35) page 112 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 231: Ip Specifications
The following table lists the defaults for IP configuration through the ip command. Description Command Default IP-Directed Broadcasts ip directed-broadcast Time-to-Live Value ip default-ttl 64 (hops) IP interfaces ip interface VLAN 1 interface. ARP filters arp filter OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 113...
Page 232: Quick Steps For Configuring Ip Forwarding
Using only IP, which is always enabled on the switch, devices connected to ports on the same VLAN are able to communicate at Layer 2. The initial configuration for all Alcatel-Lucent switches consists of a default VLAN 1. All switch ports are initially assigned to this VLAN. If additional VLANs are not config- ured on the switch, the entire switch is treated as one large broadcast domain, and all ports receive all traf- fic from all other ports.
Page 233: Ip Overview
SNMP agents on an IP network. Network administrators use SNMP to monitor network perfor- mance and manage network resources. For more information, see the “Using SNMP” chapter in the OmniSwitch AOS Release 7 Switch Management Guide. • Telnet—Used for remote connections to a device. You can telnet to a switch and configure the switch and the network by using the CLI.
Page 234: Chapter 20 Configuring Ip Multicast Switching
For more information, see “Internet Control Message Protocol (ICMP)” on page 11-29. • Multicast Services—Includes IP multicast switching (IPMS). For more information, see Chapter 20, “Configuring IP Multicast Switching.” page 116 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 235: Ip Forwarding
IP network address of the packet (e.g., IP - 21.0.0.10). Alcatel-Lucent switches support routing of IP traffic. A VLAN is available for routing when at least one router interface is defined for that VLAN and at least one active port is associated with the VLAN. If a VLAN does not have a router interface, the ports associated with that VLAN are in essence firewalled from other VLANs.
Page 236 -> ip interface Accounting address 71.0.0.1 mask 255.0.0.0 vlan 955 forward e2 no local-proxy-arp no primary -> ip interface Accounting address 71.0.0.1/8 vlan 955 -> ip interface Accounting address 71.0.0.1 vlan 955 page 118 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 237: Modifying An Ip Router Interface
To view a list of IP interfaces configured on the switch, use the show ip interface command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 119...
Page 238: Configuring A Loopback0 Interface
The following example command configures a BGP peering session using a Loopback0 IP interface address: -> ip bgp neighbor 2.2.2.2 update-source Loopback0 See the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide for more information. page 1110 OmniSwitch AOS Release 7 Network Configuration Guide...
Page 239: Creating A Static Route Or Recursive Static Route
-> ip static-route 171.11.0.0 follows 192.168.10.1 A route to the 192.168.10.1 address would need to be learned by a dynamic routing protocol for the recur- sive static route to be active. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1111...
Page 240: Creating A Default Route
ARP entry: -> arp 2.2.3.40 01:4a:22:03:44:5c When configuring a static multicast ARP entry, do not use any of the following multicast addresses: 01:00:5E:00:00:00 to 01:00:5E:7F:FF:FF 01:80:C2:XX.XX.XX 33:33:XX:XX:XX:XX page 1112 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 241: Deleting A Permanent Entry From The Arp Table
The switch uses the MAC Address table time-out value as the ARP time-out value. Use the mac-learning aging-time command to set the time-out value. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1113...
Page 242: Local Proxy Arp
The following arp filter command example creates an ARP filter, which blocks the switch from respond- ing to ARP packets that contain a sender IP address that starts with 198: -> arp filter 198.0.0.0 mask 255.0.0.0 sender block page 1114 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 243 -> clear arp filter Use the show arp filter command to verify the ARP filter configuration. For more information about this and other ARP filter commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1115...
Page 244: Ip Configuration
-> ip route-pref ospf 15 To display the current route preference configuration, use the show ip route-pref command: -> show ip route-pref Protocol Route Preference Value ------------+------------------------ Local Static OSPF EBGP IBGP page 1116 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 245: Configuring The Time-To-Live (Ttl) Value
Set. A set statement is used to modify route information before the route is redistributed into the receiving protocol. This statement is only applied if all the criteria of the route map is met and the action permits redistribution. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1117...
Page 246: Creating A Route Map
The above command configures a set statement for the ospf-to-bgp route map that changes the route tag value to five. Because this statement is part of the ospf-to-bgp route map, it is only applied to routes that have an existing tag value equal to eight. page 1118 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 247 10: -> ip route-map rm_1 sequence-number 10 action permit -> ip route-map rm_1 sequence-number 10 match tag 8 -> ip route-map rm_1 sequence-number 10 set metric 1 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1119...
Page 248: Configuring Access Lists
(IPv4) or the ipv6 access-list command (IPv6) and specify a name to associate with the list. For example, -> ip access-list ipaddr -> ipv6 access-list ip6addr page 1120 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 249 -> show ip redist Source Destination Protocol Protocol Status Route Map ------------+------------+---------+-------------------- LOCAL4 Enabled rip_1 LOCAL4 OSPF Enabled ospf_2 LOCAL4 Enabled bgp_3 OSPF Enabled ospf-to-bgp OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1121...
Page 250: Route Map Redistribution Example
Redistributes into BGP all routes learned on the intf_ospf interface and sets the metric for such routes to 255. • Redistributes into BGP all other routes (those not processed by sequence 10 or 20) and sets the tag for such routes to eight. page 1122 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 251: Ip-Directed Broadcasts
172.28.255.255, for an existing IP interface 172.28.0.0/16. • in the range 224.x.x.x - 255.255.255.254. • Source IP address equals one of Switch IP Inter- face addresses. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1123...
Page 252 10, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined for open ports are given a penalty of 20. The decay is set to 2, and the switch port scan penalty value threshold is set to 2000: page 1124 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 253 This value would be divided by 2 (due to decay) and decreased to 2150. The switch would record a port scan and generate a trap to warn the administrator: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1125...
Page 254 To set the port scan penalty value threshold, enter the threshold value with the ip dos scan threshold command. For example, to set the port scan penalty value threshold to 2000, enter the following: page 1126 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 255: Enabling/Disabling Ip Services
The principle of ARP Poisoning is to send false or spoofed ARP messages to an Ethernet LAN. Alcatel-Lucent introduces the functionality that detects the presence of an ARP poisoning host on a network. This functionality uses a configured restricted IP addresses, so that the switch does not get ARP response on sending an ARP request.
Page 256 The following table lists ip service command options for specifying TCP/UDP services and also includes the well-known port number associated with each service: service port telnet http https network-time snmp page 1128 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 257: Managing Ip
Time-Exceeded Message—Sent by the switch if an IP packet’s TTL field reaches zero. The TTL field prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop. Once a packet’s TTL field reaches 0, the switch discards the packet. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1129...
Page 258 Chapter 10, “IP Commands,” for specifics on the ICMP message commands. Enabling All ICMP Types To enable all ICMP message types, use the icmp messages command with the enable keyword. For example: page 1130 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 259 -> icmp messages enable To disable all ICMP messages, enter the same command with the disable keyword. For example: -> icmp messages enable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1131...
Page 260: Using The Ping Command
Use the dont-fragment keyword to set the don't-fragment bit in the IP packet. • tos. Use the tos keyword to set the type of service field in the IP header. page 1132 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 261: Tracing An Ip Route
TCP. Use the show udp statistics command to display UDP statistics. Use the show udp ports command to display UDP port information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1133...
Page 262: Tunneling
This feature supports the creation, administration, and deletion of IP inter- faces whose underlying virtual device is a tunnel. The Alcatel-Lucent implementation provides support for two tunneling protocols: Generic Routing Encapsulation (GRE) and IP encapsulation within IP(IPIP).
Page 263: Tunneling Operation
23.23.23.1 destination 155.2.2.2 protocol gre In this example, the GRE tunnel named “gre” is created and assigned a source IP address of 23.23.23.1 and a destination IP address of 155.2.2.2. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1135...
Page 264 Note. An interface can be configured only as a VLAN or a Tunnel interface. Note. To display information about the configured tunnels on the switch, use the show ip interface. page 1136 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 265: Verifying The Ip Configuration
Displays the number of attacks detected for a restricted address. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1137...
Page 266 1138 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 267: 12 Configuring Multiple Vrf
• Quick Steps for Configuring Multiple VRF. • Using the VRF Command Line Interface. • VRF Interaction With Other Features. • Configuring VRF Instances. • Verifying the VRF Configuration OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-1...
Page 268: Vrf Specifications
Maximum BGP VRF routing instances per switch SNMP version required for management SNMPv3 VRF Defaults Parameter Description Command Default Value/Comments Active VRF instance Default VRF instance page 12-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 269: Quick Steps For Configuring Multiple Vrf
Load and enable the RIP protocol for the IpOne VRF instance using the ip load rip ip rip admin- state commands. For example: IpOne: -> ip load rip IpOne: -> ip rip admin-state enable IpOne: -> OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-3...
Page 270 IP Address Subnet Mask Status Forward Device --------------------+---------------+---------------+------+-------+-------- intfone 200.1.1.1 255.255.255.0 DOWN vlan 200 See the OmniSwitch CLI Reference Guide for information about the fields in the above displays. page 12-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 271 IpTwo: -> ip router router-id 2.2.2.2 IpTwo: -> ip load bgp IpTwo: -> ip bgp neighbor 102.1.1.10 IpTwo: -> ip bgp neighbor 102.1.1.10 remote-as 1000 IpTwo: -> ip bgp neighbor 102.1.1.10 admin-state enable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-5...
Page 272: Multiple Vrf Overview
When an IP packet for Customer C is received on a PE 1 or PE 3 interface associated with VRF C, the VRF C instance determines how to route the packet through the provider backbone so that it reaches the intended Customer C destination. page 12-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 273: Service Provider
Customer C Site 1 PE 1 Customer B VRF C Site 3 VRF B VRF B VRF C Customer C Site 2 VRF C PE 3 Example Multiple VRF Configuration OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-7...
Page 274: Using The Vrf Command Line Interface
In this example, vrfOne is added to the beginning of the IP and RIP configuration command lines. This indicates that these commands apply to the vrfOne instance. If a command line does not contain an page 12-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 275: Vrf Interaction With Other Features
SSH Server (SSH, SFTP, SCP) Telnet Server VRRPv2/VRRPv3 QoS VRF Policies UDP/DHCP Relay AAA RADIUS Server The following subsections provide additional information related to Multiple VRF interaction with specific applications. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-9...
Page 276: Aaa Radius Servers
A VRF policy condition parameter is available to specify a VRF name to which the policy condition applies. This parameter can also specify the default VRF, and a no form of the command exists to remove a VRF condition parameter. For example: page 12-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 277: Snmp
A separate UDP relay setting for port/service to VLAN is required per VRF instance. For example, the following command configures the forwarding of specific UDP packets to VLAN 100 within the context of the vrfTwo instance: -> ip udp dns vlan 100 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-11...
Page 278: Configuring Vrf Instances
The initial configuration of an Alcatel-Lucent switch consists of a default VRF instance, which is always active when the switch starts up and is not removable from the switch configuration. Any subsequent configuration of switch applications applies only to the default instance.
Page 279: Selecting A Vrf Instance
CLI context to the default VRF instance: IpOne: -> vrf IpOne: -> vrf default Note that the command prompt for the default VRF instance does not display the instance name. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-13...
Page 280: Assigning Ip Interfaces To A Vrf Instance
To view a list of VRF instances configured on the switch, use the show vrf command. For more informa- tion about this command, see the OmniSwitch CLI Reference Guide. page 12-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 281: Verifying The Vrf Configuration
IpOne from within the context of the default VRF CLI: -> vrf IpOne show ip interface For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 12-15...
Page 282 Verifying the VRF Configuration Configuring Multiple VRF page 12-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 283: 13 Configuring Ipv6
13-17) • Creating a Static Route (see page 13-18) • Configuring the Route Preference of a Router (see page 13-19) • Configuring Route Map Redistribution (see page 13-20) OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-1...
Page 284: Ipv6 Specifications
Maximum IPv6 static routes per switch Maximum Number of RIPng Peers Maximum Number of RIPng Interfaces Maximum Number of RIPng Routes page 13-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 285: Ipv6 Defaults
Hop Limit ipv6 hop-limit Path MTU entry minimum life- ipv6 pmtu-lifetime 10 minutes time Neighbor stale lifetime ipv6 neighbor stale-lifetime 10 minutes Local Unicast Global ID ipv6 address global-id None OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-3...
Page 286: Quick Steps For Configuring Ipv6 Routing
-> ipv6 rip interface v6if-v300 IPv6 routing is now configured for VLAN 200 and VLAN 300 interfaces, but it is not active until at least one port in each VLAN goes active. page 13-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 287: Ipv6 Overview
Embedded IPv4 addresses in the four lower-order bits of the IPv6 address. The remainder of this section provides a brief overview of the new IPv6 address notation, autoconfigura- tion of addresses, and tunneling of IPv6 over IPv4. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-5...
Page 288: Ipv6 Addressing
Link-local unicast 1111111010 FE80::/10 Unique Local IPv6 uni- 11111100 FC00::/7 cast Global unicast everything else Note that anycast addresses are unicast addresses that are not identifiable by a known prefix. page 13-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 289: Ipv6 Address Notation
128-bit IPv6 address followed by a slash (/) and a number representing the prefix length (IPv6-address/prefix-length). For example, the following IPv6 address has a prefix length of 64 bits: FE80::2D0:95FF:FE12:FAB2/64 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-7...
Page 290: Autoconfiguration Of Ipv6 Addresses
DAD is not performed for anycast addresses, 6to4 tunnels, or VRRP virtual router addresses. Please refer to RFCs 2462, 2464, and 3513 for more technical information about autoconfiguration and IPv6 address notation. page 13-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 291: Globally Unique Local Ipv6 Unicast Addresses
A 40-bit global identifier is used to make the local IPv6 address prefixes globally unique. This global ID can either be explicitly configured, or created using the pseudo-algorithm recommended in RFC 4193. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 292: Tunneling Ipv6 Over Ipv4
6to4 well-known prefix, as described above. IPv6 hosts serviced by the 6to4 border router have at least one IPv6 router interface configured with a 6to4 address. Note that additional IPv6 interfaces or external IPv6 routing protocols are not required on the 6to4 border router. page 13-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 293 IPv6 router interface is also required on the relay router to transmit 6to4 traffic to/from IPv6 hosts connected to an IPv6 domain. Therefore, the relay router participates in both the IPv4 and IPv6 routing domains. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-11...
Page 294: Configured Tunnels
RIPng and OSPFv3 to run over a configured tunnel. For more information about IPv6 configured tunnels, see “Configuring IPv6 Tunnel Interfaces” on page 13-17. For more detailed information about configured tunnels, refer to RFC 4213. page 13-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 295: Configuring An Ipv6 Interface
(or tunnel) followed by a VLAN ID (or tunnel ID). For example, the following two commands create an IPv6 interface for VLAN 200 and an interface for tunnel 35: -> ipv6 interface v6if-v200 vlan 200 -> ipv6 interface v6if-tunnel-35 tunnel 35 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-13...
Page 296: Configuring A Unique Local Ipv6 Unicast Address
To remove an IPv6 interface from the switch configuration, use the no form of the ipv6 interface command. Note that it is only necessary to specify the name of the interface, as shown in the following example: -> no ipv6 interface v6if-v200 page 13-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 297: Assigning Ipv6 Addresses
PC is not required. • IPv6 VLAN or tunnel interfaces are only eligible for stateless autoconfiguration of their link-local addresses. Manual configuration of addresses is required for all additional addresses. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-15...
Page 298: Removing An Ipv6 Address
-> no ipv6 address 2001:db8:4100:1000::20 v6if-v200 Note that the subnet router anycast address is automatically deleted when the last unicast address of the same subnet is removed from the interface. page 13-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 299: Configuring Ipv6 Tunnel Interfaces
To use this protocol on a configured tunnel, a dynamic routing protocol interface is created for the tunnel interface. For example, the following command creates a RIPng interface for tunnel v6if-tunnel- 137: -> ipv6 rip interface v6if-tunnel-137 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-17...
Page 300: Creating An Ipv6 Static Route
Use the show ipv6 routes command to display the IPv6 Forwarding table. Note. A static route is not active unless the gateway it is using is active. page 13-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 301: Configuring The Route Preference Of A Router
-> ipv6 route-pref ospf 15 To display the current route preference configuration, use the show ipv6 route-pref command: -> show ipv6 route-pref Protocol Route Preference Value ------------+------------------------ Local Static OSPF EBGP IBGP OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-19...
Page 302: Configuring Route Map Redistribution
Once a route map is created, it is then applied using the ipv6 redist command. See “Configuring Route Map Redistribution” on page 13-24 for more information. page 13-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 303 To verify a route map configuration, use the show ip route-map command: -> show ip route-map Route Maps: configured: 1 max: 200 Route Map: ospf-to-rip Sequence Number: 10 Action permit match tag 8 set tag 5 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-21...
Page 304 Route Map: rm_1 Sequence Number: 10 Action permit match tag 8 set metric 1 Route Map: rm_1 Sequence Number: 20 Action permit match ip4 interface to-finance set metric 5 page 13-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 305 -> ipv6 access-list ip6addr address 2001::1/64 action permit redist-control no- subnets For more information about configuring access list commands, see the “IP Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-23...
Page 306 -> ipv6 redist ospf into rip route-map ospf-to-rip admin-state disable The following command example enables the administrative status: -> ipv6 redist ospf into rip route-map ospf-to-rip admin-state enable page 13-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 307 Redistributes into RIPng all routes learned on the intf_ospf interface and sets the metric for such routes to 255. • Redistributes into RIPng all other routes (those not processed by sequence 10 or 20) and sets the tag for such routes to eight. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 13-25...
Page 308: Verifying The Ipv6 Configuration
Displays the UDP Over IPv6 Listener Table. Contains information about UDP/IPv6 endpoints. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 13-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 309: 14 Configuring Ipsec
“Configuring an IPsec SA” on page 14-14). • Security Association Key Configuration (see “Configuring IPsec SA Keys” on page 14-15). • Discard Policy Configuration (see “Assigning an Action to a Policy” on page 14-12) OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-1...
Page 310: Ipsec Specifications
IPsec security policy status ipsec policy Disabled IPsec discard policy status ipsec policy Enabled IPsec SA status ipsec sa Disabled Key length AES-CBC ipsec sa 128 bits page 14-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 311: Quick Steps For Configuring An Ipsec Ah Policy
-> ipsec sa ALLinMD5_SA ah source 664:1:1:1::1 destination 664:1:1:1::199 spi 2001 authentication HMAC-MD5 admin-state enable Use the following show commands to verify the IPsec configuration: -> show ipsec policy -> show ipsec sa -> show ipsec key sa-authentication OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-3...
Page 312: Quick Steps For Configuring An Ipsec Discard Policy
IPsec header (AH or ESP) is inserted between the original IPv6 header and the upper-layer protocol header. The figure below shows an IPv6 packet protected by IPsec in transport mode. page 14-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 313: Encapsulating Security Payload (Esp)
(SA) to be used to process the packet. SPI helps distinguish multiple SA’s configured for the same source and destination combination. The payload data field carries the data that is being OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 314: Authentication Header (Ah)
Unlike ESP, AH does not encrypt the data. Therefore, it has a much simpler header than ESP. The figure below shows an AH-protected IPv6 packet. page 14-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 315: Ipsec On The Omniswtich
Security Associations (SAs) - Determines which algorithms should be used to secure the traffic. • SA Keys - Determines the keys to be used with the SA to secure the traffic. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-7...
Page 316: Discarding Traffic Using Ipsec
In order to discard IPv6 datagrams, a policy is configured in the same manner as an IPsec security policy, the difference being that the action is set to ‘discard’ instead of ‘ipsec’. A discard policy can prevent IPv6 traffic from traversing the network. page 14-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 317: Configuring Ipsec On The Omniswitch
A warning message is logged if SA keys are set without the Master Key being set. To change the master security key specify the old and new key values. -> ipsec security-key new_master_key_1 new_master_key_2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-9...
Page 318: Configuring An Ipsec Policy
-> ipsec policy tcp_in source 3ffe::/16 destination 4ffe::/16 protocol tcp in ipsec description “Any 3ffe to any 4ffe” admin-state enable Use the no form of the command to remove the configured IPsec policy. For example: -> no ipsec policy tcp_in page 14-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 319: Enabling And Disabling A Policy
Policy telnet_malicious can be configured to handle a known malicious system that otherwise would fall under the telnet_ipsec policy. Its priority of 1 ensures that it always takes precedence and discards any incoming telnet connection attempts from the known malicious system. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-11...
Page 320: Assigning An Action To A Policy
View a specific security policy to view additional details. You can also verify the configuration of a specific security policy by using the show ipsec policy command followed by the name of the security policy. For example: page 14-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 321: Configuring An Ipsec Rule
= 3ffe:1:1:1::99 Destination = 3ffe:1:1:1::1 Protocol = TCP Direction = in Action = ipsec State = active Rules: 1 : esp, 2 : ah Description: IPsec on all inbound TCP OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-13...
Page 322: Configuring An Ipsec Sa
You can use the encryption parameter to specify the encryption algorithm to be used for the traffic covered by the SA. This parameter can only be used when the SA type is ESP. page 14-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 323: Verifying Ipsec Sa
-> ipsec key tcp_in_ah sa-authentication 0x11223344556677889900112233445566 The above command configures an IPsec SA key named tcp_in_ah. This IPsec SA key will be used for the AH authentication protocol and has a value of 0x11223344556677889900112233445566. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-15...
Page 324 -> show ipsec key sa-authentication Authentication Keys Name Length (bits) --------------------+---------------- tcp_in_ah sa_1 sa_5 The above command shows the number of manually configured SAs along with their authentication key lengths in bits respectively. page 14-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 325 ESP authentication success = 25 ESP authentication failure = 0 Packet not valid No memory available Outbound: Successful = 5135 Policy violation No SA found = 19 Packet not valid No memory available OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-17...
Page 326: Additional Examples
“ESP from 200” admin- state enable -> ipsec key tcp_out_esp sa-encryption 12345678 -> ipsec key tcp_out_esp sa-authentication 12345678901234567890 -> ipsec key tcp_in_esp sa-encryption 12345678 -> ipsec key tcp_in_esp sa-authentication 123456789012345678 page 14-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 327 “ESP from 100” admin- state enable -> ipsec key tcp_out_esp sa-encryption 12345678 -> ipsec key tcp_out_esp sa-authentication 12345678901234567890 -> ipsec key tcp_in_esp sa-encryption 12345678 -> ipsec key tcp_in_esp sa-authentication 123456789012345678 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 14-19...
Page 328: Discarding Ripng Packets
For more information about the resulting displays form these commands, see the “IPsec Commands” chap- ter in the OmniSwitch CLI Reference Guide. Examples of the above commands and their outputs are given in the section “Configuring IPsec on the OmniSwitch” on page 14-9 page 14-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 329: Chapter 15 Configuring Rip
15-11) • RIP Redistribution – Configuring Route Redistribution (see page page 15-12) • RIP Security – Configuring Authentication Type (see page 15-18) – Configuring Passwords (see page 15-18) OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 151...
Page 330: Rip Specifications
RIP Interface Send Version ip rip interface send-version RIP Interface Receive Version ip rip interface recv-version both RIP Host Route ip rip host-route enable RIP Route Tag ip rip host-route page 152 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 331: Quick Steps For Configuring Rip Routing
Create an RIP interface on VLAN 2 by using the ip rip interface command. For example: -> ip rip interface vlan-2 Note For more information on VLANs and router ports, see Chapter 4, “Configuring VLANs.” OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 153...
Page 332: Rip Overview
Open Shortest Path First (OSPF)—An IGP that provides a routing function similar to RIP but uses different techniques to determine the best route for a datagram. OSPF is part of Alcatel-Lucent’s optional Advanced Routing Software. For more information see the “Configuring OSPF” chapter in the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide.
Page 333: Rip Version 2
Unlike unicast, which sends one packet per destination, multicast sends one packet to all devices in any subnetwork that has at least one device requesting the multicast traffic. For more information on IPMS, Chapter 20, “Configuring IP Multicast Switching.” OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 155...
Page 334: Rip Routing
Note. In simple networks where only IP forwarding is required, you need not use RIP. If you are not using RIP, it is best not to load it to save switch resources. page 156 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 335: Enabling Rip
RIPv1 packets you would enter: -> ip rip interface rip-1 send-version v1 The Send options are: • v1. Only RIPv1 packets is sent by the switch. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 157...
Page 336: Configuring The Rip Interface Receive Option
The valid metric range is 1 to 15. To change the default value use the ip rip interface metric command. Use the show ip rip interface command to display the current interface metric. page 158 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 337: Rip Options
Enter the command and the update interval value, in seconds. For example, to set an update - interval value of 45 seconds, you would enter: -> ip rip update-interval 45 The valid update interval range is 1 to 120. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 159...
Page 338: Configuring The Rip Invalid Timer
50% above their default values. For exam- ple: -> ip rip update-interval 45 -> ip rip invalid-timer 270 -> ip rip garbage-timer 180 page 1510 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 339: Enabling A Rip Host Route
The default is to enable a default host route. Use the no ip rip host-route command to disable the host route. Use the show ip rip command to display the current host route status. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1511...
Page 340: Configuring Redistribution
Once a route map is created, it is then applied using the ip redist command. See “Configuring Route Map Redistribution” on page 15-16 for more information. page 1512 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 341 To verify a route map configuration, use the show ip route-map command: -> show ip route-map Route Maps: configured: 1 max: 200 Route Map: ospf-to-rip Sequence Number: 10 Action permit match tag 8 set tag 5 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1513...
Page 342 Route Map: rm_1 Sequence Number: 10 Action permit match tag 8 set metric 1 Route Map: rm_1 Sequence Number: 20 Action permit match ipv4 interface to-finance set metric 5 page 1514 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 343 -> ipv6 access-list ip6addr address 2001::1/64 action permit redist-control no- subnets For more information about configuring access list commands, see the “IP Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1515...
Page 344 -> ip redist ospf into rip route-map ospf-to-rip admin-state disable The following command example enables the administrative status: -> ip redist ospf into rip route-map ospf-to-rip admin-state enable page 1516 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 345 Redistributes into RIP all routes learned on the intf_ospf interface and sets the metric for such routes to 255. • Redistributes into RIP all other routes (those not processed by sequence 10 or 20) and sets the tag for such routes to eight. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1517...
Page 346: Rip Security
Enter the IP address of the RIP interface, and then enter a 16-byte text string. For example to configure a password “nms” you would enter: -> ip rip interface rip-1 auth-key nms page 1518 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 347: Verifying The Rip Configuration
Displays active RIP neighbors (peers). show ip redist Displays the currently configured RIP redistribution filters. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 1519...
Page 348 1520 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 349: Chapter 16 Configuring Bfd
• OSPF level configuration (see page 16-15). • BGP Level Configuration (see page 16-18). • VRRP Level Configuration (see page 16-19). • Static Routing Level Configuration (see page 16-21). OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-1...
Page 350: Bfd Specifications
BFD status for the OSPF protocol ip ospf bfd-state Disabled BFD status for an OSPF interface ip ospf interface bfd-state Disabled BFD session status with all BGP ip bgp bfd-state all-neighbors Disabled neighbors page 16-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 351: Quick Steps For Configuring Bfd
The value set with this command overrides the global transmit value configured for the routing instance. For example: -> ip bfd interface bfd-vlan-101 transmit 500 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-3...
Page 352 Note. BFD parameters are not configurable once the BFD administrative status is enabled on the interface. Enable the BFD protocol for the routing instance globally using the ip bfd admin-state command. For example: -> ip bfd admin-state enable page 16-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 353: Quick Steps For Configuring Bfd Support For Layer 3 Protocols
OSPF interfaces using the ip ospf bfd-state all-interfaces command. For example: -> ip ospf interface int1 bfd-state enable -> ip ospf bfd-state all-interfaces OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-5...
Page 354: Configuring Bfd Support For Bgp
For example: -> ip static-route 192.100.1.0/24 gateway 100.1.1.10 bfd-state enable -> ip static-route all bfd-state enable page 16-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 355: Bfd Overview
It can be associated with any routing protocol running between two systems. Moreover, it requires no changes to the existing protocols. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-7...
Page 356: Benefits Of Using Bfd For Failure Detection
BFD control packets. This design also enables fast systems on shared medium with a slow system to detect failures more rapidly between fast systems while allowing the slow system to participate to the best of its ability. page 16-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 357: Operational Mode And Echo Function
There is no specific definition for Echo packet format. The only requirement is that the transmitting system is able to use the packet contents to distinguish between the various BFD sessions so that packets are correctly processed for the appropriate session. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-9...
Page 358: Bfd Session Establishment
The BFD control packet contains information about how quickly a system would like to send packets to its peer, as well as how rapidly it is willing to receive packets from the peer. The BFD detection time is not page 16-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 359: Configuring Bfd
“Configuring the BFD Receive Time Interval” on page 16-12). • Multiplier (see “Configuring the BFD Multiplier” on page 16-13). • Echo interval (see “Configuring the BFD Echo interval” on page 16-13). OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-11...
Page 360: Configuring The Bfd Transmit Time Interval
BFD allows you to change the default value and set the receive time interval from the valid range. To change the global receive time interval for BFD control packets, use the ip bfd receive command. For example: page 16-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 361: Configuring The Bfd Echo Interval
The above command assigns a multiplier value of 5 to all BFD sessions. To change the BFD multiplier for a specific session, use the ip bfd interface multiplier command. For example: -> ip bfd interface bfd-vlan-101 multiplier 5 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-13...
Page 362: Enabling Or Disabling Bfd Status
BFD session parameters. To see additional detail for a specific interface, use the show ip bfd interfaces command and specify an interface name. For example: -> show ip bfd interfaces one Interface Name = one, page 16-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 363: Configuring Bfd Support For Layer 3 Protocols
Router Id = 10.172.18.16, OSPF Version Number = 2, Admin Status = Enabled, Area Border Router ? = No, AS Border Router Status = Disabled, Route Tag = 0, OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-15...
Page 364 BFD-enabled interfaces. For example: -> show ip bfd interfaces Interface Admin Min Rx Min EchoRx Detect OperStatus Name Status Interval Interval Interval Multiplier ---------+--------+---------+---------+----------+----------+---------- enabled enabled page 16-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 365 Whenever there is any change to the interface/neighbor list or interface/neighbor state, OSPF immediately informs BFD about the changes. Additionally, whenever BFD detects any changes to the other end, BFD updates its database accordingly and informs OSPF for its fastest convergence. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-17...
Page 366 -> ip bgp bfd-state all-neighbors enable To disable BFD for all configured BGP neighbors, use the ip bgp bfd-state all-neighbors with the disable keyword, as shown below: page 16-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 367: Configuring Bfd Support For Vrrp Tracking
To associate VRRP protocol with BFD liveliness detection, register VRRP with BFD at the protocol level using the vrrp bfd-state command as shown below: -> vrrp bfd-state enable Note. VRRP protocol supports BFD in the echo-only operational mode. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-19...
Page 368 BFD interface/session configuration and operation status. Once the track policy is configured, the BFD session is established with the remote IP address. BFD session is also established with the BFD neighbors. page 16-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 369 To verify the static routes on which BFD is enabled, use the show ip router database command with the protocol static option. For example: -> show ip router database protocol static OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-21...
Page 370 Total IPRM IPv4 routes: 7 Destination Gateway Interface Protocol Metric Misc-Info -------------------+---------------+------------+--------+-------+-----+----------- +b 100.0.0.0/8 100.1.1.10 v1001 STATIC 128.251.40.0/24 172.28.4.254 STATIC Inactive Static Routes Destination Gateway Metric --------------------+-----------------+--------- page 16-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 371: Bfd Application Example
Note. Configuring a BFD session explicitly with an IP interface name on individual routers is optional, and must be used if user defined BFD session parameters need to be applied. All the steps for explicit configuration are mentioned as optional. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-23...
Page 372 -> ip interface vlan-20 vlan 20 address 20.0.0.2 mask 255.0.0.0 -> vlan 20 members port 2/3-5 -> ip router router-id 2.2.2.2 These commands created VLANs 12, 23, and 20. page 16-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 373 Now the area should be created. In this case, we create area 0.0.0.1. The command for this step is below (the command is the same on each router): -> ip ospf area 0.0.0.1 Area 0.0.0.1 is created and enabled. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-25...
Page 374 “Step 1: Prepare the Routers” on page 16-24. Router 1 -> ip bfd interface vlan-31 -> ip bfd interface vlan-31 admin-state enable -> ip bfd interface vlan-12 -> ip bfd interface vlan-12 admin-state enable page 16-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 375 OSPF with BFD and then enable BFD on all OSPF interfaces. Repeat the following steps on each router: -> ip bfd admin-state enable -> ip ospf bfd-state enable -> ip ospf bfd-state all-interfaces enable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 16-27...
Page 376: Verifying The Bfd Configuration
For more information about the resulting displays form these commands, see the Omniswitch CLI Refer- ence Guide. Examples of the above commands and their outputs are given in the section “Configuring BFD” on page 16-11. page 16-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 377: 17 Configuring Dhcp Relay
Using automatic IP configuration to obtain an IP address for the switch on page 17-12. • Configuring relay for generic UDP service ports on page 17-13. For information about the IP protocol, see Chapter 11, “Configuring IP.” OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-1...
Page 378: Dhcp Relay Specifications
Maximum of 256 VLAN relay services. Per-VLAN service Maximum number of UDP relay services allowed per switch Maximum number of VLANs to which forwarded UDP service port traffic is allowed page 17-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 379: Dhcp Relay Defaults
Disabled default VLAN 1 Automatic switch IP configuration packet ip helper boot-up enable BootP type (BootP or DHCP) Relay Agent Information Option ip helper agent-informa- Disabled tion OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-3...
Page 380: Quick Steps For Setting Up Dhcp Relay
= standard mode, Bootup Option = Disable Forwarding address list (Standard mode): 128.100.16.1 For more information about this display, see the “DHCP Relay” chapter in the OmniSwitch CLI Reference Guide. page 17-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 381: Dhcp Relay Overview
Alternately, the relay function can be provided by an external router connected to the switch; in this case, the relay is configured on the external router. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-5...
Page 382: Dhcp
VLAN or VLANs. This feature can be configured using the ip udp relay and related commands. For more information on the CLI commands related to DHCP Relay, see the DHCP Relay Commands chapter in the OmniSwitch CLI Reference Guide. page 17-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 383: External Dhcp Relay Application
The DHCP server assigns a different IP address to each of the clients. The switch does not need an IP address assigned to it. All DHCP clients are members of either a default VLAN or an IP protocol VLAN. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-7...
Page 384: Internal Dhcp Relay
DHCP Relay entity, it is forwarded from VLAN 3 to VLAN 2. All the DHCP-ready clients in VLAN 3 must be members of the same VLAN, and the switch must have the DHCP Relay function configured. page 17-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 385: Dhcp Relay Implementation
-> ip helper address 125.255.17.11 vlan 3 The following syntax identifies two DHCP servers for VLAN 4 at two different IP addresses: -> ip helper address 125.255.17.11 125.255.18.11 vlan 4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-9...
Page 386: Configuring Bootp/Dhcp Relay Parameters
DHCP Relay discards the packet. The forward delay time value applies to all defined IP helper addresses. The following command sets the forward delay value of 10 seconds: -> ip helper forward-delay 10 page 17-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 387: Setting Maximum Hops
To change the forwarding option value, enter ip helper followed by standard or per-vlan-only. For example: -> ip helper standard -> ip helper per-vlan-only OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-11...
Page 388: Using Automatic Ip Configuration
DHCP is enabled to obtain an IP address for default VLAN 1. To disable automatic IP configuration for the switch, use the ip helper boot-up command with the disable option, as shown below: -> ip helper boot-up disable page 17-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 389: Configuring Udp Port Relay
UDP Port Relay on the generic service port. The second step involves specifying a VLAN that relays and forwards the traffic destined for the generic service port. Both steps are required and are described below. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-13...
Page 390: Enabling/Disabling Udp Port Relay
To remove a VLAN association with a UDP service port, use the no form of the ip udp relay service vlan command. For example, the following command removes the VLAN 6 association with the NBNS well-known service port: -> no ip udp relay service nbns vlan 6 page 17-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 391: How The Relay Agent Processes Dhcp Packets From The Client
If the slot/port information does identify an actual port associated with the Circuit ID VLAN, then the agent strips the Option-82 data from the packet and unicasts the packet to the port identified in the Circuit ID suboption. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-15...
Page 392 Note. These policies apply to all DHCP packets received on all switch ports. In addition, if a packet that contains existing Option-82 data also contains a gateway IP address that matches a local subnet address, the relay agent drops the packet. page 17-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 393: Verifying The Dhcp Relay Configuration
IP helper statistics for VRF instances. Use the ip udp relay no statistics command to reset the generic UDP Relay Service related statistics. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 17-17...
Page 394 Verifying the DHCP Relay Configuration Configuring DHCP Relay page 17-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 395: 18 Configuring Vrrp
IPv4/IPv6 address associated with a virtual router is called the master router, and is responsi- ble for forwarding virtual router advertisements. If the master router becomes unavailable, the highest priority backup router will transition to the master state. The Alcatel-Lucent implementation of VRRP also supports the collective management of virtual routers on a switch.
Page 396 VRRP tracking—see “Creating Tracking Policies” on page 18-25. • VRRPv3 tracking—see “Creating Tracking Policies” on page 18-25. • Verifying the VRRP configuration—see “Verifying the VRRPv3 Configuration” on page 18-24. page 18-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 397: Vrrp Specifications
Default advertising interval for vrrp group all the virtual routers in the group. Default priority value for all the vrrp group virtual routers in the group. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-3...
Page 398 In addition, other defaults for VRRP include: Description Command Default VRRP traps vrrp trap Enabled VRRP delay vrrp delay 45 seconds page 18-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 399: Quick Steps For Creating A Virtual Router
VRRP trap generation: Enabled VRRP startup delay: 45 (expired) Admin VRID VLAN Address(es) Status Priority Preempt Interval ----+-----+----------------+----------+----------+--------+--------- 10.10.2.3 Enabled For more information about this display, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-5...
Page 400: Vrrp Overview
OmniSwitch 10K B will respond to ARP requests for IP address B using the interface’s physical MAC address. It will not respond to ARP requests for IP address A or to the virtual router MAC address. page 18-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 401: Why Use Vrrp
The virtual router may be configured to prohibit any OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 402: Vrrp Mac Addresses
ARP for the IP address (since the virtual router will send a gratuitous ARP). This prevents traffic from being forwarded to the router before the routing tables are stabilized. ICMP Redirects ICMP redirects are not sent out over VRRP interfaces. page 18-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 403: Vrrp Startup Delay
VLAN (either acting as master or backup), RDP will advertise all VLAN IP addresses. However, if virtual routers are active, RDP will advertise IP addresses for any master routers; RDP will not adver- tise IP addresses for backup routers. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-9...
Page 404: Vrrp Configuration Overview
Note that the IP address owner is automatically assigned a value of 255, which overrides any value that you may have already configured. See “Configuring Virtual Router Priority” on page 18-12 for more information about how priority is used. page 18-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 405: Specifying An Ip Address For A Virtual Router
In this example, virtual router 6 is disabled. (A virtual router must be disabled before IP addresses may be added/removed from the router.) IP address 10.10.2.3 is then removed from the virtual router with the no form of the vrrp address command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-11...
Page 406: Configuring The Advertisement Interval
When there is more than one backup router and if their priority values are very nearly equal, the skew time may not be sufficient to overcome delays caused by network traffic loads. This may cause a page 18-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 407: Enabling/Disabling A Virtual Router
For example: -> vrrp 7 3 disable -> vrrp 7 3 priority 200 -> vrrp 7 3 enable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-13...
Page 408: Setting Vrrp Traps
For example: -> vrrp interval 50 You can change the default priority value of all the virtual routers on a switch using the vrrp priority command. For example: page 18-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 409: Changing Default Parameter Values For A Virtual Router Group
The virtual routers can also be grouped under a virtual router group as another way of simplifying the configuration and management tasks. A virtual router group can be created using the vrrp group command as follows: -> vrrp group 25 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-15...
Page 410 For the modified default values to affect the virtual routers in the group, including the virtual routers that are configured with a value individually, you can use the vrrp group set command along with the over- ride option. For example: -> vrrp group set interval override page 18-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 411 -> vrrp group 25 enable all Note. Even though a virtual router may be assigned to a group, its parameter values and administrative status can still be modified individually. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-17...
Page 412: Verifying The Vrrp Configuration
Displays the virtual routers that are associated with a group. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 18-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 413: Vrrpv3 Configuration Overview
Note that the IP address owner is automatically assigned a value of 255, which overrides any value that you may have already configured. See “Configuring the VRRPv3 Virtual Router Priority” on page 18-21 for more information about how priority is used. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-19...
Page 414: Specifying An Ipv6 Address For A Vrrpv3 Virtual Router
To specify an IPv6 address for a VRRPv3 virtual router, use the vrrp3 address command and the relevant IPv6 address. For example: -> vrrp3 6 4 address fe80::200:5eff:fe00:20a -> vrrp3 6 4 enable page 18-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 415: Configuring The Vrrpv3 Advertisement Interval
The priority parameter may be used to control the order in OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 416: Setting Preemption For Vrrpv3 Virtual Routers
If this virtual router takes over for an unavailable router, a router with a higher priority will not be able to preempt it. For more information about priority, see “Configuring the VRRPv3 Virtual Router Priority” on page 18-21. page 18-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 417: Enabling/Disabling A Vrrpv3 Virtual Router
SNMP traps globally. To disable VRRPv3 traps, use the no form of the vrrp3 trap command. -> no vrrp3 trap To re-enable traps, enter the vrrp3 trap command: -> vrrp3 trap OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-23...
Page 418: Verifying The Vrrpv3 Configuration
Displays the tracking policies associated with VRRPv3 virtual routers. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 18-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 419: Creating Tracking Policies
IP address becomes unreachable, both virtual routers will have their priorities decremented, and the backup may temporarily take over if the master discovers that the IP address is unreachable before the backup. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-25...
Page 420: Vrrp Application Example
VRID 2 Backup 2 Master 2 10.10.2.245 10.10.2.250 10.10.2.245 VLAN 5 clients 1 and 2 clients 3 and 4 default gateway 10.10.2.245 default gateway 10.10.2.250 VRRP Redundancy and Load Balancing page 18-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 421 10.10.2.245 is assigned. If OmniSwitch 10K B should become unavailable, OmniSwitch 10K A will become master for 10.10.2.245. This configuration provides uninter- rupted service for the end hosts. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-27...
Page 422: Vrrp Tracking Example
VRRP router A to monitor port 3/1 and associate the policy with VRID 1. -> vrrp track 1 enable priority 50 port 3/1 -> vrrp 1 5 track-association 1 page 18-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 423 3/1 on switch A is functioning again we want switch A to reestablish itself as the master. See “Setting Preemption for Virtual Routers” on page 18-12 for more information about enabling preemption. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-29...
Page 424: Vrrpv3 Application Example
Configure the IPv6 addresses for each VRRPv3 virtual router. -> vrrp3 1 5 address 213:100:1::56 -> vrrp3 2 5 address 213:100:1::57 Enable the VRRPv3 virtual routers. -> vrrp3 1 5 enable -> vrrp3 2 5 enable page 18-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 425: Vrrpv3 Tracking Example
Virtual Routers VRID 2 Backup 2 Master 2 213:100:1::57 213:100:1::56 213:100:1::57 VLAN 5 clients 1 and 2 clients 3 and 4 default gateway 213:100:1::56 default gateway 213:100:1::57 VRRPv3 Tracking Example OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 18-31...
Page 426 3/1 on switch A is functioning again we want switch A to reestablish itself as the master. See “Setting Preemption for Virtual Routers” on page 18-12 for more information about enabling preemption. page 18-32 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 427: Configuring Server Load Balancing
19 Configuring Server Load Balancing Alcatel-Lucent’s Server Load Balancing (SLB) software provides a method to logically manage a group of physical servers sharing the same content (known as a server farm) as one large virtual server (known as an SLB cluster). SLB clusters are identified and accessed using either a Virtual IP (VIP) address or a QoS policy condition.
Page 428: Chapter 19 Configuring Server Load Balancing
Server Load Balancing Specifications Configuring Server Load Balancing Server Load Balancing Specifications The table below lists specifications for Alcatel-Lucent’s SLB software. Platforms Supported OmniSwitch 10K Maximum number of clusters Maximum number of physical servers per cluster 32 Layer-3 classification Destination IP address...
Page 429: Server Load Balancing Default Values
Configuring Server Load Balancing Server Load Balancing Default Values Server Load Balancing Default Values The table below lists default values for Alcatel-Lucent’s SLB software. Platforms Supported OmniSwitch 10K Maximum number of clusters Maximum number of physical servers per cluster 32...
Page 430: Quick Steps For Configuring Server Load Balancing
Admin status = Enabled, Operational Status = Discovery, Weight = 1, Availability (%) = 0 Server 128.241.130.135 Admin status = Disabled, Operational Status = Disabled, Weight = 8, Availability (%) = 0 page 19-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 431: Quick Steps For Configuring A Qos Policy Condition Cluster
Server 103.10.50.1 Admin status = Enabled, Operational status = In Service, Weight = 1, Availability (%) = 100 Server 103.10.50.2 Admin status = Enabled, Operational status = In Service, OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 19-5...
Page 432 Once a cluster is created, the Virtual IP or condition cannot be modified. To modify these values, delete the cluster and re-create the cluster with the different VIP and conditions. page 19-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 433: Server Load Balancing Overview
19-8), and server health monitoring (see “Server Health Monitoring” on page 19-10). Note. Alcatel-Lucent also offers link aggregation, which combines multiple Ethernet links into one virtual channel. Please refer to Chapter 7, “Configuring Dynamic Link Aggregation,”for more information on link aggregation and dynamic link aggregation, and to Chapter 6, “Configuring Static Link Aggregation,”...
Page 434: Server Load Balancing Example
Loopback Address: Loopback Address: Loopback Address: Loopback Address: 128.241.130.204 128.241.130.204 128.241.130.204 128.241.130.204 OmniSwitch 7800 Switch Intranet Internet Client A Client B Example of a Server Load Balancing (SLB) Cluster page 19-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 435: Weighted Round Robin Distribution Algorithm
SLB cluster distribution algorithm. The distribution algorithm on an Alcatel-Lucent switch is weighted round robin, where the SLB cluster distributes traffic according to the relative “weight” a server has within an SLB cluster. In the figure below, for example, Server A has been assigned by the network administrator a relative weight of 30, which is the largest weight in the SLB cluster called “WorldWideWeb.”...
Page 436: Server Health Monitoring
Configuring Server Load Balancing Server Health Monitoring Alcatel-Lucent’s Server Load Balancing (SLB) software on the switch performs checks on the links from the switch to the servers. In addition, the SLB software also sends ICMP echo requests (ping packets) to the physical servers to determine their availability.
Page 437: Configuring Server Load Balancing On A Switch
Configuring Server Load Balancing Configuring Server Load Balancing on a Switch Configuring Server Load Balancing on a Switch This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to config- ure Server Load Balancing (SLB) on a switch. Note. See “Quick Steps for Configuring Server Load Balancing”...
Page 438: Configuring And Deleting Slb Clusters
SLB cluster, client requests received on the specified source port are then sent to a server that is a member of the associated cluster. page 19-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 439: Automatic Configuration Of Slb Policy Rules
See Chapter 21, “Configuring QoS,” for more information on configuring and displaying QoS policies. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 19-13...
Page 440: Assigning Servers To And Removing Servers From A Cluster
For example, to remove a server with an IP address of 10.105.16.121 from an SLB cluster called “Web_Server” you would enter: -> no ip slb server ip 10.105.16.121 cluster Web_Server page 19-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 441: Modifying Optional Parameters
As shown in the table on page 19-3, Alcatel-Lucent’s SLB software is preconfigured with default values for the SLB cluster’s “sticky” time, ping timeout, ping period, ping retries, and relative weight (prefer- ence). The following subsections describe how to modify these parameters.
Page 442: Modifying The Ping Retries
-> ip slb server ip 10.105.16.118 cluster Web_Server weight 0 Assigning a weight of 0 (zero) to a server prevents this server from being assigned any new connections.This server becomes a backup server. page 19-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 443: Taking Clusters And Servers On/Off Line
Configuring Server Load Balancing Taking Clusters and Servers On/Off Line Taking Clusters and Servers On/Off Line Alcatel-Lucent’s Server Load Balancing (SLB) show commands provide tools to monitor traffic and trou- bleshoot problems. These commands are described in “Displaying Server Load Balancing Status and Statistics”...
Page 444: Configuring Slb Probes
For example, to delete an SLB probe called “server_probe1”, enter: -> no ip slb probe server_probe1 page 19-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 445: Associating A Probe With A Cluster
For example, to set the period for an HTTP SLB probe called “server_probe1” to 120 seconds, enter: -> ip slb probe server_probe1 http period 120 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 19-19...
Page 446: Modifying The Probe Retries
URL. Note. The URL should be the relative web page name to be retrieved. page 19-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 447: Modifying The Probe Status
(http, https, udp, or tcp), expect, and the user-specified ASCII string. For example, to set the TCP/UDP port for an HTTP SLB probe called “server_probe1” to “test”, enter: -> ip slb probe server_probe1 http expect test OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 19-21...
Page 448: Displaying Server Load Balancing Status And Statistics
-> show ip slb clusters statistics -> show ip slb cluster Intranet statistics page 19-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 449 Period Retries Timeout Method -----------------------+-------+-------+--------+------ web_server 60000 12000 HTTP mail_server 60000 3000 SMTP mis_servers 3600000 24000 Ping In the example above there are three probes configured on the switch. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 19-23...
Page 450 Password Expect Status = 200, = /, Note See the “Server Load Balancing Commands” chapter in the OmniSwitch CLI Reference Guide for complete syntax information on SLB show commands. page 19-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 451: Configuring Ip Multicast Switching
MLD Snooping. The switch then learns on which ports multicast group subscribers are attached and can intelligently deliver traffic only to the respective ports. Alcatel-Lucent’s implementation of IGMP snooping is called IP Multicast Switching (IPMS) and MLD snooping is called IP Multicast Switching version 6 (IPMSv6).
Page 452: Ipms Specifications
IPMS Specifications Configuring IP Multicast Switching Note. You can also configure and monitor IPMS with WebView, Alcatel-Lucent’s embedded Web-based device management application. WebView is an interactive and easy-to-use GUI that can be launched from OmniVista or a Web browser. Please refer to WebView’s online documentation for more informa- tion on configuring and monitoring IPMS/IPMSv6 with WebView.
Page 453: Ipms Default Values
Configuring IP Multicast Switching IPMS Default Values IPMS Default Values The table below lists default values for Alcatel-Lucent’s IPMS software. Parameter Description Command Default Value/Comments Administrative Status ip multicast admin-state disabled IGMP Querier Forwarding ip multicast querier- disabled forwarding IGMP Version...
Page 454: Ipmsv6 Default Values
IPMSv6 Default Values Configuring IP Multicast Switching IPMSv6 Default Values The table below lists default values for Alcatel-Lucent’s IPMSv6 software. Parameter Description Command Default Value/Comments Administrative Status ip multicast helper-address disabled MLD Querier Forwarding ipv6 multicast querier- disabled forwarding MLD Version...
Page 455: Ipms Overview
Multicast Stream (destination IP address) Multicast Server (source IP address) Ports on end stations send IGMP requests to receive multicast traffic. Network A Network B Example of an IPMS Network OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-5...
Page 456: Reserved Ip Multicast Addresses
IPMS uses decisions made by the routing protocols and forwards multicast traffic to ports that request group membership. See the OmniSwitch AOS Release 7 Advanced Routing Configuration Guide for more information on IP multicast routing protocols.
Page 457: Igmp Version 3
IGMPv3 also supports Source Specific Multicast (SSM) by allowing hosts to report interest in receiving packets only from specific source addresses or from all but specific source addresses. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-7...
Page 458: Configuring Ipms On A Switch
To restore the IP Multicast status to its default setting. You can also disable IP Multicast switching and routing on the specified VLAN by entering: -> ip multicast vlan 2 admin-state disable page 20-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 459: Enabling And Disabling Igmp Querier-Forwarding
By default, the version of Internet Group Management Protocol (IGMP) membership is Version 2. The following subsections describe how to configure IGMP protocol version ranging from 1 to 3 with the ip multicast version command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-9...
Page 460: Configuring And Removing An Igmp Static Neighbor
4095), a space, followed by port, a space, and the link aggregation group number. For example, to configure link aggregation group 7 with designated VLAN 2 as a static neighbor you would enter: -> ip multicast static-neighbor vlan 2 port 7 page 20-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 461: Configuring And Removing An Igmp Static Querier
IGMP static group ports receive IGMP reports generated on the specified IP Multicast group address. The following subsections describe how to configure and remove a static group with the ip multicast static-group command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-11...
Page 462: Configuring An Igmp Static Group
For example, to remove an IGMP static member with an IP address of 225.0.0.1 on port 10 in slot 3 with designated VLAN 3 you would enter: -> no ip multicast static-group 225.0.0.1 vlan 3 port 3/10 page 20-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 463: Modifying Ipms Parameters
10 in tenths of seconds. The following subsections describe how to configure the IGMP last member query interval and restore it by using the ip multicast last-member-query-interval command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-13...
Page 464: Modifying The Igmp Query Response Interval
6000 tenths-of-seconds you would enter: -> ip multicast query-response-interval 6000 You can also modify the IGMP query response interval on the specified VLAN by entering: -> ip multicast vlan 3 query-response-interval 6000 page 20-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 465: Modifying The Igmp Router Timeout
-> ip multicast router-timeout 0 Or, as an alternative, enter: -> ip multicast router-timeout To restore the IGMP router timeout to its default value. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-15...
Page 466: Modifying The Source Timeout
You can also restore the source timeout on the specified VLAN by entering: -> ip multicast vlan 2 source-timeout 0 Or, as an alternative, enter: -> ip multicast vlan 2 source-timeout To restore the source timeout to its default value. page 20-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 467: Enabling And Disabling Igmp Querying
You can modify the IGMP robustness variable from 1 to 7 on the system if no VLAN is specified, by entering ip multicast robustness followed by the new value. For example, to set the value of IGMP robustness to 3 you would enter: -> ip multicast robustness 3 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-17...
Page 468: Enabling And Disabling The Igmp Spoofing
To disable IGMP spoofing on the system if no VLAN is specified, use the ip multicast spoofing command as shown below: -> ip multicast spoofing disable Or, as an alternative, enter: page 20-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 469: Enabling And Disabling The Igmp Zapping
You can also disable IGMP zapping on the specified VLAN by entering: -> ip multicast vlan 2 zapping disable Or, as an alternative, enter: -> ip multicast vlan 2 zapping To restore the IGMP zapping to its default setting. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-19...
Page 470: Limiting Igmp Multicast Groups
To set the IGMP group limit for a port and drop any requests above the limit, use the ip multicast port max-group command as shown below: -> ip multicast port 1/1 max-group 25 action drop page 20-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 471: Ipmsv6 Overview
Multicast Group (dynamically built) Multicast Stream (destination IPv6 address) Multicast Server (source IPv6 address) Ports on end stations send MLD requests to receive multicast traffic. Network A Network B OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-21...
Page 472: Reserved Ipv6 Multicast Addresses
MLDv2 also supports Source Specific Multicast (SSM) by allowing hosts to report interest in receiving packets only from specific source addresses or from all but specific source addresses. page 20-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 473: Configuring Ipmsv6 On A Switch
You can also disable IPv6 Multicast on the specified VLAN by entering: -> ipv6 multicast vlan 2 admin-state disable Or, as an alternative, enter: -> ipv6 multicast vlan 2 admin-state To restore the IPv6 Multicast status to its default setting. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-23...
Page 474: Enabling And Disabling Mld Querier-Forwarding
To change the MLD version to Version 2 (MLDv2) on the system if no VLAN is specified, use the ipv6 multicast version command as shown below: -> ipv6 multicast version 2 page 20-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 475: Configuring And Removing An Mld Static Neighbor
4095), a space, followed by port, a space, and the link aggregation group number. For example, to configure link aggregation group 7 with designated VLAN 2 as a static neighbor you would enter: -> ipv6 multicast static-neighbor vlan 2 port 7 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-25...
Page 476: Configuring And Removing An Mld Static Querier
MLD static group ports receive MLD reports generated on the specified IPv6 Multicast group address. The following subsections describe how to configure and remove an MLD static group by using the ipv6 multicast static-group command. page 20-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 477: Configuring An Mld Static Group
For example, to remove an MLD static member with an IPv6 address of on port 10 in slot 3 with ff05::5 designated VLAN 3 you would enter: -> no ipv6 multicast static-group ff05::5 vlan 3 port 3/10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-27...
Page 478: Modifying Ipmsv6 Parameters
600 milliseconds on the system if no VLAN is specified, you would enter: -> ipv6 multicast last-member-query-interval 2200 You can also modify the MLD last member query interval on the specified VLAN by entering: -> ipv6 multicast vlan 3 last-member-query-interval 2200 page 20-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 479: Modifying The Mld Query Response Interval
-> ipv6 multicast query-response-interval 0 Or, as an alternative, enter: -> ipv6 multicast query-response-interval To restore the MLD query response interval to its default value. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-29...
Page 480: Modifying The Mld Router Timeout
The default source timeout (i.e., expiry time of IPv6 multicast sources) is 30 seconds. The following subsections describe how to configure a user-specified source timeout value and restore it by using the ipv6 multicast source-timeout command. page 20-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 481: Enabling And Disabling The Mld Querying
You can disable the MLD querying by entering ipv6 multicast querying followed by the disable keyword. For example, to disable the MLD querying you would enter: disable -> ipv6 multicast querying OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-31...
Page 482: Modifying The Mld Robustness Variable
To restore the MLD robustness to its default value. You can also modify the MLD robustness variable from 1 to 7 on the specified VLAN by entering: -> ipv6 multicast vlan 2 robustness 0 page 20-32 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 483: Enabling And Disabling The Mld Spoofing
By default MLD (i.e., processing membership and source filter removals immediately without waiting for the specified time period for the protocol– this mode facilitates IP TV applications looking for quick OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-33...
Page 484: Limiting Mld Multicast Groups
To set the MLD global group limit and drop any requests above the limit, use the ip multicast max- group command as shown below: -> ipv6 multicast max-group 25 action drop page 20-34 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 485 To set the MLD group limit for a port and drop any requests above the limit, use the ip multicast port max-group command as shown below: -> ipv6 multicast port 1/1 max-group 25 action drop OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-35...
Page 486: Ipms Application Example
Configure the client attached to Port 2 as a static querier belonging to VLAN 5 by entering: -> ip multicast static-querier vlan 5 port 1/2 Modify the robustness variable from its default value of 2 to 7 by entering: -> ip multicast robustness 7 page 20-36 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 487 Total 1 Neighbors Host Address VLAN Port Static Count Life ---------------+-----+-----+-------+------+----- 1.0.0.2 -> show ip multicast querier Total 1 Queriers Host Address VLAN Port Static Count Life ---------------+-----+-----+-------+------+----- 1.0.0.3 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-37...
Page 488: Ipmsv6 Application Example
Configure the client attached to Port 2 as a static MLD querier belonging to VLAN 5 by entering: -> ipv6 multicast static-querier vlan 5 port 1/2 Modify the robustness variable from its default value of 2 to 7 by entering: -> ipv6 multicast robustness 7 page 20-38 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 489 Total 1 Neighbors Host Address VLAN Port Static Count Life -------------------------+-----+-----+-------+------+----- fe80::2a0:ccff:fed3:2853 -> show ipv6 multicast querier Total 1 Queriers Host Address VLAN Port Static Count Life -------------------------+-----+-----+-------+------+----- fe80::2a0:ccff:fed3:2854 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 20-39...
Page 490: Displaying Ipms Configurations And Statistics
Displaying IPMS Configurations and Statistics Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics Alcatel-Lucent’s IP Multicast Switching (IPMS) show commands provide tools to monitor IPMS traffic and settings and to troubleshoot problems. These commands are described below: show ip multicast Displays the general IP Multicast switching and routing configuration parameters on a switch.
Page 491: Displaying Ipmsv6 Configurations And Statistics
Configuring IP Multicast Switching Displaying IPMSv6 Configurations and Statistics Displaying IPMSv6 Configurations and Statistics Alcatel-Lucent’s IPv6 Multicast Switching (IPMSv6) show commands provide tools to monitor IPMSv6 traffic and settings and to troubleshoot problems. These commands are described below: show ipv6 multicast Displays the general IPv6 Multicast switching and routing configuration parameters on a switch.
Page 492 Displaying IPMSv6 Configurations and Statistics Configuring IP Multicast Switching page 20-42 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 493: Chapter 21 Configuring Qos
“QoS General Overview” on page 21-4. • “Classification” on page 21-6. • “Congestion Management” on page 21-10. • “Congestion Avoidance” on page 21-18. • “Traffic Policing and Shaping” on page 21-20. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-1...
Page 494 “QoS Defaults” on page 21-30. • “Configuring QoS” on page 21-34. • “Creating Policies” on page 21-39. • “Using Access Control Lists” on page 21-59. • “Policy Applications” on page 21-69. page 21-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 495: Qos Specifications
(VOQ) per port. CLI Command Prefix Recognition Some QoS commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch AOS Release 7 Switch Management Guide for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-3...
Page 496: Qos General Overview
Deep ingress buffers facilitate holding ingress traffic when congestion occurs on the egress, helping to provide delivery with little or no packet loss. The general order of events with respect to the OmniSwitch 10K implementation of QoS are as follows: page 21-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 497 Traffic Policing and Shaping—Packet flows are policed or shaped to limit the rate of traffic received or sent by the switch. See “Traffic Policing and Shaping” on page 21-20. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-5...
Page 498: Classification
If a packet matches a QoS policy rule that sets a new priority value (802.1p or ToS/DSCP), the egress priority for the packet is set using the value specified in the rule. page 21-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 499: Classifying Bridged Traffic As Layer 3
This is done by adding up to four MAC addresses or four ranges of MAC addresses to the predefined QoS “alaPhone” MAC address group. See “Creating MAC Groups” on page 21-52 for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-7...
Page 500: Configuring Trusted Ports
The trust setting for a port can be configured globally on the switch or on a per-port basis to override the global setting. To configure the global setting on the switch, use the qos trust-ports command. For example: page 21-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 501: Using Trusted Ports With Policies
802.1p action, see “Condition and Action Combinations” on page 21-29. Note. 802.1p mapping can also be set for Layer 3 traffic, which typically has the 802.1p bits set to zero. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-9...
Page 502: Congestion Management
NI. Applies QoS policies. Determines packet destination port for unicast traffic or multi- modification, such as VLAN tag process- cast group ID (MGID). ing, multicast routing updates, etc. Generic VOQ Data Flow Example page 21-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 503: Queue Sets
The following diagram shows the relationship between switch ports, QSet instances, and QSet profiles as they apply to unicast traffic. See “Multicast VOQ” on page 21-13 for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-11...
Page 504 VOQ is specified. There is no physical buffer memory associated with these VOQs in the fabric. Packets are not buffered in fabric page 21-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 505 Configurable parameters for the profiles include the WRED profile (WRP) association and the admin- istrative status for the WRP and statistics collection for the QSet instance. By default, WRED and statistics collection are enabled for the profile. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-13...
Page 506 1, Name: wrp-1, Admin: Ena, CIR (%): 0, PIR (%): 100 To verify the QSet instance associations for a port or LAG, use the show qos qsi command. For example: page 21-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 507 For more information about WRED and configuring WRED profiles, see “Congestion Avoidance” on page 21-18. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-15...
Page 508: Queue Mapping Tables
Straight SP5 with starvation 100% Straight SP4 with starvation 100% Straight SP3 with starvation 100% Straight SP2 with starvation 100% Straight SP1 with starvation 100% Straight SP0 with starvation page 21-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 509 2.1, 2.2, 2.3 AF2 WFQ (starvable) 1.1, 1.2, 1.3 AF1 WFQ (starvable) 4, 3, 2, 4, 3, 2, 4.0, 3.0, BE not guaranteed 1, 0 1, 0 2.0, 1.0, 0.0 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-17...
Page 510: Congestion Avoidance
Manager (also referred to as a node) and there are 8 48-port NIs in the system, each port with a maximum queue size of 1.5MB, the maximum aggregated queue size is calculated as 1.5MB * 8 = 12MB. page 21-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 511 Configure the minimum queue threshold value large enough to account for bursty traffic. If this value is too small, packet dropping will occur and may cause under utilization of the link. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 512: Traffic Policing And Shaping
E-Services bandwidth parameters. The VLAN Stacking Service Access Point (SAP) profile defines an ingress and egress bandwidth rate limiting configuration for an Ethernet Service. See Chapter 27, “Configuring VLAN Stacking,” for more information. page 21-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 513: Shaping
The type of TCM used is determined when the policier is configured; depending on which rates and burst size values are configured, TCM functions in ether single-rate or two-rate mode. There is no explicit OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 514 A srTCM policy action specifies both a CBS and PBS value. Default values for these burst sizes are used if one is not specified using the optional cbs and pbs parameters. page 21-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 515: Configuring Policy Bandwidth Policing
The maximum bandwidth and maximum depth actions are configured as part of a QoS policy in which the condition specifies the type of traffic to rate limit. Maximum bandwidth policies are applied to source (ingress) ports and/or flows. See the “Bandwidth Policing Example” on page 21-70. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-23...
Page 516: Port Groups And Maximum Bandwidth
-> policy port group pgroup2 1/1 1/25 2/1 -> policy condition Ports2 destination port group pgroup2 -> policy action MaxBw maximum bandwidth 10k -> policy rule PortRule2 condition Ports2 action MaxBw page 21-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 517: Configuring Port Bandwidth Shaping
Modifying the maximum bandwidth is most useful for low-bandwidth links. • The configured port-based egress bandwidth limit takes precedence over an egress queue limit config- ured on the same port. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-25...
Page 518: Qos Policy Overview
PolicyView. And vice versa. This chapter discusses policy configuration using the CLI. For information about using WebView to configure the switch, see the OmniSwitch AOS Release 7 Switch Management Guide. For information about configuring policies through PolicyView, see the PolicyView online help.
Page 519: Valid Policies
Consider the following guidelines when configuring policy conditions: • IPv4 and IPv6 conditions cannot be combined. • Source and destination MAC address conditions cannot be used in IPv6 policy rules. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-27...
Page 520 The CLI prevents you from configuring invalid action combinations that are never allowed; however, it does allow you to create combinations that are supported in some scenarios. For example, an action specifying maximum bandwidth can be combined with an action specifying priority. page 21-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 521: Condition And Action Combinations
(a rule that uses the “multicast” keyword and only applies to IGMP traffic) destination slot/port or port group all actions bridging only OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-29...
Page 522: Qos Defaults
UserPorts. Whether a UserPorts port is qos user-port shutdown administratively disabled when unwanted traffic is received. Priority for IP Phone connec- qos phones trusted tions. page 21-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 523: Qos Port Defaults
WRP 1 Admin Status Enabled Statistics Admin Status Enabled QP1–QP8 Queue Type Strict Priority QP1–QP8 Admin Status Enabled QP1–QP8 WRP WRP 1 QP1–QP8 WRP Admin Status Enabled QP1–QP8 CIR PIR 0%, 100% OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-31...
Page 524: Policy Rule Defaults
Note that in the current software release, the deny and drop options produce the same effect that is, the traffic is silently dropped. Note. There are no defaults for the policy condition command. page 21-32 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 525: Default (Built-In) Policies
The switch network group—The switch has a default network group, called switch, that includes all IP addresses configured for the switch itself. This default network group can be used in policies. See “Creating Network Groups” on page 21-49 for more information about network groups. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-33...
Page 526: Configuring Qos
Applying the Configuration. All policy rule configuration and some global parameters must be specifically applied through the qos apply command before they are active on the switch. See “Applying the Configuration” on page 21-66. page 21-34 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 527: Configuring Global Qos Parameters
To display information about any QoS rules on the switch, enter debug qos rule: -> debug qos rule OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-35...
Page 528: Number Of Lines In The Qos Log
-> qos no forward log To activate the change, enter the qos apply command. For more information about the qos apply command, see “Applying the Configuration” on page 21-66. page 21-36 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 529: Forwarding Log Events To The Console
Note that this is in addition to sending log events to a file in the flash file system of the switch. See the “Using Switch Logging” chapter in the OmniSwitch AOS Release 7 Network Configuration Guide for more infor- mation.
Page 530: Setting The Statistics Interval
Displays global information about the QoS configuration. show qos statistics Displays statistics about QoS events. For more information about the syntax and displays of these commands, see the OmniSwitch CLI Refer- ence Guide. page 21-38 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 531: Creating Policies
Note. (Optional) To verify that the rule has been configured, use the show policy rule command. The display is similar to the following: -> show policy rule Rule name : my_rule Condition name = cond3, Action name = action2, OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-39...
Page 532: Ascii-File-Only Syntax
QoS object’s origin be modified. The blt keyword indicates built-in; this keyword cannot be used on the command line. For information about built-in policies and QoS groups, see “How Policies Are Used” on page 21-26. page 21-40 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 533: Creating Policy Conditions
(multicast only) ethertype The condition is not activated on the switch until you enter the qos apply command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-41...
Page 534: Creating Policy Actions
“Policy Conditions” on page 21-27 “Policy Actions” on page 21-28. See the OmniSwitch CLI Reference Guide for details about command syntax. page 21-42 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 535: Creating Policy Rules
Policy rule rule5 combines the condition and the action, so that traffic arriving on the switch from 10.10.8.9 is placed into the highest priority queue. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-43...
Page 536: Configuring A Rule Validity Period
By default, rules are enabled. Rules are disabled or re-enabled through the policy rule command using the disable and enable options. For example: -> policy rule rule5 disable This command prevents rule5 from being used to classify traffic. page 21-44 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 537: Rule Precedence
-> policy rule rule5 save For more information about the configuration snapshot, write memory, and copy running-config working commands, see the OmniSwitch AOS Release 7 Switch Management Guide and the OmniSwitch CLI Reference Guide. For more information about applying rules, see “Applying the Configuration”...
Page 538: Logging Rules
Note that setting the log interval time to 0 specifies to log as often as possible. Deleting Rules To remove a policy rule, use the no form of the command. -> no policy rule rule1 The rule is deleted after the next qos apply. page 21-46 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 539: Verifying Policy Configuration
Use the applied keyword to display information about applied rules only. show active policy rule Displays applied policy rules that are active (enabled) on the switch. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-47...
Page 540: Using Condition Groups In Policies
See the OmniSwitch CLI Reference Guide for more information about the output of this display. See “Verifying Condition Group Configuration” on page 21-55 for more information about using show commands to display information about condition groups. page 21-48 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 541: Creating Network Groups
In this example, netgroup3 is configured for condition c4 as source network group: -> policy condition c4 source network group netgroup3 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-49...
Page 542: Creating Services
An IP protocol (TCP or UDP), source IP port and/or destination IP port (or port range) must be associated with a service. IP port numbers are well-known port numbers defined by the IANA. For example, port numbers for FTP are 20 and 21; Telnet is 23. page 21-50 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 543: Creating Service Groups
The service group can then be associated with a condition through the policy condition command. For example: -> policy condition c6 service group serv_group OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-51...
Page 544: Creating Mac Groups
This command creates a condition called cond3 that can be used in a policy rule to classify traffic by source MAC addresses. The MAC addresses are specified in the MAC group. For more information about configuring conditions, see “Creating Policy Conditions” on page 21-41. page 21-52 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 545: Creating Port Groups
Note. Port group configuration is not active until the qos apply command is entered. To delete ports from a port group, use no and the relevant port number(s). -> policy port group techpubs no 2/1 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-53...
Page 546 The policy condition command removes the port group from the policy condition. (See “Creating Policy Conditions” on page 21-41 for more information about configuring policy conditions.) The port group is deleted at the next qos apply. page 21-54 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 547: Verifying Condition Group Configuration
Use the applied keyword to display informa- tion about applied groups only. See the OmniSwitch CLI Reference Guide for more information about the syntax and output for these commands. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-55...
Page 548: Using Map Groups
“Creating Policy Rules” on page 21-43. -> policy rule r3 condition Traffic action tosMap Apply the configuration. For more information about this command, see “Applying the Configuration” on page 21-66. -> qos apply page 21-56 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 549: How Map Groups Work
To delete mapping values from a group, use no and the relevant values: -> policy map group tosGroup no 1-2:4 The specified values are deleted from the map group at the next qos apply. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-57...
Page 550: Verifying Map Group Configuration
To display only information about applied map groups, use the applied keyword with the command. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. page 21-58 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 551: Using Access Control Lists
Since FilterA has an action (BlockTraffic) that is set to deny traffic, the flow would be denied on the switch. Note that although this example contains only Layer 2 conditions, it is possible to combine Layer 2 and Layer 3 conditions in the same policy. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-59...
Page 552: Layer 3 Acls
Layer 3 ACLs The QoS software in the switch filters routed and bridged traffic at Layer 3. For Layer 3 filtering, the QoS software in the switch classifies traffic based on: page 21-60 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 553 Note that although this example contains only Layer 2 conditions, it is possible to combine Layer 2 and Layer 3 conditions in the same policy. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-61...
Page 554: Ipv6 Acls
Chapter 20, “Configuring IP Multicast Switching.” Multicast traffic has its own global disposition. By default, the global disposition is accept. To change the default, use the qos default multicast disposition command. page 21-62 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 555: Using Acl Security Features
ARP DoS attacks. No configuration is required to use this feature, it is always available and active on the switch. Note that ARPs intended for use by a local subnet, AVLAN, VRRP, and Local Proxy ARP are not discarded. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-63...
Page 556: Configuring A Userports Group
Combining a Layer 2 condition for source VLAN with a Layer 3 condition for IP protocol is supported. In addition, two new condition parameters are available to provide more granular filtering of ICMP packets: page 21-64 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 557: Configuring Tcp Connection Rules
If the flag only appears as part of the mask, then the match value is zero. See the policy condition tcpflags command page in the OmniSwitch CLI Reference Guide for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-65...
Page 558: Applying The Configuration
Policy settings that have been configured but not applied through the qos apply command can be returned to the last applied settings through the qos revert command. For example: -> qos revert page 21-66 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 559: Interaction With Ldap Policies
The qos apply, qos revert, and qos flush commands do not affect policies created through the Policy- View application. Separate commands are used for loading and flushing LDAP policies on the switch. See Chapter 23, “Managing Authentication Servers,” for information about managing LDAP policies. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-67...
Page 560: Verifying The Applied Policy Configuration
Use the applied keyword to display informa- tion about applied groups only. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 21-68 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 561: Policy Applications
Note. If multiple addresses, services, or ports must be given the same priority, use a policy condition group to specify the group and associate the group with the condition. See “Using Condition Groups in Policies” on page 21-48 for more information about groups. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-69...
Page 562: Basic Commands
-> policy condition ip_traffic2 source ip 10.10.5.3 -> policy action flowShape maximum bandwidth 10m -> policy action burst maximum depth 1m -> policy rule rule2 condition traffic2 action flowShape action burst page 21-70 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 563: Redirection Policies
-> policy rule L4LARULE condition L4LACOND action REDIRECTLA Note that in both examples above, the rules are not active on the switch until the qos apply command is entered on the command line. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-71...
Page 564: Policy Based Mirroring
This policy (icmpRule) drops all ICMP traffic. To limit the dropped traffic to ICMP echo requests (pings) and/or replies, use the policy condition icmptype to specify the appropriate condition. For example, -> policy condition echo icmptype 8 -> policy condition reply icmptype 0 page 21-72 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 565: 802.1P And Tos/Dscp Marking And Mapping
With these conditions and action set up, two policy rules can be configured for mapping Subnet A and Subnet B to the ToS network: -> policy rule RuleA condition SubnetA action map_action -> policy rule RuleB condition SubnetB action map_action OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-73...
Page 566: Policy Based Routing
Note. If the routing table has a default route of 0.0.0.0, traffic matching a PBR policy is redirected to the route specified in the policy. For information about viewing the routing table, see Chapter 11, “Configur- ing IP.” page 21-74 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 567 For example: 174.26.1.0 173.10.2.0 10.3.0.0 Firewall 173.5.1.0 173.5.1.254 OmniSwitch Using a Built-In Port Group OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 21-75...
Page 568 Make sure to enter the qos apply command to activate the policy rule on the switch. Otherwise the rule is saved as part of the pending configuration, but is not active. page 21-76 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 569: Chapter 22 Managing Policy Servers
22 Managing Policy Servers Quality of Service (QoS) policies that are configured through Alcatel-Lucent’s PolicyView network management application are stored on a Lightweight Directory Access Protocol (LDAP) server. Policy- View is an OmniVista application that runs on an attached workstation.
Page 570: Policy Server Specifications
Priority value assigned to a server, used to preference 0 (lowest) determine search order Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server page 222 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 571: Policy Server Overview
See your server documentation for additional details on setting up the server. See the next sections of this chapter for information about modifying policy server parameters or viewing information about policy servers. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 223...
Page 572: Modifying Policy Servers
If the policy server is not created on the default port, the no form of the command must include the port number. For example: -> no policy server 10.10.2.4 5000 page 224 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 573: Modifying The Port Number
LDAP server to modify parameters on the server itself. Modifying the Searchbase The searchbase name is “o=alcatel.com” by default. To modify the searchbase name, enter the policy server command with the searchbase keyword. For example: -> policy server 10.10.2.3 searchbase "ou=qo,o=company,c=us"...
Page 574: Configuring A Secure Socket Layer For A Policy Server
To flush LDAP policies from the switch, use the policy server flush command. Note that any policies configured directly on the switch through the CLI are not affected by this command. -> policy server flush page 226 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 575: Interaction With Cli Policies
Displays the names of policies originating on a directory server that have been downloaded to the switch. show policy server events Displays any events related to a directory server. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 227...
Page 576 228 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 577: Managing Authentication Servers
“LDAP Servers” on page 23-14. For information about using servers for authenticating users to manage the switch, see the “Switch Secu- rity” chapter in the OmniSwitch AOS Release 7 Switch Management Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 578: Authentication Server Specifications
RFC 2989–Criteria for Evaluating AAA Protocols for Network Access Maximum number of authentication servers in single authority mode Maximum number of authentication servers in multiple authority mode Maximum number of servers per Authenticated Switch Access type page 232 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 579: Server Defaults
Timeout for server replies to authentication timeout requests Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 233...
Page 580: Quick Steps For Configuring Authentication Servers
Configure authentication on the switch. This step is described in other chapters. For a quick overview of using the configured authentication servers with Authenticated Switch Access, see the OmniSwitch AOS Release 7 Switch Management Guide. page 234 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 581: Server Overview
(authorization) if it has been configured on the server; otherwise, the local user database is polled for the privileges. For RADIUS, TACACS+, and LDAP, additional servers can be configured as backups. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 235...
Page 582 OmniSwitch OmniSwitch lege information about the checks the switch for privi- user. lege information. Servers Used for Authenticated Switch Access page 236 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 583: Radius Servers
Standard Attributes The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the Alcatel-Lucent RADIUS client in the switch supports them. Attribute 26 is for vendor-specific informa- tion and is discussed in “Vendor-Specific Attributes for RADIUS” on page 23-9.
Page 584 Not supported. These attributes are used for dial-up sessions; Called-Station-Id not applicable to the RADIUS client in the switch. Calling-Station-Id NAS-Identifier Proxy-State Login-LAT-Service Login-LAT-Node Login-LAT-Group Framed-AppleTalk-Link Framed-AppleTalk-Network Framed-AppleTalk-Zone CHAP-Challenge NAS-Port-Type Port-Limit Login-LAT-Port page 238 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 585 42 Alcatel-Lucent-Acce-Priv-F- hex. Configures functional write privileges for the user. The Alcatel-Lucent-Auth-Group attribute is used for Ethernet II only. If a different protocol, or more than one protocol is required, use the Alcatel-Lucent-Auth-Group-Protocol attribute instead. For example: Alcatel-Lucent-Auth-Group-Protocol 23: IP_E2 IP_SNAP Alcatel-Lucent-Auth-Group-Protocol 24: IPX_E2 In this example, authenticated users on VLAN 23 can use Ethernet II or SNAP encapsulation.
Page 586: Radius Accounting Server Attributes
(Authenticated VLANs only) Tracked per port. 44 Acct-Session Unique accounting ID. (For authenticated VLAN users, Alcatel-Lucent uses the MAC address of the client.) 45 Acct-Authentic Indicates how the client is authenticated; standard values (1–3) are not used. Vendor specific values must be used instead:...
Page 587: Configuring The Radius Client
23-3. To remove a RADIUS server, use the no form of the command: -> no aaa radius-server rad1 Note that only one server can be deleted at a time. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2311...
Page 588: Tacacs+ Server
A maximum of 50 simultaneous TACACS+ sessions can be supported when no other authentication mechanism is activated. • Accounting of commands performed by the user on the remote TACACS+ process is not supported in the boot.cfg file at boot up time. page 2312 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 589: Configuring The Tacacs+ Client
23-3. To remove a TACACS+ server, use the no form of the command: -> no aaa tacacs+-server tac1 Note that only one server can be deleted at a time. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2313...
Page 590: Ldap Servers
(Each server type has a command line tool or a GUI tool for importing LDIF files.) Database LDIF files can also be copied and used as templates. The schema files and the database files are specific to the server type. The files available on the Alcatel-Lucent software CD include the following: aaa_schema.microsoft.ldif aaa_schema.netscape.ldif...
Page 591: Ldap Server Details
The most common LDIF entries describe people in companies and organizations. The structure for such an entry might look like the following: dn: <distinguished name> objectClass: top objectClass: person objectClass: organizational Person cn: <common name> sn: <surname> <list of optional attributes> OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2315...
Page 592: Directory Entries
DN attributes are separated by commas as shown in this example: cn=your name, ou=your function, o= your company, c=US As there are other conventions used, please refer to the appropriate RFC specification for further details. page 2316 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 593: Directory Searches
LDAP client application. The LDAP-enabled directory server uses the DNs to find the entries to either add or modify their attribute values. Attributes are automatically created for requests to add values if the attributes are not already contained in the entries. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2317...
Page 594: Directory Compare And Sort
TCP/IP port number for directory server. If using TCP/IP and default port number (389), port need not be specified in the URL. SSL port number for directory server (default is 636). page 2318 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 595: Password Policies And Directory Servers
Account Lockout • Reset Password Failure Count • LDAP Error Messages (e.g., Invalid Username/Password, Server Data Error, etc.) For instructions on installing LDAP-enabled directory servers, refer to the vendor-specific instructions. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2319...
Page 596: Directory Server Schema For Ldap Authentication
A key computed from the user password with the alp2key tool. allowedtime The periods of time the user is allowed to log into the switch. switchgroups The VLAN ID and protocol (IP_E2, IP_SNAP, IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP). page 2320 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 597: Setting The Snmp Security Level
OmniSwitch AOS Release 7 Switch Management Guide. Configuring Authentication Key Attributes The alp2key tool is provided on the Alcatel-Lucent software CD for computing SNMP authentication keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one for Windows (NT 4.0 and higher).
Page 598: Ldap Accounting Attributes
User account ID or username client entered to log-in: variable length digits. • Time Stamp (YYYYMMDDHHMMSS (YYYY:year, MM:month, DD:day, HH:hour, MM:minute, SS:second) • Switch serial number: Alcatel-Lucent.BOP.<switch name>.<MAC address> • Client IP address: variable length digits. page 2322 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 599 Log-in fail error code: nn. For error code descriptions refer to the vendor-specific listing for the specific directory server in use. • Log-out reason code, for example PASSWORD EXPIRED(7) or AUTHENTICATION FAILURE(21). OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2323...
Page 600: Dynamic Logging
If the organizational unit ou=bop.logging exists somewhere in the tree under searchbase, logging records are written on the server. See the documentation of the server manufacturer for more information about setting up the server. page 2324 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 601: Configuring The Ldap Authentication Client
Note. The server must be configured with the appropriate schema before the aaa ldap-server command is configured. The keywords for the aaa ldap-server command are listed here: Required for creating: optional: host type retransmit password timeout base port OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2325...
Page 602: Creating An Ldap Authentication Server
The switch can now communicate with the server on port 635. To remove SSL from the server, use no with the ssl keyword. For example: -> aaa ldap-server ldap2 no ssl SSL is now disabled for the server. page 2326 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 603: Verifying The Authentication Server Configuration
An example of the output for this command is given in “Quick Steps For Configuring Authentication Servers” on page 23-4. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 2327...
Page 604 2328 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 605: Configuring Port Mapping
24-4. • Configuring an example Port Mapping Session—see “Sample Port Mapping Configuration” on page 24-5. • Verifying a Port Mapping Session—see “Verifying the Port Mapping Configuration” on page 24-6. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 24-1...
Page 606: Port Mapping Specifications
-> port-mapping 8 enable Note. You can verify the configuration of the port mapping session by entering show port-mapping followed by the session ID. -> show port-mapping 8 SessionID USR-PORT NETWORK-PORT -----------+----------------+------------------ page 24-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 607: Creating/Deleting A Port Mapping Session
To delete a previously created mapping session, use the no form of the port-mapping command. For example, to delete the port mapping session 6, enter: -> no port-mapping 6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 24-3...
Page 608: Enabling/Disabling A Port Mapping Session
To restore the direction of a port mapping session to its default (bidirectional), enter port-mapping followed by the session ID and bidirectional keyword. For example, to restore the direction (bidirectional) of the port mapping session 5, enter: -> port-mapping 5 bidirectional page 24-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 609: Sample Port Mapping Configuration
Ports 2/1 and 2/2 on Switch A do not interact with each other and do not interact with the ports on Switch B. • Ports 2/1, 2/2, and 3/1 on Switch B interact with all the ports of the network except with ports 2/1 and 2/2 on Switch A. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 24-5...
Page 610: Example Port Mapping Configuration Steps
Displays the configuration of one or more port mapping sessions. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. page 24-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 611: Chapter 25 Configuring Learned Port Security
Selecting the security violation mode for an LPS port on page 25-12. • Displaying LPS configuration information on page 25-13. For more information about source MAC address learning, see Chapter 3, “Managing Source Learning.” OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-1...
Page 612: Learned Port Security Specifications
MAC address range per LPS port. port-security port mac-range 00:00:00:00:00:00– ff:ff:ff:ff:ff:ff LPS port violation mode. port-security port violation restrict Number of bridged MAC addresses port-security port learn-trap- learned before a trap is sent. threshold page 25-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 613: Sample Learned Port Security Configuration
Port: Operation Mode SHUTDOWN-LW, Max MAC bridged Violation RESTRICT, Max MAC filtered : Low MAC Range 00:00:00:00:00:00, High MAC Range ff:ff:ff:ff:ff:ff VLAN MAC TYPE OPERATION -------------------------+--------+-------------+---------------------- Port: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-3...
Page 614 To verify the new source learning time limit value, use the show port-security learning-window command. For example: -> show port-security learning-window LPS Shutdown Config 30 min, Convert-to-static DISABLE, Remaining Learning Window = 1797 sec, page 25-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 615: Learned Port Security Overview
LPS functionality is supported on the following Ethernet port types: • Fixed • 802.1Q tagged The following port types are not supported: • Link aggregate • Tagged (trunked) link aggregate • Mirrored (MTP) OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-5...
Page 616: How Lps Authorizes Source Mac Addresses
MAC address entry in the LPS table until the switch configuration file is saved and the switch is rebooted. If a reboot occurs before this is done, all dynamically learned MAC addresses in the LPS table are cleared. page 25-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 617: Static Configuration Of Authorized Mac Addresses
MAC address table entries for the port are automatically cleared. To view the contents of the LPS table, use the show port-security command. Refer to the OmniSwitch CLI Reference Guide for more information about this command. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-7...
Page 618: Port And Link Aggregate Security Violation
The source learning time limit is configured on the LPS ports, using the port-security learning- window command. • Use the clear violation command to clear all the MAC address violation logs for a particular port and session and activate the ports. page 25-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 619: Configuring Learned Port Security
LPS on a range of ports: -> port-security 5/21-24 learning-disable To disable all the LPS ports on a chassis, use the port-security chassis learning-disable command, as shown: -> port-security chassis learning-disable OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-9...
Page 620: Configuring A Source Learning Time Limit
To disable the conversion of dynamic MAC addresses to static MAC addresses when the source learning time window expires, use the port-security learning-window command with the convert-to-static parameter, as shown: -> port-security learning-window 30 convert-to-static disable page 25-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 621: Configuring The Number Of Bridged Mac Addresses Allowed
To specify a maximum number of filtered MAC addresses learned on multiple ports, specify a range of ports or multiple slots. For example: -> port-security port 5/9-15 max-filtering 10 -> port-security port 1/1-5 max-filtering 25 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-11...
Page 622: Configuring An Authorized Mac Address Range
Note. Unauthorized source MAC addresses are not learned in the LPS table but are still recorded in the source learning MAC address table with a filtered operational status. This allows the user to view MAC addresses that were attempting unauthorized access to the LPS port. page 25-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 623: Displaying Learned Port Security Information
Guide. An example of the output for the show port-security, show port-security learning-window and show violation commands is also given in “Sample Learned Port Security Configu- ration” on page 25-3. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 25-13...
Page 624 Displaying Learned Port Security Information Configuring Learned Port Security page 25-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 625: Diagnosing Switch Problems
26-20. • Configuring a Port Monitoring Session—see “Configuring a Port Monitoring Session” on page 26-24. • Enabling a Port Monitoring Session—see “Enabling a Port Monitoring Session” on page 26-24. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-1...
Page 626 Configuring Sampling Intervals—see “Configuring Sampling Intervals” on page 26-45. For information about additional Diagnostics features such as Switch Logging and System Debugging/ Memory Management commands, see Chapter 28, “Using Switch Logging.” page 26-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 627: Port Mirroring Overview
Spanning Tree Enabled (Spanning Tree Disable) Mirroring Status Configuration port-mirroring source destination Enabled Mirroring Session Configuration port-mirroring Enabled Mirroring Session Deletion port-mirroring No Mirroring Sessions Configured OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-3...
Page 628: Quick Steps For Configuring Port Mirroring
Enable For more information about this command, see “Displaying Port Mirroring Status” on page 26-21 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 26-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 629: Port Monitoring Overview
Data File Creation port-monitoring source Enabled Data File Size port-monitoring source File Overwriting port-monitoring source Enabled Time before session is deleted port-monitoring source 0 seconds Capture-type port-monitoring source brief OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-5...
Page 630: Quick Steps For Configuring Port Monitoring
Bidirectional ON brief For more information about this command, see “Port Monitoring” on page 26-23 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. page 26-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 631: Sflow Overview
6343 Receiver Index sflow sampler Packet Sampling Rate sflow sampler Sampled Packet Size sflow sampler 128 Bytes Receiver Index sflow poller Interval Value sflow poller 0 seconds OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-7...
Page 632: Quick Steps For Configuring Sflow
ID. The display is similar to the one shown below: -> show sflow sampler 1 Instance Interface Receiver Rate Sample-Header-Size ----------------------------------------------------------------- 2/ 1 2048 2/ 2 2048 2/ 3 2048 2/ 4 2048 2/ 5 2048 page 26-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 633 2/ 7 2/ 8 2/ 9 2/10 For more information about this command, see “sFlow” on page 26-29 or the “sFlow Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-9...
Page 634: Remote Monitoring (Rmon) Overview
RMON Traps Supported RisingAlarm/FallingAlarm These traps are generated whenever an Alarm entry crosses either its Rising Threshold or its Falling Threshold and generates an event con- figured for sending SNMP traps. page 26-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 635: Rmon Probe Defaults
“Displaying a List of RMON Probes” on page 26-37, “Displaying Statistics for a Particular RMON Probe” on page 26-38, or the “RMON Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-11...
Page 636: Switch Health Overview
A Resource Threshold was exceeded by its cor- responding utilization value in the previous cycle, but is not exceeded in the current cycle. Threshold Crossing Traps Supported Device, module, port-level threshold crossings. page 26-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 637: Switch Health Defaults
Memory Threshold = 85 For more information about this command, see “Displaying Health Threshold Limits” on page 26-44 the “Health Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-13...
Page 638: Port Mirroring
When a frame is transmitted by the mirrored port, a copy of the frame is made, tagged with the mirroring port as the destination, and sent back over the switch backplane to the mirroring port. The diagram below illustrates the data flow between the mirrored and mirroring ports. page 26-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 639: What Happens To The Mirroring Port
You can also move the mirrored port so that the mirroring port receives data from different ports. In this way, you can roam the switch and monitor traffic at various ports. OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 640 D..and port mirroring sends copies of the Management frames to the mirroring port. NMS Workstation Mirroring Port Mirrored Port RMON Probe OmniSwitch Port Mirroring Using External RMON Probe page 26-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 641: Remote Port Mirroring
Generic Attribute Registration Protocol (GARP) • BPDUs are not mirrored on OmniSwitch 10K switches. For more information and an example of a Remote Port Mirroring configuration, see “Remote Port Mirroring” on page 26-17. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-17...
Page 642: Creating A Mirroring Session
-> port-mirroring 1 source 1/2-6 destination 2/4 In the following example, ports 1/9, 2/7, and 3/5 are mirrored on destination port 2/4 in session 1: -> port-mirroring 1 source 1/9 2/7 3/5 destination 2/4 page 26-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 643: Unblocking Ports (Protection From Spanning Tree)
2/port 3, and the mirroring port located in slot 6/port 4. The mirroring status is disabled (i.e., port mirroring is turned off): -> port-mirroring 6 source disable Note. You can modify the parameters of a port mirroring session that has been disabled. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-19...
Page 644: Configuring Port Mirroring Direction
ID number and the keyword enable. The following command enables port mirroring session 6 (turning port mirroring on): -> port-mirroring 6 enable page 26-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 645: Displaying Port Mirroring Status
To delete a mirroring session, enter the no port-mirroring command, followed by the port mirroring session ID number. For example: -> no port-mirroring 6 In this example, port mirroring session 6 is deleted. Note. The port mirroring session identifier must always be specified. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-21...
Page 646: Configuring Remote Port Mirroring
-> policy rule r_is1 condition c_is1 action a_is1 -> qos apply Note. If the intermediate switches are not OmniSwitches, refer to the vendor documentation for instructions on disabling or overriding source learning. page 26-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 647: Port Monitoring
If a port mirroring session is configured across two switching ASICs, then configuring a monitoring session is not allowed on any of the ports controlled by each of the ASICs involved. For example, if a OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 648: Configuring A Port Monitoring Session
(/), the port number of the port, and enable. For example, to enable port monitoring session 6 on port 2/3, enter: -> port-monitoring 6 source 2/3 enable page 26-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 649: Disabling A Port Monitoring Session
The port monitoring sniffer file can be viewed using software such as wireShark or ethereal. For example, to configure port monitoring session 6 on port 2/3 with a data file called “user_port” in the /flash directory, enter: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-25...
Page 650: Configuring Port Monitoring Direction
(/), the port number of the port, and inport, outport, or bidirectional. For example, to configure port monitoring session 6 on port 2/3 as unidirectional and inward bound, enter: page 26-26 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 651: Configuring Capture-Type
Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. The show port-monitoring command displays only 170 packets from the port monitor file. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-27...
Page 652: Sflow
The receiver module has the details about the destination hosts where the sFlow datagrams are sent out. If there are multiple destination then each destination has an instance of the receiver. All these receivers are attached to the sFlow manager instance and to an associated sample/poller. page 26-28 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 653: Sampler
For example, to configure sFlow sampler session 1 on port 2/3 and to specify the rate and sample-hdr-size, enter: -> sflow sampler 1 port 2/3 receiver 6 rate 512 sample-hdr-size 128 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-29...
Page 654: Configuring A Fixed Primary Address
UDP Port = 6343 Timeout = 65535 Packet Size= 1400 DatagramVer= 5 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. page 26-30 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 655: Displaying A Sflow Sampler
Receiver Interval ------------------------------------------- 2/ 6 2/ 7 2/ 8 2/ 9 2/10 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-31...
Page 656: Displaying A Sflow Agent
ID number, the slot number of the port to delete, a slash (/), and the port number of the port, enter: -> no sflow poller 3 port 1/1 page 26-32 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 657: Remote Monitoring (Rmon)
NMS Workstation Mirrored Port Mirroring Port RMON Probe OmniSwitch D..and port mirroring sends copies of the Management frames to the mirroring port. Port Mirroring Using External RMON Probe OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-33...
Page 658 Alarm can be generated, printed and/or logged. Note. The following RMON groups are not implemented: Host, HostTopN, Matrix, Filter, and Packet Capture. page 26-34 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 659: Enabling Or Disabling Rmon Probes
The following command enables all currently defined (disabled) RMON Alarm probes: -> rmon probes alarm enable Note. Network activity on subnetworks attached to an RMON probe can be monitored by Network Management Software (NMS) applications. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-35...
Page 660: Displaying Rmon Tables
A display showing all current alarm RMON probes must appear, as shown in the following example: Entry Slot/Port Flavor Status Duration System Resources -------+-----------+-----------+----------+---------------+-------------------- 31927 1/35 Alarm Active 00:25:51 608 bytes page 26-36 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 661: Displaying Statistics For A Particular Rmon Probe
Probe’s Owner: Switch Auto Probe on Slot 4, Port 5 Entry 4005 Flavor = Ethernet, Status = Active Time = 48 hrs 54 mins, System Resources (bytes) = 275 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-37...
Page 662: Sample Display For History Probe
Alarm Startup Alarm = rising alarm Alarm Variable = 1.3.6.1.2.1.16.1.1.1.5.4008 Entry 11235 Flavor = Alarm, Status = Active Time = 48 hrs 48 mins, System Resources (bytes) = 1677 page 26-38 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 663: Displaying A List Of Rmon Events
[Rising trap] “Rising Event,” an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm, with an elapsed time of 39 minutes since the last change in status. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-39...
Page 664: Monitoring Switch Health
Maximum utilization level over the last hour (percentage) • Threshold level Additionally, Health Monitoring provides the capacity to specify thresholds for the resource utilization levels it monitors and generates traps based on the specified threshold criteria. page 26-40 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 665 See page 26-45 more information.. • show health —Displays health statistics for the switch, as percentages of total resource capacity. See page 26-46 for more information. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-41...
Page 666: Configuring Resource Thresholds
Note. When you specify a new value for a threshold limit, the value is automatically applied across all levels of the switch (switch, module, and port). You cannot select differing values for each level. page 26-42 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 667: Configuring Resource Thresholds
Note. For detailed definitions of each of the threshold types, refer to “Configuring Resource Thresholds” on page 26-43, as well as Chapter 36, “Health Monitoring Commands,” in the OmniSwitch CLI Reference Guide. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-43...
Page 668: Configuring Sampling Intervals
(measured in seconds) is displayed, as shown below: -> show health configuration Rx Threshold = 80, TxRx Threshold = 80, Memory Threshold = 80, CPU Threshold = 80, Sampling Interval (Secs) = 10 page 26-44 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 669: Viewing Health Statistics For The Switch
Threshold limit. For example, if the Current value for Memory is displayed as 85* and the Threshold Limit is displayed as 80, the asterisk indicates that the Current value has exceeded the Threshold Limit value. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 26-45...
Page 670: Viewing Health Statistics For A Specific Interface
1 minute period. 1 Hr. Avg. refers to the average resource bandwidth used over a 1 hour period, and 1 Hr. Max. refers to the maximum resource bandwidth used over a 1 hour period. page 26-46 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 671: Chapter 27 Configuring Vlan Stacking
“Configuring VLAN Stacking Services” on page 27-10 • “VLAN Stacking Application Example” on page 27-20.. • “Verifying the VLAN Stacking Configuration” on page 27-24 • “Verifying the VLAN Stacking Configuration” on page 27-24. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-1...
Page 672: Vlan Stacking Specifications
802.3ad, UDLD, OAM, LACP- VLAN Stacking user port. Marker Tunneled Frames: STP, MVRP, Discarded Frames: 802.1ab, VTP VLAN, Uplink Fast, PVST, PAGP, DTP, CDP page 27-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 673: Vlan Stacking Overview
The following illustration shows how VLAN Stacking uses the above components to tunnel customer traf- fic through a service provider network: OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-3...
Page 674 Customer A Site 1 Transit Bridge Customer B EMAN Site 2 Provider Edge 1 Provider Edge 3 Customer B Site 1 NNI Port UNI Port NNI Port VLAN Stacking Elements page 27-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 675: How Vlan Stacking Works
VLAN Translation replaces the CVLAN Tag with SVLAN Tag. The packet is sent out the network port with a single tag (SVLAN). MAC DA ETYPE MAC SA Payload SVLAN Tag 0x0800 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-5...
Page 676: Vlan Stacking Services
UNI Port Profile—This type of profile is associated with each UNI port and configures how Span- ning Tree, and other control packets are processed on the UNI port. See the “Configuring VLAN Stacking Services” on page 27-10 for more information. page 27-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 677: Interaction With Other Features
A dual home configuration is not supported. This type of configuration consists of a single customer site connected to two different VLAN Stacking switches or two switches at a customer site connect to two different VLAN Stacking switches. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-7...
Page 678: Quick Steps For Configuring Vlan Stacking
-> ethernet-service uni-profile uni_1 l2-protocol stp discard (Optional) Associate the “uni_1” profile with port 1/49 using the ethernet-service uni uni-profile command. -> ethernet-service uni port 1/49 uni-profile uni_1 page 27-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 679 : sap-video1 SAP Id : 30 UNIs : 1/3 CVLAN(s) : 30, 40 sap-profile : sap-video2 See the OmniSwitch CLI Reference Guide for information about the fields in this display. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-9...
Page 680: Configuring Vlan Stacking Services
It is only necessary to configure a UNI profile if the default attribute values are not sufficient. See “Configuring a UNI Profile” on page 27-19. The following table provides a summary of commands used in these procedures: page 27-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 681: Configuring Svlans
To delete an SVLAN from the switch configuration, use the no form of the ethernet-service svlan command. For example, to delete SVLAN 300 enter: -> no ethernet-service svlan 300 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-11...
Page 682: Configuring A Vlan Stacking Service
-> show ethernet-service service-name CustomerABC Service Name : CustomerABC SVLAN : 255 NNI(s) : 1/22 SAP Id : 10 UNIs : 2/10, 2/11 CVLAN(s) : 500, 600 sap-profile : default-sap-profile page 27-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 683: Configuring Vlan Stacking Network Ports
NNI port. If the configured NNI TPID value and the ingress packet value match, then the packet is considered an SVLAN tagged packet. If these values do not match, then the packet is classified as a non-SVLAN tagged packet. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-13...
Page 684: Configuring A Vlan Stacking Service Access Point
SAP profile. Each SAP is associated with a single profile. This profile contains attributes that are used to define traffic engineering parameters applied to traffic ingressing on UNI ports that are associated with the SAP. See “Configuring a Service Access Point Profile” on page 27-17. page 27-14 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 685: Configuring Vlan Stacking User Ports
Stacking User Network Interface (UNI) and associate the UNI with a VLAN Stacking service access point (SAP). For example, the following command configures port 1/1 as an UNI port and associates 1/1 with SAP 20: -> ethernet-service sap 20 uni port 1/1 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-15...
Page 686: Configuring The Type Of Customer Traffic To Tunnel
For example, the following command specifies that all untagged frames is accepted on UNI ports associ- ated with SAP 20: -> ethernet-service sap 20 cvlan untagged page 27-16 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 687: Configuring A Service Access Point Profile
Determines if a customer frame is tagged with late the SVLAN ID (double-tag) or the CVLAN ID is changed to the SVLAN ID (translate) when the frame is encapsulated for tunneling. Double-tag is used by default. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-17...
Page 688: Associating A Profile With A Service Access Point
SAP is replaced with the new profile. ethernet-service sap sap-profile command is used to associate a new profile with a VLAN Stacking SAP. For example, the following command associates the map_pbit profile to SAP 20: page 27-18 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 689: Configuring A Uni Profile
For example: -> ethernet-service uni port 1/1 uni-profile default-uni-profile Use the show ethernet-service uni command to display the profile associations for each UNI port. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-19...
Page 690: Vlan Stacking Application Example
SVLAN 100 MAN CLOUD NNI 3/1 NNI 3/1 SVLAN 200 UNI 2/1 UNI 2/1 CVLAN 10 CVLAN 10 Customer B Customer B Site 1 Site 2 VLAN Stacking Application page 27-20 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 691: Vlan Stacking Configuration Example
Configure SAP 30 on PE1 and PE2 to accept only customer traffic that is tagged with CVLAN 10 using the ethernet-service sap cvlan command. -> ethernet-service sap 30 cvlan 10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-21...
Page 692 The following is an example of what the sample configuration commands look like entered sequentially on the command line of the provider edge switches: -> ethernet-service svlan 100 -> ethernet-service service-name CustomerA svlan 100 -> ethernet-service svlan 100 nni port 3/1 page 27-22 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 693 -> ethernet-service sap 30 service-name CustomerB -> ethernet-service sap 30 uni 2/1 -> ethernet-service sap 30 cvlan 10 -> ethernet-service sap-profile map_pbit priority map-inner-to-outer-p -> ethernet-service sap 30 sap-profile map_pbit OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 27-23...
Page 694: Verifying The Vlan Stacking Configuration
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show ethernet-service command is also given in “Quick Steps for Configuring VLAN Stacking” on page 27-8. page 27-24 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 695: Chapter 28 Using Switch Logging
“Displaying Switch Logging Records” on page 28-12 Notes. Switch logging commands are not intended for use with low-level hardware and software debugging. It is strongly recommended that you contact an Alcatel-Lucent Customer Service representa- tive for assistance with debugging functions.
Page 696: Switch Logging Specifications
Severity Levels/Types Supported 2 (Alarm - highest severity), 3 (Error), 4 (Alert), 5 (Warning) 6 (Info - default), 7 (Debug 1), 8 (Debug 2), 9 (Debug 3 - lowest severity) page 28-2 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 697: Switch Logging Defaults
Default severity level is info. The numeric equivalent for info is 6 Enabling/Disabling switch logging swlog output Flash Memory and Console Output Switch logging file size swlog output flash 128000 bytes file-size OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 28-3...
Page 698: Quick Steps For Configuring Switch Logging
Hash Table entries age limit : 60 seconds, Switch Log Preamble : Enabled, Switch Log Debug : Disabled, Switch Log Duplicate Detection : Enabled, Console Display Level : debug3, page 28-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 699: Switch Logging Overview
Notes. Although switch logging provides complementary functionality to switch debugging facilities, the switch logging commands are not intended for use with low-level hardware and software debugging functions. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 28-5...
Page 700: Switch Logging Commands Overview
CLI Keyword Application ID Equivalent IDLE APPID_IDLE DIAG APPID_DIAGNOSTICS IPC-DIAG APPID_IPC_DIAGNOSTICS QDRIVER APPID_QDRIVER QDISPATCHER APPID_QDISPATCHER IPC-LINK APPID_IPC_LINK NI-SUPERVISION APPID_NI_SUP_AND_PROBER INTERFACE APPID_ESM_DRIVER 802.1Q APPID_802.1Q VLAN APPID_VLAN_MGR APPID_GROUPMOBILITY (RESERVED) BRIDGE APPID_SRCLEANING page 28-6 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 701 APPID_CLI SNMP APPID_SNMP_AGENT APPID_WEBMGT MIPGW APPID_MIPGW SESSION APPID_SESSION_MANAGER TRAP APPID_TRAP_MANAGER POLICY APPID_POLICY_MANAGER APPID_DRC SYSTEM APPID_SYSTEM_SERVICES HEALTH APPID_HEALTHMON NAN-DRIVER APPID_NAN_DRIVER RMON APPID_RMON TELNET APPID_TELNET APPID_PSM APPID_FTP SMNI APPID_SMNI DISTRIB APPID_DISTRIB OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 28-7...
Page 702: Specifying The Severity Level
The following command makes the same assignment by using the severity level and application numbers. -> swlog appid 75 level 3 No confirmation message appears on the screen for either command. page 28-8 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 703: Specifying The Switch Logging Output Device
IP address to which output is sent. For example, if the target IP address is 168.23.9.100, you would enter: -> swlog output socket ipaddr 168.23.9.100 No confirmation message appears on the screen. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 28-9...
Page 704: Disabling An Ip Address From Receiving Switch Logging Output
To disable a specific configured output IP address from receiving switch logging output, use the same command as above but specify an IPv4 or IPv6 address. For example: -> no swlog output socket 174.16.5.1 page 28-10 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 705: Configuring The Switch Logging File Size
No confirmation message appears on the screen. OmniSwitch AOS Release 7 Network Configuration Guide March 2011 page 28-11...
Page 706: Displaying Switch Logging Records
New telnet connection, Address, 128.251.30.88 MON NOV 11 13:24:03 2005 TELNET info Session 4, Created MON NOV 11 13:59:04 2005 info The HTTP session user logout suc cessful! page 28-12 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 707: Appendix A Software License And Copyright Statements
Licensee further acknowledges and agrees that all rights, title, and interest in and to the Licensed Materials are and shall remain with Alcatel-Lucent and its licen- sors and that no such right, license, or interest shall be asserted with respect to such copyrights and trade- marks.
Page 708 Period, a defect in the Licensed Files appears, Licensee may return the Licensed Files to Alcatel-Lucent for either replacement or, if so elected by Alcatel-Lucent, refund of amounts paid by Licensee under this License Agreement. EXCEPT FOR THE WARRANTIES SET FORTH ABOVE, THE LICENSED MATERIALS ARE LICENSED “AS IS”...
Page 709 14.Third Party Materials. Licensee is notified that the Licensed Files contain third party software and materials licensed to Alcatel-Lucent by certain third party licensors. Some third party licensors are third part beneficiaries to this License Agreement with full rights of enforcement. Please refer to the section entitled “Third Party Licenses and Notices”...
Page 710: Third Party Licenses And Notices
/flash/foss. Also, if needed, we provide all FOSS (Free and Open Source Software) source code used into this release at the following URL: https://service.esd.alcatel-lucent.com/portal/page/portal/EService/release page A-4 OmniSwitch AOS Release 7 Network Configuration Guide March 2011...
Page 711: Index
Index IPMS 20-36, 20-38 IPv6 13-4 Layer 3 ACLs 21-61 policies 21-69 policy map groups 21-56 Port Mapping 24-2, 24-6 port mirroring 26-4 port monitoring 26-6, 26-8 21-39, 21-69 qos log lines command 21-36 15-3 qos stats interval command 21-38 RMON 26-11 Server Load Balancing...
Page 712 Index bridge path cost mode command 5-31 Spanning Tree Bridge 5-4, 9-2 bridge priority command 5-28 Spanning Tree Port Bridge Protocol Data Units static link aggregation contents switch health 26-13 bridge slot/port command 5-30 switch logging 28-3 bridge slot/port connection command 5-41 UDLD bridge slot/port priority command...
Page 713 Index verify information about 7-30 ICMP 11-29 dynamic log ping 11-32 LDAP accounting servers 23-24 protocols 11-5, 12-9 router ID 11-16 router port 11-7 router primary address 11-16 errors 28-8 specifications 11-3 Ethernet static route 11-11, 13-18 defaults 1-2, 1-3 tracing an IP route 11-33 flood rate...
Page 714 Index modifying 11-9 ipv6 load rip command 13-4 removing 11-9, 12-14 ipv6 rip interface command 13-4 ip router primary-address command 11-16 ipv6 route-pref command 13-19 ip router router-id command 11-16 ip service command 11-28 ip slb admin command 19-4, 19-11 jumbo frames ip slb cluster admin status command 19-17...
Page 715 Index link aggregation dynamic link aggregation 7-1, 8-1 pending configuration 21-66 Spanning Tree parameters 5-35, 5-36, 5-38, 5-40, 5-42 pending policies static link aggregation deleting 21-66 lldp lldpdu command 10-2 Per VLAN DHCP 17-9 lldp notification command 10-2 PIM-SM 20-7 lldp tlv dot1 command 10-11 ping...
Page 716 Index Port Mapping 24-1 application examples 24-2, 24-6 defaults 24-2 application examples 21-39, 21-69 specifications 24-2 ASCII-file-only syntax 12-8, 21-40 port mapping command 24-2 configuration overview 21-34 Port Mapping Session defaults 21-30 creating and deleting 24-3 enabled/disabled 21-35 enabling and disabling 24-4 interaction with other features 21-26...
Page 717 Index garbage timer 15-10 hold-down timer 15-10 sampling intervals host route 15-11 configuring 26-45 interface 15-7 viewing 26-45 invalid timer 15-10 Secure Socket Layer 15-4 see SSL loading 15-6 Security Violation Mode 25-12 redistribution 15-12 restrict mode 25-12 security 15-18 shutdown mode 25-13 specifications...
Page 718 Index show icmp control command 11-32 topology 5-6, 5-11 show icmp statistics command 11-32 Topology Change Notification show ip config command 11-17, 11-23 Spanning Tree Bridge show ip interface command 11-9 defaults 5-4, 9-2 show ip redist command 15-16 Spanning Tree bridge parameters show ip rip command 15-7 802.1D standard protocol...
Page 719 Index specifications disabling on switch verify information about 6-11 enabling on port static linkagg admin state command overview static linkagg name command show static linkagg size command 6-3, 6-7 specifications static MAC addresses udld command static route udld port command 11-11, 13-18 11-33 metric...
Page 720 Index vrrp track command 18-25 vrrp track-association command 18-25 vrrp trap command 18-14, 18-23 VRRP3 18-19 Advertisement Interval 18-21 application examples 18-31 Preemption 18-22 Traps 18-23 Virtual Router 18-19 Virtual Router Priority 18-21 VSAs for LDAP servers 23-20 for RADIUS authentication 23-7 RADIUS accounting servers 23-11...

This manual is also suitable for:

Omniswitch aos 7

Save PDF