Page 1 Part No. 060217-10, Rev. E December 2007 OmniSwitch 6800 Series OmniSwitch 6850 Series OmniSwitch 9000 Series Network Configuration Guide www.alcatel-lucent.com...
Page 2 Series, and OmniSwitch 9000 Series. The functionality described in this guide is subject to change without notice. Copyright © 2007 by Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel-Lucent.
Page 3: Table Of Contents
Contents About This Guide ..................... xxxv Supported Platforms ..................... xxxv Who Should Read this Manual? .................. xxxvi When Should I Read this Manual? ................xxxvi What is in this Manual? ....................xxxvi What is Not in this Manual? ..................xxxvii How is the Information Organized? ................
Page 4 Chapter 2 Managing Source Learning ................... 2-1 In This Chapter ........................2-1 Source Learning Specifications ..................2-2 Source Learning Defaults ....................2-2 Sample MAC Address Table Configuration ..............2-2 MAC Address Table Overview ..................2-4 Using Static MAC Addresses ..................2-4 Configuring Static MAC Addresses .................2-5 Static MAC Addresses on Link Aggregate Ports ..........2-5 Using Static Multicast MAC Addresses .................2-6 Configuring Static Multicast MAC Addresses ............2-6...
Page 5 Chapter 4 Configuring Learned Port Security ................ 4-1 In This Chapter ........................4-1 Learned Port Security Specifications ................4-2 Learned Port Security Defaults ..................4-2 Sample Learned Port Security Configuration ..............4-3 Learned Port Security Overview ..................4-4 How LPS Authorizes Source MAC Addresses ............4-5 Dynamic Configuration of Authorized MAC Addresses .........4-5 Static Configuration of Authorized MAC Addresses ..........4-6 Understanding the LPS Table ..................4-6...
Page 6 Bridging VLANs Across Multiple Switches ..............5-14 Verifying the VLAN Configuration ................5-15 Chapter 6 Configuring GVRP ...................... 6-1 In This Chapter ........................6-1 GVRP Specifications ......................6-2 GVRP Defaults ........................6-2 GARP Overview ......................6-3 GVRP Overview ......................6-3 Quick Steps for Configuring GVRP ................6-5 Configuring GVRP ......................6-7 Enabling GVRP ......................6-7 Enabling Transparent Switching ................6-8 Configuring the Maximum Number of VLANs ............6-8...
Page 7 Configuring Service-Based VLAN Stacking ..............7-15 Changing the VLAN Stacking Mode ..............7-17 Configuring SVLANs ....................7-17 Configuring a VLAN Stacking Service ..............7-18 Configuring VLAN Stacking Network Ports ............7-19 Configuring NNI Port Parameters ..............7-19 Configuring a VLAN Stacking Service Access Point ..........7-20 Configuring VLAN Stacking User Ports ...............7-21 Configuring the Type of Customer Traffic to Tunnel ..........7-22 Configuring a Service Access Point Profile ............7-23 Associating a Profile with a Service Access Point ..........7-24...
Page 8 Configuring the Bridge Priority ................8-21 Configuring the Bridge Hello Time ...............8-22 Configuring the Bridge Max Age Time ..............8-23 Configuring the Bridge Forward Delay Time ............8-24 Enabling/Disabling the VLAN BPDU Switching Status ........8-25 Configuring the Path Cost Mode ................8-25 Using Automatic VLAN Containment ..............8-26 Configuring STP Port Parameters .................8-27 Bridge Configuration Commands Overview ............8-27 Enabling/Disabling Spanning Tree on a Port ............8-30...
Page 9 Configuring Loopback .....................9-9 Configuring Linktrace ....................9-9 Configuring the Fault Alarm Time .................9-10 Configuring the Fault Reset Time ................9-10 Verifying the Ethernet OAM Configuration ..............9-11 Chapter 10 Configuring MAC Retention ................... 10-1 In This Chapter ......................10-1 MAC Retention Defaults ....................10-2 MAC Retention Overview ....................10-3 How MAC Retention Works ..................10-4 MAC Retention After Multiple Take-Overs ............10-5 Configuring MAC Retention ..................10-6...
Page 10 Chapter 12 Configuring Port Mapping ..................12-1 In This Chapter ......................12-1 Port Mapping Specifications ..................12-2 Port Mapping Defaults ....................12-2 Quick Steps for Configuring Port Mapping ..............12-2 Creating/Deleting a Port Mapping Session ..............12-3 Creating a Port Mapping Session ................12-3 Deleting a User/Network Port of a Session .............12-3 Deleting a Port Mapping Session ................12-3 Enabling/Disabling a Port Mapping Session ..............12-4 Enabling a Port Mapping Session ................12-4...
Page 11 Defining MAC Address Rules ................13-15 Defining MAC Range Rules ................13-15 Defining IP Network Address Rules ..............13-16 Defining IPX Network Address Rules ..............13-16 Defining Protocol Rules ..................13-17 Defining Port Rules ....................13-18 Application Example: DHCP Rules ................13-19 The VLANs ....................13-19 DHCP Servers and Clients ................13-19 Verifying VLAN Rule Configuration .................13-22 Chapter 14 Using Interswitch Protocols...
Page 12 Chapter 16 Configuring Static Link Aggregation ..............16-1 In This Chapter ......................16-1 Static Link Aggregation Specifications ................16-2 Static Link Aggregation Default Values ...............16-2 Quick Steps for Configuring Static Link Aggregation ..........16-3 Static Link Aggregation Overview ................16-5 Static Link Aggregation Operation ................16-5 Relationship to Other Features ................16-6 Configuring Static Link Aggregation Groups ...............16-7 Configuring Mandatory Static Link Aggregate Parameters ........16-7...
Page 13 Modifying Dynamic Link Aggregate Group Parameters ..........17-14 Modifying Dynamic Aggregate Group Parameters ..........17-14 Modifying the Dynamic Aggregate Group Name .........17-14 Modifying the Dynamic Aggregate Group Administrative State ....17-15 Configuring and Deleting the Dynamic Aggregate Group Actor Administrative Key ..................17-15 Modifying the Dynamic Aggregate Group Actor System Priority ....17-16 Modifying the Dynamic Aggregate Group Actor System ID .......17-16 Modifying the Dynamic Aggregate Group Partner Administrative Key ..17-17 Modifying the Dynamic Aggregate Group Partner System Priority .....17-17...
Page 14 Configuring Address Resolution Protocol (ARP) ..........18-12 Adding a Permanent Entry to the ARP Table ..........18-12 Deleting a Permanent Entry from the ARP Table .........18-13 Clearing a Dynamic Entry from the ARP Table ...........18-13 Local Proxy ARP ...................18-13 ARP Filtering ....................18-14 IP Configuration ......................18-15 Configuring the Router Primary Address .............18-15 Configuring the Router ID ...................18-15...
Page 15 Configuring an IPv6 Interface ..................19-11 Modifying an IPv6 Interface ................19-12 Removing an IPv6 Interface .................19-12 Assigning IPv6 Addresses ...................19-13 Removing an IPv6 Address ..................19-14 Configuring IPv6 Tunnel Interfaces ................19-15 Creating an IPv6 Static Route ..................19-16 Configuring the Route Preference of a Router ............19-17 Configuring Route Map Redistribution ..............19-18 Using Route Maps ..................19-18 Configuring Route Map Redistribution ............19-22...
Page 16 RIP Security ........................20-18 Configuring Authentication Type ................20-18 Configuring Passwords ..................20-18 Verifying the RIP Configuration .................20-19 Chapter 21 Configuring RDP ....................... 21-1 In This Chapter ......................21-1 RDP Specifications .......................21-2 RDP Defaults ........................21-2 Quick Steps for Configuring RDP ................21-3 RDP Overview ......................21-5 RDP Interfaces .......................21-6 Security Concerns ....................21-7 Enabling/Disabling RDP ....................21-8...
Page 17 Using Automatic IP Configuration ................22-12 Enabling Automatic IP Configuration ..............22-12 Configuring UDP Port Relay ..................22-13 Enabling/Disabling UDP Port Relay ..............22-14 Specifying a Forwarding VLAN ................22-14 Configuring DHCP Security Features .................22-15 Using the Relay Agent Information Option (Option-82) ........22-15 How the Relay Agent Processes DHCP Packets from the Client ....22-16 How the Relay Agent Processes DHCP Packets from the Server ....22-16 Enabling the Relay Agent Information Option-82 ........22-17 Configuring a Relay Agent Information Option-82 Policy ......22-17...
Page 18 Configuring Collective Management Functionality ..........23-14 Changing Default Parameter Values for all Virtual Routers ......23-14 Changing Default Parameter Values for a Virtual Router Group ....23-15 Verifying the VRRP Configuration ................23-18 VRRPv3 Configuration Overview ................23-19 Basic VRRPv3 Virtual Router Configuration ............23-19 Creating/Deleting a VRRPv3 Virtual Router ............23-19 Specifying an IPv6 Address for a VRRPv3 Virtual Router .........23-20 Configuring the VRRPv3 Advertisement Interval ..........23-21 Configuring the VRRPv3 Virtual Router Priority ..........23-21...
Page 19 Chapter 25 Managing Authentication Servers ..............25-1 In This Chapter ......................25-1 Authentication Server Specifications ................25-2 Server Defaults ......................25-3 RADIUS Authentication Servers ................25-3 TACACS+ Authentication Servers ................25-3 LDAP Authentication Servers ................25-3 Quick Steps For Configuring Authentication Servers ..........25-4 Server Overview ......................25-5 Backup Authentication Servers ................25-5 Authenticated Switch Access .................25-5 Authenticated VLANs ....................25-6...
Page 20 Chapter 26 Configuring Authenticated VLANs ..............26-1 In This Chapter ......................26-1 Authenticated Network Overview .................26-2 AVLAN Configuration Overview .................26-4 Sample AVLAN Configuration ................26-5 Setting Up Authentication Clients ................26-7 Telnet Authentication Client ..................26-7 Web Browser Authentication Client ..............26-7 Configuring the Web Browser Client Language File ........26-8 Required Files for Web Browser Clients ............26-8 SSL for Web Browser Clients ...............26-11 DNS Name and Web Browser Clients ............26-12...
Page 21 ACLMAN Overview .....................28-5 ACLMAN Configuration File ................28-5 ACL Text Files .......................28-6 ACL Precedence .....................28-6 Interaction With the Alcatel-Lucent CLI ...............28-6 Using the ACLMAN Shell ....................28-7 ACLMAN Modes and Commands ................28-8 Privileged Exec Mode Commands .................28-8 Global Configuration Mode Commands ..............28-9 Interface Configuration Mode Commands ............28-11...
Page 22 Saving the ACL Configuration ................28-20 Editing the ACLMAN Configuration File ............28-20 Importing ACL Text Files ..................28-21 Verifying the ACLMAN Configuration ..............28-22 Using Alcatel-Lucent CLI to Display ACLMAN Policies ........28-22 Chapter 29 Managing Policy Servers ..................29-1 In This Chapter ......................29-1 Policy Server Specifications ..................29-2...
Page 23 QoS Defaults .......................30-10 Global QoS Defaults ....................30-10 QoS Port Defaults ....................30-11 Policy Rule Defaults .....................30-11 Policy Action Defaults ..................30-12 Default (Built-in) Policies ..................30-12 QoS Configuration Overview ..................30-13 Configuring Global QoS Parameters ................30-14 Enabling/Disabling QoS ..................30-14 Setting the Global Default Dispositions ...............30-14 Setting the Global Default Servicing Mode ............30-15 Automatic QoS Prioritization ................30-15 Configuring Automatic Prioritization for NMS Traffic ........30-15...
Page 24 Creating Policy Rules ...................30-35 Configuring a Rule Validity Period ...............30-36 Disabling Rules .....................30-36 Rule Precedence ....................30-37 Saving Rules ....................30-37 Logging Rules ....................30-38 Deleting Rules ....................30-38 Verifying Policy Configuration ................30-38 Testing Conditions ....................30-39 Using Condition Groups in Policies ................30-42 ACLs ........................30-42 Sample Group Configuration ................30-42 Creating Network Groups ..................30-43 Creating Services ....................30-44...
Page 25 ACL Overview ......................31-5 Rule Precedence .....................31-6 How Precedence is Determined ...............31-6 Interaction With Other Features ................31-6 Valid Combinations ....................31-6 ACL Configuration Overview ..................31-7 Setting the Global Disposition ..................31-7 Creating Condition Groups For ACLs ................31-8 Configuring ACLs ......................31-9 Creating Policy Conditions For ACLs ..............31-9 Creating Policy Actions For ACLs ..............31-10 Creating Policy Rules for ACLs ................31-11 Layer 2 ACLs .......................31-11...
Page 26 Configuring IPMS on a Switch ..................32-9 Enabling and Disabling IP Multicast Status ............32-9 Enabling IP Multicast Status ................32-9 Disabling IP Multicast Status ................32-9 Enabling and Disabling IGMP Querier-forwarding ..........32-10 Enabling the IGMP Querier-forwarding ............32-10 Disabling the IGMP Querier-forwarding ............32-10 Configuring and Restoring the IGMP Version ............32-10 Configuring the IGMP Version ..............32-11 Restoring the IGMP Version .................32-11 Configuring and Removing an IGMP Static Neighbor ........32-11...
Page 27 Configuring IPMSv6 on a Switch ................32-23 Enabling and Disabling IPv6 Multicast Status .............32-23 Enabling IPv6 Multicast Status ..............32-23 Disabling IPv6 Multicast Status ..............32-23 Enabling and Disabling MLD Querier-forwarding ..........32-24 Enabling the MLD Querier-forwarding ............32-24 Disabling the MLD Querier-forwarding ............32-24 Configuring and Restoring the MLD Version ............32-24 Configuring the MLD Version 2 ..............32-24 Restoring the MLD Version 1 ...............32-25 Configuring and Removing an MLD Static Neighbor .........32-25...
Page 28 Displaying IPMS Configurations and Statistics ............32-39 Displaying IPMSv6 Configurations and Statistics ............32-40 Chapter 33 Configuring IP Multicast VLAN ................33-1 In This Chapter ......................33-1 IP Multicast VLAN Specifications ................33-2 IP Multicast VLAN Defaults ..................33-2 IP Multicast VLAN Overview ..................33-3 VLAN Stacking Mode ...................33-3 IPMVLAN Lookup Mode ................33-3 Enterprise Mode .....................33-4 IPMV Packet Flows ......................33-5...
Page 29 Server Load Balancing Example ................34-8 Server Health Monitoring ..................34-9 Configuring the Server Farm ..................34-10 Configuring a Windows NT Server ..............34-10 Configuring a Windows 2000 Server ..............34-13 Adding the Microsoft Loopback Adapter Driver ..........34-15 Adding the Loopback Adapter Driver to a Windows NT Server ....34-15 Adding the Loopback Adapter Driver to a Windows 2000 Server ....34-17 Configuring a Red Hat Linux Server .............34-21 Configuring a Sun Solaris Server ..............34-21...
Page 30 Configuring a Probe Send ................34-34 Configuring a Probe Expect ................34-34 Displaying Server Load Balancing Status and Statistics ..........34-35 Chapter 35 Diagnosing Switch Problems ................35-1 In This Chapter ......................35-1 Port Mirroring Overview ....................35-3 Port Mirroring Specifications .................35-3 Port Mirroring Defaults ..................35-3 Quick Steps for Configuring Port Mirroring ............35-4 Port Monitoring Overview ....................35-5 Port Monitoring Specifications ................35-5...
Page 31 Pausing a Port Monitoring Session ..............35-26 Configuring Port Monitoring Session Persistence ..........35-26 Configuring a Port Monitoring Data File .............35-26 Suppressing Port Monitoring File Creation ............35-27 Configuring Port Monitoring Direction ...............35-27 Displaying Port Monitoring Status and Data ............35-28 sFlow ...........................35-29 sFlow Manager .....................35-29 Receiver ........................35-29 Sampler .........................35-30 Poller ........................35-30...
Page 32 Combo Ethernet Port Defaults ..................37-3 Ethernet Ports Overview ....................37-4 OmniSwitch 6800 and 6850 Series Combo Ports ..........37-4 Valid Port Settings on OmniSwitch 6800 Series Switches ........37-5 Valid Port Settings on OmniSwitch 6850 Series Switches ........37-5 Valid Port Settings on OmniSwitch 9000 Series Switches ........37-6 10/100/1000 Crossover Supported .................37-7...
Page 33 Setting Combo Ethernet Port Parameters on OmniSwitch 6800 and 6850 Switches .37-18 Setting the Combo Port Type and Mode ..............37-18 Setting Combo Ports to Forced Fiber ............37-18 Setting Combo Ports to Preferred Copper .............37-19 Setting Combo Ports to Forced Copper ............37-19 Setting Combo Ports to Preferred Fiber ............37-20 Setting Interface Line Speed for Combo Ports .............37-20 Configuring Duplex Mode for Combo Ports ............37-21...
Page 34 Software License and Copyright Statements .............A-1 Alcatel-Lucent License Agreement ................A-1 ALCATEL-LUCENT SOFTWARE LICENSE AGREEMENT ......A-1 Third Party Licenses and Notices .................. A-4 A. Booting and Debugging Non-Proprietary Software .......... A-4 B. The OpenLDAP Public License: Version 2.4, 8 December 2000 ..... A-4 C.
Page 35: About This Guide
The software features described in this manual are shipped standard with your OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series switches. These features are used when setting up your OmniSwitch in a network of switches and routers.
Page 36: Who Should Read This Manual
Who Should Read this Manual? The audience for this user guide is network administrators and IT support personnel who need to configure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 9000 Series will benefit from the material in this configuration guide.
Page 37: What Is Not In This Manual
What is Not in this Manual? The configuration procedures in this manual use Command Line Interface (CLI) commands in all exam- ples. CLI commands are text-based commands used to manage the switch through serial (console port) connections or via Telnet sessions. Procedures for other switch management methods, such as web-based (WebView or OmniVista) or SNMP, are outside the scope of this guide.
Page 38: Documentation Roadmap
Documentation Roadmap The OmniSwitch user documentation suite was designed to supply you with information at several critical junctures of the configuration process. The following section outlines a roadmap of the manuals that will help you at each stage of the configuration process. Under each stage, we point you to the manual or manuals that will be most helpful to you.
Page 39 Anytime The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch. This guide includes syntax, default, usage, example, related CLI command, and CLI-to-MIB variable mapping information for all CLI commands supported by the switch. This guide can be consulted anytime during the configuration process to find detailed and specific information on each CLI command.
Page 40: Related Documentation
The following are the titles and descriptions of all the related OmniSwitch 6800/6850/9000 user manuals: • OmniSwitch 6800 Series Getting Started Guide Describes the hardware and software procedures for getting an OmniSwitch 6800 Series switch up and running. Also provides information on fundamental aspects of OmniSwitch software and stacking architecture.
Page 41 Includes information on Small Form Factor Pluggable (SFPs) and 10 Gbps Small Form Factor Pluggables (XFPs) transceivers. • Technical Tips, Field Notices Includes information published by Alcatel-Lucent’s Customer Support group. • Release Notes Includes critical Open Problem Reports, feature exceptions, and other important information on the features supported in the current release and any limitations to their support.
Page 42: User Manual Cd
All user guides for the OmniSwitch 9000 Series are included on the User Manual CD that accompanied your switch. This CD also includes user guides for other Alcatel-Lucent data enterprise products. In addi- tion, it contains a stand-alone version of the on-line help system that is embedded in the OmniVista network management application.
Page 43: Managing Source Learning
Managing Source Learning Transparent bridging relies on a process referred to as source learning to handle traffic flow. Network devices communicate by sending and receiving data packets that each contain a source MAC address and a destination MAC address. When packets are received on switch network interface (NI) module ports, source learning examines each packet and compares the source MAC address to entries in a MAC address database table.
Page 44: Chapter 2 Managing Source Learning
Maximum number of learned MAC addresses when OmniSwitch 9000 Series = 16K per chassis synchronized MAC source learning mode is enabled OmniSwitch 6800 Series = 16K per stack OmniSwitch 6850 Series = 16K per stack Maximum number of learned MAC addresses per 16K per module;...
Page 45 Managing Source Learning Sample MAC Address Table Configuration Create VLAN 200, if it does not already exist, using the following command: -> vlan 200 Assign switch ports 2 through 5 on slot 3 to VLAN 200–if they are not already associated with VLAN 200–using the following command: ->...
Page 46: Mac Address Table Overview
MAC Address Table Overview Managing Source Learning MAC Address Table Overview Source learning builds and maintains the MAC address table on each switch. New MAC address table entries are created in one of two ways: they are dynamically learned or statically assigned. Dynamically learned MAC addresses are those that are obtained by the switch when source learning examines data packets and records the source address and the port and VLAN it was learned on.
Page 47: Configuring Static Mac Addresses
Managing Source Learning Using Static MAC Addresses Configuring Static MAC Addresses To configure a permanent, bridging static MAC address, enter mac-address-table followed by a MAC address, slot/port, and the VLAN ID to assign to the MAC address. For example, the following assigns a MAC address to port 10 on slot 4 associated with VLAN 255: ->...
Page 48: Using Static Multicast Mac Addresses
Using Static Multicast MAC Addresses Managing Source Learning Using Static Multicast MAC Addresses Using static multicast MAC addresses allows you to send traffic intended for a single destination multi- cast MAC address to selected switch ports within a given VLAN. To specify which ports will receive the multicast traffic, a static multicast address is assigned to each selected port for a given VLAN.
Page 49: Static Multicast Mac Addresses On Link Aggregate Ports
Managing Source Learning Using Static Multicast MAC Addresses If a a MAC address, slot/port and VLAN ID are not specified with this form of the command, then all static multicast addresses are deleted. For example, the following command deletes all static MAC addresses, regardless of their slot/port or VLAN assignments: ->...
Page 50: Configuring Mac Address Table Aging Time
Configuring MAC Address Table Aging Time Managing Source Learning Configuring MAC Address Table Aging Time Source learning also tracks MAC address age and removes addresses from the MAC address table that have aged beyond the aging timer value. When a device stops sending packets, source learning keeps track of how much time has passed since the last packet was received on the device’s switch port.
Page 51: Increasing The Mac Address Table Size
U6-XNI where the first three ports are on one ASIC while the other three ports are on a separate ASIC. Note that increasing the maximum number of learned MAC addresses allowed is not supported on the OmniSwitch 6800 Series and OmniSwitch 6850 Series. OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 52: Displaying Source Learning Information
Displaying Source Learning Information Managing Source Learning Displaying Source Learning Information To display MAC Address Table entries, statistics, and aging time values, use the show commands listed below: show mac-address-table Displays a list of all MAC addresses known to the MAC address table, including static MAC addresses.
Page 53: In This Chapter
MSTP is an enhancement to the 802.1Q Common Spanning Tree (CST), which is provided when an Alcatel-Lucent switch is running in the flat Spanning Tree operating mode. The flat mode applies a single spanning tree instance across all VLAN port connections on a switch. MSTP allows the configuration of Multiple Spanning Tree Instances (MSTIs) in addition to the CST instance.
Page 54: Chapter 3 Using 802.1Q 2005 Multiple Spanning Tree
MST Specifications Using 802.1Q 2005 Multiple Spanning Tree MST Specifications IEEE Standards supported 802.1D–Media Access Control (MAC) Bridges 802.1w–Rapid Reconfiguration (802.1D Amendment 2) Virtual Bridged Local Area Networks 802.1Q 2005– Spanning Tree Operating Modes supported Flat mode - one spanning tree instance per switch 1x1 mode - one spanning tree instance per VLAN Spanning Tree Protocols supported 802.1D Standard Spanning Tree Algorithm and Protocol...
Page 55: Spanning Tree Port Parameter Defaults
Using 802.1Q 2005 Multiple Spanning Tree Spanning Tree Port Parameter Defaults Spanning Tree Port Parameter Defaults Parameter Description Command Default Spanning Tree port administrative state bridge slot/port Enabled Spanning Tree port priority value bridge slot/port priority Spanning Tree port path cost. bridge slot/port path cost 0 (cost is based on port speed) Path cost mode...
Page 56: Mst General Overview
Spanning Tree (CST). The CST is a single spanning tree that uses 802.1D (STP) or 802.1w (RSTP) to provide a loop-free network topology. The Alcatel-Lucent flat spanning tree mode applies a single CST instance on a per switch basis. The 1x1 mode is an Alcatel-Lucent proprietary implementation that applies a single spanning tree instance on a per VLAN basis.
Page 57 Using 802.1Q 2005 Multiple Spanning Tree MST General Overview VLAN 100 VLAN 100 VLAN 200 VLAN 200 1x1 Mode STP/RSTP In the above 1x1 mode example: • Both switches are running in the 1x1 mode (one Spanning Tree instance per VLAN). •...
Page 58 MST General Overview Using 802.1Q 2005 Multiple Spanning Tree VLAN 100 VLAN 100 CIST-0 CIST-0 VLAN 150 VLAN 150 VLAN 200 VLAN 200 MSTI-2 MSTI-2 2/12 VLAN 250 VLAN 250 Flat Mode MSTP In the above flat mode MSTP example: •...
Page 59: Comparing Mstp With Stp And Rstp
What is a Multiple Spanning Tree Instance (MSTI) An MSTI is a single Spanning Tree instance that represents a group of VLANs. Alcatel-Lucent switches support up to 16 MSTIs on one switch. This number is in addition to the Common and Internal Spanning Tree (CIST) instance 0, which is also known as MSTI 0.
Page 60: What Is A Multiple Spanning Tree Region
MST General Overview Using 802.1Q 2005 Multiple Spanning Tree What is a Multiple Spanning Tree Region A Multiple Spanning Tree region represents a group of MSTP switches. An MST region appears as a single, flat mode instance to switches outside the region. A switch can belong to only one region at a time. The region a switch belongs to is identified by the following configurable attributes, as defined by MSTP.
Page 61: What Is The Common Spanning Tree
Using 802.1Q 2005 Multiple Spanning Tree MST General Overview What is the Common Spanning Tree The Common Spanning Tree (CST) is the overall network Spanning Tree topology resulting from STP, RSTP, and/or MSTP calculations to provide a single data path through the network. CST provides connec- tivity between MST regions and other MST regions and/or Single Spanning Tree (SST) switches.
Page 62: Mst Configuration Overview
2-16. Using Spanning Tree Configuration Commands The Alcatel-Lucent implementation of the Multiple Spanning Tree Protocol introduces the concept of implicit and explicit CLI commands for Spanning Tree configuration and verification. Explicit commands contain one of the following keywords that specifies the type of Spanning Tree instance to modify: •...
Page 63: Understanding Spanning Tree Modes
STP (802.1D), RSTP (802.1w), and MSTP. MSTP allows the mapping of one or more VLANs to a single Spanning Tree instance. The 1x1 mode is an Alcatel-Lucent proprietary implementation that automatically calculates a separate Spanning Tree instance for each VLAN configured on the switch. This mode only supports the use of the STP and RSTP protocols.
Page 64: Mst Interoperability And Migration
MST Interoperability and Migration Using 802.1Q 2005 Multiple Spanning Tree MST Interoperability and Migration Connecting an MSTP switch to a non-MSTP flat mode switch is supported. Since the Common and Inter- nal Spanning Tree (CIST) controls the flat mode instance on both switches, STP or RSTP can remain active on the non-MSTP switch within the network topology.
Page 65: Migrating From 1X1 Mode To Flat Mode Mstp
Migrating from 1x1 Mode to Flat Mode MSTP As previously described, the 1x1 mode is an Alcatel-Lucent proprietary implementation that applies one Spanning Tree instance to each VLAN. For example, if five VLANs exist on the switch, then their are five Spanning Tree instances active on the switch, unless Spanning Tree is disabled on one of the VLANs.
Page 66: Quick Steps For Configuring An Mst Region
(VLAN-to-MSTI mapping). The following steps are performed on each switch to define Alcatel-Lucent Marketing as the MST region name, 2000 as the MST region revision level, map exiting VLANs to existing MSTIs, and 3 as the maxi-...
Page 67 Revision Max hops : 3, Cist Instance Number All switches configured with the exact same values as shown in the above example are considered members of the Alcatel-Lucent Marketing MST region. OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 2-15...
Page 68: Quick Steps For Configuring Mstis
Quick Steps for Configuring MSTIs Using 802.1Q 2005 Multiple Spanning Tree Quick Steps for Configuring MSTIs By default the Spanning Tree software is active on all switches and operating in the 1x1 mode using the standard 802.1D STP (OmniSwitch 9000 default) or 802.1w RSTP (OmniSwitch 6800 and 6850 default). As a result, a loop-free network topology is automatically calculated based on default 802.1D Spanning Tree switch, bridge, and port parameter values.
Page 69 Using 802.1Q 2005 Multiple Spanning Tree Quick Steps for Configuring MSTIs -> vlan 200 port default 4/8 -> vlan 250 port default 2/12 The following commands assign ports 2/1, 5/1, 5/2, and 3/6 to VLANs 100, 150, 200, and 250 on Switch B: ->...
Page 70 Quick Steps for Configuring MSTIs Using 802.1Q 2005 Multiple Spanning Tree VLAN 100 VLAN 100 CIST-0 CIST-0 VLAN 150 VLAN 150 VLAN 200 VLAN 200 MSTI-1 MSTI-1 2/12 VLAN 250 VLAN 250 Switch A Switch B Flat Mode MSTP with Superior MSTI 1 PPC Values Note that of the two data paths available to MSTI 1 VLANs, one is still blocked because it is seen as redundant for that instance.
Page 71: Verifying The Mst Configuration
Using 802.1Q 2005 Multiple Spanning Tree Verifying the MST Configuration Verifying the MST Configuration To display information about the MST configuration on the switch, use the show commands listed below: show spantree cist Displays the Spanning Tree bridge configuration for the flat mode Com- mon and Internal Spanning Tree (CIST) instance.
Page 72 Verifying the MST Configuration Using 802.1Q 2005 Multiple Spanning Tree page 2-20 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 73: Configuring Learned Port Security
3 Configuring Learned Port Security Learned Port Security (LPS) provides a mechanism for authorizing source learning of MAC addresses on Ethernet and Gigabit Ethernet ports. The only types of Ethernet ports that LPS does not support are link aggregate and tagged (trunked) link aggregate ports. Using LPS to control source MAC address learning provides the following benefits: •...
Page 74: Chapter 4 Configuring Learned Port Security
Learned Port Security Specifications Configuring Learned Port Security Learned Port Security Specifications RFCs supported Not applicable at this time. IEEE Standards supported Not applicable at this time. Ports eligible for Learned Port Security Ethernet and gigabit Ethernet ports (fixed, mobile, 802.1Q tagged, and authenticated ports).
Page 75: Sample Learned Port Security Configuration
Configuring Learned Port Security Sample Learned Port Security Configuration Sample Learned Port Security Configuration This section provides a quick tutorial that demonstrates the following tasks: • Enabling LPS on a set of switch ports. • Defining the maximum number of learned MAC addresses allowed on an LPS port. •...
Page 76: Learned Port Security Overview
Learned Port Security Overview Configuring Learned Port Security Learned Port Security Overview Learned Port Security (LPS) provides a mechanism for controlling network device access on one or more switch ports. Configurable LPS parameters allow the user to restrict the source learning of host MAC addresses to: •...
Page 77: How Lps Authorizes Source Mac Addresses
Configuring Learned Port Security Learned Port Security Overview How LPS Authorizes Source MAC Addresses When a packet is received on a port that has LPS enabled, switch software checks the following criteria to determine if the source MAC address contained in the packet is allowed on the port: •...
Page 78: Static Configuration Of Authorized Mac Addresses
Learned Port Security Overview Configuring Learned Port Security Static Configuration of Authorized MAC Addresses It is also possible to statically configure authorized source MAC address entries into the LPS table. This type of entry behaves the same way as dynamically configured entries in that it authorizes port access to traffic that contains a matching source MAC address.
Page 79: Enabling/Disabling Learned Port Security
Configuring Learned Port Security Configuring Learned Port Security Configuring Learned Port Security This section describes how to use Command Line Interface (CLI) command to configure Learned Port Security (LPS) on a switch. See the “Sample Learned Port Security Configuration” on page 3-3 for a brief tutorial on configuring LPS.
Page 80: Configuring A Source Learning Time Limit
Configuring Learned Port Security Configuring Learned Port Security Use the no form of this command to remove LPS and clear all entries (configured and dynamic) in the LPS table for the specified port. For example: -> no port-security 5/10 After LPS is removed, all the dynamic and static MAC addresses will be flushed and the learning of new MAC addresses will be enabled.
Page 81: Configuring The Number Of Bridged Mac Addresses Allowed
Configuring Learned Port Security Configuring Learned Port Security Note. The number of converted static MAC addresses cannot exceed the maximum number of MAC addresses allowed on the LPS ports. Note. The conversion of dynamic MAC addresses to static ones does not apply to LPS mobile and authen- ticated ports.
Page 82: Configuring The Number Of Filtered Mac Addresses Allowed
Configuring Learned Port Security Configuring Learned Port Security Configuring the Number of Filtered MAC Addresses Allowed By default, five filtered MAC addresses can be learned on an LPS port. To change this number, enter port-security followed by the port’s slot/port designation, then max-filtering followed by a number between 1 and 100.
Page 83: Selecting The Security Violation Mode
Configuring Learned Port Security Configuring Learned Port Security -> port-security 4/1-5 mac-range low 00:20:da:00:00:10 high 00:20:da:00:00:50 -> port-security 2/1-4 4/5-8 mac-range low 00:20:d0:59:0c:9a high 00:20:d0:59:0c:9f To set the range back to the default values, enter port-security followed by the port’s slot/port designa- tion, then mac-range.
Page 84: Displaying Learned Port Security Information
Displaying Learned Port Security Information Configuring Learned Port Security Displaying Learned Port Security Information To display LPS port and table information, use the show commands listed below: port-security learn-trap-threshold Displays Learned Port Security (LPS) configuration and table entries. show port-security shutdown Displays the amount of time during which source learning can occur on all LPS ports.
Page 85: Configuring Vlans
In a switch-based network, such as one comprised of Alcatel-Lucent switching systems, a broadcast domain—or VLAN— can span multiple physical switches and can include ports from a variety of media types. For example, a single VLAN could span three different switches located in different buildings and include 10/100 Ethernet, Gigabit Ethernet, 802.1q tagged ports and/or a link aggregate of ports.
Page 86: Vlan Specifications
VLAN Specifications Configuring VLANs VLAN Specifications RFCs Supported 2674 - Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions IEEE Standards Supported 802.1Q - Virtual Bridged Local Area Networks 802.1D - Media Access Control Bridges Maximum VLANs per switch 4094 (based on switch configuration and available resources)
Page 87: Sample Vlan Configuration
Configuring VLANs Sample VLAN Configuration Sample VLAN Configuration The following steps provide a quick tutorial that will create VLAN 255. Also included are steps to define a VLAN description, IP router interface, and static switch port assignments. Note. Optional. Creating a new VLAN involves specifying a VLAN ID that is not already assigned to an existing VLAN.
Page 88: Vlan Management Overview
This eliminates the need to physically change a network device connection or location when adding or removing devices from the VLAN broadcast domain. The VLAN management software handles the following VLAN configuration tasks performed on an Alcatel-Lucent switch: • Creating or modifying VLANs.
Page 89: Creating/Modifying Vlans
Creating/Modifying VLANs Creating/Modifying VLANs The initial configuration for all Alcatel-Lucent switches consists of a default VLAN 1 and all switch ports are initially assigned to this VLAN. When a switching module is added to the switch, the module’s physi- cal ports are also assigned to VLAN 1. If additional VLANs are not configured on the switch, then the entire switch is treated as one large broadcast domain.
Page 90: Enabling/Disabling The Vlan Administrative Status
Creating/Modifying VLANs Configuring VLANs To create more than 253 VLANs on a switch running in the 1x1 Spanning Tree mode, use the vlan stp disable, vlan 1x1 stp disable, or vlan flat stp disable command to create a VLAN with Spanning Tree disabled.
Page 91: Defining Vlan Port Assignments
Defining VLAN Port Assignments Defining VLAN Port Assignments Alcatel-Lucent switches support static and dynamic assignment of physical switch ports to a VLAN. Regardless of how a port is assigned to a VLAN, once the assignment occurs, a VLAN port association (VPA) is created and tracked by VLAN management software on each switch.
Page 92: Configuring Dynamic Vlan Port Assignment
Defining VLAN Port Assignments Configuring VLANs Configuring Dynamic VLAN Port Assignment Configuring the switch to allow dynamic VLAN port assignment requires the following steps: Use the vlan port mobile command to enable mobility on switch ports that will participate in dynamic VLAN assignment.
Page 93: Chapter 1 Configuring 802.1Ab
Configuring VLANs Defining VLAN Port Assignments Rule Types Command Port vlan port Enabling/Disabling VLAN Mobile Tag Classification Use the vlan mobile-tag command to enable or disable the classification of mobile port packets based on 802.1Q VLAN ID tag. For example, the following commands enable the mobile tag attribute for VLAN 1525 and disable it for VLAN 224: ->...
Page 94: Enabling/Disabling Spanning Tree For A Vlan
Enabling/Disabling Spanning Tree for a VLAN Configuring VLANs Enabling/Disabling Spanning Tree for a VLAN The spanning tree operating mode set for the switch determines how VLAN ports are evaluated to identify redundant data paths. If the Spanning Tree switch operating mode is set to flat, then VLAN port connec- tions are checked against other VLAN port connections for redundant data paths.
Page 95: Enabling/Disabling Vlan Authentication
21.0.0.10, IPX - 210A). Alcatel-Lucent switches support routing of IP and IPX traffic. A VLAN is available for routing when at least one router interface is defined for that VLAN and at least one active port is associated with the VLAN.
Page 96: Configuring An Ipx Router Interface
Configuring VLAN Router Interfaces Configuring VLANs Configuring an IPX Router Interface Use the vlan router ipx command to define an IPX router interface for an existing VLAN. Specify the following when using this command: The VLAN ID of the router VLAN (can only specify an existing VLAN). The IPX network address to assign to the router interface.
Page 97: Modifying An Ipx Router Interface
Configuring VLANs Configuring VLAN Router Interfaces Modifying an IPX Router Interface The vlan router ipx command is also used to modify one or more existing IPX router interface parameter values. For example, the following command changes the existing router interface IPX address for VLAN 955 to 1000450C: ->...
Page 98: Bridging Vlans Across Multiple Switches
Bridging VLANs Across Multiple Switches Configuring VLANs Bridging VLANs Across Multiple Switches To create a VLAN bridging domain that extends across multiple switches: Create a VLAN on each switch with the same VLAN ID number (e.g., VLAN 10). If using mobile ports for end user device connections, define VLAN rules that will classify mobile port traffic into the VLAN created in Step 1.
Page 99: Verifying The Vlan Configuration
Configuring VLANs Verifying the VLAN Configuration The connection between Switch C and D is shown with a broken line because the ports that provide this connection are in a blocking state. Spanning Tree is active by default on all switches, VLANs and ports. The Spanning Tree algorithm determined that if all connections between switches were active, a network loop would exist that could cause unnecessary broadcast traffic on the network.
Page 100 Verifying the VLAN Configuration Configuring VLANs page 4-16 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 101: Configuring Gvrp
5 Configuring GVRP The GARP VLAN Registration Protocol (GVRP) facilitates in controlling virtual local area networks (VLANs) in a large network. It is an application of Generic Attribute Registration Protocol (GARP) and provides VLAN registration service. GVRP enables devices to dynamically learn their VLAN member- ships.
Page 102: Gvrp Specifications
GVRP Specifications Configuring GVRP GVRP Specifications IEEE Standards Supported IEEE Std. 802.1D - 2004, Media Access Control (MAC) Bridges IEEE Draft Std. P802.1Q-REV/D5.0 Maximum GVRP VLANs 4094 GVRP Defaults The following table lists the defaults for GVRP configuration: Parameter Description Command Default Value/Comments Global status of GVRP...
Page 103: Garp Overview
Configuring GVRP GARP Overview GARP Overview GARP was introduced to avoid manual configuration of devices and applications in a large network. It enables dynamic configuration of devices and applications in a network. It also provides a generic framework whereby devices in a bridged LAN can register and de-register attribute values, such as VLAN identifiers, with each other.
Page 104 GVRP Overview Configuring GVRP VLAN it learned about from other ports on the same switch. However, that forwarding port does not join that VLAN until an advertisement for that VLAN is received on that port. The following illustration shows dynamic VLAN advertisements: Switch B Switch A...
Page 105: Quick Steps For Configuring Gvrp
Configuring GVRP Quick Steps for Configuring GVRP Port 3 of Switch B receives the advertisement, Switch B creates the dynamic VLAN 50, and Port 3 becomes a member of VLAN 50. Port 2 advertises VLAN 50, but is not a member of this VLAN. Port 1 on Switch A receives the advertisement, creates dynamic VLAN 50.
Page 106 Quick Steps for Configuring GVRP Configuring GVRP To view the global configuration details of the router, enter the show gvrp configuration command. The globally configured details will be displayed as shown: -> show gvrp configuration GVRP Enabled : yes, Transparent Switching Enabled : no, Maximum VLAN Limit : 256...
Page 107: Configuring Gvrp
Configuring GVRP Configuring GVRP Configuring GVRP This section describes how to configure GVRP using Alcatel-Lucent’s Command Line Interface (CLI) commands. Enabling GVRP GVRP is used primarily to prune unnecessary broadcast and unknown unicast traffic, and dynamically create and manage VLANs. GVRP has to be globally enabled on a switch before it can start forwarding GVRP frames.
Page 108: Enabling Transparent Switching
Configuring GVRP Configuring GVRP Enabling Transparent Switching A switch in the GVRP transparent mode floods GVRP frames to other switches transparently when GVRP is globally disabled on the switch. However, the switch does not advertise or synchronize its VLAN configuration based on received VLAN advertisements. By default, transparent switching is disabled on the switch.
Page 109: Configuring Gvrp Registration
Configuring GVRP Configuring GVRP Configuring GVRP Registration GVRP allows a port to register and de-register both static and dynamic VLANs. Every device has a list of all the switches and end stations that can be reached at any given time. When an attribute for a device is registered or de-registered, the set of reachable switches and end stations, also called participants, is modi- fied.
Page 110: Configuring The Gvrp Applicant Mode
Configuring GVRP Configuring GVRP The GVRP registration mode of the port can be set to default value by using the no form of gvrp registration command. To set the GVRP registration mode of port 3/2 to default mode (normal mode) enter the following command: ->...
Page 111: Restricting Vlan Registration
Configuring GVRP Configuring GVRP The default values of the Join, Leave, and LeaveAll timers are 200 ms, 600 ms, and 10000 ms, respectively. When you set the timer values, the value for the Leave timer should be greater than or equal to thrice the Join timer value (Leave>=Join * 3).
Page 112: Restricting Static Vlan Registration
Configuring GVRP Configuring GVRP To allow dynamic VLAN registrations on the port, use the no form of the gvrp restrict-vlan-registration command as shown: -> no gvrp restrict-vlan-registration port 3/1 4 Restricting Static VLAN Registration Ports can be exempted from becoming members of statically created VLANs. To restrict a port from becoming a member of a statically configured VLAN, use the gvrp static-vlan restrict command as...
Page 113: Verifying Gvrp Configuration
Configuring GVRP Verifying GVRP Configuration Verifying GVRP Configuration A summary of the commands used for verifying GVRP configuration is given here: clear gvrp statistics Clears GVRP statistics for all the ports, an aggregate of ports, or a spe- cific port. show gvrp last-pdu-origin Displays the source MAC address of the last GVRP message received on a specified port or an aggregate of ports.
Page 114 Verifying GVRP Configuration Configuring GVRP page 5-14 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 115: Chapter 7 Configuring Vlan Stacking
6 Configuring VLAN Stacking VLAN Stacking provides a mechanism to tunnel multiple customer VLANs (CVLAN) through a service provider network using one or more service provider VLANs (SVLAN) by way of 802.1Q double-tagging or VLAN Translation. This feature enables service providers to offer their customers Transparent LAN Services (TLS).
Page 116: In This Chapter
“Verifying the VLAN Stacking Configuration” on page 6-36. Note. You can also configure and monitor VLAN Stacking with WebView, Alcatel-Lucent’s embedded web-based device management application. WebView is an interactive and easy-to-use GUI that can be launched from OmniVista or a web browser. Please refer to WebView’s online documentation for more information on configuring and monitoring VLAN Stacking with WebView.
Page 117: Vlan Stacking Specifications
Configuring VLAN Stacking VLAN Stacking Specifications VLAN Stacking Specifications IEEE Standards Supported IEEE 802.1Q, 2003 Edition, IEEE Standards for Local and metropolitan area networks—Virtual Bridged Local Area Networks P802.1ad/D6.0 (C/LM) Standard for Local and Met- ropolitan Area Networks - Virtual Bridged Local Area Networks - Amendment 4: Provider Bridges Maximum number of SVLANs for port-based port level VLAN Stacking: 4093 (VLAN 2 through...
Page 118: Port-Based Vlan Stacking Defaults
Port-Based VLAN Stacking Defaults Configuring VLAN Stacking Port-Based VLAN Stacking Defaults Parameter Description Command Default Value/Comments VLAN Stacking mode ethernet-service mode legacy VLAN Stacking (vstk) Carries customer or provider traffic vlan svlan Customer traffic SVLAN administrative status vlan svlan Enabled Internal prioritization value and vlan svlan egress shaping for the SVLAN...
Page 119: Vlan Stacking Overview
Configuring VLAN Stacking VLAN Stacking Overview VLAN Stacking Overview VLAN Stacking provides a mechanism for defining a transparent bridging configuration through a service provider network. This type of configuration is achieved using one of two methods: service-based VLAN Stacking or port-based VLAN Stacking. The service-based approach provides the ability to configure Ethernet services to provide VLAN Stacking functionality.
Page 120 VLAN Stacking Overview Configuring VLAN Stacking Provider Customer A Site 2 Provider Edge 2 Customer A Site 1 Transit Bridge Customer B EMAN Site 2 Provider Edge 1 Provider Edge 3 Customer B Site 1 NNI Port UNI Port (service-based VLAN Stacking) User-Customer Port (port-based VLAN Stacking) NNI Port (service-based VLAN Stacking) User-Provider Port (port-based VLAN Stacking)
Page 121: How Vlan Stacking Works
Configuring VLAN Stacking VLAN Stacking Overview How VLAN Stacking Works On the Provider Edge bridge (PE), a unique tunnel (SVLAN) ID is assigned to each customer. The tunnel ID corresponds to a VLAN ID, which is created on the switch when the tunnel is configured. For exam- ple, when tunnel 100 is created, VLAN Stacking software interacts with VLAN Manager software to configure a VLAN 100 on the switch.
Page 122: Vlan Stacking Modes
VLAN Stacking Overview Configuring VLAN Stacking VLAN Stacking Modes The VLAN Stacking application operates in one of two modes: legacy and service. Both modes are exclu- sive in that the switch can only operate in one mode or the other. In addition, each mode has it’s own unique CLI command syntax.
Page 123: Interaction With Other Features
Configuring VLAN Stacking Interaction With Other Features Interaction With Other Features This section contains important information about VLAN Stacking interaction with other OmniSwitch features. Refer to the specific chapter for each feature to get more detailed information about how to configure and use the feature.
Page 124: Link Aggregation
Interaction With Other Features Configuring VLAN Stacking Link Aggregation • Both static and dynamic link aggregation are supported with service-based and port-based VLAN Stacking. The exception to this is that port-VLAN level VLAN Stacking on a static link aggregate of UNI ports is not supported.
Page 125: Spanning Tree
Configuring VLAN Stacking Interaction With Other Features Spanning Tree • Spanning Tree is enabled by default for VLAN Stacking SVLANs. The Spanning Tree status for an SVLAN is configurable in both the service-based and port-based VLAN Stacking modes. Note that the SVLAN Spanning Tree status applies only to the service provider network topology.
Page 126: Quick Steps For Configuring Service-Based Vlan Stacking
Quick Steps for Configuring Service-Based VLAN Stacking Configuring VLAN Stacking Quick Steps for Configuring Service-Based VLAN Stacking The following steps provide a quick tutorial for configuring a VLAN Stacking service: Enable the VLAN Stacking service mode for the switch using the ethernet-service mode command.
Page 127 Configuring VLAN Stacking Quick Steps for Configuring Service-Based VLAN Stacking Note Verify the VLAN Stacking Ethernet service configuration using the show ethernet-service command: -> show ethernet-service Service Name : CustomerA SVLAN : 1001 NNI(s) : 3/1 SAP Id : 10 UNIs : 1/49 CVLAN(s)
Page 128: Quick Steps For Configuring Port-Based Vlan Stacking
Quick Steps for Configuring Port-Based VLAN Stacking Configuring VLAN Stacking Quick Steps for Configuring Port-Based VLAN Stacking The following steps provide a quick tutorial for configuring VLAN Stacking by using the legacy mode commands. In this mode, configuration is done on a port level or a port-VLAN level. This tutorial uses the port level approach to tunnel all customer traffic received on a specific User Network Interface (UNI) port.
Page 129: Configuring Service-Based Vlan Stacking
Configuring VLAN Stacking Configuring Service-Based VLAN Stacking Configuring Service-Based VLAN Stacking Configuring a VLAN Stacking Ethernet service requires several steps. These steps are outlined here and further described throughout this section. For a brief tutorial on configuring a VLAN Stacking service, see “Quick Steps for Configuring Service-Based VLAN Stacking”...
Page 130 Configuring Service-Based VLAN Stacking Configuring VLAN Stacking Commands Used for ... ethernet-service mode Changing the active VLAN Stacking mode for the switch. ethernet-service Creating SVLANs to tunnel customer or manage- ment traffic or an IP Multicast VLAN for distrib- uting multicast traffic. ethernet-service service-name Creating a VLAN Stacking service and associat- ing the service with an SVLAN or IP multicast...
Page 131: Changing The Vlan Stacking Mode
Configuring VLAN Stacking Configuring Service-Based VLAN Stacking Changing the VLAN Stacking Mode The VLAN Stacking legacy (port-based) mode is active on the switch by default. To change the current mode, use the ethernet-service mode command. For example, the following command specifies the service mode, which is required for configuring VLAN Stacking services: ->...
Page 132: Configuring A Vlan Stacking Service
Configuring Service-Based VLAN Stacking Configuring VLAN Stacking Configuring a VLAN Stacking Service A VLAN Stacking service is identified by a name. The ethernet-service service-name command is used to create a service and assign the service to an SVLAN or IMPVLAN ID, depending on the type of traffic the service will process.
Page 133: Configuring Vlan Stacking Network Ports
Configuring VLAN Stacking Configuring Service-Based VLAN Stacking Configuring VLAN Stacking Network Ports ethernet-service svlan nni command is used to configure a switch port or link aggregate of ports as a VLAN Stacking Network Network Interface (NNI) and associate the NNI with an SVLAN. Note that NNI ports are not associated with IP Multicast VLANs.
Page 134: Configuring A Vlan Stacking Service Access Point
Configuring Service-Based VLAN Stacking Configuring VLAN Stacking • If legacy BPDU is enabled on a network port while at same time BPDU flooding is enabled on user ports, make sure that tagged customer BPDUs are not interpreted by intermediate switches in the provider network.
Page 135: Configuring Vlan Stacking User Ports
Configuring VLAN Stacking Configuring Service-Based VLAN Stacking A VLAN Stacking SAP basically identifies the location where customer traffic enters the provider network edge, the type of customer traffic to service, parameters to apply to the traffic, and the service that will process the traffic for tunneling through the provider network.
Page 136: Configuring The Type Of Customer Traffic To Tunnel
Configuring Service-Based VLAN Stacking Configuring VLAN Stacking • If the SAP ID specified with this command is associated with an IPMVLAN, the SAP profile must specify CVLAN translation. In addition, multicast traffic is not associated with the IPMVLAN until the UNI port is associated with the IPMVLAN as a receiver port.
Page 137: Configuring A Service Access Point Profile
Configuring VLAN Stacking Configuring Service-Based VLAN Stacking Consider the following when configuring the type of customer traffic to tunnel: • If no customer traffic is associated with a VLAN Stacking SAP, then the SAP does not process any traffic for the service. •...
Page 138: Associating A Profile With A Service Access Point
Configuring Service-Based VLAN Stacking Configuring VLAN Stacking Use the show ethernet-service sap-profile command to view a list of profiles that are already configured for the switch. This command also displays the attribute values for each profile. Associating a Profile with a Service Access Point After a profile is created, it is then necessary to associate the profile with a VLAN Stacking SAP.
Page 139: Associating Uni Profiles With Uni Ports
Configuring VLAN Stacking Configuring Service-Based VLAN Stacking Associating UNI Profiles with UNI Ports After a UNI profile is created, it is then necessary to associate the profile with a UNI port or a UNI link aggregate. When this is done, the current profile associated with the port is replaced with the new profile. ethernet-service uni uni-profile command is used to associate a new profile with a UNI port.
Page 140: Configuring Port-Based Vlan Stacking
IP interface for a provider management SVLAN. However, traffic is not routed on this interface. This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to config- ure SVLANs on a switch. For a brief tutorial on configuring SVLANs, see “VLAN Stacking Overview”...
Page 141: Deleting An Svlan
Configuring VLAN Stacking Configuring Port-Based VLAN Stacking For example, to create SVLAN 10 and administratively enable it, enter: -> vlan svlan 10 enable To administratively disable an SVLAN when you configure it, enter svlan followed by the SVLAN ID number and disable. For example, to create SVLAN 10 and administratively disable it enter: ->...
Page 142: Configuring Svlan-Port Associations
Configuring Port-Based VLAN Stacking Configuring VLAN Stacking • When a port is configured as either a user-customer port or a user-provider port, a port-level associa- tion is created between the port and the default SVLAN. This association uses double-tagging to add the SVLAN ID tag to all packets ingressing on the user port.
Page 143 Configuring VLAN Stacking Configuring Port-Based VLAN Stacking required and other scenarios where the default SVLAN association is sufficient. The following conditions determine the port-SVLAN binding requirements: • Binding network ports to SVLANs (customer or provider) is required to carry customer and provider traffic over the service provider network.
Page 144: Configuring Qos Priority Parameters For Svlans
Configuring Port-Based VLAN Stacking Configuring VLAN Stacking Configuring QoS Priority Parameters for SVLANs Note. The information in this section pertains to port-based (legacy mode) VLAN Stacking. The service- based VLAN Stacking provides service profiles for configuring traffic engineering policies, such as prior- ity mapping.
Page 145: Vlan Stacking Application Examples
Configuring VLAN Stacking VLAN Stacking Application Examples VLAN Stacking Application Examples The VLAN Stacking feature provides the ability to transparently connect multiple customer sites over a single shared service provider network. This section demonstrates this ability by providing a sample VLAN Stacking configuration that tunnels customer VLANs (CVLAN) inside a service provider VLAN (SVLAN} so that customer traffic is transparently bridged through a Metropolitan Area Network (MAN).
Page 146: Service-Based Vlan Stacking Configuration Example
VLAN Stacking Application Examples Configuring VLAN Stacking Service-Based VLAN Stacking Configuration Example This section provides a tutorial for configuring the sample application, as illustrated on page 6-31, using service-based VLAN Stacking. This tutorial assumes that both provider edge switches (PE1 and PE2) are operating in the VLAN Stacking service mode.
Page 147 Configuring VLAN Stacking VLAN Stacking Application Examples Create a SAP profile on PE1 and PE2 that will map the inner CVLAN tag 802.1p value to the outer SVLAN tag using the ethernet-service sap-profile command. -> ethernet-service sap-profile map_pbit priority map-inner-to-outer-p Associate the “map_pbit”...
Page 148: Port-Based Vlan Stacking Configuration Example
VLAN Stacking Application Examples Configuring VLAN Stacking Port-Based VLAN Stacking Configuration Example This section provides a tutorial for configuring the sample application, as illustrated on page 6-31, using port-based VLAN Stacking. This tutorial assumes that both provider edge switches (PE1 and PE2) are operating in the VLAN Stacking legacy mode.
Page 149 Configuring VLAN Stacking VLAN Stacking Application Examples Configure Port 3/1 as a Network Port on PE1 and PE2 Port 3/1 is a VLAN Stacking network-port with vendor TPID of 0x8100 and legacy BPDU support for STP enabled. The port carries traffic associated with SVLAN 100 and 200. Follow the steps below to configure the setup described for port 3/1: Configure port 3/1 as a network-port using the vlan svlan port command as shown in the example below:...
Page 150: Verifying The Vlan Stacking Configuration
Verifying the VLAN Stacking Configuration Configuring VLAN Stacking Verifying the VLAN Stacking Configuration You can use CLI show commands to display the current configuration and statistics of service-based VLAN Stacking on a switch. These commands include the following: show ethernet-service mode Displays the active VLAN Stacking mode for the switch.
Page 151: Configuring Spanning Tree Parameters
Based on the IEEE 802.1D standard, the Alcatel-Lucent STP implementation distributes the Spanning Tree load between the primary management module and the network interface modules. In the case of a stack of switches, the STP load is distributed between the primary management switch and other switches in the stack.
Page 152: In This Chapter
In This Chapter Configuring Spanning Tree Parameters In This Chapter This chapter provides an overview about how Spanning Tree works and how to configure Spanning Tree parameters through the Command Line Interface (CLI). CLI commands are used in the configuration examples;...
Page 153: Spanning Tree Specifications
Configuring Spanning Tree Parameters Spanning Tree Specifications Spanning Tree Specifications IEEE Standards supported 802.1D–Media Access Control (MAC) Bridges 802.1w–Rapid Reconfiguration (802.1D Amendment 2) 802.1Q 2005–Virtual Bridged Local Area Networks 802.1Q 2005–Multiple Spanning Trees (MSTP) Spanning Tree Operating Modes supported Flat mode - one spanning tree instance per switch 1x1 mode - one spanning tree instance per VLAN Spanning Tree Protocols supported 802.1D Standard Spanning Tree Algorithm and Protocol...
Page 154: Spanning Tree Port Parameter Defaults
Spanning Tree Port Parameter Defaults Configuring Spanning Tree Parameters Parameter Description Command Default Capability of 1X1 mode to inter- bridge mode 1x1 pvst+ disabled operate with Cisco’s PVST+ mode. Spanning Tree Port Parameter Defaults Parameter Description Command Default Spanning Tree port administrative state bridge slot/port Enabled Spanning Tree port priority value...
Page 155: Ring Rapid Spanning Tree Defaults
Configuring Spanning Tree Parameters Ring Rapid Spanning Tree Defaults Ring Rapid Spanning Tree Defaults The following parameter value is specific to RRSTP and is only configurable when the flat mode is active on the switch. Parameter Description Command Default Ring status bridge rrstp ring Disabled OmniSwitch 6800/6850/9000 Network Configuration Guide...
Page 156: Spanning Tree Overview
MSTP is an enhancement to the 802.1Q Common Spanning Tree (CST), which is provided when an Alcatel-Lucent switch is running in the flat Spanning Tree operating mode. The flat mode applies a single spanning tree instance across all VLAN port connections on a switch. MSTP allows the configuration of Multiple Spanning Tree Instances (MSTIs) in addition to the CST instance.
Page 157 Configuring Spanning Tree Parameters Spanning Tree Overview During the process of calculating the Spanning Tree topology, each port on every bridge is assigned a port role based on how the port and/or its bridge will participate in the active Spanning Tree topology. The following table provides a list of port role types and the port and/or bridge properties that the Span- ning Tree Algorithm examines to determine which role to assign to the port.
Page 158: Bridge Protocol Data Units (Bpdu)
Spanning Tree Overview Configuring Spanning Tree Parameters Once the Spanning Tree is calculated, there is only one root bridge, one designated bridge for each LAN, and one root port on each bridge (except for the root bridge). Data travels back and forth between bridges over forwarding port connections that form the best, non-redundant path to the root.
Page 159 Configuring Spanning Tree Parameters Spanning Tree Overview • When a bridge receives BPDU on its root port that contains more attractive information (higher prior- ity parameters and/or lower path costs), it forwards this information on to other LANs to which it is connected for consideration.
Page 160: Topology Examples
Spanning Tree Overview Configuring Spanning Tree Parameters Topology Examples The following diagram shows an example of a physical network topology that incorporates data path redundancy to ensure fault tolerance. These redundant paths, however, create loops in the network config- uration. If a device connected to Switch A sends broadcast packets, Switch A will flood the packets out all of its active ports.
Page 161 Configuring Spanning Tree Parameters Spanning Tree Overview The following diagram shows the logical connectivity of the same physical topology as determined by the Spanning Tree Algorithm: Switch D Switch C (Root Bridge) PC=4 Bridge ID Bridge ID 10, 00:00:00:00:00:01 13, 00:00:00:00:00:04 PC=19 3/10 PC=19...
Page 162: Spanning Tree Operating Modes
Spanning Tree Operating Modes Configuring Spanning Tree Parameters Spanning Tree Operating Modes The switch can operate in one of two Spanning Tree modes: flat and 1x1. Both modes apply to the entire switch and determine whether a single Spanning Tree instance is applied across multiple VLANs (flat mode) or a single instance is applied to each VLAN (1x1 mode).
Page 163: Using 1X1 Spanning Tree Mode
Configuring Spanning Tree Parameters Spanning Tree Operating Modes Flat STP Switch Port 1/2 Default VLAN 5 VLAN 10 (tagged) Port 8/3 Port 2/5 Port 10/5 Default VLAN 5 Default VLAN 2 Default VLAN 20 VLAN 6 (tagged) Flat Spanning Tree Example In the above example, if port 8/3 connects to another switch and port 10/5 connects to that same switch, the Spanning Tree Algorithm would detect a redundant path and transition one of the ports into a blocking state.
Page 164: Using 1X1 Spanning Tree Mode With Pvst
OmniSwitch can have ports running in 1x1 mode when connecting to another OmniSwitch, or ports running in Cisco PVST+ mode when connecting to a Cisco switch. So both the Alcatel-Lucent 1x1 and Cisco PVST+ modes can co-exist on the same OmniSwitch and yet interoperate correctly with a Cisco switch using the standard Spanning Tree protocols (802.1d or 802.1w).
Page 165: Configuration Overview
802.1Q trunk. In order to interoperate with Cisco PVST+ mode, the current Alcatel-Lucent 1x1 mode has an option to recognize Cisco's proprietary PVST+ BPDUs and allow any user port on an OmniSwitch to send and receive PVST+ BPDUs, so that loop-free topologies for the tagged VLANs can be created between OmniSwitch and Cisco switches.
Page 166: Bpdu Processing In Pvst+ Mode
Spanning Tree Operating Modes Configuring Spanning Tree Parameters Spanning Tree Global Parameters Current Running Mode : 1x1, Current Protocol : N/A (Per VLAN), Path Cost Mode : 32 BIT, Auto Vlan Containment : N/A Cisco PVST+ mode : Enabled BPDU Processing in PVST+ Mode A port on an OmniSwitch operating in PVST+ mode will process BPDUs as follows: If the default VLAN of a port is VLAN 1 then: •...
Page 167: Configuring Stp Bridge Parameters
Configuring Spanning Tree Parameters Configuring STP Bridge Parameters Primary port functionality. The path cost assigned to the aggregate link is not the same between OmniSwitch and Cisco switches since vendor-specific formulas are used to derive the path cost. Manual configuration is recommended to match the Cisco path cost assignment for an aggregate link. For more information on the configuration of path cost for aggregate links, refer “Path Cost for Link Aggregate Ports”...
Page 168: Bridge Configuration Commands Overview
Configuring STP Bridge Parameters Configuring Spanning Tree Parameters To view current Spanning Tree bridge parameter values, use the bridge rrstp ring vlan-tag command. For more information about this command, see the OmniSwitch CLI Reference Guide. Bridge Configuration Commands Overview Spanning Tree bridge commands are available in an implicit form and an explicit form. Implicit commands resemble commands that were previously released with this feature.
Page 169: Selecting The Bridge Protocol
Configuring Spanning Tree Parameters Configuring STP Bridge Parameters Commands Type Used for ... bridge hello time Implicit Configuring the hello time value for a VLAN instance when the 1x1 mode is active or the single Spanning Tree instance when the flat mode is active. bridge cist hello time Explicit Configuring the hello time value for the single flat mode...
Page 170 Configuring STP Bridge Parameters Configuring Spanning Tree Parameters -> bridge 455 protocol rstp Note that when configuring the protocol value for a VLAN instance, MSTP is not an available option. This protocol is only supported on the flat mode instance. In addition, the explicit bridge 1x1 protocol command configures the protocol for a VLAN instance...
Page 171: Configuring The Bridge Priority
Configuring Spanning Tree Parameters Configuring STP Bridge Parameters Configuring the Bridge Priority A bridge is identified within the Spanning Tree by its bridge ID (an eight byte hex number). The first two bytes of the bridge ID contain a priority value and the remaining six bytes contain a bridge MAC address. The bridge priority is used to determine which bridge will serve as the root of the Spanning Tree.
Page 172: Configuring The Bridge Hello Time
Configuring STP Bridge Parameters Configuring Spanning Tree Parameters Note that when MSTP is the active flat mode protocol, explicit Spanning Tree bridge commands are required to configure parameter values. Implicit commands are for configuring parameters when the STP or RSTP protocols are in use. See Chapter 2, “Using 802.1Q 2005 Multiple Spanning Tree,”...
Page 173: Configuring The Bridge Max Age Time
Configuring Spanning Tree Parameters Configuring STP Bridge Parameters Configuring the Bridge Max Age Time The bridge max age time specifies how long, in seconds, the bridge retains Spanning Tree information it receives from Configuration BPDU. When a bridge receives a BPDU, it updates its configuration informa- tion and the max age timer is reset.
Page 174: Configuring The Bridge Forward Delay Time
Configuring STP Bridge Parameters Configuring Spanning Tree Parameters Configuring the Bridge Forward Delay Time The bridge forward delay time specifies how long, in seconds, a port remains in the learning state while it is transitioning to a forwarding state. In addition, when a topology change occurs, the forward delay time value is used to age out all dynamically learned addresses in the MAC address forwarding table.
Page 175: Enabling/Disabling The Vlan Bpdu Switching Status
Configuring Spanning Tree Parameters Configuring STP Bridge Parameters Enabling/Disabling the VLAN BPDU Switching Status By default, BPDU are not switched on ports associated with VLANs that have Spanning Tree disabled. This may result in a network loop if the VLAN has redundant paths to one or more other switches. Allow- ing VLANs that have Spanning Tree disabled to forward BPDU to all ports in the VLAN, can help to avoid this problem.
Page 176: Using Automatic Vlan Containment
Configuring STP Bridge Parameters Configuring Spanning Tree Parameters Using Automatic VLAN Containment In a Multiple Spanning Tree (MST) configuration, it is possible for a port that belongs to a VLAN that is not a member of an instance to become the root port for that instance. This can cause a topology change that could lead to a loss of connectivity between VLANs/switches.
Page 177: Configuring Stp Port Parameters
Configuring Spanning Tree Parameters Configuring STP Port Parameters Configuring STP Port Parameters The following sections provide information and procedures for using CLI commands to configure STP port parameters. These parameters determine the behavior of a port for a specific Spanning Tree instance. When a switch is running in the 1x1 STP mode, each VLAN is in essence a virtual STP bridge with its own STP instance and configurable parameters.
Page 178 Configuring STP Port Parameters Configuring Spanning Tree Parameters The following is a summary of Spanning Tree port configuration commands. For more information about these commands, see the OmniSwitch CLI Reference Guide. Commands Type Used for ... bridge slot/port Implicit Configuring the port Spanning Tree status for a VLAN instance when the 1x1 mode is active or the single Span- ning Tree instance when the flat mode is active.
Page 179 Configuring Spanning Tree Parameters Configuring STP Port Parameters Commands Type Used for ... bridge cist slot/port admin-edge Explicit Configures the connection type for a port or an aggregate of ports for the flat mode Common and Internal Span- ning Tree (CIST). bridge 1x1 slot/port admin-edge Explicit Configures the connection type for a port or an aggregate...
Page 180: Enabling/Disabling Spanning Tree On A Port
Configuring STP Port Parameters Configuring Spanning Tree Parameters Enabling/Disabling Spanning Tree on a Port By default, Spanning Tree is enabled on all ports. When Spanning Tree is disabled on a port, the port is put in a forwarding state for the specified instance. For example, if a port is associated with both VLAN 10 and VLAN 20 and Spanning Tree is disabled on the port for VLAN 20, the port state is set to forwarding for VLAN 20.
Page 181: Configuring Port Priority
Configuring Spanning Tree Parameters Configuring STP Port Parameters Configuring Port Priority A bridge port is identified within the Spanning Tree by its Port ID (a 16-bit or 32-bit hex number). The first 4 bits of the Port ID contain a priority value and the remaining 12 bits contain the physical switch port number.
Page 182: Configuring Port Path Cost
Configuring STP Port Parameters Configuring Spanning Tree Parameters To change the port priority for a link aggregate, use the bridge slot/port priority commands described above, but specify a link aggregate control number instead of a slot and port. For example, the following command sets the priority for link aggregate 10 associated with VLAN 755 to 9: ->...
Page 183: Path Cost For Link Aggregate Ports
Configuring Spanning Tree Parameters Configuring STP Port Parameters To change the port path cost value for a VLAN instance, specify a VLAN ID with the bridge slot/port path cost command when the switch is running in the 1x1 mode. For example, the following command configures a 16-bit path cost value for port 8/1 for VLAN 10 to 19 (the port speed is 100 MB, 19 is the recommended value).
Page 184 Configuring STP Port Parameters Configuring Spanning Tree Parameters Aggregate Size Default Path Link Speed (number of links) Cost Value 80,000 60,000 1 GB 12,000 8,000 6,000 10 GB 1,200 If a 16-bit path cost value is in use and the path_cost for a link aggregate is set to zero, the following default values based on link speed and link aggregate size are used.
Page 185: Configuring Port Mode
Configuring Spanning Tree Parameters Configuring STP Port Parameters Configuring Port Mode There are two port modes supported: manual and dynamic. Manual mode indicates that the port was set by the user to a forwarding or blocking state. The port will operate in the state selected until the state is manually changed again or the port mode is changed to dynamic.
Page 186: Configuring Port Connection Type
Configuring STP Port Parameters Configuring Spanning Tree Parameters Configuring Port Connection Type Specifying a port connection type is done when using the Rapid Spanning Tree Algorithm and Protocol (RSTP), as defined in the IEEE 802.1w standard. RSTP transitions a port from a blocking state directly to forwarding, bypassing the listening and learning states, to provide a rapid reconfiguration of the Spanning Tree in the event of a path or root bridge failure.
Page 187: Connection Type On Link Aggregate Ports
Configuring Spanning Tree Parameters Configuring STP Port Parameters when the switch is running in either mode (1x1 or flat) and an instance number is not required. For exam- ple, the following commands configure the connection type for port 1/24 for the flat mode instance: ->...
Page 188: Restricting Port Roles
Configuring STP Port Parameters Configuring Spanning Tree Parameters Restricting Port Roles By default, all ports are eligible for root port selection. A port in a CIST instance or 1x1 instance can be retricted from becoming a root port as explained below: A port in CIST/MSTI instance can be restricted from becoming the root port by using the bridge cist slot/ port restricted-role...
Page 189: Using Rrstp
Configuring Spanning Tree Parameters Using RRSTP Using RRSTP The Ring Rapid Spanning Tree Protocol (RRSTP) is complimentary to both the Spanning Tree Protocol (STP) as well as the Multiple Spanning Tree Protocol (MSTP). It is designed to provide faster conver- gence time when switches are connected point to point in a ring topology.
Page 190: Configuring Rrstp
Configuring Spanning Tree Parameters Configuring RRSTP This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to config- ure Ring Rapid Spanning Tree Protocol (RRSTP) on a switch. When configuring RRSTP parameters, you must perform the following steps: Enable RRSTP on your switch.
Page 191: Sample Spanning Tree Configuration
Configuring Spanning Tree Parameters Sample Spanning Tree Configuration Sample Spanning Tree Configuration This section provides an example network configuration in which the Spanning Tree Algorithm and Proto- col has calculated a loop-free topology. In addition, a tutorial is also included that provides steps on how to configure the example network topology using the Command Line Interface (CLI).
Page 192: Example Network Configuration Steps
Sample Spanning Tree Configuration Configuring Spanning Tree Parameters • The path cost for each port connection defaults to a value based on the link speed. For example, the connection between Switch B and Switch C is a 100 Mbps link, which defaults to a path cost of 19. •...
Page 193 Configuring Spanning Tree Parameters Sample Spanning Tree Configuration Change the bridge priority value for VLAN 255 on Switch D to 10 using the following command (leave the priority for VLAN 255 on the other three switches set to the default value of 32768): ->...
Page 194: Verifying The Spanning Tree Configuration
Verifying the Spanning Tree Configuration Configuring Spanning Tree Parameters Verifying the Spanning Tree Configuration To display information about the Spanning Tree configuration on the switch, use the show commands listed below: bridge rrstp ring vlan-tag Displays VLAN Spanning Tree information, including parameter values and topology change statistics.
Page 195: Configuring Ethernet Oam
8 Configuring Ethernet OAM The rise in the number of Ethernet service instances has resulted in service providers requiring a powerful and robust set of management tools to maintain Ethernet service networks. Service provider networks are large and intricate, often comprising of different operators that work together to provide the customers with end-to-end services.
Page 196: Ethernet Oam Specifications
Ethernet OAM Specifications Configuring Ethernet OAM Ethernet OAM Specifications The following table lists Ethernet OAM specifications. Ethernet OAM IEEE Standards Sup- IEEE 802.1ag–Connectivity Fault Management ported IEEE 802.3ah–CSMA/CD Access Method and Physical Layer Specifications IEEE 802.1D–Media Access Control (MAC) Bridges IEEE 802.1Q–Virtual Bridged Local Area Networks Maximum Maintenance Domains (MD) per Bridge...
Page 197: Ethernet Oam Overview
Configuring Ethernet OAM Ethernet OAM Overview Ethernet OAM Overview Ethernet OAM provides service assurance over a converged Ethernet network. It helps service providers to manage network operations efficiently and smoothly. Ethernet OAM provides effective monitoring capabilities by increasing visibility in the network. It detects failure and degradation by raising warnings and alarms;...
Page 198 Ethernet OAM Overview Configuring Ethernet OAM Customer Domain Provider Domain Operator Operator Operator Domain Domain Domain Access Network Core Network Access Network Customer Customer Network Network Maintenance End Point Maintenance Intermediate Point CFM Monitoring Domains Ethernet OAM Connectivity Fault Management consists of four types of messages that help in monitoring and debugging Ethernet networks.
Page 199: Mip Ccm Database Support
Configuring Ethernet OAM Ethernet OAM Overview MIP CCM Database Support Per section 19.4 of the IEEE 802.1ag 5.2 draft standard, an MHF may optionally maintain a MIP CCM database as it is not required for conformance to this standard. A MIP CCM database, if present, main- tains the information received from the MEPs in the MD and can be used by the Linktrace Protocol.
Page 200: Quick Steps For Configuring Ethernet Oam
-> ethoam domain esd.alcatel-lucent.com format dnsName Create an Ethernet OAM Maintenance Association using the ethoam association command. For example: -> ethoam association alcatel-sales format string domain esd.alcatel-lucent.com level level-4 vlan 10 Create an Ethernet OAM Maintenance End Point using the ethoam endpoint command. For example: ->...
Page 201: Configuring Ethernet Oam
Configuring Ethernet OAM Configuring Ethernet OAM Configuring Ethernet OAM This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to config- ure Ethernet OAM on a switch. Creating and Deleting a Maintenance Domain To create a Maintenance Domain (MD), use the...
Page 202: Creating And Deleting A Maintenance Association
VLAN ID. For example, to create the MA alcatel-sales in the esd.alcatel.com domain, you would enter: -> ethoam association alcatel-sales format string domain esd.alcatel-lucent.com vlan 10 To remove an MA, use the no form of this command. For example: ->...
Page 203: Configuring A Maintenance End Point
To configure the administrative state of a MEP, use the ethoam endpoint admin-state command, as shown: -> ethoam end-point 100 domain esd.alcatel-lucent.com association alcatel-sales admin-state enable To configure the MEP to generate Continuity Check Messages, use the ethoam endpoint ccm...
Page 204: Configuring The Fault Alarm Time
To configure the Fault Alarm time, enter the ethoam fault-alarm-time command, followed by the number of seconds. For example, to configure the Fault Alarm time value as 10 seconds, you would enter: -> ethoam fault-alarm-time 10 end-point 100 domain esd.alcatel-lucent.com asso- ciation alcatel_sales Configuring the Fault Reset Time The Fault Reset time is the time interval in which Fault Alarm is re-enabled to process the faults.
Page 205: Verifying The Ethernet Oam Configuration
Configuring Ethernet OAM Verifying the Ethernet OAM Configuration Verifying the Ethernet OAM Configuration To display information about Ethernet OAM on the switch, use the show commands listed below: show ethoam Displays the information of all the Management Domains configured on the switch.
Page 206 Verifying the Ethernet OAM Configuration Configuring Ethernet OAM page 8-12 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 207: Configuring Mac Retention
9 Configuring MAC Retention MAC Retention allows a system of stackable switches to retain the MAC address of the primary switch for a fixed or indefinite time, even after multiple takeovers. This minimizes the recalculation of protocols, such as Spanning Tree and Link Aggregation. It also minimizes the updation of tables, such as the Address Resolution Protocol (ARP) table for IPv4 routing and the Neighbor Discovery table for IPv6 routing.
Page 208: Chapter 10 Configuring Mac Retention
MAC Retention Defaults Configuring MAC Retention MAC Retention Defaults The following table lists the defaults for MAC Retention configuration: Parameter Description Command Default MAC Address Retention status mac-retention status disabled Status of duplicate MAC mac-retention dup-mac-trap disabled Address trap page 9-2 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 209: Mac Retention Overview
Configuring MAC Retention MAC Retention Overview MAC Retention Overview A “stack element” or simply “element” is a switch that has designated stacking ports. The switches are operatively interconnected via these ports to form a virtual chassis referred to as a stack. Each element in a stack can be elected as the primary or the secondary element.
Page 210: How Mac Retention Works
MAC Retention Overview Configuring MAC Retention had previously associated Stack 1 with the stack address M1, now has to change its ARP tables to associ- ate Stack 1 with the new stack address M2. Similarly, in IPv6 routing, Switch 1 has to change its Neighbor Discovery tables to associate Stack 1 with the new stack address M2.
Page 211: Mac Retention After Multiple Take-Overs
Configuring MAC Retention MAC Retention Overview If the primary element does not return to the stack after the elapse of the specified time interval, a trap is generated, which notifies the administrator of a possible MAC address duplication. The trap and syslog provide details about the slot number and the base MAC address of the removed former primary element.
Page 212: Configuring Mac Retention
Configuring MAC Retention Configuring MAC Retention Configuring MAC Retention This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to configure MAC Retention. Enabling MAC Retention MAC Retention is disabled on the switch by default. If necessary, use the...
Page 213: Mac Retention Applications
Configuring MAC Retention MAC Retention Applications MAC Retention Applications This section illustrates the MAC Retention feature using two different scenarios: • Software Failure • Link Failure Software Failure In the following diagram, if the primary element faces a fatal software exception, the MAC Retention feature will remain enabled and the base MAC address will be retained during takeover.
Page 214: Link Failure
MAC Retention Applications Configuring MAC Retention Link Failure In the following diagram, even if both stack links "a" and "b" of the primary element of Stack 1 go down almost at the same time (removed by the user or actual link failures), the MAC Retention feature will remain enabled and the base MAC address will be retained during takeover.
Page 215: Assigning Ports To Vlans
10 Assigning Ports to VLANs Initially all switch ports are non-mobile (fixed) and are assigned to VLAN 1, which is also their config- ured default VLAN. When additional VLANs are created on the switch, ports are assigned to the VLANs so that traffic from devices connected to these ports is bridged within the VLAN domain.
Page 216: Port Assignment Specifications
Port Assignment Specifications Assigning Ports to VLANs Port Assignment Specifications IEEE Standards Supported 802.1Q–Virtual Bridged Local Area Networks 802.1D–Media Access Control Bridges Maximum VLANs per switch and stack 4094 (based on switch configuration and available resources). Maximum VLAN port associations 32768 Switch ports eligible for port mobility.
Page 217: Sample Vlan Port Assignment
Assigning Ports to VLANs Sample VLAN Port Assignment Sample VLAN Port Assignment The following steps provide a quick tutorial that will create a VLAN, statically assign ports to the VLAN, and configure mobility on some of the VLAN ports: Create VLAN 255 with a description (e.g., Finance IP Network) using the following command: ->...
Page 218: Statically Assigning Ports To Vlans
Statically Assigning Ports to VLANs Assigning Ports to VLANs Statically Assigning Ports to VLANs vlan port default command is used to statically assign both mobile and non-mobile ports to another VLAN. When the assignment is made, the port drops the previous VLAN assignment. For example, the following command assigns port 2 on slot 3, currently assigned to VLAN 1, to VLAN 755: ->...
Page 219: How Dynamic Port Assignment Works
Assigning Ports to VLANs Dynamically Assigning Ports to VLANs How Dynamic Port Assignment Works Traffic received on mobile ports is classified using one of the following methods: • Packet is tagged with a VLAN ID that matches the ID of another VLAN that has mobile tagging enabled.
Page 220 Dynamically Assigning Ports to VLANs Assigning Ports to VLANs In the initial VLAN port assignment configuration shown below, • All three ports have workstations that are configured to send packets with an 802.1Q VLAN ID tag for three different VLANs (VLAN 2, 3, and 4). •...
Page 221 Assigning Ports to VLANs Dynamically Assigning Ports to VLANs OmniSwitch VLAN 4 VLAN 2 Network 140.0.0.0 Network 130.0.0.0 VLAN 1 VLAN 3 Default VLAN Network 138.0.0.0 Port 1 Port 2 Port 3 130.0.0.1 138.0.0.1 140.0.0.1 Dynamic VPA Default VLAN Tagged Mobile Port Traffic Triggers Dynamic VLAN Assignment OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 10-7...
Page 222: Vlan Rule Classification
Dynamically Assigning Ports to VLANs Assigning Ports to VLANs VLAN Rule Classification VLAN rule classification triggers dynamic VLAN port assignment when traffic received on a mobile port matches the criteria defined in a VLAN rule. Different rule types are available for classifying different types of network device traffic (see Chapter 12, “Defining VLAN Rules,”...
Page 223 Assigning Ports to VLANs Dynamically Assigning Ports to VLANs OmniSwitch VLAN 2 Network 130.0.0.0 VLAN 4 Network 140.0.0.0 VLAN 1 Default VLAN VLAN 3 Network 138.0.0.0 Port 3 Port 1 Port 2 130.0.0.1 138.0.0.5 140.0.0.3 VLAN Rule Classification: Initial Configuration As soon as the workstations start sending traffic, switch software checks the source subnet of the frames and looks for a match with any configured IP network address rules.
Page 224: Configuring Dynamic Vlan Port Assignment
Dynamically Assigning Ports to VLANs Assigning Ports to VLANs OmniSwitch VLAN 4 VLAN 2 Network 140.0.0.0 Network 130.0.0.0 VLAN 1 VLAN 3 Default VLAN Network 138.0.0.0 Port 3 Port 1 Port 2 130.0.0.1 138.0.0.1 140.0.0.1 Dynamic VPA Default VLAN Mobile Port Traffic Triggers Dynamic VLAN Assignment Configuring Dynamic VLAN Port Assignment Dynamic VLAN port assignment requires the following configuration steps: Use the...
Page 225: Enabling/Disabling Port Mobility
Assigning Ports to VLANs Dynamically Assigning Ports to VLANs Enabling/Disabling Port Mobility To enable mobility on a port, use the vlan port mobile command. For example, the following command enables mobility on port 1 of slot 4: -> vlan port mobile 4/1 To enable mobility on multiple ports, specify a range of ports and/or multiple slots.
Page 226: Understanding Mobile Port Properties
Understanding Mobile Port Properties Assigning Ports to VLANs When BPDU ignore is enabled and the mobile port receives a BPDU, the following occurs: • The port retains its mobile status and remains eligible for dynamic VLAN assignment. • The port is not included in the Spanning Tree algorithm. Note.
Page 227: What Is A Secondary Vlan
Assigning Ports to VLANs Understanding Mobile Port Properties What is a Secondary VLAN? All mobile ports start out with a configured default VLAN assignment. When mobile port traffic matches VLAN criteria, the port is assigned to that VLAN. Secondary VLANs are any VLAN a port is subse- quently assigned to that is not the configured default VLAN for that port.
Page 228 Understanding Mobile Port Properties Assigning Ports to VLANs OmniSwitch Configured Default VLAN 1 VLAN 3 Device connected to a mobile port sends traffic. If the traffic matches existing VLAN criteria, then the mobile port and its traffic are dynamically assigned to that VLAN. If device traffic does not match any VLAN rules, then the default VLAN property determines if the traffic is forwarded on the port’s configured default VLAN (VLAN 1 in this example).
Page 229 Assigning Ports to VLANs Understanding Mobile Port Properties Secondary Configured Default VLAN 2 VLAN 1 Configured Default VLAN 1 Secondary VLAN 3 Port assigned to default VLAN 1 Port is assigned to other VLANs or another VLAN using the when its traffic matches their criteria. vlan port default command.
Page 230: Configuring Mobile Port Properties
Understanding Mobile Port Properties Assigning Ports to VLANs Configuring Mobile Port Properties Mobile port properties indicate mobile port status and affect port behavior when the port is dynamically assigned to one or more VLANs. For example, mobile port properties determine the following: •...
Page 231: Enable/Disable Default Vlan Restore
Only mobile ports are eligible for authentication. If enabled, the mobile port participates in the Layer 2 authentication process supported by Alcatel-Lucent switches. This process restricts switch access at the VLAN level. The user is required to enter a valid login ID and password before gaining membership to a VLAN.
Page 232: Enable/Disable 802.1X Port-Based Access Control
Only mobile ports are eligible for 802.1X port-based access control. If enabled, the mobile port partici- pates in the authentication and authorization process defined in the IEEE 802.1X standard and supported by Alcatel-Lucent switches. For more information, see Chapter 27, “Configuring 802.1X.”...
Page 233: Verifying Vlan Port Associations And Mobile Port Properties
Assigning Ports to VLANs Verifying VLAN Port Associations and Mobile Port Properties Verifying VLAN Port Associations and Mobile Port Properties To display a list of VLAN port assignments or the status of mobile port properties, use the show commands listed below: show vlan port Displays a list of VLAN port assignments, including the type and status for each assignment.
Page 234: Understanding 'Show Vlan Port Mobile' Output
Verifying VLAN Port Associations and Mobile Port Properties Assigning Ports to VLANs The following example uses the show vlan port command to display VPA information for all ports in VLAN 200: -> show vlan 200 port port type status --------+---------+-------------- 3/24 default inactive...
Page 235: Chapter 12 Configuring Port Mapping
11 Configuring Port Mapping Port Mapping is a security feature, which controls communication between peer users. Each session comprises a session ID, a set of user ports, and/or a set of network ports. The user ports within a session cannot communicate with each other and can only communicate via network ports. In a port mapping session with user port set A and network port set B, the ports in set A can only communicate with the ports in set B.
Page 236: Port Mapping Specifications
Port Mapping Specifications Configuring Port Mapping Port Mapping Specifications Ports Supported Ethernet (10 Mbps)/Fast Ethernet (100 Mbps)/Gigabit Ethernet (1 Gb/1000 Mbps)/10 Gigabit Ethernet (10 Gb/10000 Mbps). Mapping Sessions Eight sessions supported per standalone switch and stack. Port Mapping Defaults The following table shows port mapping default values. Parameter Description CLI Command Default Value/Comments...
Page 237: Creating/Deleting A Port Mapping Session
Configuring Port Mapping Creating/Deleting a Port Mapping Session Creating/Deleting a Port Mapping Session Before port mapping can be used, it is necessary to create a port mapping session. The following subsec- tions describe how to create and delete a port mapping session with the port mapping user-port network-port port mapping...
Page 238: Enabling/Disabling A Port Mapping Session
Enabling/Disabling a Port Mapping Session Configuring Port Mapping Enabling/Disabling a Port Mapping Session By default, the port mapping session will be disabled. The following subsections describe how to enable and disable the port mapping session with the port mapping command. Enabling a Port Mapping Session To enable a port mapping session, enter port mapping followed by the session ID and enable.
Page 239: Sample Port Mapping Configuration
Configuring Port Mapping Sample Port Mapping Configuration Sample Port Mapping Configuration This section provides an example port mapping network configuration. In addition, a tutorial is also included that provides steps on how to configure the example port mapping session using the Command Line Interface (CLI).
Page 240: Example Port Mapping Configuration Steps
Verifying the Port Mapping Configuration Configuring Port Mapping Example Port Mapping Configuration Steps The following steps provide a quick tutorial that configures the port mapping session shown in the diagram on page 11-5. Configure session 1 on Switch A in the unidirectional mode using the following command: ->...
Page 241: 12 Defining Vlan Rules
12 Defining VLAN Rules VLAN rules are used to classify mobile port traffic for dynamic VLAN port assignment. Rules are defined by specifying a port, MAC address, protocol, network address, binding, or DHCP criteria to capture certain types of network device traffic. It is also possible to define multiple rules for the same VLAN. A mobile port is assigned to a VLAN if its traffic matches any one VLAN rule.
Page 242: Vlan Rules Specifications
VLAN Rules Specifications Defining VLAN Rules VLAN Rules Specifications IEEE Standards Supported 802.1Q–Virtual Bridged Local Area Networks 802.1v–VLAN Classification by Protocol and Port 802.1D–Media Access Control Bridges Maximum number of VLANs per switch 4094 (based on switch configuration and available resources) Maximum number of rules per VLAN Unlimited...
Page 243: Sample Vlan Rule Configuration
Defining VLAN Rules Sample VLAN Rule Configuration Sample VLAN Rule Configuration The following steps provide a quick tutorial that will create an IP network address and DHCP MAC range rule for VLAN 255, an IPX protocol rule for VLAN 355, and a MAC-IP-port binding rule for VLAN 1500.
Page 244: Vlan Rules Overview
VLAN Rules Overview Defining VLAN Rules VLAN Rules Overview The mobile port feature available on the switch allows dynamic VLAN port assignment based on VLAN rules that are applied to mobile port traffic.When a port is defined as a mobile port, switch software compares traffic coming in on that port with configured VLAN rules.
Page 245: Dhcp Rules
Defining VLAN Rules VLAN Rules Overview DHCP Rules Dynamic Host Configuration Protocol (DHCP) frames are sent from client workstations to request an IP address from a DHCP server. The server responds with the same type of frames, which contain an IP address for the client.
Page 246: Binding Rules
VLAN Rules Overview Defining VLAN Rules Binding Rules Binding rules restrict VLAN assignment to specific devices by requiring that device traffic match all crite- ria specified in the rule. As a result, a separate binding rule is required for each device. An unlimited number of such rules, however, is allowed per VLAN and up to 8129 of each rule type is allowed per switch.
Page 247: Port Rules
Defining VLAN Rules VLAN Rules Overview Port Rules Port rules are fundamentally different from all other supported rule types, in that traffic is not required to trigger dynamic assignment of the mobile port to a VLAN. As soon as this type of rule is created, the specified port is assigned to the VLAN only for the purpose of forwarding broadcast types of VLAN traf- fic to a device connected to that same port.
Page 248: Understanding Vlan Rule Precedence
VLAN Rules Overview Defining VLAN Rules Understanding VLAN Rule Precedence In addition to configurable VLAN rule types, there are two internal rule types for processing mobile port frames. One is referred to as frame type and is used to identify Dynamic Host Configuration Protocol (DHCP) frames.
Page 249 Defining VLAN Rules VLAN Rules Overview Precedence Step/Rule Type Condition Result 1. Frame Type Frame is a DHCP frame. Go to Step 2. Frame is not a DHCP frame. Skip Steps 2, 3, 4, and 5. 2. DHCP MAC DHCP frame contains a matching Frame source is assigned to the source MAC address.
Page 250: Configuring Vlan Rule Definitions
Configuring VLAN Rule Definitions Defining VLAN Rules Precedence Step/Rule Type Condition Result 9. MAC Address Frames contain a matching source Frame source is assigned to the MAC address. rule’s VLAN. 10. MAC Range Frame contains a source MAC Frame source is assigned to the address that falls within a specified rule’s VLAN.
Page 251: Defining Dhcp Mac Address Rules
Defining VLAN Rules Configuring VLAN Rule Definitions • When an active device is disconnected from a mobile port and connected to a fixed port, the source MAC address of that device is not learned on the fixed port until the MAC address has aged out and no longer appears on the mobile port.
Page 252: Defining Dhcp Mac Range Rules
Configuring VLAN Rule Definitions Defining VLAN Rules Only one MAC address is specified when using the vlan dhcp mac command to create a DHCP MAC rule. Therefore, to specify multiple MAC addresses for the same VLAN, create a DHCP MAC rule for each address.
Page 253: Defining Dhcp Generic Rules
Defining VLAN Rules Configuring VLAN Rule Definitions Defining DHCP Generic Rules DHCP generic rules capture all DHCP traffic that does not match an existing DHCP MAC or DHCP port rule. If none of these other rules exist, then all DHCP frames are captured regardless of the port they came in on or the frame’s source MAC address.
Page 254: How To Define A Mac-Port Binding Rule
Configuring VLAN Rule Definitions Defining VLAN Rules How to Define a MAC-Port Binding Rule To define a MAC-port binding rule, enter vlan followed by an existing VLAN ID then binding mac-port followed by a valid MAC address and a slot/port designation. For example, the following command defines a MAC-port binding rule for VLAN 1500: ->...
Page 255: Defining Mac Address Rules
Defining VLAN Rules Configuring VLAN Rule Definitions Defining MAC Address Rules MAC address rules capture frames that contain a source MAC address that matches the MAC address specified in the rule. The mobile port that receives the matching traffic is dynamically assigned to the rule’s VLAN.
Page 256: Defining Ip Network Address Rules
Configuring VLAN Rule Definitions Defining VLAN Rules Defining IP Network Address Rules IP network address rules capture frames that contain a source IP subnet address that matches the IP subnet address specified in the rule. If DHCP is used to provide client workstations with an IP address, consider using one of the DHCP rules in combination with an IP network address rule.
Page 257: Defining Protocol Rules
Defining VLAN Rules Configuring VLAN Rule Definitions In this example, frames received on any mobile port must contain an IPX network a010590c address with a Novell Raw (802.3) encapsulation to qualify for dynamic assignment to VLAN 1200. IPX network addresses consist of eight hex digits. If an address less than eight digits is entered, the entry is prefixed with zeros to equal eight characters.
Page 258: Defining Port Rules
Configuring VLAN Rule Definitions Defining VLAN Rules -> vlan 200 protocol ethertype 0800 ERROR: Part of ip ethernet protocol class - use <vlan # protocol ip-e2> instead The following table lists keywords for specifying a protocol type: protocol type keywords ip-e2 decnet ip-snap...
Page 259: Application Example: Dhcp Rules
Defining VLAN Rules Application Example: DHCP Rules Application Example: DHCP Rules This application example shows how Dynamic Host Configuration Protocol (DHCP) port and MAC address rules are used in a DHCP-based network. DHCP is built on a client-server model in which a desig- nated DHCP server allocates network addresses and delivers configuration parameters to dynamically configured clients.
Page 260 Application Example: DHCP Rules Defining VLAN Rules The following table summarizes the VLAN architecture and rules for all devices in this network configura- tion. The diagram on the following page illustrates this network configuration. Device VLAN Membership Rule Used/Router Role DHCP Server 1 Test VLAN IP network address rule=10.15.0.0...
Page 261 Defining VLAN Rules Application Example: DHCP Rules OmniSwitch Client 1 DHCP Port Rule Server 1 Test VLAN 10.15.14.16 Subnet 10.15.X.X Client 2 DHCP Port Rules DHCP Port Rule Client 3 DHCP Router 1 Port Rule No DHCP Relay Client 4 Production VLAN DHCP Subnet 10.15.128.X...
Page 262: Verifying Vlan Rule Configuration
Verifying VLAN Rule Configuration Defining VLAN Rules Verifying VLAN Rule Configuration To display information about VLAN rules configured on the switch, use the following show command; show vlan rules Displays a list of rules for one or all VLANs configured on the switch. For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide.
Page 263: In This Chapter
13 Configuring 802.1AB Link Layer Discovery Protocol (LLDP) is an emerging standard to provide a solution for the configura- tion issues caused by expanding networks. LLDP supports the network management software used for complete network management. LLDP is implemented as per the IEEE 802.1AB standard. LLDP specifi- cally defines a standard method for Ethernet network devices to exchange information with its neighbor- ing devices and maintain a database of the information.
Page 264: Ab Specifications
802.1AB Specifications Configuring 802.1AB 802.1AB Specifications IEEE Specification IEEE 802.1AB-2005 Station and Media Access Control Connectivity Discovery Transmit time interval for LLDPDUs 5 to 32768 in seconds Transmit hold multiplier value 2 to 10 Transmit delay 1 to 8192 in seconds Reinit delay 1 to 10 in seconds Notification interval...
Page 265: Quick Steps For Configuring 802.1Ab
Configuring 802.1AB Quick Steps for Configuring 802.1AB Quick Steps for Configuring 802.1AB To enable the transmission and the reception of LLDPUs on a port, use the lldp lldpdu command. For example: -> lldp 2/47 lldpdu tx-and-rx To control per port notification status about the remote device change on a port, use the lldp notifica- tion command.
Page 266: Ab Overview
802.1AB Overview Configuring 802.1AB 802.1AB Overview LLDP is a Layer 2 protocol for detecting adjacent devices in a network. Each device in a network sends and receives LLDPDUs through all its ports, when the protocol is enabled. If the protocol is disabled on a port or on a device, then LLDPDUs received on that port or device are dropped.
Page 267: Lldp Agent Operation
Configuring 802.1AB 802.1AB Overview IEEE 802.1 organizationally specific TLV set • Port VLAN ID TLV • Port and Protocol VLAN ID TLV • VLAN name TLV • Protocol identity TLV Note. If one TLV from this set is included in the LLDPDU, then all TLVs need to be included. IEEE 802.3 organizationally specific TLV set •...
Page 268: Lldpdu Transmission And Reception
802.1AB Overview Configuring 802.1AB LLDPDU Transmission and Reception LLDP operates in a one-way direction, so that the information in the LLDPDUs flows from one device to another. LLDPDUs are not exchanged as an information request by one device and a response sent by another device.
Page 269: Configuring 802.1Ab
Configuring 802.1AB Configuring 802.1AB Configuring 802.1AB The following sections detail procedures for enabling 802.1AB and assigning ports to 802.1AB. Configuring LLDPDU Flow lldp lldpdu command can be used to enable or disable the LLDPDU flow on a specific port, a slot, or all ports on a switch.
Page 270: Enabling And Disabling Management Tlv
Configuring 802.1AB Configuring 802.1AB Enabling and Disabling Management TLV lldp tlv management command is used to control per port management TLVs transmission in the LLDPDUs on a specific port, a slot, or all ports on a switch. When enabled, the LLDPDU administrative status must be in the transmit state.
Page 271: Enabling And Disabling 802.3 Tlv
Configuring 802.1AB Configuring 802.1AB Enabling and Disabling 802.3 TLV lldp tlv dot3 command is used to control per port 802.3 TLVs transmission in the LLDPDUs on a specific port, a slot, or all ports on a switch. When enabled, the LLDPDU administrative status must be in the transmit state.
Page 272: Setting The Transmit Hold Multiplier Value
Configuring 802.1AB Configuring 802.1AB Setting the Transmit Hold Multiplier Value To set the transmit hold multiplier value, enter the lldp transmit hold-multiplier command. For exam- ple, to set the transmit hold multiplier value to 2, enter: -> lldp transmit hold-multiplier 2 Note: The Time To Live is a multiple of the transmit interval and transmit hold-multiplier.
Page 273: Verifying 802.1Ab Configuration
Configuring 802.1AB Verifying 802.1AB Configuration Verifying 802.1AB Configuration To display information about the ports configured to handle 802.1AB, use the following show command: show lldp system-statistics Displays system-wide statistics. show lldp statistics Displays per port statistics. show lldp local -system Displays local system information.
Page 274 Verifying 802.1AB Configuration Configuring 802.1AB page 13-12 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 275: Using Interswitch Protocols
14 Using Interswitch Protocols Alcatel-Lucent Interswitch Protocol (AIP) is used to discover adjacent switches in the network. The following protocol is supported: • Alcatel-Lucent Mapping Adjacency Protocol (AMAP), which is used to discover the topology of OmniSwitches and Omni Switch/Router (Omni S/R). See “AMAP Overview”...
Page 276: Chapter 14 Using Interswitch Protocols
AIP Specifications Using Interswitch Protocols AIP Specifications Standards Not applicable at this time. AMAP is an Alcatel- Lucent proprietary protocol. Maximum number of IP addresses propagated by AMAP AMAP Defaults Parameter Description Command Default AMAP status amap Enabled Discovery time interval amap discovery time 30 seconds Common time interval...
Page 277: Amap Overview
AMAP Overview AMAP Overview The Alcatel-Lucent Mapping Adjacency Protocol (AMAP) is used to discover the topology of OmniSwitches in a particular installation. Using this protocol, each switch determines which OmniSwitches are adjacent to it by sending and responding to Hello update packets. For the purposes of AMAP, adjacent switches are those that: •...
Page 278: Discovery Transmission State
AMAP Overview Using Interswitch Protocols The transmission states are illustrated here. Send out Hello packets every discovery time-out interval (default: 30 seconds) No Hello packets Discovery received after Transmission State 3 discovery time-outs intervals Hello packets received before Passive Reception State 3 discovery time-out intervals Common...
Page 279: Common Transmission And Remote Switches
Using Interswitch Protocols Configuring AMAP Common Transmission and Remote Switches If an AMAP switch is connected to multiple AMAP switches via a hub, the switch sends and receives Hello traffic to and from the remote switches through the same port. If one of the remote switches stops sending Hello packets and other remote switches continue to send Hello packets, the ports in the common transmission state will remain in the common transmission state.
Page 280: Configuring The Amap Common Time-Out Interval
Configuring AMAP Using Interswitch Protocols Configuring the AMAP Common Time-out Interval The common time-out interval is used only in the common transmission state to determine the time inter- val between sending Hello update packets. A switch sends an update for a port just before or after the common time-out interval expires.
Page 281: Displaying Amap Information
Using Interswitch Protocols Configuring AMAP Displaying AMAP Information Use the show amap command to view a list of adjacent switches and their associated MAC addresses, interfaces, VLANs, and IP addresses. For remote switches that stop sending Hello packets and that are connected via a hub, entries may take up to three times the common time-out intervals to age out of this table.
Page 282 Configuring AMAP Using Interswitch Protocols A visual illustration of these connections is shown here: Remote Switch B 0020da:032c40 Remote interface 2/1 Switch A (local) Local interface 4/1 Remote Switch C 0020da:999660 Local interface 5/1 Remote interface 1/8 Local interface Remote interface 2/8 Remote interface 4/8 See the OmniSwitch CLI Reference Guide for information about the show amap command.
Page 283: Chapter 15 Configuring 802.1Q
15 Configuring 802.1Q 802.1Q is the IEEE standard for segmenting networks into VLANs. 802.1Q segmentation is done by adding a specific tag to a packet. In this Chapter This chapter describes the basic components of 802.1Q VLANs and how to configure them through the Command Line Interface (CLI).
Page 284: 802.1Q Specifications
802.1Q Specifications Configuring 802.1Q 802.1Q Specifications IEEE Specification Draft Standard P802.1Q/D11 IEEE Standards for Local And Metropolitan Area Network: Virtual Bridged Local Area Networks, July 30, 1998 Maximum Number of Tagged VLANs per 4093 Port Maximum Number of Untagged VLANs per One untagged VLAN per port.
Page 285: 802.1Q Overview
802.1Q Overview 802.1Q Overview Alcatel-Lucent’s 802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identification. This chapter details procedures for configuring and monitoring 802.1Q tagging on a single port in a switch or a link aggregation group in a switch.
Page 286 QoS and trusted ports, see Chapter 30, “Configuring QoS.” Alcatel-Lucent’s 802.1Q tagging is done at wire speed, providing high-performance throughput of tagged frames.The procedures below use CLI commands that are thoroughly described in “802.1Q Commands” of the OmniSwitch CLI Reference Guide.
Page 287: Configuring An 802.1Q Vlan
Configuring 802.1Q Configuring an 802.1Q VLAN Configuring an 802.1Q VLAN The following sections detail procedures for creating 802.1Q VLANs and assigning ports to 802.1Q VLANs. Enabling Tagging on a Port To set a port to be a tagged port, you must specify a VLAN identification (VID) number and a port number.
Page 288: Configuring The Frame Type
Configuring an 802.1Q VLAN Configuring 802.1Q To remove 802.1Q tagging from a selected port, use the same command as above with a no keyword added, as shown: -> vlan 5 no 802.1q 8 Note. The link aggregation group must be created first before it can be set to use 802.1Q tagging For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference...
Page 289: Show 802.1Q Information
Configuring 802.1Q Configuring an 802.1Q VLAN Show 802.1Q Information After configuring a port or link aggregation group to be a tagged port, you can view the settings by using the show 802.1q command, as demonstrated: -> show 802.1q 3/4 Acceptable Frame Type Any Frame Type Force Tag Internal Tagged VLANS...
Page 290: Application Example
Application Example Configuring 802.1Q Application Example In this section the steps to create 802.1Q connections between switches are shown. The following diagram shows a simple network employing 802.1Q on both regular ports and link aggrega- tion groups. VLAN 1 Switch 2 (untagged) VLAN 1 Stack 1...
Page 291 Configuring 802.1Q Application Example The following steps apply to Switch 2. They will attach port 2/1 to VLAN 2 and set the port to accept 802.1Q tagged traffic only: Create VLAN 2 by entering vlan 2 as shown below (VLAN 1 is the default VLAN for the switch): ->...
Page 292: Verifying 802.1Q Configuration
Verifying 802.1Q Configuration Configuring 802.1Q The following steps apply to Stack 3. They will attach ports 4/1 and 4/2 as link aggregation group 5 to VLAN 3. Configure static link aggregation group 5 by entering the following: -> static linkagg 5 size 2 Assign ports 4/1 and 4/2 to static link aggregation group 5 by entering the following two commands: ->...
Page 293: Configuring Static Link Aggregation
16 Configuring Static Link Aggregation Alcatel-Lucent’s static link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation provides the following bene- fits: • Scalability. It is possible to configure up to 32 link aggregation groups that consist of 2, 4, or 8 10- Mbps, 100-Mbps, 1-Gbps, or 10-Gbps Ethernet links.
Page 294: Static Link Aggregation Specifications
Static Link Aggregation Specifications Configuring Static Link Aggregation Static Link Aggregation Specifications The table below lists specifications for static groups. Maximum number of link aggregation groups 32 (per switch or a stack of switches) Number of links per group supported 2, 4, or 8 (per switch or a stack of switches) Range for optional group name 1 to 255 characters...
Page 295: Quick Steps For Configuring Static Link Aggregation
Configuring Static Link Aggregation Quick Steps for Configuring Static Link Aggregation Quick Steps for Configuring Static Link Aggregation Follow the steps below for a quick tutorial on configuring a static aggregate link between two switches. Additional information on how to configure each command is given in the subsections that follow. Create the static aggregate link on the local switch with the static linkagg size command.
Page 296 Quick Steps for Configuring Static Link Aggregation Configuring Static Link Aggregation Note. Optional. You can verify your static link aggregation settings with the show linkagg command. For example: -> show linkagg 1 Static Aggregate SNMP Id : 40000001, Aggregate Number : 1, SNMP Descriptor : Omnichannel Aggregate Number 1 ref 40000001 size 4,...
Page 297: Static Link Aggregation Overview
OmniSwitch 9000 switch and an OmniSwitch 6800, OmniSwitch 6850, OmniSwitch 7700/7800, OmniSwitch 8800, or OmniSwitch 6600 Series switch. • an OmniSwitch 6800, 6850, or 9000 switch and an early-generation Alcatel-Lucent switch, such as an Omni Switch/Router. However, static aggregate groups cannot be created between OmniSwitch 6800, 6850, or 9000 switches and some switches from other vendors.
Page 298: Relationship To Other Features
Static Link Aggregation Overview Configuring Static Link Aggregation OS9-GNI-C24 and two ports on another OS9-GNI-C24 on Switch B. The network administrator has created a separate VLAN for this group so users can use this high speed link. Switch B Switch A Switch software treats the static aggregate groups as one large virtual link.
Page 299: Configuring Static Link Aggregation Groups
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups Configuring Static Link Aggregation Groups This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to config- ure static link aggregate groups. See “Configuring Mandatory Static Link Aggregate Parameters” on page 16-7 for more information.
Page 300: Creating And Deleting A Static Link Aggregate Group
Configuring Static Link Aggregation Groups Configuring Static Link Aggregation Creating and Deleting a Static Link Aggregate Group The following subsections describe how to create and delete static link aggregate groups with the static linkagg size command. Creating a Static Aggregate Group You can create up to 32 static and/or dynamic link aggregation groups per a standalone switch or a stack of switches.
Page 301: Adding And Deleting Ports In A Static Aggregate Group
Alcatel-Lucent CLI syntax. For example, to assign port 1 in slot 1 to static aggregate group 10 and docu- ment that port 1 in slot 5 is a Giga Ethernet port you would enter: ->...
Page 302: Modifying Static Aggregation Group Parameters
Modifying Static Aggregation Group Parameters Configuring Static Link Aggregation Modifying Static Aggregation Group Parameters This section describes how to modify the following static aggregate group parameters: • Static aggregate group name (see “Modifying the Static Aggregate Group Name” on page 16-10) •...
Page 303: Application Example
Configuring Static Link Aggregation Application Example Application Example Static link aggregation groups are treated by the switch’s software the same way it treats individual physi- cal ports. This section demonstrates this by providing a sample network configuration that uses static link aggregation along with other software features.
Page 304: Displaying Static Link Aggregation Configuration And Statistics
Displaying Static Link Aggregation Configuration and Statistics Configuring Static Link Aggregation Displaying Static Link Aggregation Configuration and Statistics You can use Command Line Interface (CLI) show commands to display the current configuration and statistics of link aggregation. These commands include the following: show linkagg Displays information on link aggregation groups.
Page 305: Configuring Dynamic Link Aggregation
17 Configuring Dynamic Link Aggregation Alcatel-Lucent’s dynamic link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation provides the following bene- fits: • Scalability. It is possible to configure up to 32 link aggregation groups that consist of 2, 4, or 8 10- Mbps, 100-Mbps, 1-Gbps, or 10-Gbps Ethernet links.
Page 306: Dynamic Link Aggregation Specifications
Dynamic Link Aggregation Specifications Configuring Dynamic Link Aggregation Dynamic Link Aggregation Specifications The table below lists specifications for dynamic aggregation groups and ports: IEEE Specifications Supported 802.3ad — Aggregation of Multiple Link Segments Maximum number of link aggregation groups 32 (per standalone switch or a stack of switches) Range for optional group name 1 to 255 characters Number of links per group supported...
Page 307: Dynamic Link Aggregation Default Values
Configuring Dynamic Link Aggregation Dynamic Link Aggregation Default Values Dynamic Link Aggregation Default Values The table below lists default values for dynamic aggregate groups. Parameter Description Command Default Value/Comments Group Administrative State lacp linkagg admin state enabled Group Name lacp linkagg name No name configured Group Actor Administrative Key lacp linkagg actor admin key...
Page 308: Quick Steps For Configuring Dynamic Link Aggregation
Quick Steps for Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregation Quick Steps for Configuring Dynamic Link Aggregation Follow the steps below for a quick tutorial on configuring a dynamic aggregate link between two switches. Additional information on how to configure each command is given in the subsections that follow. Create the dynamic aggregate group on the local (actor) switch with the lacp linkagg size command as...
Page 309 Configuring Dynamic Link Aggregation Quick Steps for Configuring Dynamic Link Aggregation Note. As an option, you can verify your dynamic aggregation group settings with the show linkagg command on either the actor or the partner switch. For example: -> show linkagg 2 Dynamic Aggregate SNMP Id : 40000002,...
Page 310 Quick Steps for Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregation An example of what these commands look like entered sequentially on the command line on the partner switch: -> lacp linkagg 2 size 8 actor admin key 5 -> lacp agg 2/1 actor admin key 5 ->...
Page 311: Dynamic Link Aggregation Overview
IP packets the balancing algorithm uses the IP address as well. Ports must be of the same speed within the same aggregate group. Alcatel-Lucent’s link aggregation software allows you to configure the following two different types of link aggregation groups: •...
Page 312 Dynamic Link Aggregation Overview Configuring Dynamic Link Aggregation Local (Actor) Switch Remote (Partner) Switch . Local (actor) switch sends requests to establish a dynamic aggregate group link to the remote (partner) switch. . Partner switch acknowl- edges that it can accept this dynamic group.
Page 313: Relationship To Other Features
Configuring Dynamic Link Aggregation Dynamic Link Aggregation Overview Relationship to Other Features Link aggregation groups are supported by other switch software features. For example, you can configure 802.1Q tagging on link aggregation groups in addition to configuring it on individual ports. The following features have CLI commands or command parameters that support link aggregation: •...
Page 314: Configuring Dynamic Link Aggregate Groups
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregate Groups This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to create, modify, and delete dynamic aggregate groups. See “Configuring Mandatory Dynamic Link Aggregate Parameters”...
Page 315: Creating And Deleting A Dynamic Aggregate Group
For example, Alcatel-Lucent recommends assigning the actor admin key when you create the dynamic aggregate group to help ensure that ports are assigned to the correct group. To create a dynamic aggregate group with aggregate number 3 consisting of two ports with an admin actor key of 10, for example, enter: ->...
Page 316: Configuring Ports To Join And Removing Ports In A Dynamic Aggregate Group
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation Configuring Ports to Join and Removing Ports in a Dynamic Aggregate Group The following subsections describe how to configure ports with the same administrative key (which allows them to be aggregated) or to remove them from a dynamic aggregate group with the lacp agg actor admin command.
Page 317: Removing Ports From A Dynamic Aggregate Group
Alcatel-Lucent CLI syntax. For example, to configure an actor administrative key of 10 and to document that the port is a 10-Mbps Ethernet port to slot 4 port 1, enter: ->...
Page 318: Modifying Dynamic Link Aggregate Group Parameters
The table on page 17-3 lists default group and port settings for Alcatel-Lucent’s dynamic link aggregation software. These parameters ensure compliance with the IEEE 802.3ad specification. For most networks, these default values do not need to be modified or will be modified automatically by switch software.
Page 319: Modifying The Dynamic Aggregate Group Administrative State
Configuring Dynamic Link Aggregation Modifying Dynamic Link Aggregate Group Parameters For example, to name dynamic aggregate group 4 “Engineering” you would enter: -> lacp linkagg 4 name Engineering Note. If you want to specify spaces within a name, the name must be enclosed in quotes. For example: ->...
Page 320: Modifying The Dynamic Aggregate Group Actor System Priority
Modifying Dynamic Link Aggregate Group Parameters Configuring Dynamic Link Aggregation Deleting a Dynamic Aggregate Actor Administrative Key To remove an actor switch administrative key from a dynamic aggregate group’s configuration use the no form of the lacp linkagg actor admin key command by entering lacp linkagg followed by the dynamic aggregate group number and no actor admin key.
Page 321: Modifying The Dynamic Aggregate Group Partner Administrative Key
Configuring Dynamic Link Aggregation Modifying Dynamic Link Aggregate Group Parameters Restoring the Dynamic Aggregate Group Actor System ID To remove the user-configured actor switch system ID from a dynamic aggregate group’s configuration use the no form of the lacp linkagg actor system id command by entering lacp linkagg followed by the dynamic aggregate group number and no actor system id.
Page 322: Modifying The Dynamic Aggregate Group Partner System Id
All of the commands to modify actor port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel-Lucent CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 37, “Configuring Ethernet Ports,”...
Page 323: Modifying The Actor Port System Administrative State
Configuring Dynamic Link Aggregation Modifying Dynamic Link Aggregate Group Parameters Note. A port may belong to only one aggregate group. In addition, mobile ports cannot be aggregated. See Chapter 10, “Assigning Ports to VLANs,” for more information on mobile ports. Modifying the Actor Port System Administrative State The system administrative state of a dynamic aggregate group actor port is indicated by bit settings in Link Aggregation Control Protocol Data Unit (LACPDU) frames sent by the port.
Page 324: Modifying The Actor Port System Id
Alcatel-Lucent CLI syntax. For example, to set bits 0 (active) and 2 (aggregate) on dynamic aggregate actor port 49 in slot 5 and document that the port is a Gigabit Ethernet port you would enter: ->...
Page 325: Modifying The Actor Port System Priority
Alcatel-Lucent CLI syntax. For example, to modify the system ID of the dynamic aggregate actor port 3 in slot 7 to 00:20:da:06:ba:d3 and document that the port is 10 Mbps Ethernet you would enter: ->...
Page 326: Modifying The Actor Port Priority
Alcatel-Lucent CLI syntax. For example, to modify the actor port priority of dynamic aggregate actor port 1 in slot 2 to 100 and document that the port is a Giga Ethernet port you would enter: ->...
Page 327: Modifying Dynamic Aggregate Partner Port Parameters
All of the commands to modify partner port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel-Lucent CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 37, “Configuring Ethernet Ports,”...
Page 328 Alcatel-Lucent CLI syntax. For example, to set bits 0 (active) and 2 (aggregate) on dynamic aggregate partner port 49 in slot 7 and document that the port is a Gigabit Ethernet port you would enter: ->...
Page 329: Modifying The Partner Port Administrative Key
Alcatel-Lucent CLI syntax. For example, to modify the administrative key of a dynamic aggregate group partner port 1 in slot 6 to 1000 and document that the port is a 10 Mbps Ethernet port you would enter: ->...
Page 330: Modifying The Partner Port System Priority
Alcatel-Lucent CLI syntax. For example, to modify the system ID of dynamic aggregate partner port 49 in slot 6 to 00:20:da:06:ba:d3 and document that the port is a Gigabit Ethernet port you would enter: ->...
Page 331: Modifying The Partner Port Administrative Status
Alcatel-Lucent CLI syntax. For example, to modify the administrative status of dynamic aggregate partner port 1 in slot 7 to 200 and document that the port is a Giga Ethernet port you would enter: ->...
Page 332 Alcatel-Lucent CLI syntax. For example, to modify the port priority of dynamic aggregate partner port 3 in slot 4 to 100 and document that the port is a Giga Ethernet port you would enter: ->...
Page 333: Application Examples
Configuring Dynamic Link Aggregation Application Examples Application Examples Dynamic link aggregation groups are treated by the switch’s software the same way it treats individual physical ports.This section demonstrates this feature by providing sample network configurations that use dynamic aggregation along with other software features. In addition, tutorials are provided that show how to configure these sample networks by using Command Line Interface (CLI) commands.
Page 334: Link Aggregation And Spanning Tree Example
Application Examples Configuring Dynamic Link Aggregation Link Aggregation and Spanning Tree Example As shown in the figure on page 17-29, VLAN 10, which uses the Spanning Tree Protocol (STP) with a priority of 15, has been configured to use dynamic aggregate group 7. The actual physical links connect ports 3/9 and 3/10 on Switch A to ports 1/1 and 1/2 on Switch B.
Page 335: Link Aggregation And Qos Example
Configuring Dynamic Link Aggregation Application Examples Link Aggregation and QoS Example As shown in the figure on page 17-29, VLAN 12, which uses 802.1Q frame tagging and 802.1p prioritiza- tion, has been configured to use dynamic aggregate group 7. The actual physical links connect ports 4/1, 4/2, 4/3, and 4/4 on Switch A to ports 1/1, 1/2, 1/3, and 1/4 on Switch C (a stack of four OmniSwitch 6800 Series switches).
Page 336: Displaying Dynamic Link Aggregation Configuration And Statistics
Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation Repeat steps 1 through 9 on Switch C. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. If you do not use the qos apply command any QoS policies you configured will be lost on the next switch reboot.
Page 337 Configuring Dynamic Link Aggregation Displaying Dynamic Link Aggregation Configuration and Statistics A screen similar to the following would be displayed: Dynamic Aggregable Port SNMP Id : 2001, Slot/Port : 2/1, Administrative State : ENABLED, Operational State : DOWN, Port State : CONFIGURED, Link State : DOWN,...
Page 338 Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 17-34 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 339: Chapter 18 Configuring Ip
18 Configuring IP Internet Protocol (IP) is primarily a network-layer (Layer 3) protocol that contains addressing and control information that enables packets to be forwarded. Along with Transmission Control Protocol (TCP), IP represents the heart of the Internet protocols. IP has two primary responsibilities, providing connection- less, best-effort delivery of datagrams through an internetwork;...
Page 340: Ip Specifications
IP Specifications Configuring IP • Managing IP – Internet Control Message Protocol (ICMP) (see page 18-28) – Using the Ping Command (see page 18-31) – Tracing an IP Route (see page 18-32) – Displaying TCP Information (see page 18-32) – Displaying User Datagram Protocol (UDP) Information (see page 18-32) •...
Page 341 Configuring IP IP Defaults Description Command Default IP interfaces ip interface VLAN 1 interface. ARP filters arp filter OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 18-3...
Page 342: Quick Steps For Configuring Ip Forwarding
Using only IP, which is always enabled on the switch, devices connected to ports on the same VLAN are able to communicate at Layer 2. The initial configuration for all Alcatel-Lucent switches consists of a default VLAN 1. All switch ports are initially assigned to this VLAN. In addition, when an OmniSwitch 6800/6850 switch is added to a stack of switches or a switching module is added to an OmniSwitch 9000 switch, all ports belonging to the new switch and/or module are also assigned to VLAN 1.
Page 343: Ip Overview
Configuring IP IP Overview IP Overview IP is a network-layer (Layer 3) protocol that contains addressing and control information that enables packets to be forwarded on a network. IP is the primary network-layer protocol in the Internet protocol suite. Along with TCP, IP represents the heart of the Internet protocols. IP Protocols IP is associated with several Layer 3 and Layer 4 protocols.
Page 344: Additional Ip Protocols
IP Overview Configuring IP Additional IP Protocols There are several additional IP-related protocols that may be used with IP forwarding. These protocols are included as part of the base code. • Address Resolution Protocol (ARP)—Used to match the IP address of a device with its physical (MAC) address.
Page 345: Ip Forwarding
IP network address (e.g., IP - 21.0.0.10). Alcatel-Lucent switches support routing of IP traffic. A VLAN is available for routing when at least one router interface is defined for that VLAN and at least one active port is associated with the VLAN. If a VLAN does not have a router interface, the ports associated with that VLAN are in essence firewalled from other VLANs.
Page 346: Configuring An Ip Router Interface
IP Forwarding Configuring IP Configuring an IP Router Interface IP is enabled by default. Using IP, devices connected to ports on the same VLAN are able to communi- cate. However, to forward packets to a different VLAN, you must create at least one router interface on each VLAN.
Page 347: Modifying An Ip Router Interface
Configuring IP IP Forwarding Modifying an IP Router Interface The ip interface command is also used to modify existing IP interface parameter values. It is not neces- sary to first remove the IP interface and then create it again with the new values. The changes specified will overwrite existing parameter values.
Page 348: Configuring A Loopback0 Interface
IP Forwarding Configuring IP Configuring a Loopback0 Interface Loopback0 is the name assigned to an IP interface to identify a consistent address for network manage- ment purposes. The Loopback0 interface is not bound to any VLAN, so it will always remain operation- ally active.
Page 349: Creating A Static Route
Configuring IP IP Forwarding Creating a Static Route Static routes are user-defined and carry a higher priority than routes created by dynamic routing proto- cols. That is, if two routes have the same metric value, the static route has the higher priority. Static routes allow you to define, or customize, an explicit path to an IP network segment, which is then added to the IP Forwarding table.
Page 350: Creating A Default Route
IP Forwarding Configuring IP Creating a Default Route A default route can be configured for packets destined for networks that are unknown to the switch. Use the ip static-route command to create a default route. You must specify a default route of 0.0.0.0 with a subnet mask of 0.0.0.0 and the IP address of the next hop (gateway).
Page 351: Deleting A Permanent Entry From The Arp Table
Configuring IP IP Forwarding Use the show arp command to display the ARP table. Note. Because most hosts support the use of address resolution protocols to determine and cache address information (called dynamic address resolution), you generally do not need to specify permanent ARP entries.
Page 352: Arp Filtering
IP Forwarding Configuring IP Note that when Local Proxy ARP is enabled for any one IP router interface associated with a VLAN, the feature is applied to the entire VLAN. It is not necessary to enable it for each interface. However, if the IP interface that has this feature enabled is moved to another VLAN, Local Proxy ARP is enabled for the new VLAN and must be enabled on another interface for the old VLAN.
Page 353: Ip Configuration
Configuring IP IP Configuration IP Configuration IP is enabled on the switch by default and there are few options that can, or need to be, configured. This section provides instructions for some basic IP configuration options. Configuring the Router Primary Address By default, the router primary address is derived from the first IP interface that becomes operational on the router.
Page 354: Configuring The Time-To-Live (Ttl) Value
IP Configuration Configuring IP Configuring the Time-to-Live (TTL) Value The TTL value is the default value inserted into the TTL field of the IP header of datagrams originating from the switch whenever a TTL value is not supplied by the transport layer protocol. The value is measured in hops.
Page 355: Creating A Route Map
Configuring IP IP Configuration The ip route-map command is used to configure route map statements and provides the following action, match, and set parameters: ip route-map action ... ip route-map match ... ip route-map set ... permit ip-address metric deny ip-nexthop metric-type ipv6-address...
Page 356 IP Configuration Configuring IP The following is a summary of the commands used in the above examples: -> ip route-map ospf-to-bgp sequence-number 10 action permit -> ip route-map ospf-to-bgp sequence-number 10 match tag 8 -> ip route-map ospf-to-bgp sequence-number 10 set tag 5 To verify a route map configuration, use the show ip route-map command:...
Page 357: Configuring Access Lists
Configuring IP IP Configuration To configure a new sequence of statements for an existing route map, specify the same route map name but use a different sequence number. For example, the following commands create a new sequence 20 for the rm_1 route map: ->...
Page 358: Configuring Route Map Redistribution
IP Configuration Configuring IP To add addresses to an access list, use the ip access-list address (IPv4) or the ipv6 access-list address (IPv6) command. For example, the following commands add addresses to an existing access list: -> ip access-list ipaddr address 10.0.0.0/8 ->...
Page 359: Route Map Redistribution Example
Configuring IP IP Configuration Configuring the Administrative Status of the Route Map Redistribution The administrative status of a route map redistribution configuration is enabled by default. To change the administrative status, use the status parameter with the ip redist command. For example, the following command disables the redistribution administrative status for the specified route map: ->...
Page 360: Ip-Directed Broadcasts
IP Configuration Configuring IP IP-Directed Broadcasts An IP directed broadcast is an IP datagram that has all zeroes or all 1 in the host portion of the destination IP address. The packet is sent to the broadcast address of a subnet to which the sender is not directly attached.
Page 361 Configuring IP IP Configuration • Invalid IP Attack—Packets with invalid source or destination IP addresses are received by the switch. When such an Invalid-IP attack is detected, the packets are dropped, and SNMP traps are generated. Examples of some invalid source and destination IP addresses are listed below: •...
Page 362 IP Configuration Configuring IP • Port scan penalty value threshold.The switch is given a port scan penalty value threshold. This number is the maximum value the running penalty total can achieve before triggering an SNMP trap. • Decay value. A decay value is set. The running penalty total is divided by the decay value every minute.
Page 363 Configuring IP IP Configuration In the next minute, 10 more TCP and UDP closed port packets are received, along with 200 UDP open- port packets. This would bring the total penalty value to 4300, as shown using the following equation: (100 previous minute value) + (10 TCP X 10 penalty) + (10 UDP X 10 penalty) + (200 UDP X 20 penalty) = 4300 This value would be divided by 2 (due to decay) and decreased to 2150.
Page 364: Enabling/Disabling Ip Services
IP Configuration Configuring IP Setting the Port Scan Penalty Value Threshold The port scan penalty value threshold is the highest point the total penalty value for the switch can reach before a trap is generated informing the administrator that a port scan is in progress. To set the port scan penalty value threshold, enter the threshold value with the ip dos scan threshold command.
Page 365 Configuring IP IP Configuration The following table lists ip service command options for specifying TCP/UDP services and also includes the well-known port number associated with each service: service port telnet http secure-http avlan-http avlan-secure-http avlan-telnet udp-relay network-time snmp proprietary 1024 proprietary 1025 OmniSwitch 6800/6850/9000 Network Configuration Guide...
Page 366: Managing Ip
Managing IP Configuring IP Managing IP The following sections describe IP commands that can be used to monitor and troubleshoot IP forwarding on the switch. Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) is a network layer protocol within the IP protocol suite that provides message packets to report errors and other IP packet processing information back to the source.
Page 367 Configuring IP Managing IP Activating ICMP Control Messages ICMP messages are identified by a type and a code. This number pair specifies an ICMP message. By default, ICMP messages are disabled. For example, ICMP type 4, code 0, specifies the source quench ICMP message.
Page 368 Managing IP Configuring IP ICMP Message Type Code address mask reply In addition to the icmp type command, several commonly used ICMP messages have been separate CLI commands for convenience. These commands are listed below with the ICMP message name, type, and code: ICMP Message Command...
Page 369: Icmp Control Table
Configuring IP Managing IP Setting the Minimum Packet Gap The minimum packet gap is the time required between sending messages of a like type. For instance, if the minimum packet gap for Address Mask request messages is 40 microseconds, and an Address Mask message is sent, at least 40 microseconds must pass before another one could be sent.
Page 370: Tracing An Ip Route
This feature supports the creation, administration, and deletion of IP inter- faces whose underlying virtual device is a tunnel. The Alcatel-Lucent implementation provides support for two tunneling protocols: Generic Routing Encapsulation (GRE) and IP encapsulation within IP(IPIP).
Page 371: Ip Encapsulation Within Ip
Configuring IP Tunneling IP Encapsulation within IP IPIP tunneling is a method by which an IP packet is encapsulated within another IP packet. The Source Address and Destination Address of the outer IP header identifies the endpoints of tunnel. Whereas Source Address and Destination Address of the inner IP header identifies the original sender and recipient of the packet, respectively.
Page 372: Configuring A Tunnel Interface
Tunneling Configuring IP • A route is available to reach the destination IP address. A route whose egress interface is a VLAN- based interface is available for its destination IP address.The switch supports assigning an IP address as well as routes to a tunnel interface. This section describes how to configure a tunnel interface using GRE and IPIP, using Command Line Interface (CLI) commands.
Page 373: Verifying The Ip Configuration
Configuring IP Verifying the IP Configuration Verifying the IP Configuration A summary of the show commands used for verifying the IP configuration is given here: show ip interface Displays the usability status of interfaces configured for IP. show ip route Displays the IP Forwarding table.
Page 374 Verifying the IP Configuration Configuring IP page 18-36 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 375: 19 Configuring Ipv6
19 Configuring IPv6 Internet Protocol version 6 (IPv6) is the next generation of Internet Protocol version 4 (IPv4). Both versions are supported along with the ability to tunnel IPv6 traffic over IPv4. Implementing IPv6 solves the limited address problem currently facing IPv4, which provides a 32-bit address space. IPv6 increases the address space available to 128 bits.
Page 376: Ipv6 Specifications
IPv6 Specifications Configuring IPv6 IPv6 Specifications RFCs Supported 2460–Internet Protocol, Version 6 (IPv6) Specification 2461–Neighbor Discovery for IP Version 6 (IPv6) 2462–IPv6 Stateless Address Autoconfiguration 2464–Transmission of IPv6 Packets Over Ethernet Networks 3056–Connection of IPv6 Domains via IPv4 Clouds 4213–Basic Transition Mechanisms for IPv6 Hosts and Routers 4291–Internet Protocol Version 6 (IPv6) Addressing Archi- tecture...
Page 377: Quick Steps For Configuring Ipv6 Routing
Configuring IPv6 Quick Steps for Configuring IPv6 Routing Quick Steps for Configuring IPv6 Routing The following tutorial assumes that VLAN 200 and VLAN 300 already exist in the switch configuration. For information about how to configure VLANs, see Chapter 4, “Configuring VLANs.” Configure an IPv6 interface for VLAN 200 by using the ipv6 interface command.
Page 378: Ipv6 Overview
IPv6 Overview Configuring IPv6 IPv6 Overview IPv6 provides the basic functionality that is offered with IPv4 but includes the following enhancements and features not available with IPv4: • Increased IP address size—IPv6 uses a 128-bit address, a substantial increase over the 32-bit IPv4 address size.
Page 379: Ipv6 Addressing
Configuring IPv6 IPv6 Overview IPv6 Addressing One of the main differences between IPv6 and IPv4 is that the address size has increased from 32 bits to 128 bits. Going to a 128-bit address also increases the size of the address space to the point where running out of IPv6 addresses is not a concern.
Page 380: Ipv6 Address Notation
IPv6 Overview Configuring IPv6 IPv6 Address Notation IPv4 addresses are expressed using dotted decimal notation and consist of four eight-bit octets. If this same method was used for IPv6 addresses, the address would contain 16 such octets, thus making it difficult to manage.
Page 381: Autoconfiguration Of Ipv6 Addresses
Configuring IPv6 IPv6 Overview Autoconfiguration of IPv6 Addresses This implementation of IPv6 supports the stateless autoconfiguration of link-local addresses for IPv6 VLAN and tunnel interfaces and for devices when they are connected to the switch. Stateless refers to the fact that little or no configuration is required to generate such addresses and there is no dependency on an address configuration server, such as a DHCP server, to provide the addresses.
Page 382: Tunneling Ipv6 Over Ipv4
IPv6 Overview Configuring IPv6 Tunneling IPv6 over IPv4 It is likely that IPv6 and IPv4 network infrastructures will coexist for some time, if not indefinitely. Tunneling provides a mechanism for transitioning an IPv4 network to IPv6 and/or maintaining interopera- bility between IPv4 and IPv6 networks. This implementation of IPv6 supports tunneling of IPv6 traffic over IPv4.
Page 383 Configuring IPv6 IPv6 Overview In the above diagram: The 6to4 hosts receive 6to4 prefix from Router Advertisement. The 6to4 host sends IPv6 packets to 6to4 border router. The 6to4 border router encapsulates IPv6 packets with IPv4 headers and sends to the destination 6to4 border router over the IPv4 domain.
Page 384: Configured Tunnels
IPv6 Overview Configuring IPv6 The traffic routed to the 6to4 tunnel interface is then encapsulated into IPv4 headers and sent to the destination 6to4 router over the IPv4 domain. The destination 6to4 router strips the IPv4 header and forwards it to the IPv6 destination host. For more information about configuring an IPv6 6to4 tunnel interface, see “Configuring an IPv6 Inter- face”...
Page 385: Configuring An Ipv6 Interface
Configuring IPv6 Configuring an IPv6 Interface Configuring an IPv6 Interface ipv6 interface command is used to create an IPv6 interface for a VLAN or a tunnel. Note the follow- ing when configuring an IPv6 interface: • A unique interface name is required for both a VLAN and tunnel interface. •...
Page 386: Modifying An Ipv6 Interface
Configuring an IPv6 Interface Configuring IPv6 To create an IPv6 interface for a 6to4 tunnel, use the following command: -> ipv6 interface v6if-6to4 tunnel 6to4 Use the show ipv6 interface command to verify the interface configuration for the switch. For more infor- mation about this command, see the OmniSwitch CLI Reference Guide.
Page 387: Assigning Ipv6 Addresses
Configuring IPv6 Assigning IPv6 Addresses Assigning IPv6 Addresses As was previously mentioned, when an IPv6 interface is created for a VLAN or a configured tunnel, an IPv6 link-local address is automatically created for that interface. This is also true when a device, such as a workstation, is connected to the switch.
Page 388: Removing An Ipv6 Address
Assigning IPv6 Addresses Configuring IPv6 Removing an IPv6 Address To remove an IPv6 address from an interface, use the no form of the ipv6 address command as shown: -> no ipv6 address 4100:1000::20 v6if-v200 Note that the subnet router anycast address is automatically deleted when the last unicast address of the same subnet is removed from the interface.
Page 389: Configuring Ipv6 Tunnel Interfaces
Configuring IPv6 Configuring IPv6 Tunnel Interfaces Configuring IPv6 Tunnel Interfaces There are two types of tunnels supported, 6to4 and configured. Both types facilitate the interaction of IPv6 networks with IPv4 networks by providing a mechanism for carrying IPv6 traffic over an IPv4 network infrastructure.
Page 390: Creating An Ipv6 Static Route
Creating an IPv6 Static Route Configuring IPv6 Creating an IPv6 Static Route Static routes are user-defined and carry a higher priority than routes created by dynamic routing protocols. That is, if two routes have the same metric value, the static route has the higher priority. Static routes allow you to define, or customize, an explicit path to an IPv6 network segment, which is then added to the IPv6 Forwarding table.
Page 391: Configuring The Route Preference Of A Router
Configuring IPv6 Configuring the Route Preference of a Router Configuring the Route Preference of a Router By default, the route preference of a router is in this order: local, static, OSPFv3, RIPng, EBGP, and IBGP (highest to lowest). Use the ipv6 route-pref command to change the route preference value of a router.
Page 392: Configuring Route Map Redistribution
Configuring Route Map Redistribution Configuring IPv6 Configuring Route Map Redistribution It is possible to learn and advertise IPv6 routes between different protocols. Such a process is referred to as route redistribution and is configured using the ipv6 redist command. Redistribution uses route maps to control how external routes are learned and distributed. A route map consists of one or more user-defined statements that can determine which routes are allowed or denied access to the receiving network.
Page 393 Configuring IPv6 Configuring Route Map Redistribution Creating a Route Map When a route map is created, it is given a name (up to 20 characters), a sequence number, and an action (permit or deny). Specifying a sequence number is optional. If a value is not configured, then the number 50 is used by default.
Page 394 Configuring Route Map Redistribution Configuring IPv6 Deleting a Route Map Use the no form of the ip route-map command to delete an entire route map, a route map sequence, or a specific statement within a sequence. To delete an entire route map, enter no ip route-map followed by the route map name. For example, the following command deletes the entire route map named redistipv4: ->...
Page 395 Configuring IPv6 Configuring Route Map Redistribution Sequence 10 and sequence 20 are both linked to route map rm_1 and are processed in ascending order according to their sequence number value. Note that there is an implied logical OR between sequences. As a result, if there is no match for the tag value in sequence 10, then the match interface statement in sequence 20 is processed.
Page 396: Configuring Route Map Redistribution
Configuring Route Map Redistribution Configuring IPv6 Configuring Route Map Redistribution ipv6 redist command is used to configure the redistribution of routes from a source protocol into the destination protocol. This command is used on the IPv6 router that will perform the redistribution. Note.
Page 397: Route Map Redistribution Example
Configuring IPv6 Configuring Route Map Redistribution Route Map Redistribution Example The following example configures the redistribution of OSPFv3 routes into a RIPng network using a route map (ospf-to-rip) to filter specific routes: -> ip route-map ospf-to-rip sequence-number 10 action deny ->...
Page 398: Verifying The Ipv6 Configuration
Verifying the IPv6 Configuration Configuring IPv6 Verifying the IPv6 Configuration A summary of the show commands used for verifying the IPv6 configuration is given here: show ipv6 rip Displays the RIPng status and general configuration parameters. show ipv6 redist Displays the route map redistribution configuration. show ipv6 interface Displays the status and configuration of IPv6 interfaces.
Page 399: 20 Configuring Rip
20 Configuring RIP Routing Information Protocol (RIP) is a widely used Interior Gateway Protocol (IGP) that uses hop count as its routing metric. RIP-enabled routers update neighboring routers by transmitting a copy of their own routing table. The RIP routing table uses the most efficient route to a destination, that is, the route with the fewest hops and longest matching prefix.
Page 400: Rip Specifications
RIP Specifications Configuring RIP RIP Specifications RFCs Supported RFC 1058–RIP v1 RFC 2453–RIP v2 RFC 1722–RIP v2 Protocol Applicability Statement RFC 1724–RIP v2 MIB Extension Maximum Number of RIP Routes 2048 RIP Defaults The following table lists the defaults for RIP configuration through the ip rip command. Description Command Default...
Page 401: Quick Steps For Configuring Rip Routing
Configuring RIP Quick Steps for Configuring RIP Routing Quick Steps for Configuring RIP Routing To forward packets to a device on a different VLAN, you must create a router port on each VLAN. To route packets by using RIP, you must enable RIP and create a RIP interface on the router port. The follow- ing steps show you how to enable RIP routing between VLANs “from scratch”.
Page 402: Rip Overview
Open Shortest Path First (OSPF)—An IGP that provides a routing function similar to RIP but uses different techniques to determine the best route for a datagram. OSPF is part of Alcatel-Lucent’s optional Advanced Routing Software. For more information see the “Configuring OSPF” chapter in the OmniSwitch 6800/6850/9000 Advanced Routing Configuration Guide.
Page 403: Rip Version 2
Configuring RIP RIP Overview RIP Version 2 RIP version 2 (RIPv2) adds additional capabilities to RIP. Not all RIPv2 enhancements are compatible with RIPv1. To avoid supplying information to RIPv1 routes that could be misinterpreted, RIPv2 can only use non-compatible features when its packets are multicast. Multicast is not supported by RIPv1. On inter- faces that are not compatible with IP multicast, the RIPv1-compatible packets used do not contain poten- tially confusing information.
Page 404: Rip Routing
RIP Routing Configuring RIP RIP Routing IP routing requires IP router ports to be configured on VLANs and a routing protocol to be enabled and configured on the switch. RIP also requires a RIP interface to be created and enabled on the routing port. In the illustration below, a router port and RIP interface have been configured on each VLAN.
Page 405: Enabling Rip
Configuring RIP RIP Routing Enabling RIP RIP is disabled by default. Use the ip rip status command to enable RIP routing on the switch. For exam- ple: -> ip rip status enable Use the ip rip status disable command to disable RIP routing on the switch. Use the show ip rip command to display the current RIP status.
Page 406: Configuring The Rip Interface Receive Option
RIP Routing Configuring RIP • v2. Only RIPv2 packets will be sent by the switch. • v1compatible. Only RIPv2 broadcast packets (not multicast) will be sent by the switch. • none. Interface will not forward RIP packets. The default RIP send option is v2. Use the show ip rip interface command to display the current interface send option.
Page 407: Configuring The Rip Interface Route Tag
Configuring RIP RIP Options Configuring the RIP Interface Route Tag Use the ip rip route-tag command to configure a route tag value for routes generated by the RIP inter- face. This value is used to set priorities for RIP routing. Enter the command and the route tag value. For example, to set a route tag value of 1 you would enter: ->...
Page 408: Configuring The Rip Invalid Timer
RIP Options Configuring RIP Configuring the RIP Invalid Timer The RIP invalid timer value defines the time interval, in seconds, during which a route will remain active in the Routing Information Base (RIB) before it is moved to the invalid state. This timer value must be at least three times the update interval value.
Page 409: Enabling A Rip Host Route
Configuring RIP RIP Options Enabling a RIP Host Route A host route differs from a network route, which is a route to a specific network. This command allows a direct connection to the host without using the RIP table. If a switch is directly attached to a host on a network, use the ip rip host-route command to enable a default route to the host.
Page 410: Configuring Redistribution
Configuring Redistribution Configuring RIP Configuring Redistribution It is possible to configure the RIP protocol to advertise routes learned from other routing protocols into the RIP network. Such a process is referred to as route redistribution and is configured using the ip redist command.
Page 411 Configuring RIP Configuring Redistribution Creating a Route Map When a route map is created, it is given a name (up to 20 characters), a sequence number, and an action (permit or deny). Specifying a sequence number is optional. If a value is not configured, then the number 50 is used by default.
Page 412 Configuring Redistribution Configuring RIP Deleting a Route Map Use the no form of the ip route-map command to delete an entire route map, a route map sequence, or a specific statement within a sequence. To delete an entire route map, enter no ip route-map followed by the route map name. For example, the following command deletes the entire route map named redistipv4: ->...
Page 413 Configuring RIP Configuring Redistribution Sequence 10 and sequence 20 are both linked to route map rm_1 and are processed in ascending order according to their sequence number value. Note that there is an implied logical OR between sequences. As a result, if there is no match for the tag value in sequence 10, then the match interface statement in sequence 20 is processed.
Page 414: Configuring Route Map Redistribution
Configuring Redistribution Configuring RIP Configuring Route Map Redistribution ip redist command is used to configure the redistribution of routes from a source protocol into the RIP destination protocol. This command is used on the RIP router that will perform the redistribution. A source protocol is a protocol from which the routes are learned.
Page 415: Route Map Redistribution Example
Configuring RIP Configuring Redistribution Route Map Redistribution Example The following example configures the redistribution of OSPF routes into a RIP network using a route map (ospf-to-rip) to filter specific routes: -> ip route-map ospf-to-rip sequence-number 10 action deny -> ip route-map ospf-to-rip sequence-number 10 match tag 5 ->...
Page 416: Rip Security
RIP Security Configuring RIP RIP Security By default, there is no authentication used for a RIP. However, you can configure a password for a RIP interface. To configure a password, you must first select the authentication type (simple or MD5), and then configure a password.
Page 417: Verifying The Rip Configuration
Configuring RIP Verifying the RIP Configuration Verifying the RIP Configuration A summary of the show commands used for verifying the RIP configuration is given here: show ip rip Displays the RIP status and general configuration parameters (e.g., forced hold-down timer). show ip rip routes Displays the RIP routing database.
Page 418 Verifying the RIP Configuration Configuring RIP page 20-20 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 419: 21 Configuring Rdp
21 Configuring RDP Router Discovery Protocol (RDP) is an extension of ICMP that allows end hosts to discover routers on their networks. This implementation of RDP supports the router requirements as defined in RFC 1256. In This Chapter This chapter describes the RDP feature and how to configure RDP parameters through the Command Line Interface (CLI).
Page 420: Rdp Specifications
RDP Specifications Configuring RDP RDP Specifications RFCs Supported RFC 1256–ICMP Router Discovery Messages Router advertisements Supported Host solicitations Only responses to solicitations supported in this release. Maximum number of RDP interfaces per One for each available IP interface configured switch on the switch.
Page 421: Quick Steps For Configuring Rdp
Configuring RDP Quick Steps for Configuring RDP Quick Steps for Configuring RDP Configuring RDP involves enabling RDP operation on the switch and creating RDP interfaces to adver- tise VLAN router IP addresses on the LAN. There is no order of configuration involved. For example, it is possible to create RDP interfaces even if RDP is not enabled on the switch.
Page 422 Quick Steps for Configuring RDP Configuring RDP To verify the configuration for a specific RDP interface, specify the interface name when using the show ip router-discovery interface command. The display is similar to the one shown below: -> show ip router-discovery interface Marketing Name = Marketing, IP Address...
Page 423: Rdp Overview
Configuring RDP RDP Overview RDP Overview End host (clients) sending traffic to other networks need to forward their traffic to a router. In order to do this, hosts need to find out if one or more routers exist on their LAN, then learn their IP addresses. One way to discover neighboring routers is to manually configure a list of router IP addresses that the host reads at startup.
Page 424: Rdp Interfaces
RDP Overview Configuring RDP RDP Interfaces An RDP interface is created by enabling RDP on a VLAN router IP address. Once enabled, the RDP inter- face becomes active and joins the all-routers IP multicast group (224.0.0.2). The interface then transmits three initial router advertisement messages at random intervals that are no greater than 16 seconds apart.
Page 425: Security Concerns
Configuring RDP RDP Overview Security Concerns ICMP RDP packets are not authenticated, which makes them vulnerable to the following attacks: • Passive monitoring—Attackers can use RDP to re-route traffic from vulnerable systems through the attacker’s system. This allows the attacker to monitor or record one side of the conversation. However, the attacker must reside on the same network as the victim for this scenario to work.
Page 426: Enabling/Disabling Rdp
Enabling/Disabling RDP Configuring RDP Enabling/Disabling RDP RDP is included in the base software and is available when the switch starts up. However, by default this feature is not operational until it is enabled on the switch. To enable RDP operation on the switch, use the following command: ->...
Page 427: Specifying An Advertisement Destination Address
Configuring RDP Creating an RDP Interface RDP Interface Parameter Default Advertisement lifetime. 1800 seconds (3 * maximum value) Router IP address preference level. It is only necessary to change the above parameter values if the default value is not sufficient. The follow- ing subsections provide information about how to configure RDP interface parameters if it is necessary to use a different value.
Page 428: Setting The Minimum Advertisement Interval
Creating an RDP Interface Configuring RDP Setting the Minimum Advertisement Interval To set the minimum amount of time, in seconds, that the RDP will allow between advertisements, use the ip router-discovery interface min-advertisement-interval command. For example, the following command sets this value to 500 seconds for the Marketing IP router interface: ->...
Page 429: Verifying The Rdp Configuration
Configuring RDP Verifying the RDP Configuration Verifying the RDP Configuration To display information about the RDP configuration on the switch, use the show commands listed below: show ip router-discovery Displays the current operational status of RDP on the switch. Also includes the number of advertisement packets transmitted and the num- ber of solicitation packets received by all RDP interfaces on the switch.
Page 430 Verifying the RDP Configuration Configuring RDP page 21-12 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 431: 22 Configuring Dhcp Relay
22 Configuring DHCP Relay The User Datagram Protocol (UDP) is a connectionless transport protocol that runs on top of IP networks. The DHCP Relay allows you to use nonroutable protocols (such as UDP) in a routing environment. UDP is used for applications that do not require the establishment of a session and end-to-end error checking. Email and file transfer are two applications that could use UDP.
Page 432: Dhcp Relay Specifications
DHCP Relay Specifications Configuring DHCP Relay DHCP Relay Specifications Note. The DHCP Relay functionality described in this chapter is supported on the OmniSwitch 6800, 6850, and 9000 switches unless otherwise stated in the following Specifications table or specifically noted within any section of this chapter. RFCs Supported 0951–Bootstrap Protocol 1534–Interoperation between DHCP and BOOTP...
Page 433: Dhcp Relay Defaults
Configuring DHCP Relay DHCP Relay Defaults DHCP Relay Defaults The following table describes the default values of the DHCP Relay parameters: Parameter Description Command Default Value/Comments Default UDP service ip udp relay BOOTP/DHCP Forward delay time value for DHCP Relay ip helper forward delay 3 seconds Maximum number of hops...
Page 434: Quick Steps For Setting Up Dhcp Relay
Quick Steps for Setting Up DHCP Relay Configuring DHCP Relay Quick Steps for Setting Up DHCP Relay You should configure DHCP Relay on switches where packets are routed between IP networks. There is no separate command for enabling or disabling the relay service. DHCP Relay is automatically enabled on the switch whenever a DHCP server IP address is defined.
Page 435: Dhcp Relay Overview
Configuring DHCP Relay DHCP Relay Overview DHCP Relay Overview The DHCP Relay service, its corresponding port numbers, and configurable options are as follows: • DHCP Relay Service: BOOTP/DHCP • UDP Port Numbers 67/68 for Request/Response • Configurable options: DHCP server IP address, Forward Delay, Maximum Hops, Forwarding Option, automatic switch IP configuration The port numbers indicate the destination port numbers in the UDP header.
Page 436: Dhcp
DHCP Relay Overview Configuring DHCP Relay DHCP DHCP (Dynamic Host Configuration Protocol) provides a framework for passing configuration informa- tion to Internet hosts on a TCP/IP network. It is based on the Bootstrap Protocol (BOOTP), adding the ability to automatically allocate reusable network addresses and additional configuration options. DHCP consists of the following two components: •...
Page 437: External Dhcp Relay Application
Configuring DHCP Relay DHCP Relay Overview External DHCP Relay Application The DHCP Relay may be configured on a router that is external to the switch. In this application example the switched network has a single VLAN configured with multiple segments. All of the network hosts are DHCP-ready, meaning they obtain their network address from the DHCP server.
Page 438: Internal Dhcp Relay
DHCP Relay Overview Configuring DHCP Relay Internal DHCP Relay The internal DHCP Relay is configured using the UDP forwarding feature in the switch, available through ip helper address command. For more information, see “DHCP Relay Implementation” on page 22-9. This application example shows a network with two VLANs, each with multiple segments. All network clients are DHCP-ready and the DHCP server resides on just one of the VLANs.
Page 439: Dhcp Relay Implementation
Configuring DHCP Relay DHCP Relay Implementation DHCP Relay Implementation The OmniSwitch allows you to configure the DHCP Relay feature in one of two ways. You can set up a global DHCP request or you can set up the DHCP Relay based on the VLAN of the DHCP request. Both of these choices provide the same configuration options and capabilities.
Page 440: Configuring Bootp/Dhcp Relay Parameters
DHCP Relay Implementation Configuring DHCP Relay To delete an IP address, use the no form of the ip helper address command. The IP address specified with this syntax will be deleted. If an IP address is not specified with this syntax, then all IP helper addresses are deleted.
Page 441: Setting Maximum Hops
Configuring DHCP Relay DHCP Relay Implementation Setting Maximum Hops This value specifies the maximum number of relays the BOOTP/DHCP packet can go through until it reaches its server destination. This limit keeps packets from “looping” through the network. If a UDP packet contains a hop count equal to the hops value, DHCP Relay discards the packet.
Page 442: Using Automatic Ip Configuration
Using Automatic IP Configuration Configuring DHCP Relay Using Automatic IP Configuration An additional function of the DHCP Relay feature enables a switch to broadcast a BootP or DHCP request packet at boot time to obtain an IP address for default VLAN 1. This function is separate from the previ- ously described functions (such as Global DHCP, per-VLAN DHCP, and related configurable options) in that enabling or disabling automatic IP configuration does not exclude or prevent other DHCP Relay func- tionality.
Page 443: Configuring Udp Port Relay
Configuring DHCP Relay Configuring UDP Port Relay Configuring UDP Port Relay In addition to configuring a relay operation for BOOTP/DHCP traffic on the switch, it is also possible to configure relay for generic UDP service ports (i.e., NBNS/NBDD, other well-known UDP service ports, and service ports that are not well-known).
Page 444: Enabling/Disabling Udp Port Relay
Configuring UDP Port Relay Configuring DHCP Relay Enabling/Disabling UDP Port Relay By default, a global relay operation is enabled for BOOTP/DHCP relay well-known ports 67 and 68, which becomes active when an IP network host address for a DHCP server is specified. To enable or disable a relay operation for a UDP service port, use the ip udp relay command.
Page 445: Configuring Dhcp Security Features
Configuring DHCP Relay Configuring DHCP Security Features Configuring DHCP Security Features There are two DHCP security features available: DHCP relay agent information option (Option-82) and DHCP Snooping. The DHCP Option-82 feature enables the relay agent to insert identifying information into client-originated DHCP packets before the packets are forwarded to the DHCP server. The DHCP Snooping feature filters DHCP packets between untrusted sources and a trusted DHCP server and builds a binding database to log DHCP client information.
Page 446: How The Relay Agent Processes Dhcp Packets From The Client
Configuring DHCP Security Features Configuring DHCP Relay How the Relay Agent Processes DHCP Packets from the Client The following table describes how the relay agent processes DHCP packets received from clients when the Option-82 feature is enabled for the switch: If the DHCP packet from the client ...
Page 447: Enabling The Relay Agent Information Option-82
Configuring DHCP Relay Configuring DHCP Security Features Enabling the Relay Agent Information Option-82 Use the ip helper agent-information command to enable the DHCP Option-82 feature for the switch. For example: -> ip helper agent-information enable This same command is also used to disable this feature. For example: ->...
Page 448: Using Dhcp Snooping
Configuring DHCP Security Features Configuring DHCP Relay Using DHCP Snooping Using DHCP Snooping improves network security by filtering DHCP messages received from devices outside the network and building and maintaining a binding table (database) to track access information for such devices. In order to identify DHCP traffic that originates from outside the network, DHCP Snooping categorizes ports as either trusted or untrusted.
Page 449: Dhcp Snooping Configuration Guidelines
Configuring DHCP Relay Configuring DHCP Security Features • The port from where the DHCP packet originated. • The VLAN associated with the port from where the DHCP packet originated. • The lease time for the assigned IP address. • The binding entry type; dynamic or static (user-configured). After extracting the above information and populating the binding table, the packet is then forwarded to the port from where the packet originated.
Page 450 Configuring DHCP Security Features Configuring DHCP Relay Switch-level DHCP Snooping By default, DHCP Snooping is disabled for the switch. To enable this feature at the switch level, use the ip helper dhcp-snooping command. For example: -> ip helper dhcp-snooping enable When DHCP Snooping is enabled at the switch level, all DHCP packets received on all switch ports are screened/filtered by DHCP Snooping.
Page 451: Configuring The Port Trust Mode
Configuring DHCP Relay Configuring DHCP Security Features Note that if the binding table functionality is enabled, disabling Option-82 data insertion for the VLAN is not allowed. See “Configuring the DHCP Snooping Binding Table” on page 22-22 for more information. Note. If DHCP Snooping is not enabled for a VLAN, then all ports associated with the VLAN are consid- ered trusted ports.
Page 452: Configuring Port Ip Source Filtering
Configuring DHCP Security Features Configuring DHCP Relay Configuring Port IP Source Filtering IP source filtering applies to DHCP Snooping ports and restricts port traffic to only packets that contain the client source MAC address and IP address. The DHCP Snooping binding table is used to verify the client information for the port that is enabled for IP source filtering.
Page 453: Layer 2 Dhcp Snooping
Configuring DHCP Relay Configuring DHCP Security Features Configuring the Binding Table Timeout The contents of the DHCP Snooping binding table resides in the switch memory. In order to preserve table entries across switch reboots, the table contents is automatically saved to the dhcpBinding.db file located in the /flash/switch directory.
Page 454: Verifying The Dhcp Relay Configuration
Verifying the DHCP Relay Configuration Configuring DHCP Relay Verifying the DHCP Relay Configuration To display information about the DHCP Relay and BOOTP/DHCP, use the show commands listed below. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide.
Page 455: 23 Configuring Vrrp
IPv4/IPv6 address associated with a virtual router is called the master router, and is responsi- ble for forwarding virtual router advertisements. If the master router becomes unavailable, the highest priority backup router will transition to the master state. The Alcatel-Lucent implementation of VRRP also supports the collective management of virtual routers on a switch.
Page 456 In This Chapter Configuring VRRP • Accept mode for master router—see “Configuring the VRRPv3 Advertisement Interval” on page 23-21. • VRRPv3 advertisement interval—see “Configuring the VRRPv3 Advertisement Interval” on page 23-21. • VRRPv3 Virtual router priority—see “Configuring the VRRPv3 Virtual Router Priority” on page 23-21.
Page 457: Vrrp Specifications
Configuring VRRP VRRP Specifications VRRP Specifications RFCs Supported RFC 3768–Virtual Router Redundancy Protocol RFC 2787–Definitions of Managed Objects for the Virtual Router Redundancy Protocol Compatible with HSRP? Maximum number of VRRPv2 and VRRPv3 255 per switch virtual routers combined Maximum number of IP addresses 255 per virtual router VRRP Defaults The following table lists the defaults for VRRP configuration through the...
Page 458 VRRP Defaults Configuring VRRP Parameter value that is to be set vrrp group set and/or override with the new default value in all the virtual routers in the group. In addition, other defaults for VRRP include: Description Command Default VRRP traps vrrp track Disabled VRRP delay...
Page 459: Quick Steps For Creating A Virtual Router
Configuring VRRP Quick Steps for Creating a Virtual Router Quick Steps for Creating a Virtual Router Create a virtual router. Specify a virtual router ID (VRID) and a VLAN ID. For example: -> vrrp 6 4 The VLAN must already be created on the switch. For information about creating VLANs, see Chapter 4, “Configuring VLANs.”...
Page 460: Vrrp Overview
VRRP Overview Configuring VRRP VRRP Overview VRRP allows the routers on a LAN to backup a default route. VRRP dynamically assigns responsibility for a virtual router to a physical router (VRRP router) on the LAN. The virtual router is associated with an IP address (or set of IP addresses) on the LAN.
Page 461: Why Use Vrrp
Configuring VRRP VRRP Overview If OmniSwitch A becomes unavailable, OmniSwitch B becomes the master router. OmniSwitch B will then respond to ARP requests for IP address A using the virtual router’s MAC address (00:00:5E:00:01:01). It will also forward packets for IP address B and respond to ARP requests for IP address B using the OmniSwitch’s physical MAC address.
Page 462: Vrrp Mac Addresses
VRRP Overview Configuring VRRP preemption attempts, except by the IP address owner. An IP address owner, if it is available, will always become master of any virtual router associated with its IP addresses. Note. Duplicate IP address/MAC address messages may display when a backup takes over for a master, depending on the timing of the takeover and the configured advertisement interval.
Page 463: Vrrp Startup Delay
Configuring VRRP Interaction With Other Features VRRP Startup Delay When a virtual router reboots and becomes master, it may become master before its routing tables are populated. This could result in loss of connectivity to the router. To prevent the loss in connectivity, a delay is used to prevent the router from becoming master before the routing tables are stabilized;...
Page 464: Vrrp Configuration Overview
VRRP Configuration Overview Configuring VRRP VRRP Configuration Overview During startup, VRRP is loaded onto the switch and is enabled. Virtual routers must be configured and enabled as described in the following sections. Since VRRP is implemented on multiple switches in the network, some VRRP parameters must be identical across switches: •...
Page 465: Specifying An Ip Address For A Virtual Router
Configuring VRRP VRRP Configuration Overview • Preempt mode. By default, preempt mode is enabled. Use no preempt to turn it off, and preempt to turn it back on. For more information about the preempt mode, see “Setting Preemption for Virtual Routers”...
Page 466: Configuring The Advertisement Interval
VRRP Configuration Overview Configuring VRRP Configuring the Advertisement Interval The advertisement interval is configurable, but all virtual routers with the same VRID must be configured with the same value. If the advertisement interval is set differently for a master router and a backup router, VRRP packets may be dropped because the newly configured interval does not match the interval indi- cated in the packet.
Page 467: Enabling/Disabling A Virtual Router
Configuring VRRP VRRP Configuration Overview Note. In certain cases, this may not be a desirable behavior, as when the original master comes back and immediately causes all the traffic to switch back to it. If all virtual routers have the preempt mode enabled (the default), the virtual router with the highest prior- ity will become the master.
Page 468: Setting Vrrp Traps
VRRP Configuration Overview Configuring VRRP Setting VRRP Traps A VRRP router has the capability to generate VRRP SNMP traps for events defined in the VRRP SNMP MIB. By default traps are enabled. In order for VRRP traps to be generated correctly, traps in general must be enabled on the switch through the SNMP CLI.
Page 469: Changing Default Parameter Values For A Virtual Router Group
Configuring VRRP VRRP Configuration Overview -> vrrp no preempt These commands will set the new default values only for the virtual routers that are newly created. However, you can apply the new default value to the existing virtual routers. To apply the new default value to the existing virtual routers;...
Page 470 VRRP Configuration Overview Configuring VRRP This command creates a virtual router group 25. Use the no form of the same command to delete a virtual router group. For example: -> no vrrp group 25 Note. When a virtual router group is deleted, the virtual routers assigned to the group become unassigned. However, this does not have any impact on the virtual routers.
Page 471 Configuring VRRP VRRP Configuration Overview Note. You can specify a parameter such as interval, priority, preempt or all in the vrrp group set command to set and/or override the existing value with the new default values. By default the option all is applied.
Page 472: Verifying The Vrrp Configuration
Verifying the VRRP Configuration Configuring VRRP Verifying the VRRP Configuration A summary of the show commands used for verifying the VRRP configuration is given here: show vrrp Displays the virtual router configuration for all virtual routers or for a particular virtual router. show vrrp statistics Displays statistics about VRRP packets for all virtual routers configured on the switch or for a particular virtual router.
Page 473: Vrrpv3 Configuration Overview
Configuring VRRP VRRPv3 Configuration Overview VRRPv3 Configuration Overview During startup, VRRPv3 is loaded onto the switch and is enabled. Virtual routers must be configured first and enabled as described in the sections. Since VRRPv3 is implemented on multiple switches in the network, some VRRPv3 parameters must b6e identical across switches: •...
Page 474: Specifying An Ipv6 Address For A Vrrpv3 Virtual Router
VRRPv3 Configuration Overview Configuring VRRP • Preempt mode. By default, preempt mode is enabled. Use no preempt to turn it off, and preempt to turn it back on. For more information about the preempt mode, see “Setting Preemption for VRRPv3 Virtual Routers”...
Page 475: Configuring The Vrrpv3 Advertisement Interval
Configuring VRRP VRRPv3 Configuration Overview In the above example, the vrrp3 address command specifies that VRRPv3 virtual router 6 on VLAN 4 will be used to backup IPv6 address . The virtual router is then enabled with fe80::200:5eff:fe00:20a the vrrp3 command. If a virtual router is to be the IP address owner, then all addresses on the virtual router must match an address on the switch interface.
Page 476: Setting Preemption For Vrrpv3 Virtual Routers
VRRPv3 Configuration Overview Configuring VRRP which backup routers will take over for the master. If priority values are the same, any backup will take over for master. Note that the switch sets the priority value to zero in the last VRRPv3 advertisement packet before a master router is disabled (see “Enabling/Disabling a VRRPv3 Virtual Router”...
Page 477: Enabling/Disabling A Vrrpv3 Virtual Router
Configuring VRRP VRRPv3 Configuration Overview Enabling/Disabling a VRRPv3 Virtual Router VRRPv3 virtual routers are disabled by default. To enable a virtual router, use the vrrp3 command with the enable keyword. For example: -> vrrp3 7 3 -> vrrp3 7 3 enable In this example, a VRRPv3 virtual router is created on VLAN 3 with a VRID of 7.
Page 478: Verifying The Vrrpv3 Configuration
Verifying the VRRPv3 Configuration Configuring VRRP Verifying the VRRPv3 Configuration A summary of the show commands used for verifying the VRRPv3 configuration is given here: show vrrp3 Displays the VRRPv3 virtual router configuration for all virtual routers or for a particular virtual router. show vrrp3 statistics Displays statistics about VRRPv3 packets for all VRRPv3 virtual rout- ers configured on the switch or for a particular virtual router.
Page 479: Creating Tracking Policies
Configuring VRRP Creating Tracking Policies Creating Tracking Policies To create a tracking policy, use the vrrp track command and specify the amount to decrease a virtual router’s priority and the slot/port, IP address, or IP interface name to be tracked. For example: ->...
Page 480: Vrrp Application Example
VRRP Application Example Configuring VRRP Typically you should not configure the same IP address tracking policies on physical VRRP routers that backup each other; otherwise, the priority will be decremented for both master and backup when the entity being tracked goes down. VRRP Application Example In addition to providing redundancy, VRRP can assist in load balancing outgoing traffic.
Page 481 Configuring VRRP VRRP Application Example The CLI commands used to configure this setup are as follows: First, create two virtual routers for VLAN 5. (Note that VLAN 5 must already be created and available on the switch.) -> vrrp 1 5 ->...
Page 482: Vrrp Tracking Example
VRRP Application Example Configuring VRRP VRRP Tracking Example The figure below shows two VRRP routers with two virtual routers backing up one IP address on each VRRP router respectively. Virtual router 1 serves as the default gateway on OmniSwitch A for clients 1 and 2 through IP address 10.10.2.250 and virtual router 2 serves as default gateway on OmniSwitch B for clients 3 and 4 through IP address 10.10.2.245.
Page 483 Configuring VRRP VRRP Application Example If port 3/1 on VRRP router A goes down, the master for virtual router A is still functioning but worksta- tion clients 1 and 2 will not be able to get to the Internet. With this tracking policy enabled, however, master router 1’s priority will be temporarily decremented to 50, allowing backup router 1 to take over and provide connectivity for those workstations.
Page 484: Vrrpv3 Application Example
VRRPv3 Application Example Configuring VRRP VRRPv3 Application Example In addition to providing redundancy, VRRPv3 can assist in load balancing outgoing traffic. The figure below shows two virtual routers with their hosts splitting traffic between them. Half of the hosts are configured with a default route to virtual router 1’s IPv6 address ( ), and the other half are 213:100:1::56...
Page 485: Vrrpv3 Tracking Example
Configuring VRRP VRRPv3 Application Example Note. The same VRRPv3 configuration must be set up on each switch. The VRRPv3 router that contains, or owns, the IPv6 address will automatically become the master for that virtual router. If the IPv6 address is a virtual address, the virtual router with the highest priority will become the master router.
Page 486 VRRPv3 Application Example Configuring VRRP In this example, the master for virtual router 1 has a priority of 100 and the backup for virtual router 1 has a priority of 75. The virtual router configuration for VRID 1 and 2 on VRRPv3 router A is as follows: ->...
Page 487: 24 Configuring Ipx
24 Configuring IPX The Internet Packet Exchange (IPX) protocol, developed by Novell for NetWare, is a Layer 3 protocol used to route packets through IPX networks. (NetWare is Novell’s network server operating system.) In This Chapter This chapter describes IPX and how to configure it through the Command Line Interface (CLI). It includes instructions for configuring IPX routing and fine-tuning IPX by using optional IPX configuration parame- ters (e.g., IPX packet extension and type-20 propagation).
Page 488: Ipx Specifications
IPX Specifications Configuring IPX IPX Specifications Specifications Supported IPX RIP and Service Advertising Protocol (SAP) router specification; version 1.30; May 23, 1996 Part No. 107- 000029-001 IPX Defaults The following table lists the defaults for IPX configuration through the ipx command. Description Command Default...
Page 489: Quick Steps For Configuring Ipx Routing
Configuring IPX Quick Steps for Configuring IPX Routing Quick Steps for Configuring IPX Routing When IPX is enabled, devices connected to ports on the same VLAN are able to communicate. However, to route packets to a device on a different VLAN, you must create an IPX router port on each VLAN. The following steps show you how to enable IPX routing between VLANs “from scratch”.
Page 490: Ipx Overview
IPX Overview Configuring IPX IPX Overview IPX specifies a connectionless datagram similar to the IP packet of TCP/IP networks. An IPX network address consists of two parts, a network number and a node number. The IPX network number is assigned by the network administrator.
Page 491 Configuring IPX IPX Overview IPX is associated with additional protocols built into the switch software. The switch supports the follow- ing IPX protocols: IPX RIP • — Layer 3 protocol used by NetWare routers to exchange IPX routing information. IPX RIP functions similarly to IP RIP.
Page 492: Ipx Routing
IPX Routing Configuring IPX IPX Routing When IPX is enabled, devices connected to ports on the same VLAN are able to communicate. However, to route packets to a device on a different VLAN, you must create an IPX router port on each VLAN. Enabling IPX Routing IPX is enabled by default.
Page 493: Ipx Router Port Configuration Options
Configuring IPX IPX Routing IPX Router Port Configuration Options When you create an IPX router port by using the vlan router ipx command, RIP routing is enabled using the default parameters listed below. However, you can use the full command to change the default param- eters.
Page 494: Creating/Deleting Static Routes
IPX Routing Configuring IPX The network node is only required if the default network is directly connected to the switch. For example, to create a default route to network 222 (which is directly attached to the switch) you would enter: ->...
Page 495: Configuring Extended Rip And Sap Packets
Configuring IPX IPX Routing You can also enable or disable Type 20 packet forwarding on a specific VLAN by using the optional VLAN parameter. For example, to enable Type 20 packet forwarding only on VLAN 1 you would enter: -> ipx type-20-propagation 1 enable Use the show ipx type-20-propagation command to display Type 20 packet forwarding status for the...
Page 496: Using The Ping Command
• Type. Use the type keyword to specify the packet type you want to send (novell or alcatel-lucent). Use the novell packet type to test the reachability of NetWare servers running the NetWare Loadable Module (IPXRTR.NLM). This type cannot be used to reach NetWare workstations running IPXODI.
Page 497: Ipx Rip/Sap Filtering
Configuring IPX IPX RIP/SAP Filtering IPX RIP/SAP Filtering The IPX RIP/SAP Filtering feature give you a means of controlling the operation of the IPX RIP/SAP protocols. By using IPX RIP/SAP filters, you can minimize the number of entries put in the IPX RIP Routing and SAP Bindery Tables, improve overall network performance by eliminating unnecessary traf- fic, and control users’...
Page 498: Configuring Rip Filters
IPX RIP/SAP Filtering Configuring IPX Configuring RIP Filters IPX RIP filters allow you to minimize the number of entries put in the IPX RIP routing table. RIP input filters control which networks are allowed into the routing table when IPX RIP updates are received. RIP output filters control which networks the switch advertises in its IPX RIP updates.
Page 499: Configuring Gns Filters
Configuring IPX IPX RIP/SAP Filtering You can narrow the filter by specifying a VLAN and a SAP type. For example, to create a filter that will block 0004 (NetWare File Server) SAP updates from being sent to VLAN 1 you would enter: ->...
Page 500: Ipx Rip/Sap Filter Precedence
IPX RIP/SAP Filtering Configuring IPX IPX RIP/SAP Filter Precedence Whenever you use multiple “allow” filters you must first define a filter to block all RIPs or SAPs. Then, all of the subsequent “allow” filters of the same type must be at least as specific in all areas for the filters to work.
Page 501: Verifying The Ipx Configuration
Configuring IPX Verifying the IPX Configuration Verifying the IPX Configuration A summary of the show commands used for verifying the IPX configuration is given here: show ipx interface Displays current IPX interface configuration information. show ipx route Displays IPX routing table information. show ipx filter Displays currently configured IPX RIP, SAP, and GNS filters.
Page 502 Verifying the IPX Configuration Configuring IPX page 24-16 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 503: Managing Authentication Servers
25 Managing Authentication Servers This chapter describes authentication servers and how they are used with the switch. The types of servers described include Remote Authentication Dial-In User Service (RADIUS), Lightweight Directory Access Protocol (LDAP), Terminal Access Controller Access Control System (TACACS+), and SecurID’s ACE/ Server.
Page 504: Chapter 25 Managing Authentication Servers
Authentication Server Specifications Managing Authentication Servers Authentication Server Specifications RADIUS RFCs Supported RFC 2865–Remote Authentication Dial In User Service (RADIUS) RFC 2866–RADIUS Accounting RFC 2867–RADIUS Accounting Modifications for Tunnel Proto- col Support RFC 2868–RADIUS Attributes for Tunnel Protocol Support RFC 2809–Implementation of L2TP Compulsory Tunneling via RADIUS RFC 2869–RADIUS Extensions RFC 2548–Microsoft Vendor-specific RADIUS Attributes...
Page 505: Server Defaults
Managing Authentication Servers Server Defaults Server Defaults The defaults for authentication server configuration on the switch are listed in the tables in the next sections. RADIUS Authentication Servers Defaults for the aaa radius-server command are as follows: Description Keyword Default Number of retries on the server before the retransmit switch tries a backup server...
Page 506: Quick Steps For Configuring Authentication Servers
Quick Steps For Configuring Authentication Servers Managing Authentication Servers Quick Steps For Configuring Authentication Servers For RADIUS, TACACS+, or LDAP servers, configure user attribute information on the servers. See “RADIUS Servers” on page 25-9, “TACACS+ Server” on page 25-15, and “LDAP Servers”...
Page 507: Server Overview
Managing Authentication Servers Server Overview Server Overview Authentication servers are sometimes referred to as AAA servers (authentication, authorization, and accounting). These servers are used for storing information about users who want to manage the switch (Authenticated Switch Access) and users who need access to a particular VLAN or VLANs (Authenti- cated VLANs).
Page 508: Authenticated Vlans
Server Overview Managing Authentication Servers A RADIUS server supporting the challenge and response mechanism as defined in RADIUS RFC 2865 may access an ACE/Server for authentication purposes. The ACE/Server is then used for user authentica- tion, and the RADIUS server is used for user authorization. End Station End Station login request...
Page 509: Port-Based Network Access Control (802.1X)
Managing Authentication Servers Server Overview Port-Based Network Access Control (802.1X) For devices authenticating on an 802.1X port on the switch, only RADIUS authentication servers are supported. The RADIUS server contains a database of user names and passwords, and may also contain challenges/responses and other authentication criteria.
Page 510: Ace/Server
ACE/Server Managing Authentication Servers ACE/Server An external ACE/Server may be used for authenticated switch access. It cannot be used for Layer 2 authentication or for policy management. Attributes are not supported on ACE/Servers. These values must be configured on the switch through the user commands. See the “Switch Security” chapter of the OmniSwitch 6800/6850/9000 Switch Management Guide for more information about setting up the local user database.
Page 511: Radius Servers
Standard Attributes The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the Alcatel-Lucent RADIUS client in the switch supports them. Attribute 26 is for vendor-specific informa- tion and is discussed in “Vendor-Specific Attributes for RADIUS” on page 25-11.
Page 512 RADIUS Servers Managing Authentication Servers Num. Standard Attribute Notes Callback-Number Not supported. These attributes are used for dial-up sessions; Callback-Id not applicable to the RADIUS client in the switch. Unassigned Frame-Route Framed-IPX-Network 24 State Sent in challenge/response packets. 25 Class Used to pass information from the server to the client and passed unchanged to the accounting server as part of the accounting-request packet.
Page 513: Vendor-Specific Attributes For Radius
42 Alcatel-Lucent-Acce-Priv-F- hex. Configures functional write privileges for the user. The Alcatel-Lucent-Auth-Group attribute is used for Ethernet II only. If a different protocol, or more than one protocol is required, use the Alcatel-Lucent-Auth-Group-Protocol attribute instead. For example: Alcatel-Lucent-Auth-Group-Protocol 23: IP_E2 IP_SNAP Alcatel-Lucent-Auth-Group-Protocol 24: IPX_E2 In this example, authenticated users on VLAN 23 may use Ethernet II or SNAP encapsulation.
Page 514: Configuring Functional Privileges On The Server
Managing Authentication Servers Configuring Functional Privileges on the Server Configuring the functional privileges attributes (Alcatel-Lucent-Acce-Priv-F-x) can be cumbersome because it requires using read and write bitmasks for command families on the switch. To display the functional bitmasks of the desired command families, use the show aaa priv hexa command.
Page 515: Radius Accounting Server Attributes
(Authenticated VLANs only) Tracked per port. 44 Acct-Session Unique accounting ID. (For authenticated VLAN users, Alcatel-Lucent uses the client’s MAC address.) 45 Acct-Authentic Indicates how the client is authenticated; standard values (1–3) are not used. Vendor specific values should be used instead:...
Page 516: Configuring The Radius Client
The following table lists the VSAs supported for RADIUS accounting servers. The attributes in the radius.ini file may be modified if necessary. Num. Accounting VSA Type Description Alcatel-Lucent-Auth-Group integer The authenticated VLAN number. The only protocol associated with this attribute is Ethernet II. If other protocols are required, use the protocol attribute instead.
Page 517: Tacacs+ Server
Managing Authentication Servers TACACS+ Server TACACS+ Server Terminal Access Controller Access Control System (TACACS+) is a standard authentication and account- ing protocol defined in RFC 1321 that employs TCP for reliable transport. A built-in TACACS+ client is available in the switch. A TACACS+ server allows access control for routers, network access servers, and other networked devices through one or more centralized servers.
Page 518: Configuring The Tacacs+ Client
TACACS+ Server Managing Authentication Servers Configuring the TACACS+ Client Use the aaa tacacs+-server command to configure TACACS+ parameters on the switch. TACACS+ server keywords timeout host port When creating a new server, at least one host name or IP address (specified by the host keyword) is required as well as the shared secret (specified by the key keyword).
Page 519: Ldap Servers
(Each server type has a command line tool or a GUI tool for importing LDIF files.) Database LDIF files may also be copied and used as templates. The schema files and the database files are specific to the server type. The files available on the Alcatel-Lucent software CD include the following: aaa_schema.microsoft.ldif aaa_schema.netscape.ldif...
Page 520: Ldap Server Details
LDAP Servers Managing Authentication Servers LDAP Server Details LDAP servers must be configured with the properly defined LDAP schema and correct database suffix, including well-populated data. LDAP schema is extensible, permitting entry of user-defined schema as needed. LDAP servers are also able to import and export directory databases using LDIF (LDAP Data Interchange Format).
Page 521: Directory Entries
Managing Authentication Servers LDAP Servers This is how the entry would appear with actual data in it. dn: uid=yname, ou=people, o=yourcompany objectClass: top objectClass: person objectClass: organizational Person cn: your name sn: last name givenname: first name uid: yname ou: people description: <list of optional attributes>...
Page 522: Directory Searches
LDAP Servers Managing Authentication Servers In addition to managing attributes in directory entries, LDAP makes the descriptive information stored in the entries accessible to other applications. The general structure of entries in a directory tree is shown in the following illustration. It also includes example entries at various branches in the tree. ROOT dn=c=US c=Canada...
Page 523: Directory Compare And Sort
Managing Authentication Servers LDAP Servers All attributes are automatically deleted when requests to delete the last value of an attribute are submitted. Attributes can also be deleted by specifying delete value operations without attaching any values. Modified attribute values are replaced with other given values by submitting replace requests to the server, which then translates and performs the requests.
Page 524: Password Policies And Directory Servers
LDAP Servers Managing Authentication Servers components description <base_dn> DN of directory entry where search is initiated. <attributes> Attributes to be returned for entry search results. All attributes are returned if search attributes are not specified. <scope> Different results are retrieved depending on the scopes associated with entry searches.
Page 525: Directory Server Schema For Ldap Authentication
Managing Authentication Servers LDAP Servers Directory Server Schema for LDAP Authentication Object classes and attributes will need to be modified accordingly to include LDAP authentication in the network (object classes and attributes are used specifically here to map user account information contained in the directory servers).
Page 526: Ldap Accounting Attributes
Managing Authentication Servers Configuring Authentication Key Attributes The alp2key tool is provided on the Alcatel-Lucent software CD for computing SNMP authentication keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one for Windows (NT 4.0 and higher).
Page 527 Managing Authentication Servers LDAP Servers Fields Included for Layer 2 Authentication Only • Client MAC address: xx:xx:xx:xx:xx:xx:xx (alphanumeric). • Switch VLAN number client joins in multiple authority mode (0=single authority; 2=multiple author- ity); variable-length digits. • Switch slot number to which client connects: nn •...
Page 528: Dynamic Logging
LDAP Servers Managing Authentication Servers Dynamic Logging Dynamic logging may be performed by an LDAP-enabled directory server if an LDAP server is config- ured first in the list of authentication servers configured through the aaa accounting vlan aaa account- ing session command.
Page 529: Configuring The Ldap Authentication Client
Managing Authentication Servers LDAP Servers The bop-loggedusers attribute is a formatted string with the following syntax: loggingMode : accessType ipAddress port macAddress vlanList userName The fields are defined here: Field Possible Values loggingMode ASA x—for an authenticated user session, where x is the num- ber of the session AVLAN—for Authenticated VLAN session in single authority mode...
Page 530: Creating An Ldap Authentication Server
LDAP Servers Managing Authentication Servers Creating an LDAP Authentication Server An example of creating an LDAP server: -> aaa ldap-server ldap2 host 10.10.3.4 dn cn=manager password tpub base c=us In this example, the switch will be able to communicate with an LDAP server (called ldap2) that has an IP address of 10.10.3.4, a domain name of cn=manager, a password of tpub, and a searchbase of c=us.
Page 531: Removing An Ldap Authentication Server
Managing Authentication Servers Verifying the Authentication Server Configuration Removing an LDAP Authentication Server To delete an LDAP server from the switch configuration, use the no form of the command with the rele- vant server name. -> no aaa ldap-server topanga5 The topanga5 server is removed from the configuration.
Page 532 Verifying the Authentication Server Configuration Managing Authentication Servers page 25-30 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 533: Chapter 26 Configuring Authenticated Vlans
26 Configuring Authenticated VLANs Authenticated VLANs control user access to network resources based on VLAN assignment and a user log-in process; the process is sometimes called user authentication or Layer 2 Authentication. (Another type of security is device authentication, which is set up through the use of port-binding VLAN policies or static port assignment.
Page 534: Authenticated Network Overview
VLANs. There are three types of clients: • AV-Client. This is an Alcatel-Lucent-proprietary authentication client. The AV-Client does not require an IP address prior to authentication. The client software must be installed on the user’s end station. This chapter describes how to install and configure the client. See “Installing the AV-Client”...
Page 535 Configuring Authenticated VLANs Authenticated Network Overview • Web browser client. Any standard Web browser may be used (Netscape or Internet Explorer). An IP address is required prior to authentication. See “Web Browser Authentication Client” on page 26-7 more information about Web browser clients. Authenticated VLANs—At least one authenticated VLAN must be configured.
Page 536: Avlan Configuration Overview
AVLAN Configuration Overview Configuring Authenticated VLANs AVLAN Configuration Overview Configuring authenticated VLANs requires several major steps. The steps are outlined here and described throughout this chapter. See “Sample AVLAN Configuration” on page 26-5 for a quick overview of implementing the commands used in these procedures. Set up authentication clients.
Page 537: Sample Avlan Configuration
Configuring Authenticated VLANs AVLAN Configuration Overview Sample AVLAN Configuration Enable at least one authenticated VLAN: -> vlan 2 authentication enable Note that this command does not create a VLAN; the VLAN must already be created. For information about creating VLANs, see Chapter 4, “Configuring VLANs.”...
Page 538 AVLAN Configuration Overview Configuring Authenticated VLANs Enable authentication by specifying the authentication mode (single mode or multiple mode) and the server. Use the RADIUS or LDAP server name(s) configured in step 5. For example: -> aaa authentication vlan single-mode rad1 rad2 Set up an accounting server (for RADIUS or LDAP) for authentication sessions.
Page 539: Setting Up Authentication Clients
Setting Up Authentication Clients The following sections describe the Telnet authentication client, Web browser authentication client, and Alcatel-Lucent’s proprietary AV-Client. For information about removing a particular client from an authenticated network, see “Removing a User From an Authenticated Network” on page 26-26.
Page 540: Configuring The Web Browser Client Language File
Setting Up Authentication Clients Configuring Authenticated VLANs • Provide an IP address for the client. Web browser clients require an address prior to authentication. The address may be statically assigned if the authentication network is set up in single authority mode with one authenticated VLAN.
Page 541 Configuring Authenticated VLANs Setting Up Authentication Clients The directory also contains files that must be installed on Mac OS Web browser clients as described in the next sections. Installing Files for Mac OS 9.x Clients In the browser URL command line, enter the authentication DNS name (configured through the aaa avlan dns command).
Page 542 Quit the current session and relogon as the root user. Make sure Ethernet-DCHP is selected in the Network Utility. Reconnect the Ethernet cable. If you are using a self-signed SSL certificate, or the certificate provided by Alcatel-Lucent (wv- cert.pem), see “DNS Name and Web Browser Clients” on page 26-12.
Page 543: Ssl For Web Browser Clients
Authority (CA) or a self-signed (private) certificate must be installed on the switch. A self-signed certificate is provided by Alcatel-Lucent (wv-cert.pem). If you are using a well-known certificate or some other self-signed certificate, you should replace the wv-cert.pem file with the relevant file.
Page 544: Dns Name And Web Browser Clients
Setting Up Authentication Clients Configuring Authenticated VLANs Click on the “Install Certificate” button at the bottom of the “Certificate Information” window. This step launches the Certificate Import Wizard. Click the “Next” button to continue with the Certificate Import Wizard process. The “Certificate Store”...
Page 545: Installing The Av-Client
Configuring Authenticated VLANs Setting Up Authentication Clients Installing the AV-Client The AV-Client is a proprietary Windows-based application that is installed on client end stations. The installation instructions are provided in this chapter. The AV-Client does not require an IP address in order to authenticate; the client relies on the DLC proto- col (rather than IP) to communicate with the authentication agent in the switch.
Page 546: Loading The Av-Client Software
After installing the update, it is recommended that the system be rebooted. Loading the AV-Client Software Windows 2000 and Windows NT Download the AV-Client from the Alcatel-Lucent website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: page 26-14...
Page 547 Configuring Authenticated VLANs Setting Up Authentication Clients We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation. Click on the Next button. The following window displays. OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 26-15...
Page 548 Setting Up Authentication Clients Configuring Authenticated VLANs From this window you may install the client at the default destination folder shown on the screen or you may click the Browse button to select a different directory. Click on the Next button. The software loads, and the following window displays.
Page 549: Windows 95 And Windows 98
Setting Up Authentication Clients Windows 95 and Windows 98 Download the AV-Client from the Alcatel-Lucent website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation.
Page 550 Setting Up Authentication Clients Configuring Authenticated VLANs From this window you may install the client at the default destination folder shown on the screen or you may click the Browse button to select a different directory. Click on the Next button. The software loads, and the following window displays.
Page 551: Setting The Av-Client As Primary Network Login
Configuring Authenticated VLANs Setting Up Authentication Clients Setting the AV-Client as Primary Network Login Windows 95 and Windows 98 If your operating system is Windows 95 or Windows 98, you must configure the AV-Client as the primary network login. This is done via the Windows Control Panel. From your Windows desktop, select Start > Settings >...
Page 552 Setting Up Authentication Clients Configuring Authenticated VLANs Selecting a Dialog Mode The AV-Client has two dialog modes, basic and extended. In basic dialog mode, the client prompts the user for a username and a password only. In extended mode, which is required for multiple authority authentication, the client login screen also prompts the user for a VLAN number and optional challenge code.
Page 553 Configuring Authenticated VLANs Setting Up Authentication Clients Viewing AV-Client Components The configuration utility includes a screen that lists each component, version and build date for the AV- Client. To view this screen, click on the Version tab and a screen similar to the following will display. OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 26-21...
Page 554: Logging Into The Network Through An Av-Client
Setting Up Authentication Clients Configuring Authenticated VLANs Logging Into the Network Through an AV-Client Once the AV-Client software has been loaded on a user’s PC workstation, an AV-Client icon will be created on the Windows desktop in the task bar. Follow these steps to log into the authentication network: Right click the AV-Client icon and select Logon.
Page 555: Logging Off The Av-Client
Configuring Authenticated VLANs Setting Up Authentication Clients Logging Off the AV-Client To log off the AV-Client, point your mouse to the AV-Client icon in your Windows system tray and execute a right-click to select Logoff. The following screen displays. To continue the procedure, click the Logoff button. The following screen indicates that the AV-Client is sending a logoff request to the authentication server.
Page 556: Configuring The Av-Client For Dhcp
Setting Up Authentication Clients Configuring Authenticated VLANs Configuring the AV-Client for DHCP For an AV-Client, DHCP configuration is not required. AV-Clients do not require an IP address to authen- ticate, but they may want an IP address for IP communication in an authenticated VLAN. Note.
Page 557 Configuring Authenticated VLANs Setting Up Authentication Clients To configure the DHCP parameters, access the AV-Client configuration utility and select the DHCP tab. The following screen displays: Click the box next to “Enable DHCP Operations”. Several options will activate in the utility window as shown in the following screen.
Page 558: Configuring Authenticated Vlans
Configuring Authenticated VLANs Configuring Authenticated VLANs To apply the change, click the Apply button. When you click the OK button, the screen will close and the change will take effect. If you decide not to implement the change, click the Cancel button and the screen will close without implementing a change.
Page 559: Configuring Authentication Ip Addresses
Configuring Authenticated VLANs Configuring Authenticated VLANs Configuring Authentication IP Addresses Authentication clients connect to an IP address on the switch for authentication. (Web browser clients may enter a DNS name rather than the IP address; see “Setting Up a DNS Path” on page 26-29).
Page 560: Port Binding And Authenticated Vlans
Configuring Authenticated Ports Configuring Authenticated VLANs Port Binding and Authenticated VLANs By default, authenticated VLANs do not support port binding rules. These rules are used for assigning devices to authenticated VLANs when device traffic coming in on an authenticated port matches criteria specified in the rule.
Page 561: Setting Up A Dns Path
Configuring Authenticated VLANs Setting Up a DNS Path Setting Up a DNS Path A Domain Name Server (DNS) name may be configured so that Web browser clients may enter a URL on the browser command line instead of an authentication IP address. A Domain Name Server must be set up in the network for resolving the name to the authentication IP address.
Page 562: Enabling Dhcp Relay For Authentication Clients
Setting Up the DHCP Server Configuring Authenticated VLANs Before Authentication Normally, authentication clients cannot traffic in the default VLAN, so authentication clients do not belong to any VLAN when they connect to the switch. Even if DHCP relay is enabled, the DHCP discov- ery process cannot take place.
Page 563: Configuring A Dhcp Gateway For The Relay
Configuring Authenticated VLANs Setting Up the DHCP Server When this command is specified, the switch will act as a relay for authentication DHCP packets only; non- authentication DHCP packets will not be relayed. For more information about using the ip helper avlan only command, see Chapter 22, “Configuring DHCP Relay.”...
Page 564: Configuring The Server Authority Mode
Configuring the Server Authority Mode Configuring Authenticated VLANs Configuring the Server Authority Mode Authentication servers for Layer 2 authentication are configured in one of two modes: single authority or multiple authority. Single authority mode uses a single list of servers (one primary server and up to three backups) to poll with authentication requests.
Page 565 Configuring Authenticated VLANs Configuring the Server Authority Mode Authenticated VLAN 2 VLAN 1 Authenticated VLAN 3 Authentication Clients OmniSwitch Authenticated VLAN 4 LDAP or RADIUS servers Authentication Network—Single Mode To configure authentication in single mode, use the aaa authentication vlan command with the single-mode keyword and name(s) of the relevant server and any backups.
Page 566: Configuring Multiple Mode
Configuring the Server Authority Mode Configuring Authenticated VLANs Configuring Multiple Mode Multiple authority mode associates different servers with particular VLANs. This mode is typically used when one party is providing the network and another is providing the server. When this mode is configured, a client is first prompted to select a VLAN. After the VLAN is selected, the client then enters a user name and password.
Page 567: Specifying Accounting Servers
Configuring Authenticated VLANs Specifying Accounting Servers To configure authentication in multiple mode, use the aaa authentication vlan command with the multiple-mode keyword, the relevant VLAN ID, and the names of the servers. The VLAN ID is required, and at least one server must be specified (a maximum of four servers is allowed per VLAN). For example: ->...
Page 568: User Network Profile
User Network Profile Configuring Authenticated VLANs User Network Profile The User Network Profile feature provides the capability to have users assigned to “user roles” during authentication. It works only with a RADIUS authentication server. The user role is returned from the RADIUS server through the Filter-ID attribute.
Page 569: Verifying The Avlan Configuration
Configuring Authenticated VLANs Verifying the AVLAN Configuration Verifying the AVLAN Configuration To verify the authenticated VLAN configuration, use the following show commands: show aaa authentication vlan Displays information about authenticated VLANs and the server config- uration. show aaa accounting vlan Displays information about accounting servers configured for Authenti- cated VLANs.
Page 570 Verifying the AVLAN Configuration Configuring Authenticated VLANs page 26-38 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 571: Chapter 27 Configuring 802.1X
27 Configuring 802.1X Physical devices attached to a LAN port on the switch through a point-to-point LAN connection may be authenticated through the switch through port-based network access control. This control is available through the IEEE 802.1X standard implemented on the switch. The Access Guardian functionality uses this implementation of 802.1X to provide configurable device classification policies for authenticating both 802.1x clients (supplicants) and non-802.1x clients (non- supplicants).
Page 572: X Specifications
802.1X Specifications Configuring 802.1X 802.1X Specifications RFCs Supported RFC 2284–PPP Extensible Authentication Protocol (EAP) RFC 2865–Remote Authentication Dial In User Service (RADIUS) RFC 2866–RADIUS Accounting RFC 2867–RADIUS Accounting Modifications for Tun- nel Protocol Support RFC 2868–RADIUS Attributes for Tunnel Protocol Sup- port RFC 2869–RADIUS Extensions IEEE Standards Supported...
Page 573: Access Guardian Policy Defaults
Configuring 802.1X Access Guardian Policy Defaults Access Guardian Policy Defaults The following default Access Guardian device classification policies are applied when 802.1x is enabled on a switch port: Description Keyword Default Policy Authentication and classification for 802.1x supplicant policy pass: group-mobility, default-vlan 802.1x users (802.1x supplicants) authentication fail: block...
Page 574: Quick Steps For Configuring 802.1X
Quick Steps for Configuring 802.1X Configuring 802.1X Quick Steps for Configuring 802.1X Configure the port as a mobile port and an 802.1X port using the following vlan port commands: -> vlan port mobile 3/1 -> vlan port 3/1 802.1x enable The port is set up automatically with 802.1X defaults.
Page 575: Quick Steps For Configuring Access Guardian Policies
Configuring 802.1X Quick Steps for Configuring Access Guardian Policies Optional. To display the number of 802.1x users on the switch, use the show 802.1x users command: -> show 802.1x users Slot Port User Port Address State Name -----+------------------+--------------------+------------------------- 00:60:4f:11:22:33 Connecting user50 00:60:4f:44:55:66 Held...
Page 576 Quick Steps for Configuring Access Guardian Policies Configuring 802.1X block Device classification policies on 802.1x port 2/47 Supplicant: authentication, block Non-Supplicant: block Device classification policies on 802.1x port 2/48 Supplicant: authentication, vlan 247, default-vlan Non-Supplicant: authentication: pass: group-mobility, block fail: strict-vlan 347, default-vlan To display the number of non-802.1x users learned on the switch, use the show 802.1x non-supplicant...
Page 577: X Overview
Configuring 802.1X 802.1X Overview 802.1X Overview The 802.1X standard defines port-based network access controls, and provides the structure for authenti- cating physical devices attached to a LAN. It uses the Extensible Authentication Protocol (EAP). There are three components for 802.1X: •...
Page 578: X Ports And Dhcp
802.1X Overview Configuring 802.1X • If the authentication server does not return a VLAN ID, then the supplicant is classified according to any device classification policies that are configured for the port. See “Using Access Guardian Poli- cies” on page 27-9 for more information.
Page 579: X Accounting
Configuring 802.1X 802.1X Overview 802.1X ports may also be initialized if there a problem on the port. Initializing a port drops connectivity to the port and requires the port to be re-authenticated. See “Initializing an 802.1X Port” on page 27-14. 802.1X Accounting 802.1X authentication sessions may be logged if servers are set up for 802.1X accounting.
Page 580 802.1X Overview Configuring 802.1X The first policy applies only to supplicants; the second policy applies only to non-supplicants. The remain- ing policies apply to both supplicants and non-supplicants. Policies three through six are combined with policy one or two to provide alternative methods for classifying devices when successful authentication does not return a VLAN ID.
Page 581: Setting Up Port-Based Network Access Control
Configuring 802.1X Setting Up Port-Based Network Access Control Setting Up Port-Based Network Access Control For port-based network access control, 802.1X must be enabled for the switch and the switch must know which servers to use for authenticating 802.1X supplicants. In addition, 802.1X must be enabled on each port that is connected to an 802.1X supplicant (or device). Optional parameters may be set for each 802.1X port.
Page 582: Configuring 802.1X Port Parameters
Setting Up Port-Based Network Access Control Configuring 802.1X Configuring 802.1X Port Parameters By default, when 802.1X is enabled on a port, the port is configured for bidirectional control, automatic authorization, and re-authentication. In addition, there are several timeout values that are set by default as well as a maximum number of times the switch will retransmit an authentication request to the user.
Page 583: Configuring The Maximum Number Of Requests
Configuring 802.1X Setting Up Port-Based Network Access Control Note. The authentication server timeout may also be configured (with the server-timeout keyword) but the value is always superseded by the value set for the RADIUS server through the aaa radius-server command. Configuring the Maximum Number of Requests During the authentication process, the switch sends requests for authentication information from the supplicant.
Page 584: Initializing An 802.1X Port
Configuring Access Guardian Policies Configuring 802.1X -> 802.1x 3/1 reauthentication re-authperiod 25 In this example, automatic re-authentication is enabled, and re-authentication will take place on the port every 25 seconds. To manually re-authenticate a port, use the 802.1x re-authenticate command. For example: ->...
Page 585: Configuring Supplicant Policies
Configuring 802.1X Configuring Access Guardian Policies • Compound policies must terminate. The last policy must result in either blocking the device or assign- ing the device to the default VLAN. If a terminal policy is not specified, the block policy is used by default.
Page 586: Supplicant Policy Examples
Configuring Access Guardian Policies Configuring 802.1X To configure a compound supplicant policy, use the pass and fail keywords to specify which policies to apply when 802.1x authentication is successful but does not return a VLAN ID and which policies to apply when 802.1x authentication fails or returns a VLAN ID that does not exist.
Page 587: Configuring Non-Supplicant Policies
Configuring 802.1X Configuring Access Guardian Policies Configuring Non-supplicant Policies Non-supplicant policies are used to classify non-802.1x devices connected to 802.1x-enabled switch ports. There are two types of non-supplicant policies. One type uses MAC authentication to verify the non- 802.1x device. The second type does not perform any authentication and limits device assignment only to those VLANs that are not authenticated VLANs.
Page 588: Non-Supplicant Policy Examples
Configuring Access Guardian Policies Configuring 802.1X Non-supplicant Policy Examples The following table provides example non-supplicant policy commands and a description of how the resulting policy is applied to classify supplicant devices: Supplicant Policy Command Example Description 802.1x 1/24 non-supplicant policy authentication If the MAC authentication process is successful pass group-mobility default-vlan fail vlan 10 block but does not return a VLAN ID for the device, then...
Page 589 Configuring 802.1X Configuring Access Guardian Policies Supplicant Policy Command Example Description 802.1x 2/10 non-supplicant policy authentication If the MAC authentication process is successful pass vlan 10 block fail group-mobility default-vlan but does not return a VLAN ID for the device, then the following occurs: The device is assigned to VLAN 10.
Page 590: Verifying The 802.1X Port Configuration
Verifying the 802.1X Port Configuration Configuring 802.1X Verifying the 802.1X Port Configuration A summary of the show commands used for verifying the 802.1X port configuration is given here: show 802.1x Displays information about ports configured for 802.1X. show 802.1x users Displays a list of all users (supplicants) for one or more 802.1X ports.
Page 591: Chapter 28 Using Acl Manager
Access Control List Manager (ACLMAN) is a function of the Quality of Service (QoS) application that provides an interactive shell for using common industry syntax to create ACLs. Commands entered using the ACLMAN shell are interpreted and converted to Alcatel-Lucent CLI syntax that is used for creating QoS filtering policies.
Page 592: Aclman Defaults
ACLMAN Defaults Using ACL Manager ACLMAN Defaults The following table shows the defaults for ACLs: Parameter Command Default ACL disposition deny Logging rate time interval logging-rate 30 seconds page 28-2 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 593: Quick Steps For Creating Acls
Note that if this is not done, the ACL configuration is lost on the next reboot of the switch. Aclman#write memory To close the ACLMAN shell and return to the Alcatel-Lucent CLI, access the Privileged Exec Mode and use the exit command. Note that when modes other than the Privileged Exec Mode are active, the exit command returns to the previous mode and does not close the ACLMAN shell.
Page 594: Quick Steps For Importing Acl Text Files
Quick Steps for Importing ACL Text Files Using ACL Manager Quick Steps for Importing ACL Text Files The following steps provide a quick tutorial for importing text files that contain common industry syntax used to create ACLs: Activate the ACLMAN shell using the aclman CLI command. ->...
Page 595: Aclman Overview
ACLMAN Overview ACLMAN Overview ACLMAN is a function of the Alcatel-Lucent QoS system that allows network administrators to config- ure and manage ACLs using common industry syntax. ACLs configured using ACLMAN are transpar- ently converted into Alcatel-Lucent QoS filtering policies and applied to the switch.
Page 596: Acl Text Files
ACL Text Files” on page 28-21. ACL Precedence ACLMAN allows a user to apply common industry ACLs to an Alcatel-Lucent switch. When these ACLs are created using ACLMAN configuration tools, they are automatically assigned an Alcatel-Lucent QoS internal priority of 101.
Page 597: Using The Aclman Shell
ACLMAN shell. The exit command is used to return to the Alcatel-Lucent CLI. However, if the configured timeout value for a CLI or telnet session is reached, the entire session including the ACLMAN shell is dropped. The Alcatel-Lucent CLI command, kill, is available to terminate a session that is frozen.
Page 598: Aclman Modes And Commands
ACL configuration. show time-range [name] Displays the specified time range. If no name is specified, all time ranges are shown. The Privileged Exec mode also includes the following commands that are specific to the Alcatel-Lucent implementation of ACLMAN: Command Description import filename Imports ACL syntax from the specified text file.
Page 599: Global Configuration Mode Commands
ACLMAN and Alcatel-Lucent CLI configured policies. show logging Displays QoS logging information. This command is equivalent to the Alcatel-Lucent CLI show logging com- mand. show resources Displays a summary of QoS resources. The information displayed is a subset of what is provided with the Alcatel-Lucent CLI show qos statistics command.
Page 600 ACLMAN Modes and Commands Using ACL Manager Command Description access-list access-list-number Creates an extended numbered ACL when the ACL {permit | deny} number specified is between 100 and 199 or 2000 and protocol 2699. {source source-wildcard | host address | any} [operator [port]] Repeat this command for each additional entry you want {destination destination-wildcard |...
Page 601: Interface Configuration Mode Commands
Using ACL Manager ACLMAN Modes and Commands Command Description ip access-list resequence access-list-name Renumbers the permit and deny statements in the starting-sequence-number increment named ACL using the specified starting sequence num- ber and increment value. By default the number 10 is used for the first statement of an ACL and the increment value is set to 10.
Page 602: Access List Configuration Mode Commands
ACLMAN Modes and Commands Using ACL Manager Access List Configuration Mode Commands The ip-access-list command (Global Configuration Mode) invokes the Access List Configuration Mode for the specified named ACL. The following commands are available in this mode: Command Description [sequence number] {permit | deny} Creates an ACL entry for the active named standard {source source-wildcard | host address | ACL.
Page 603 Using ACL Manager ACLMAN Modes and Commands Command Description [sequence number] {permit | deny} Creates an ACL entry for the active named extended protocol ACL. The optional sequence number parameter specifies {source source-wildcard | host address | any} the number assigned to the entry. If a number is not spec- [operator [port]] ified with this command, the next available number is {destination destination-wildcard |...
Page 604: Time Range Configuration Mode Commands
Global Configuration Mode. ACLMAN User Privileges To limit access to a subset of ACLMAN commands, configure the Alcatel-Lucent CLI username with read-only access to the policy domain or the QoS command family. This is done through the Alcatel-Lucent CLI user command.
Page 605: Supported Protocols And Services
Using ACL Manager Supported Protocols and Services Supported Protocols and Services When creating extended IP ACLs, enter one of the following supported protocol types for the required protocol parameter value. Supported Protocol Parameters ipinip igrp ospf icmp igmp When creating extended TCP ACLs, enter one of the following supported TCP service types for the required port parameter value.
Page 606: Configuring Acls
Configuring ACLs This section describes using ACLMAN functionality to configure and apply common industry ACLs on an Alcatel-Lucent switch. For more information about using the Alcatel-Lucent CLI to configure and manage ACLs, see Chapter 24, “Configuring QoS,”. To configure a common industry ACL, the following general steps are required: Create an ACL.
Page 607: Configuring Numbered Standard And Extended Acls
Using ACL Manager Configuring ACLs • The order of permit and deny statements within an ACL is very important because statements are processed in order. • A named standard ACL cannot have the same name as that of an existing extended ACL. The reverse is also true;...
Page 608 Configuring ACLs Using ACL Manager Aclman(config)#access-list 102 deny ip host 178.4.25.1 any Aclman(config)#access-list 102 permit udp any any Aclman(config)#access-list 102 deny udp host 178.4.25.1 any To remove a numbered ACL, use the no form of the access-list command. Note that removing a single entry from a standard ACL is not allowed without deleting the entire ACL.
Page 609: Configuring Named Standard And Extended Acls
Using ACL Manager Configuring ACLs Configuring Named Standard and Extended ACLs The ip access-list command in the Global Configuration Mode is used to create standard or extended ACLs that are associated with a name. The standard and extended parameters available with this command are used to specify the ACL type.
Page 610: Applying An Acl To An Interface
Configuring ACLs Using ACL Manager 20 permit tcp host 11.22.3.1 any 30 permit ip any 172.10.5.0 0.0.255.255 In the above example, the deny tcp any any entry was assigned sequence number 15, which positioned the entry between statements 10 and 20. Applying an ACL to an Interface The interface command in the Global Configuration Mode is used to apply an ACL as an incoming or outgoing filter to one or more switch interfaces.
Page 611: Importing Acl Text Files
Using ACL Manager Configuring ACLs Importing ACL Text Files In addition to using ACLMAN interactive shell commands or editing the aclman.cfg file to configure common industry ACLs, it is possible to use a text file to update the running configuration. This method involves entering common industry ACL statements into a text document using a text editor.
Page 612: Verifying The Aclman Configuration
Displays time range parameter values. Using Alcatel-Lucent CLI to Display ACLMAN Policies To display information about ACLMAN configured ACLs from the Alcatel-Lucent CLI, use the same show commands that are used for displaying Alcatel-Lucent QoS policies. These commands include: show policy condition Displays information about all pending and applied policy conditions or a particular policy condition configured on the switch.
Page 613: Chapter 29 Managing Policy Servers
29 Managing Policy Servers Quality of Service (QoS) policies that are configured through Alcatel-Lucent’s PolicyView network management application are stored on a Lightweight Directory Access Protocol (LDAP) server. Policy- View is an OmniVista application that runs on an attached workstation.
Page 614: Policy Server Specifications
Policy Server Specifications Managing Policy Servers Policy Server Specifications The following table lists important information about LDAP policy servers: LDAP Policy Servers RFC 2251–Lightweight Directory Access Protocol (v3) RFCs Supported RFC 3060–Policy Core Information Model—Version 1 Specification Maximum number of policy servers (supported on the switch) Maximum number of policy servers (supported by PolicyView)
Page 615: Policy Server Overview
Managing Policy Servers Policy Server Overview Policy Server Overview The Lightweight Directory Access Protocol (LDAP) is a standard directory server protocol. The LDAP policy server client in the switch is based on RFC 2251. Currently, only LDAP servers are supported for policy management.
Page 616: Modifying Policy Servers
Modifying Policy Servers Managing Policy Servers Modifying Policy Servers Policy servers are automatically configured when the server is installed; however, policy server parame- ters may be modified if necessary. Note. SSL configuration must be done manually through the policy server command. Modifying LDAP Policy Server Parameters Use the policy server command to modify parameters for an LDAP policy server.
Page 617: Modifying The Port Number
Managing Policy Servers Modifying Policy Servers Modifying the Port Number To modify the port, enter the policy server command with the port keyword and the relevant port number. -> policy server 10.10.2.3 port 5000 Note that the port number must match the port number configured on the policy server. If the port number is modified, any existing entry for that policy server is not removed.
Page 618: Configuring A Secure Socket Layer For A Policy Server
Modifying Policy Servers Managing Policy Servers Configuring a Secure Socket Layer for a Policy Server A Secure Socket Layer (SSL) may be configured between the policy server and the switch. If SSL is enabled, the PolicyView application can no longer write policies to the LDAP directory server. By default, SSL is disabled.
Page 619: Interaction With Cli Policies
Managing Policy Servers Verifying the Policy Server Configuration Interaction With CLI Policies Policies configured via PolicyView can only be modified through PolicyView. They cannot be modified through the CLI. Any policy management done through the CLI only affects policies configured through the CLI.
Page 620 Verifying the Policy Server Configuration Managing Policy Servers page 29-8 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 621: Chapter 30 Configuring Qos
30 Configuring QoS Alcatel-Lucent’s QoS software provides a way to manipulate flows coming through the switch based on user-configured policies. The flow manipulation (generally referred to as Quality of Service or QoS) may be as simple as allowing/denying traffic, or as complicated as remapping 802.1p bits from a Layer 2 network to ToS values in a Layer 3 network.
Page 622: Qos Specifications
QoS Specifications Configuring QoS QoS Specifications Note. The QoS functionality described in this chapter is supported on the OmniSwitch 6800, 6850, and 9000 switches unless otherwise stated in the QoS Specifications table or specifically noted within any other section of this chapter. The following table contains information regarding standards, limitations, and guidelines that apply to this implementation of the QoS feature.
Page 623: Qos General Overview
Configuring QoS QoS General Overview QoS General Overview Quality of Service (QoS) refers to transmission quality and available service that is measured and some- times guaranteed in advance for a particular type of traffic in a network. QoS lends itself to circuit- switched networks like ATM, which bundle traffic into cells of the same length and transmit the traffic over predefined virtual paths.
Page 624: Qos Policy Overview
QoS Policy Overview Configuring QoS QoS Policy Overview A policy (or a policy rule) is made up of a condition and an action. The condition specifies parameters that the switch will examine in incoming flows, such as destination address or Type of Service (ToS) bits. The action specifies what the switch will do with a flow that matches the condition;...
Page 625: Valid Policies
Configuring QoS Interaction With Other Features Valid Policies The switch does not allow you to create invalid condition/action combinations; if you enter an invalid combination, an error message will display. A list of valid condition and condition/action combinations is given in “Condition Combinations”...
Page 626: Condition Combinations
Condition Combinations Configuring QoS Condition Combinations The CLI prevents you from configuring invalid condition combinations that are never allowed; however, it does allow you to create combinations that are supported in some scenarios. For example, you might configure source ip and a destination ip for the same condition. The following conditions are supported and may be combined with other conditions and/or actions: •...
Page 627 Configuring QoS Condition Combinations Policy Condition Combinations Table IP Multicast Layer 1 Layer 2 Layer 3* Layer 4* (IGMP) destination only Layer 1 source vlan and destination only Layer 2 802.1p only destination only Layer 3* source vlan and None Layer 4* 802.1p only destination only...
Page 628: Action Combinations
Action Combinations Configuring QoS Action Combinations The CLI prevents you from configuring invalid action combinations that are never allowed; however, it does allow you to create combinations that are supported in some scenarios. For example, an action speci- fying maximum bandwidth may be combined with an action specifying priority. The following actions are supported and may be combined with other actions: •...
Page 629: Condition And Action Combinations
Configuring QoS Condition and Action Combinations Condition and Action Combinations Conditions and actions are combined in policy rules. The CLI prevents you from configuring invalid condition/action combinations that are never allowed; however, the following table provides a quick refer- ence for determining which condition/action combinations are not valid. Each row represents a policy condition or conditions combined with the policy action or actions in the same row.
Page 630: Qos Defaults
QoS Defaults Configuring QoS QoS Defaults The following tables list the defaults for global QoS parameters, individual port settings, policy rules, and default policy rules. Global QoS Defaults Use the qos reset command is to reset global values to their defaults. Description Command Default...
Page 631: Qos Port Defaults
Configuring QoS QoS Defaults QoS Port Defaults Use the qos port reset command to reset port settings to the defaults. Description Command/keyword Default The default 802.1p value inserted qos port default 802.1p into packets received on untrusted ports. The default DSCP value inserted qos port default dscp into packets received on untrusted ports.
Page 632: Policy Action Defaults
QoS Defaults Configuring QoS Description Keyword Default Whether to send a trap for the trap enabled (trap sent only on port rule. disable action or UserPort shut- down operation). Policy Action Defaults The following are defaults for the policy action command: Description Keyword...
Page 633: Qos Configuration Overview
Configuring QoS QoS Configuration Overview QoS Configuration Overview QoS configuration involves the following general steps: Configuring Global Parameters. In addition to enabling/disabling QoS, global configuration includes settings such as global port parameters, default disposition for flows, and various timeouts. The type of parameters you might want to configure globally will depend on the types of policies you will be configur- ing.
Page 634: Configuring Global Qos Parameters
Configuring Global QoS Parameters Configuring QoS Configuring Global QoS Parameters This section describes the global QoS configuration, which includes enabling and disabling QoS, applying and activating the configuration, controlling the QoS log display, and configuring QoS port and queue parameters. Enabling/Disabling QoS By default QoS is enabled on the switch.
Page 635: Setting The Global Default Servicing Mode
Configuring QoS Configuring Global QoS Parameters Setting the Global Default Servicing Mode The servicing mode refers to the queuing scheme used to shape traffic on destination (egress) ports. There are three schemes available: one strict priority and two weighted fair queueing (WFQ) options. By default all switch ports are set to use strict priority queuing.
Page 636: Configuring Automatic Prioritization For Ip Phone Traffic
Configuring Global QoS Parameters Configuring QoS • When automatic NMS prioritization is enabled, QoS policies that specify priority are not applied to the NMS traffic. Other QoS policies, however, are applied to this type of traffic as usual. If a policy speci- fies rate limiting, then the policy with the lowest rate limiting value is applied.
Page 637: Configuring Quarantine Manager And Remediation
Configuring QoS Configuring Global QoS Parameters • Remediation server URL. The qos quarantine path command is used to specify a URL for the reme- diation server. Note that this done in addition to specifying the server IP address in the “alaException- Subnet”...
Page 638 Configuring Global QoS Parameters Configuring QoS Optional. Quarantine MAC addresses are flagged as “quarantined” in the switch MAC address table. To view a list of such MAC addresses, use the show mac-address-table command with the quarantined parameter. -> show mac-address-table quarantined Note the following when configuring QMR: •...
Page 639: Using The Qos Log
Configuring QoS Configuring Global QoS Parameters Using the QoS Log The QoS software in the switch creates its own log for QoS-specific events. You may modify the number of lines in the log or change the level of detail given in the log. The PolicyView application, which is used to create QoS policies stored on an LDAP server, may query the switch for log events;...
Page 640: Log Detail Level
Configuring Global QoS Parameters Configuring QoS Note. If you change the number of log lines, the QoS log may be completely cleared. To change the log lines without clearing the log, set the log lines in the boot.cfg file; the log will be set to the specified number of lines at the next reboot.
Page 641: Displaying The Qos Log
Configuring QoS Configuring Global QoS Parameters Use the swlog output command to configure switch logging to output logging events to the console. Note that this is in addition to sending log events to a file in the flash file system of the switch. See the “Using Switch Logging”...
Page 642: Classifying Bridged Traffic As Layer 3
Configuring Global QoS Parameters Configuring QoS Classifying Bridged Traffic as Layer 3 In some network configurations you may want to force the switch to classify bridged traffic as routed (Layer 3) traffic. Typically this option is used for QoS filtering. See Chapter 31, “Configuring ACLs,”...
Page 643: Setting The Statistics Interval
Configuring QoS Configuring Global QoS Parameters Setting the Statistics Interval To change how often the switch polls the network interfaces for QoS statistics, use the qos stats interval command with the desired interval time in seconds. The default is 60 seconds. For example: ->...
Page 644: Qos Ports And Queues
QoS Ports and Queues Configuring QoS QoS Ports and Queues Queue parameters may be modified on a port basis. When a flow coming into the switch matches a policy, it is queued based on: • Parameters given in the policy action (specified by the policy action command) with either of the following keywords: priority, maximum bandwidth, or maximum depth.
Page 645: Configuring Queuing Schemes
Configuring QoS QoS Ports and Queues Priority to Queue Mapping Table Rule(action) OS6850/9000 OS6800 802.1p ToS/DSCP Priority Queue Queue 000xxx 001xxx 010xxx 011xxx 100xxx 101xxx 110xxx 111xxx Configuring Queuing Schemes There are four queuing schemes available for each switch port: one strict priority scheme and three weighted fair queuing (WFQ) schemes.
Page 646: Configuring The Servicing Mode For A Port
QoS Ports and Queues Configuring QoS • The weight assigned to a WRR queue designates the number of packets the queue sends out before the scheduler moves on to the next queue. For example, a queue weight of 10 sends out 10 packets at each interval.
Page 647: Bandwidth Shaping
Configuring QoS QoS Ports and Queues Bandwidth Shaping Bandwidth shaping is configured on a per port basis. Bandwidth policing is applied using QoS policies (see “Port Groups and Maximum Bandwidth” on page 30-48 “Policy Applications” on page 30-57 more information). QoS supports configuring maximum bandwidth on ingress and egress ports.
Page 648: Configuring Trusted Ports
Configuring QoS Note that on the OmniSwitch 6800 Series switch, the 802.1p bit for tagged packets received on untrusted ports is set with the default 802.1p value. If the packet is untagged, however, then the DSCP bit is set with the default DSCP value.
Page 649 Configuring QoS QoS Ports and Queues recognize 802.1p bits. A policy condition (Traffic) is then created to classify traffic containing 802.1p bits set to 4 and destined for port 2 on slot 3. The policy action (SetBits) specifies that the bits will be reset to 7 when the traffic egresses the switch.
Page 650: Verifying The Qos Port And Queue Configuration
QoS Ports and Queues Configuring QoS Verifying the QoS Port and Queue Configuration To display information about QoS ports and queues, use the following commands: show qos port Displays information about all QoS ports or a particular port. show qos queue Displays information for all QoS queues or only those queues associated with a particular slot/port.
Page 651: Creating Policies
Configuring QoS Creating Policies Creating Policies This section describes how to create policies in general. For information about configuring specific types of policies, see “Policy Applications” on page 30-57. Basic commands for creating policies are as follows: policy condition policy action policy rule This section describes generally how to use these commands.
Page 652: Ascii-File-Only Syntax
Creating Policies Configuring QoS Note. (Optional) To verify that the rule has been configured, use the show policy rule command. The display is similar to the following: -> show policy rule Policy From Prec Enab Act Refl Log Trap Save (L2/3): cond1 ->...
Page 653: Creating Policy Conditions
Configuring QoS Creating Policies Creating Policy Conditions This section describes how to create policy conditions in general. Creating policy conditions for particular types of network situations is described later in this chapter. Note. Policy condition configuration is not active until the qos apply command is entered. See “Applying the Configuration”...
Page 654: Removing Condition Parameters
Creating Policies Configuring QoS Removing Condition Parameters To remove a classification parameter from the condition, use no with the relevant keyword. For example: -> policy condition c3 no source ip The specified parameter (in this case, a source IP address) will be removed from the condition (c3) at the next qos apply.
Page 655: Removing Action Parameters
Configuring QoS Creating Policies policy action keywords disposition dcsp shared priority port-disable maximum bandwidth redirect port maximum depth redirect linkagg no-cache 802.1p mirror Note. If you combine priority with 802.1p, dscp, tos, or map, in an action, the priority value is used to prioritize the flow.
Page 656: Configuring A Rule Validity Period
Creating Policies Configuring QoS -> policy condition c3 source ip 10.10.8.9 -> policy action a7 priority 7 -> policy rule rule5 condition c3 action a7 The rule (rule5) will only take effect after the qos apply command is entered. For more information about the qos apply command, see “Applying the Configuration”...
Page 657: Rule Precedence
Configuring QoS Creating Policies Note that if qos disable is entered, the rule will not be used to classify traffic even if the rule is enabled. For more information about enabling/disabling QoS globally, see “Enabling/Disabling QoS” on page 30-14. Rule Precedence The switch attempts to classify flows coming into the switch according to policy precedence.
Page 658: Logging Rules
Creating Policies Configuring QoS Logging Rules Logging a rule may be useful for determining the source of firewall attacks. Note that logging rules is not supported on the OmniSwitch 6800. To specify that the switch should log information about flows that match the specified policy rule, use the policy rule command with the log option.
Page 659: Testing Conditions
Configuring QoS Creating Policies character definition Indicates that the policy object differs between the pend- ing/applied objects. For example: -> show policy rule Policy From Prec Enab Refl Log Trap Save my_rule 0Yes {L2/3}: cond5 -> action2 +my_rule5 0Yes {L2/3}: cond2 ->...
Page 660 Creating Policies Configuring QoS The keywords used with these commands are similar to the keywords used for the policy condition command. The keyword should be relevant to the type of traffic as listed in the table here: show policy classify l2 show policy classify l3 source port source port...
Page 661 Configuring QoS Creating Policies Using applied l3 policies Classify L3: *Matches rule ‘r1’: action a1 (drop) In this example, the display indicates that the switch found an applied rule, r1, to classify Layer 3 flows with the specified source and destination addresses. To activate any policy rules that have not been applied, use the qos apply command.
Page 662: Using Condition Groups In Policies
Using Condition Groups in Policies Configuring QoS Using Condition Groups in Policies Condition groups are made up of multiple IPv4 addresses, MAC addresses, services, or ports to which you want to apply the same action or policy rule. Instead of creating a separate condition for each address, etc., create a condition group and associate the group with a condition.
Page 663: Creating Network Groups
Configuring QoS Using Condition Groups in Policies Attach the condition to a policy rule. (For more information about configuring rules, see “Creating Policy Rules” on page 30-35.) In this example, action act4 has already been configured. For example: -> policy rule my_rule condition cond3 action act4 Apply the configuration.
Page 664: Creating Services
Using Condition Groups in Policies Configuring QoS To remove addresses from a network group, use no and the relevant address(es). For example: -> policy network group netgroup3 no 173.21.4.39 This command deletes the 173.21.4.39 address from netgroup3 after the next qos apply. To remove a network group from the configuration, use the no form of the policy network group command with the relevant network group name.
Page 665: Creating Service Groups
Configuring QoS Using Condition Groups in Policies In this example, a policy service called telnet1 is created with the TCP protocol number (6) and the well- known Telnet destination port number (23). -> policy service telnet1 protocol 6 destination ip port 23 A shortcut for this command replaces the protocol and destination ip port keywords with destination tcp port: ->...
Page 666: Creating Mac Groups
Using Condition Groups in Policies Configuring QoS This command configures a condition called c6 with service group serv_group. All of the services speci- fied in the service group will be included in the condition. (For more information about configuring condi- tions, see “Creating Policy Conditions”...
Page 667: Creating Port Groups
Configuring QoS Using Condition Groups in Policies Note. MAC group configuration is not active until the qos apply command is entered. To delete addresses from a MAC group, use no and the relevant address(es): -> policy mac group macgrp2 no 08:00:20:00:00:00 This command specifies that MAC address 08:00:20:00:00:00 will be deleted from macgrp2 at the next qos apply.
Page 668: Port Groups And Maximum Bandwidth
Using Condition Groups in Policies Configuring QoS This command specifies that port 2/1 will be deleted from the techpubs port group at the next qos apply. To delete a port group, use the no form of the policy port group command with the relevant port group name.
Page 669 Configuring QoS Using Condition Groups in Policies Example 1: Source Port Group In the following example, a port group (pgroup) is created with two ports and attached to a policy condi- tion (Ports). A policy action with maximum bandwidth is created (MaxBw). The policy condition and policy action are combined in a policy rule called PortRule.
Page 670: Verifying Condition Group Configuration
Using Condition Groups in Policies Configuring QoS Verifying Condition Group Configuration To display information about condition groups, use the following show commands: show policy network group Displays information about all pending and applied policy network groups or a particular network group. Use the applied keyword to dis- play information about applied groups only.
Page 671: Using Map Groups
Configuring QoS Using Map Groups Using Map Groups Map groups are used to map 802.1p, ToS, or DSCP values to different values. The following mapping scenarios are supported: • 802.1p to 802.1p, based on Layer 2, Layer 3, and Layer 4 parameters and source/destination slot/port. In addition, 802.1p classification can trigger this action.
Page 672: How Map Groups Work
Using Map Groups Configuring QoS How Map Groups Work When mapping from 802.1p to 802.1p, the action will result in remapping the specified values. Any values that are not specified in the map group are preserved. In this example, a map group is created for 802.1p bits.
Page 673: Verifying Map Group Configuration
Configuring QoS Using Map Groups To delete a map group, use the no form of the policy map group command. The map group must not be associated with a policy action. For example: -> no policy map group tosGroup If tosGroup is currently associated with an action, an error message similar to the following will display: ERROR: tosGroup is being used by action 'tosMap' In this case, remove the map group from the action, then enter the no policy map group command: ->...
Page 674: Applying The Configuration
Applying the Configuration Configuring QoS Applying the Configuration Configuration for policy rules and many global QoS parameters must specifically be applied to the config- uration with the qos apply command. Any parameters configured without this command are maintained for the current session but are not yet activated. For example, if you configure a new policy rule through the policy rule command, the switch cannot use it to classify traffic and enforce the policy action until the qos apply command is entered.
Page 675: Deleting The Pending Configuration
Configuring QoS Applying the Configuration Deleting the Pending Configuration Policy settings that have been configured but not applied through the qos apply command may be returned to the last applied settings through the qos revert command. For example: -> qos revert This command ignores any pending policies (any additions, modifications, or deletions to the policy configuration since the last qos apply) and writes the last applied policies to the pending configuration.
Page 676: Interaction With Ldap Policies
Applying the Configuration Configuring QoS Interaction With LDAP Policies The qos apply, qos revert, and qos flush commands do not affect policies created through the Policy- View application. Separate commands are used for loading and flushing LDAP policies on the switch. See Chapter 25, “Managing Authentication Servers,”...
Page 677: Policy Applications
Configuring QoS Policy Applications Policy Applications Policies are used to classify incoming flows and treat the relevant outgoing flows. There are many ways to classify the traffic and many ways to apply QoS parameters to the traffic. Classifying traffic may be as simple as identifying a Layer 2 or Layer 3 address of an incoming flow. Treating the traffic might involve prioritizing the traffic or rewriting an IP address.
Page 678: Basic Qos Policies
Policy Applications Configuring QoS Basic QoS Policies Traffic prioritization and bandwidth shaping may be the most common types of QoS policies. For these policies, any condition may be created; the policy action indicates how the traffic should be prioritized or how the bandwidth should be shaped.
Page 679: Bandwidth Shaping Example
Configuring QoS Policy Applications To create a policy rule to prioritize the traffic from Network 1, first create a condition for the traffic that you want to prioritize. In this example, the condition is called ip_traffic. Then create an action to priori- tize the traffic as highest priority.
Page 680: Policy Based Mirroring
Policy Applications Configuring QoS • In most cases, a redirected flow will not trigger an update to the routing and ARP tables. When the ARP table is cleared or timed out, port/link aggregate redirection will cease until the ARP table is refreshed.
Page 681: Icmp Policy Example
Configuring QoS Policy Applications • Policy based mirroring and the port-based mirroring feature can run simultaneously on the same port. However, policy based mirroring is not supported on the OmniSwitch 6800. • Rule precedence is applied to all mirroring policies that are configured for the same switch ASIC. If traffic matches a mirror rule on one ASIC with a lower precedence than a non-mirroring rule on a different ASIC, the traffic is mirrored in addition to the actions specified by the higher precedence rule.
Page 682: Policy Based Routing
Policy Applications Configuring QoS In the next example, the policy map group command specifies a group of values that should be mapped; the policy action map command specifies what should be mapped (802.1p to 802.1p, ToS/DSCP to 802.1p) and the mapping group that should be used. For more details about creating map groups, see “Creating Map Groups”...
Page 683 Configuring QoS Policy Applications Note. If the routing table has a default route of 0.0.0.0, traffic matching a PBR policy will be redirected to the route specified in the policy. For information about viewing the routing table, see Chapter 18, “Config- uring IP.”...
Page 684 Policy Applications Configuring QoS For example: 174.26.1.0 173.10.2.0 10.3.0.0 Firewall 173.5.1.0 173.5.1.254 OmniSwitch Using a Built-In Port Group In this scenario, traffic from the firewall is sent back to the switch to be re-routed. But because the traffic re-enters the switch through a port that is not in the Slot01 port group, the traffic does not match the Redirect_All policy and is routed normally through the switch.
Page 685: Chapter 31 Configuring Acls
31 Configuring ACLs Access Control Lists (ACLs) are Quality of Service (QoS) policies used to control whether or not packets are allowed or denied at the switch or router interface. ACLs are sometimes referred to as filtering lists. ACLs are distinguished by the kind of traffic they filter. In a QoS policy rule, the type of traffic is speci- fied in the policy condition.
Page 686: Acl Specifications
ACL Specifications Configuring ACLs ACL Specifications These specifications are the same as those for QoS in general: Note. The QoS/ACL functionality described in this chapter is supported on the OmniSwitch 6800, 6850, and 9000 switches unless otherwise stated in the following Specifications table or specifically noted within any other section of this chapter.
Page 687: Acl Defaults
Configuring ACLs ACL Defaults ACL Defaults The following table shows the defaults for ACLs: Parameter Command Default Global bridged disposition qos default bridged disposition accept Global routed disposition qos default routed disposition accept Global multicast disposition qos default multicast disposition accept Policy rule disposition policy rule...
Page 688: Quick Steps For Creating Acls
Quick Steps for Creating ACLs Configuring ACLs Quick Steps for Creating ACLs Set the global disposition for bridged or routed traffic. By default, all flows that do match any policies are allowed on the switch. Typically, you may want to deny traffic for all Layer 3 flows that come into the switch and do not match a policy, but allow any Layer 2 (bridged) flows that do not match policies.
Page 689: Acl Overview
Configuring ACLs ACL Overview ACL Overview ACLs provide moderate security between networks. The following illustration shows how ACLs may be used to filter subnetwork traffic through a private network, functioning like an internal firewall for LANs. OmniSwitch Subnetwork router Private Network Public Network...
Page 690: How Precedence Is Determined
ACL Overview Configuring ACLs Rule Precedence The switch attempts to classify flows coming into the switch according to policy precedence. Only the rule with the highest precedence will be applied to the flow. This is true even if the flow matches more than one rule.
Page 691: Acl Configuration Overview
Policies may then be set up to allow routed traffic through the switch. Note that in the current release of Alcatel-Lucent’s QoS software, the drop and deny keywords produce the same result (flows are silently dropped; no ICMP message is sent).
Page 692: Creating Condition Groups For Acls
Creating Condition Groups For ACLs Configuring ACLs For more information about the global disposition commands, see Chapter 30, “Configuring QoS,” and the OmniSwitch CLI Reference Guide. Important. If you set the global bridged disposition (using the qos default bridged disposition command) to deny or drop, it will result in dropping all Layer 2 traffic from the switch that does not match any policy to accept traffic.
Page 693: Creating Policy Conditions For Acls
Configuring ACLs Configuring ACLs Configuring ACLs This section describes in detail the procedures for configuring ACLs. For more information about how to configure policies in general, see Chapter 30, “Configuring QoS.” Command syntax is described in detail in the OmniSwitch CLI Reference Guide. The basic commands for configuring ACL rules are the same as those for configuring policy rules: policy condition policy action...
Page 694: Creating Policy Actions For Acls
Configuring ACLs Configuring ACLs The following table lists the keywords for the policy condition command that are typically used for the different types of ACLs: Layer 2 ACL Condition Layer 3/4 ACL Condition Multicast ACL Condition Keywords Keywords Keywords source mac source ip multicast ip source mac group...
Page 695: Creating Policy Rules For Acls
Configuring ACLs Configuring ACLs Creating Policy Rules for ACLs A policy rule is made up of a condition and an action. For example, to create a policy rule for filtering IP addresses, which is a Layer 3 ACL, use the policy rule command with the condition and action keywords.
Page 696: Layer 2 Acl Example
Configuring ACLs Configuring ACLs Layer 2 ACL Example In this example, the default bridged disposition is accept (the default). Since the default is accept, the qos default bridged disposition command would only need to be entered if the disposition had previously been set to deny.
Page 697: Layer 3 Acl: Example 1
Configuring ACLs Configuring ACLs Layer 3 ACL: Example 1 In this example, the default routed disposition is accept (the default). Since the default is accept, the qos default routed disposition command would only need to be entered if the disposition had previously been set to deny.
Page 698: Multicast Filtering Acls
Configuring ACLs Configuring ACLs -> policy condition c2 tos 7 ipv6 In the above example, c1 is an IPv4 condition and c2 is an IPv6 condition. ACLs that use c1 are consid- ered IPv4 policies; ACLs that use c2 are considered IPv6 policies. In addition, consider the following examples: ->...
Page 699 Configuring ACLs Configuring ACLs The following keywords may be used in the condition to indicate the client parameters: Multicast ACL Keywords destination ip destination vlan destination port destination port group destination mac destination mac group If a destination group is specified, the corresponding single value keyword cannot be combined in the same condition.
Page 700: Using Acl Security Features
Using ACL Security Features Configuring ACLs Using ACL Security Features The following additional ACL features are available for improving network security and preventing mali- cious activity on the network: • UserPorts—A port group that identifies its members as user ports to prevent source address spoofing of IP and ARP traffic (per RFC 2267).
Page 701: Configuring Userport Traffic Types And Port Behavior
Configuring ACLs Using ACL Security Features The UserPorts group is also used in conjunction with the DropServices group. If a flow received on a port that is a member of the UserPorts group is destined for a TCP or UDP port (service) specified in the DropServices group, the flow is dropped.
Page 702: Configuring A Bpdushutdownports Group
Using ACL Security Features Configuring ACLs -> policy service tcp135 destination tcp port 135 -> policy service tcp445 destination tcp port 445 -> policy service udp137 destination udp port 137 -> policy service udp138 destination udp port 138 -> policy service udp445 destination udp port 445 Add the services created in Step 1 to a service group called DropServices using the policy service group...
Page 703: Configuring Icmp Drop Rules
Configuring ACLs Using ACL Security Features Configuring ICMP Drop Rules Combining a Layer 2 condition for source VLAN with a Layer 3 condition for IP protocol is supported. In addition, two new condition parameters are available to provide more granular filtering of ICMP packets: icmptype and icmpcode.
Page 704: Verifying The Acl Configuration
Verifying the ACL Configuration Configuring ACLs Note that if a flag is specified on the command line after the any or all keyword, then the match value is one. If the flag only appears as part of the mask, then the match value is zero. See the policy condition tcpflags command page in the OmniSwitch CLI Reference Guide for more information.
Page 705 Configuring ACLs Verifying the ACL Configuration To display only policy rules that are active (enabled) on the switch, use the show active policy rule command. For example: -> show active policy rule Policy From Prec Enab Inact Refl Log Save Matches +my_rule5 Cnd/Act:...
Page 706: Acl Application Example
ACL Application Example Configuring ACLs ACL Application Example In this application for IP filtering, a policy is created to deny Telnet traffic from the outside world to an engineering group in a private network. OmniSwitch Private Network Public Network (Engineering) (The Internet) traffic originating from the public net- work destined for the private network...
Page 707: In This Chapter
MLD Snooping. The switch then learns on which ports multicast group subscribers are attached and can intelligently deliver traffic only to the respective ports. Alcatel-Lucent’s implementation of IGMP snooping is called IP Multicast Switching (IPMS) and MLD snooping is called IP Multicast Switching version 6 (IPMSv6).
Page 708 32-28. Note. You can also configure and monitor IPMS with WebView, Alcatel-Lucent’s embedded Web-based device management application. WebView is an interactive and easy-to-use GUI that can be launched from OmniVista or a Web browser. Please refer to WebView’s online documentation for more informa- tion on configuring and monitoring IPMS/IPMSv6 with WebView.
Page 709: Ipms Specifications
IGMP Last Member Query Interval 1 to 65535 in tenths of seconds IPMSv6 Specifications The table below lists specifications for Alcatel-Lucent’s IPMSv6 software. RFCs Supported RFC 2710 — Multicast Listener Discovery for IPv6 RFC 3019 — IPv6 MIB for Multicast Listener Discovery Protocol RFC 3810 —...
Page 710: Ipms Default Values
IPMS Default Values Configuring IP Multicast Switching IPMS Default Values The table below lists default values for Alcatel-Lucent’s IPMS software. Parameter Description Command Default Value/Comments Administrative Status ip multicast status disabled IGMP Querier Forwarding ip multicast querier- disabled forwarding IGMP Version...
Page 711: Ipmsv6 Default Values
Configuring IP Multicast Switching IPMSv6 Default Values IPMSv6 Default Values The table below lists default values for Alcatel-Lucent’s IPMSv6 software. Parameter Description Command Default Value/Comments Administrative Status ipv6 multicast status disabled MLD Querier Forwarding ipv6 multicast querier- disabled forwarding MLD Version...
Page 712: Ipms Overview
IPMS Overview Configuring IP Multicast Switching IPMS Overview A multicast group is defined by a multicast group address, which is a Class D IP address in the range 224.0.0.0 to 239.255.255.255. (Addresses in the range 239.0.0.0 to 239.255.255.255 are reserved for boundaries.) The multicast group address is indicated in the destination address field of the IP header.
Page 713: Reserved Ip Multicast Addresses
Configuring IP Multicast Switching IPMS Overview Reserved IP Multicast Addresses The Internet Assigned Numbers Authority (IANA) created the range for multicast addresses, which is 224.0.0.0 to 239.255.255.255. However, as the table below shows, certain addresses are reserved and cannot be used. Address or Address Range Description 224.0.0.0 through 224.0.0.255...
Page 714: Dvmrp
IPMS Overview Configuring IP Multicast Switching Protocol-Independent Multicast (PIM) is an IP multicast routing protocol that uses routing information provided by unicast routing protocols, such as RIP and OSPF. Sparse Mode PIM (PIM-SM) contrasts with flood-and-prune dense mode multicast protocols, such as DVMRP and PIM Dense Mode (PIM-DM), in that multicast forwarding in PIM-SM is initiated only via specific requests.
Page 715: Configuring Ipms On A Switch
Configuring IP Multicast Switching Configuring IPMS on a Switch Configuring IPMS on a Switch This section describes how to use Command Line Interface (CLI) commands to enable and disable IP Multicast Switching and Routing (IPMSR) switch wide (see “Enabling and Disabling IP Multicast Status” on page 32-9), configure a port as a IGMP static neighbor (see “Configuring and Removing an IGMP...
Page 716: Enabling And Disabling Igmp Querier-Forwarding
Configuring IPMS on a Switch Configuring IP Multicast Switching -> ip multicast vlan 2 status To restore the IP Multicast status to its default setting (i.e., disabled). Enabling and Disabling IGMP Querier-forwarding By default, IGMP querier-forwarding is disabled.The following subsections describe how to enable and disable IGMP querier-forwarding by using the ip multicast querier-forwarding command.
Page 717: Configuring The Igmp Version
Configuring IP Multicast Switching Configuring IPMS on a Switch Configuring the IGMP Version To change the IGMP protocol version on the system if no VLAN is specified, use the ip multicast version command as shown below: -> ip multicast version 3 You can also change the IGMP protocol version on the specified VLAN by entering: ->...
Page 718: Removing An Igmp Static Neighbor
Configuring IPMS on a Switch Configuring IP Multicast Switching Removing an IGMP Static Neighbor To reset the port so that it is no longer an IGMP static neighbor port, use the no form of the ip multicast static-neighbor command by entering no ip multicast static-neighbor followed by vlan, a space, VLAN number, a space, followed by port, a space, the slot number of the port, a slash (/), and the port number.
Page 719: Configuring An Igmp Static Group
Configuring IP Multicast Switching Configuring IPMS on a Switch Configuring an IGMP Static Group You can configure a port as an IGMP static group by entering ip multicast static-group, followed by the IP address of the static group in dotted decimal notation, a space, followed by vlan, a space, VLAN number (which must be between 0 and 4095), a space, followed by port, a space, the slot number of the port, a slash (/), and the port number.
Page 720: Modifying Ipms Parameters
Modifying IPMS Parameters Configuring IP Multicast Switching Modifying IPMS Parameters The table in “IPMS Default Values” on page 32-4 lists default values for IPMS parameters. The following sections describe how to use CLI commands to modify these parameters. Modifying the IGMP Query Interval The default IGMP query interval (i.e., the time between IGMP queries) is 125 in seconds.
Page 721: Configuring The Igmp Last Member Query Interval
Configuring IP Multicast Switching Modifying IPMS Parameters Configuring the IGMP Last Member Query Interval You can modify the IGMP last member query interval from 1 to 65535 in tenths of seconds by entering ip multicast last-member-query-interval followed by the new value. For example, to set the IGMP last member query interval to 60 tenths-of-seconds on the system if no VLAN is specified, you would enter: ->...
Page 722: Restoring The Igmp Query Response Interval
Modifying IPMS Parameters Configuring IP Multicast Switching Restoring the IGMP Query Response Interval To restore the IGMP query response interval to its default (i.e., 100 tenths-of-seconds) value on the system if no VLAN is specified, use the ip multicast query-response-interval command by entering: ->...
Page 723: Modifying The Source Timeout
Configuring IP Multicast Switching Modifying IPMS Parameters You can also restore the IGMP router timeout on the specified VLAN by entering: -> ip multicast vlan 2 router-timeout 0 Or, as an alternative, enter: -> ip multicast vlan 2 router-timeout To restore the IGMP router timeout to its default value. Modifying the Source Timeout The default source timeout (i.e., the expiry time of IP multicast sources) is 30 seconds.
Page 724: Enabling And Disabling Igmp Querying
Modifying IPMS Parameters Configuring IP Multicast Switching Enabling and Disabling IGMP Querying By default, IGMP querying is disabled.The following subsections describe how to enable and disable IGMP querying by using the ip multicast querying command. Enabling the IGMP Querying You can enable the IGMP querying by entering ip multicast querying followed by the enable keyword.
Page 725: Restoring The Igmp Robustness Variable
Configuring IP Multicast Switching Modifying IPMS Parameters Note. If the links are known to be lossy, then robustness variable can be set to a higher value (7). You can also modify the IGMP robustness variable from 1 to 7 on the specified VLAN by entering: ->...
Page 726: Enabling And Disabling The Igmp Zapping
Modifying IPMS Parameters Configuring IP Multicast Switching -> ip multicast spoofing To restore the IGMP spoofing to its default setting (i.e., disabled). You can also disable IGMP spoofing on the specified VLAN by entering: -> ip multicast vlan 2 spoofing disable Or, as an alternative, enter: ->...
Page 727: Ipmsv6 Overview
Configuring IP Multicast Switching IPMSv6 Overview IPMSv6 Overview An IPv6 multicast address identifies a group of nodes. A node can belong to any number of multicast groups. IPv6 multicast addresses are classified as fixed scope multicast addresses and variable scope multicast addresses.(See the “Reserved IPv6 Multicast Addresses”...
Page 728: Reserved Ipv6 Multicast Addresses
IPMSv6 Overview Configuring IP Multicast Switching Reserved IPv6 Multicast Addresses The Internet Assigned Numbers Authority (IANA) classified the scope for IPv6 multicast addresses as fixed scope multicast addresses and variable scope multicast addresses. However, as the table below shows only well-known addresses, which are reserved and cannot be assigned to any multicast group. Address Description FF00:0:0:0:0:0:0:0...
Page 729: Configuring Ipmsv6 On A Switch
Configuring IP Multicast Switching Configuring IPMSv6 on a Switch Configuring IPMSv6 on a Switch This section describes how to use Command Line Interface (CLI) commands to enable and disable IPv6 Multicast Switching (IPMSv6) switch wide (see “Enabling and Disabling IPv6 Multicast Status” on page 32-23), configure a port as an MLD static neighbor (see “Configuring and Removing an MLD Static...
Page 730: Enabling And Disabling Mld Querier-Forwarding
Configuring IPMSv6 on a Switch Configuring IP Multicast Switching Enabling and Disabling MLD Querier-forwarding By default, MLD querier-forwarding is disabled.The following subsections describe how to enable and disable MLD querier-forwarding by using the ipv6 multicast querier-forwarding command. Enabling the MLD Querier-forwarding You can enable the MLD querier-forwarding by entering ipv6 multicast querier-forwarding followed by...
Page 731: Restoring The Mld Version 1
Configuring IP Multicast Switching Configuring IPMSv6 on a Switch Restoring the MLD Version 1 To restore the MLD version to Version 1 (MLDv1) on the system if no VLAN is specified, use the ipv6 multicast version command by entering: -> ipv6 multicast version 0 Or, as an alternative, enter: ->...
Page 732: Removing An Mld Static Neighbor
Configuring IPMSv6 on a Switch Configuring IP Multicast Switching Removing an MLD Static Neighbor To reset the port so that it is no longer an MLD static neighbor port, use the no form of the ipv6 multicast static-neighbor command by entering no ipv6 multicast static-neighbor, followed by vlan, a space, the VLAN number, a space, followed by port, a space, slot number of the port, a slash (/), and the port number.
Page 733: Configuring An Mld Static Group
Configuring IP Multicast Switching Configuring IPMSv6 on a Switch Configuring an MLD Static Group You can configure a port as an MLD static group by entering ipv6 multicast static-group, followed by the IPv6 address of the MLD static group in hexadecimal notation separated by colons, a space, followed by vlan, a space, VLAN number (which must be between 0 and 4095), a space, followed by port, the slot number of the port, a slash (/), and the port number.
Page 734: Modifying Ipmsv6 Parameters
Modifying IPMSv6 Parameters Configuring IP Multicast Switching Modifying IPMSv6 Parameters The table in “IPMSv6 Default Values” on page 32-5 lists default values for IPMSv6 parameters. The following sections describe how to use CLI commands to modify these parameters. Modifying the MLD Query Interval The default IPMSv6 query interval (i.e., the time between MLD queries) is 125 in seconds.
Page 735: Restoring The Mld Last Member Query Interval
Configuring IP Multicast Switching Modifying IPMSv6 Parameters Restoring the MLD Last Member Query Interval To restore the MLD last member query interval to its default (i.e., 1000 milliseconds) value on the system if no VLAN is specified, use the ipv6 multicast last-member-query-interval command by entering: ->...
Page 736: Modifying The Mld Router Timeout
Modifying IPMSv6 Parameters Configuring IP Multicast Switching You can also restore the MLD query response interval on the specified VLAN by entering: -> ipv6 multicast van 2 query-response-interval 0 Or, as an alternative, enter: -> ipv6 multicast vlan 2 query-response-interval To restore the MLD query response interval to its default value.
Page 737: Configuring The Source Timeout
Configuring IP Multicast Switching Modifying IPMSv6 Parameters Configuring the Source Timeout You can modify the source timeout from 1 to 65535 seconds by entering ipv6 multicast source-timeout followed by the new value. For example, to set the source timeout to 360 seconds on the system if no VLAN is specified, you would enter: ->...
Page 738: Modifying The Mld Robustness Variable
Modifying IPMSv6 Parameters Configuring IP Multicast Switching Or, as an alternative, enter: -> ipv6 multicast querying To restore the MLD querying to its default setting (i.e., disabled). You can also disable the MLD querying on the specified VLAN by entering: disable ->...
Page 739: Enabling And Disabling The Mld Spoofing
Configuring IP Multicast Switching Modifying IPMSv6 Parameters Or, as an alternative, enter: -> ipv6 multicast vlan 2 robustness To restore the MLD robustness to its default value. Enabling and Disabling the MLD Spoofing By default, MLD spoofing (i.e., replacing a client's MAC and IPv6 address with the system's MAC and IPv6 address, when proxying aggregated MLD group membership information) is disabled on the switch.
Page 740: Enabling The Mld Zapping
Modifying IPMSv6 Parameters Configuring IP Multicast Switching between IP multicast groups.) is disabled on a switch. The following subsections describe how to enable and disable zapping by using the ipv6 multicast zapping command. Enabling the MLD Zapping To enable MLD zapping on the system if no VLAN is specified, use the ipv6 multicast zapping command as shown below: ->...
Page 741: Ipms Application Example
Configuring IP Multicast Switching IPMS Application Example IPMS Application Example The figure below shows a sample network with the switch sending multicast video. A client attached to Port 5 needs to be configured as a static IGMP neighbor and another client attached to Port 2 needs to be configured as a static IGMP querier.
Page 742 IPMS Application Example Configuring IP Multicast Switching An example of what these commands look like entered sequentially on the command line: -> ip multicast status enable -> ip multicast static-neighbor vlan 5 port 1/5 -> ip multicast static-querier vlan 5 port 1/2 ->...
Page 743: Ipmsv6 Application Example
Configuring IP Multicast Switching IPMSv6 Application Example IPMSv6 Application Example The figure below shows a sample network with the switch sending multicast video. A client attached to Port 5 needs to be configured as a static MLD neighbor and another client attached to Port 2 needs to be configured as a static MLD querier.
Page 744 IPMSv6 Application Example Configuring IP Multicast Switching An example of what these commands look like entered sequentially on the command line: -> ipv6 multicast status enable -> ipv6 multicast static-neighbor vlan 5 port 1/5 -> ipv6 multicast static-querier vlan 5 port 1/2 ->...
Page 745: Displaying Ipms Configurations And Statistics
Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics Displaying IPMS Configurations and Statistics Alcatel-Lucent’s IP Multicast Switching (IPMS) show commands provide tools to monitor IPMS traffic and settings and to troubleshoot problems. These commands are described below: show ip multicast Displays the general IP Multicast switching and routing configuration parameters on a switch.
Page 746: Displaying Ipmsv6 Configurations And Statistics
Displaying IPMSv6 Configurations and Statistics Configuring IP Multicast Switching Displaying IPMSv6 Configurations and Statistics Alcatel-Lucent’s IPv6 Multicast Switching (IPMSv6) show commands provide tools to monitor IPMSv6 traffic and settings and to troubleshoot problems. These commands are described below: show ipv6 multicast Displays the general IPv6 Multicast switching and routing configuration parameters on a switch.
Page 747: In This Chapter
33-11. Note. You can also configure and monitor IPMV through WebView, Alcatel-Lucent’s embedded web- based device management application. WebView is an interactive and easy-to-use GUI that can be launched from OmniVista or a web browser. Please refer to WebView’s online documentation for more information on configuring and monitoring IPMV through WebView.
Page 748: Chapter 33 Configuring Ip Multicast Vlan
IP Multicast VLAN Specifications Configuring IP Multicast VLAN IP Multicast VLAN Specifications The following table lists IPMVLAN specifications. IEEE Standards Supported 802.1ad/D6.0 Standard for Local and Metropolitan Area Networks - Virtual Bridged Local Area Net- works - Amendment 4: Provider Bridges Maximum Number of IP Multicast VLAN IDs 256 (The valid range is 2 through 4094) VLAN Stacking Functionality Modes...
Page 749: Ip Multicast Vlan Overview
Configuring IP Multicast VLAN IP Multicast VLAN Overview IP Multicast VLAN Overview The IP Multicast VLAN (IPMV) feature helps service providers to create separate dedicated VLANs to distribute multicast traffic. Service providers have to separate users using these VLANs. This should be done along with the distribution of broadcast media through IP Multicast across these VLANs without a router in the distribution L2 switch.
Page 750: Enterprise Mode
IP Multicast VLAN Overview Configuring IP Multicast VLAN Note. CVLAN-tag translation rule applies only in the VLAN Stacking mode. You can use the vlan ipmvlan ctag command to define the translation rule for replacing the outer s-tag with an IPMVLAN ID, the inner being the customer tag (c-tag). Note.
Page 751: Ipmv Packet Flows
Configuring IP Multicast VLAN IPMV Packet Flows IPMV Packet Flows This section describes the tagged and untagged packet flows in both the Enterprise and VLAN Stacking modes. In addition, it also describes the packet flow from the ingress point to the egress point. VLAN Stacking Mode The following illustration shows customers A, B, and C formed as a multicast group G1.Three types of control packets ingress on the receiver port.
Page 752 IPMV Packet Flows Configuring IP Multicast VLAN The paths taken by the packets are described in the following subsections: Untagged Control Packets Ingressing on the Receiver Port The following steps describe the path taken by untagged control packets ingressing on the receiver port: Untagged IPMS join reports for the multicast group G1 are sent to the receiver port.
Page 753 Configuring IP Multicast VLAN IPMV Packet Flows The single multicast double-tagged data packets with an IPMV outer tag and a CVLAN inner tag are generated by the multicast server for group G1. The VLAN Stacking egress logic removes the IPMV outer tag. The generated multicast data packets flooded on the receiver port are single-tagged with CVLAN.
Page 754: Enterprise Mode
IPMV Packet Flows Configuring IP Multicast VLAN Enterprise Mode In the Enterprise mode, two types of control packets ingress on the receiver ports. The paths taken by the packets (as shown in the diagram on page 33-5) are described in the following subsections. Untagged Control Packets Ingressing on the Receiver Port The following steps describe the path taken by untagged control packets ingressing on the receiver port: Untagged IPMS join reports for the multicast group G1 are sent to the receiver port.
Page 755: Configuring Ipmvlan
Configuring IP Multicast VLAN Configuring IPMVLAN Configuring IPMVLAN This section describes how to use Command Line Interface (CLI) commands for creating and deleting IPMVLAN (see “Creating and Deleting IPMVLAN” on page 33-9), assigning IPv4/IPv6 address to an existing IPMVLAN and removing it (see “Assigning and Deleting IPv4/IPv6 Address”...
Page 756: Assigning An Ipv4/Ipv6 Address To An Ipmvlan
Configuring IPMVLAN Configuring IP Multicast VLAN Assigning an IPv4/IPv6 Address to an IPMVLAN To assign an IPv4 or IPv6 address to an existing IPMVLAN, use the vlan ipmvlan address command as shown below: -> vlan ipmvlan 1003 address 225.0.0.1 -> vlan ipmvlan 1033 address ff08::3 Deleting an IPv4/IPv6 Address from an IPMVLAN To delete an IPv4 or IPv6 address from an existing IP Multicast VLAN, use the no form of the vlan ipmvlan address...
Page 757: Deleting A Sender Port From An Ipmvlan
Configuring IP Multicast VLAN Configuring IPMVLAN -> vlan svlan 1/49 network-port -> vlan ipmvlan 1033 sender-port port 1/49 Deleting a Sender Port from an IPMVLAN To delete a sender port from an IPMVLAN in the Enterprise or VLAN Stacking mode, use the no form of vlan ipmvlan sender-port command by entering no vlan ipmvlan followed by the IPMVLAN ID, the keyword sender-port, and the port number, as shown below:...
Page 758: Ipmvlan Application Example
IPMVLAN Application Example Configuring IP Multicast VLAN IPMVLAN Application Example The figure below shows a sample IPMVLAN network with three customers A, B, and C, respectively.The customers are connected to the Ethernet switch requesting multicast data. Core Unicast Multicast Router Ethernet Switch Customer C Customer B...
Page 759 Configuring IP Multicast VLAN IPMVLAN Application Example Create a receiver port in the Enterprise mode of IPMVLAN by entering: -> vlan ipmvlan 1003 receiver-port port 1/51-60 Alternatively, a receiver port can also be created in the VLAN Stacking mode by entering: ->...
Page 760: Verifying The Ip Multicast Vlan Configuration
Verifying the IP Multicast VLAN Configuration Configuring IP Multicast VLAN Verifying the IP Multicast VLAN Configuration To display information about IPMV, use the following commands: show vlan ipmvlan Displays IPMVLAN information for a specific IPMVLAN, a range of IPMVLANs, or all IPMVLANs. show vlan ipmvlan c-tag Displays the customer VLAN IDs associated with a single IP Multi- cast VLAN or all the configured IP Multicast VLANs.
Page 761: In This Chapter
(you can tailor workload requirements individually to servers within a cluster). Note. SLB is supported on OmniSwitch 6850 and 9000 switches but not on OmniSwitch 6800 Series switches.
Page 762: Chapter 34 Configuring Server Load Balancing
Server Load Balancing Specifications Configuring Server Load Balancing Server Load Balancing Specifications The table below lists specifications for Alcatel-Lucent’s SLB software. Maximum number of clusters Maximum number of physical servers 256 (up to 16 per cluster) Layer-3 classification Destination IP address...
Page 763: Server Load Balancing Default Values
Configuring Server Load Balancing Server Load Balancing Default Values Server Load Balancing Default Values The table below lists default values for Alcatel-Lucent’s SLB software. Parameter Description Command Default Value/Comments Global SLB administrative status ip slb admin Disabled Ping period ip slb cluster ping period...
Page 764: Quick Steps For Configuring Server Load Balancing (Slb)
Quick Steps for Configuring Server Load Balancing (SLB) Configuring Server Load Balancing Quick Steps for Configuring Server Load Balancing (SLB) Follow the steps below for a quick tutorial on configuring parameters for SLB. Additional information on how to configure each command is given in the subsections that follow. Note that this example configures a VIP cluster.
Page 765: Quick Steps For Configuring A Qos Policy Condition Cluster
Configuring Server Load Balancing Quick Steps for Configuring Server Load Balancing (SLB) Quick Steps for Configuring a QoS Policy Condition Cluster Follow the steps below for a quick tutorial on how to configure a QoS policy condition cluster: Create the QoS policy condition that will classify traffic for the SLB cluster. For example: ->...
Page 766 Quick Steps for Configuring Server Load Balancing (SLB) Configuring Server Load Balancing -> show ip slb cluster Intranet statistics Admin Operational Cluster Name Status Status Count -----------------------+--------+--------------------+-------- Intranet Enabled In Service 2 Servers Src IP 100.0.0.1/255.255.255.255 2500 IP Dst TCP Port 80 Src IP 100.0.0.2/255.255.255.255 2500 IP Dst TCP Port 80...
Page 767: Server Load Balancing Overview
34-8), and server health monitoring (see “Server Health Monitoring” on page 34-9). Note. Alcatel-Lucent also offers link aggregation, which combines multiple Ethernet links into one virtual channel. Please refer to Chapter 17, “Configuring Dynamic Link Aggregation,”for more information on link aggregation and dynamic link aggregation, and to Chapter 16, “Configuring Static Link Aggrega-...
Page 768: Server Load Balancing Example
Server Load Balancing Overview Configuring Server Load Balancing Server Load Balancing Example In the figure on the following page, an SLB cluster consisting of four (4) physical servers has been config- ured with a VIP of 128.241.130.204 and an SLB cluster name of “WorldWideWeb.” The switch processes requests sent by clients to the VIP of 128.241.130.204 and sends to the appropriate physical server, depending on configuration and the operational states of the physical servers.
Page 769: Server Health Monitoring
Server Load Balancing Overview Server Health Monitoring Alcatel-Lucent’s Server Load Balancing (SLB) software on the switch performs checks on the links from the switch to the servers. In addition, the SLB software also sends ICMP echo requests (i.e., ping packets) to the physical servers to determine their availability.
Page 770: Configuring The Server Farm
Configuring the Server Farm Configuring Server Load Balancing Configuring the Server Farm To configure a server for a VIP cluster, you must associate the VIP address to the loopback interface of the physical server. Otherwise, physical servers will reject packets addressed to the VIP address. To configure a server for a QoS policy condition cluster using the Layer-2 SLB mode, enable the server to receive packets with a destination MAC address that is different than the MAC address of the server (e.g., enable promiscuous mode).
Page 771 Configuring Server Load Balancing Configuring the Server Farm Double-click the Network icon in the Control Panel window. Double click the Network icon. Click the Protocols tab in the Network window. Select the TCP/IP Protocol icon in the Network Protocols window. Select the “TCP/IP Protocol”...
Page 772 Configuring the Server Farm Configuring Server Load Balancing Select MS Loopback Adapter from the Adapter pull-down window. Select the “MS Loopback Adapter” from the “Adapter” pull-down window. Click the Select an IP address radio button. Select the “Select an IP address” radio button.
Page 773: Configuring A Windows 2000 Server
Configuring Server Load Balancing Configuring the Server Farm Configuring a Windows 2000 Server Follow the steps below to associate a loopback interface on a Windows NT server. Note. This procedure assumes that your Windows 2000 workstation already has the Microsoft loopback adapter installed.
Page 774 Configuring the Server Farm Configuring Server Load Balancing Select Internet Protocol (TCP/IP) in the Microsoft Loopback Adapter Properties window. Select “Internet Protocol (TCP/IP)”. Click the “Properties” button. Click the Properties button. Click the Use the following IP address radio button in the Internet Properties (TCP/IP) Properties window.
Page 775: Adding The Microsoft Loopback Adapter Driver
Configuring Server Load Balancing Configuring the Server Farm Adding the Microsoft Loopback Adapter Driver This section describes how to add Microsoft’s loopback adapter to Windows NT servers (see “Adding the Loopback Adapter Driver to a Windows NT Server” on page 34-15) and Windows 2000 servers (see “Adding the Loopback Adapter Driver to a Windows 2000 Server”...
Page 776 Configuring the Server Farm Configuring Server Load Balancing Select MS Loopback Adapter in the Select Network Adapter window. Select “MS Loopback Adapter”. Click “OK” when done. Click the OK button. Select the proper frame type in the Frame Type pull-down menu. Select “Frame Type”.
Page 777: Adding The Loopback Adapter Driver To A Windows 2000 Server
Configuring Server Load Balancing Configuring the Server Farm Adding the Loopback Adapter Driver to a Windows 2000 Server Follow the steps below to add the Microsoft loopback adapter driver to a Windows 2000 server. Open the Control Panel window by clicking the Start button and then selecting Settings. Double-click the Add/Remove Hardware icon in the Control Panel window.
Page 778 Configuring the Server Farm Configuring Server Load Balancing Select Add a new device in the Choose a Hardware Device window. Select “Add a new device.” Click “Next” when done. Click the Next button. Select the No option radio button in the Find New Hardware window. Select “No”...
Page 779 Configuring Server Load Balancing Configuring the Server Farm Select Microsoft in the Manufacturers window. If the Microsoft loopback adapter has been installed it will be listed in the Network Adapter window as shown in the figure below. If this adapter is listed, proceed to Step 17 on page 34-19.
Page 780 Configuring the Server Farm Configuring Server Load Balancing Click the Finish button in the Completing the Add/Remove Hardware Wizard window. Click “Finish” when ready. page 34-20 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 781: Configuring A Red Hat Linux Server
Configuring Server Load Balancing Configuring the Server Farm Configuring a Loopback Interface on Unix- and Linux-Based Servers This section describes how to configure a loopback interface on Red Hat Linux servers (see “Configuring a Red Hat Linux Server” on page 34-21), Sun Solaris servers (see “Configuring a Sun Solaris Server”...
Page 782: Configuring An Ibm Aix Server
Configuring the Server Farm Configuring Server Load Balancing Configuring an IBM AIX Server Follow the steps below to configure the loopback interface on an IBM AIX server. At the command prompt, enter ifconfig lo0 alias, the Virtual IP (VIP) address of the Server Load Balancing (SLB) cluster, netmask, and the net mask for the VIP.
Page 783: Configuring Server Load Balancing On A Switch
Configuring Server Load Balancing Configuring Server Load Balancing on a Switch Configuring Server Load Balancing on a Switch This section describes how to use Alcatel-Lucent’s Command Line Interface (CLI) commands to config- ure Server Load Balancing (SLB) on a switch. Note. See “Quick Steps for Configuring Server Load Balancing (SLB)”...
Page 784: Configuring And Deleting Slb Clusters
Configuring Server Load Balancing on a Switch Configuring Server Load Balancing Configuring and Deleting SLB Clusters The following subsections describe how to configure and delete SLB clusters with the ip slb cluster command. Note. In the current release you can configure up to 16 SLB clusters on an OmniSwitch 6850/9000 switch. Configuring an SLB Cluster with a VIP Address To configure an SLB cluster that uses VIP classification to bridge or route client requests to the cluster servers, use the...
Page 785: Automatic Configuration Of Slb Policy Rules
Configuring Server Load Balancing Configuring Server Load Balancing on a Switch The following QoS policy conditions are supported individually and in combination with each other when used to configure SLB condition clusters: QoS Policy Condition Keywords source vlan ethertype source port dscp protocol destination port...
Page 786: Deleting An Slb Cluster
Configuring Server Load Balancing on a Switch Configuring Server Load Balancing Deleting an SLB Cluster To delete an SLB cluster, use the no form of the ip slb reset statistics command by entering no ip slb cluster followed by the name of the cluster. For example, to delete an SLB called “Web_Server”, you would enter: ->...
Page 787: Modifying Optional Parameters
As shown in the table on page 34-3, Alcatel-Lucent’s SLB software is preconfigured with default values for the SLB cluster’s distribution algorithm, “sticky” time, ping timeout, ping period, and ping retries. The following subsections describe how to modify these parameters.
Page 788: Modifying The Ping Retries
Modifying Optional Parameters Configuring Server Load Balancing Modifying the Ping Retries The default number of ping retries is 3. You can modify this value from 0 to 255 with the ip slb cluster ping retries command by entering ip slb cluster, the name of the SLB cluster, ping retries, and the user- specified number of ping retries.
Page 789: Taking Clusters And Servers On/Off Line
Configuring Server Load Balancing Taking Clusters and Servers On/Off Line Taking Clusters and Servers On/Off Line Alcatel-Lucent’s Server Load Balancing (SLB) show commands provide tools to monitor traffic and trou- bleshoot problems. These commands are described in “Displaying Server Load Balancing Status and Statistics”...
Page 790: Taking A Server Off Line
Taking Clusters and Servers On/Off Line Configuring Server Load Balancing Taking a Server Off Line You can administratively disable a server in an SLB cluster and take it off line with the ip slb server ip cluster command by entering ip slb server, the IP address of the server you want to disable in dotted deci- mal format, cluster, the name of the SLB cluster to which the server belongs, and admin status disable.
Page 791: Configuring Slb Probes
Configuring Server Load Balancing Configuring SLB Probes Configuring SLB Probes Server Load Balancing (SLB) probes allow you to check the health of logical clusters and physical serv- ers. Supported features include: • Support for server health monitoring using Ethernet link state detection •...
Page 792: Associating A Probe With A Server
Configuring SLB Probes Configuring Server Load Balancing Associating a Probe with a Server To associate an existing SLB probe with a server use the ip slb server ip cluster probe command by entering ip slb server ip followed by IP address of the server, cluster, the user-configured cluster name, probe, and the user-configured probe name.
Page 793: Modifying The Probe Retries
Configuring Server Load Balancing Configuring SLB Probes Modifying the Probe Retries By default, the number of SLB probe retries before deciding that a server is out of service is 3. To modify this value from 0 to 255 use the ip slb probe retries command by entering ip slb probe followed by the user-configured probe name, the probe type, retries, and the user-specified number of retries.
Page 794: Configuring A Probe Send
Configuring SLB Probes Configuring Server Load Balancing Configuring a Probe Send To configure an ASCII string sent to a server to invoke a response from it and to verify its health use the ip slb probe send command by entering ip slb probe followed by the user-configured probe name, the valid probe type (udp or tcp), send, and the user-specified ASCII string.
Page 795: Displaying Server Load Balancing Status And Statistics
Configuring Server Load Balancing Displaying Server Load Balancing Status and Statistics Displaying Server Load Balancing Status and Statistics You can use CLI show commands to display the current configuration and statistics of Server Load Balancing on a switch. These commands include the following: show ip slb Displays the status of server load balancing on a switch.
Page 796 Displaying Server Load Balancing Status and Statistics Configuring Server Load Balancing The show ip slb cluster server command provides detailed configuration information and statistics for individual SLB servers. To use the show ip slb cluster server command, enter the command, the name of the SLB cluster that the server belongs to, server, and the IP address of the server.
Page 797 Configuring Server Load Balancing Displaying Server Load Balancing Status and Statistics Note. See the “Server Load Balancing Commands” chapter in the OmniSwitch CLI Reference Guide for complete syntax information on SLB show commands. OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 34-37...
Page 798 Displaying Server Load Balancing Status and Statistics Configuring Server Load Balancing page 34-38 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 799: In This Chapter
35 Diagnosing Switch Problems Several tools are available for diagnosing problems that may occur with the switch. These tools include: • Port Mirroring • Port Monitoring • sFlow (not supported on the OmniSwitch 6800) • Remote Monitoring (RMON) probes • Switch Health Monitoring Port mirroring copies all incoming and outgoing traffic from a single mirrored Ethernet port to a second mirroring Ethernet port, where it can be monitored with a Remote Network Monitoring (RMON) probe or...
Page 800 In This Chapter Diagnosing Switch Problems • Disabling a Port Monitoring Session—see “Disabling a Port Monitoring Session” on page 35-25. • Deleting a Port Monitoring Session—see “Deleting a Port Monitoring Session” on page 35-25. • Pausing a Port Monitoring Session—see “Pausing a Port Monitoring Session”...
Page 801: Port Mirroring Overview
Diagnosing Switch Problems Port Mirroring Overview Port Mirroring Overview The following sections detail the specifications, defaults, and quick set up steps for the port mirroring feature. Detailed procedures are found in “Port Mirroring” on page 35-14. Port Mirroring Specifications Ports Supported Ethernet (10 Mbps)/Fast Ethernet (100 Mbps)/ Gigabit Ethernet (1 Gb/1000 Mbps)/10 Gigabit Ethernet (10 Gb/10000 Mbps).
Page 802: Quick Steps For Configuring Port Mirroring
Port Mirroring Overview Diagnosing Switch Problems Quick Steps for Configuring Port Mirroring Create a port mirroring session. Be sure to specify the port mirroring session ID, source (mirrored) and destination (mirroring) slot/ports, and unblocked VLAN ID (optional—protects the mirroring session from changes in Spanning Tree if the mirroring port will monitor mirrored traffic on an RMON probe belonging to a different VLAN).
Page 803: Port Monitoring Overview
Diagnosing Switch Problems Port Monitoring Overview Port Monitoring Overview The following sections detail the specifications, defaults, and quick set up steps for the port mirroring feature. Detailed procedures are found in “Port Monitoring” on page 35-24. Port Monitoring Specifications Ports Supported Ethernet (10 Mbps)/Fast Ethernet (100 Mbps)/ Gigabit Ethernet (1 Gb/1000 Mbps)/10 Gigabit Ethernet (10 Gb/10000 Mbps).
Page 804: Quick Steps For Configuring Port Monitoring
Port Monitoring Overview Diagnosing Switch Problems Quick Steps for Configuring Port Monitoring To create a port monitoring session, use the port monitoring source command by entering port monitoring, followed by the port monitoring session ID, source, and the slot and port number of the port to be monitored.
Page 805: Sflow Overview
Diagnosing Switch Problems sFlow Overview sFlow Overview The following sections detail the specifications, defaults, and quick set up steps for the sFlow feature. Detailed procedures are found in “sFlow” on page 35-29. Note. sFlow is only supported on the OmniSwitch 6850 and OmniSwitch 9000 for this release. sFlow Specifications RFCs Supported 3176 - sFlow...
Page 806: Quick Steps For Configuring Sflow
sFlow Overview Diagnosing Switch Problems Quick Steps for Configuring sFlow Follow the steps below to create a sFlow receiver session. To create a sFlow receiver session, use the sflow receiver command by entering sflow receiver, followed by the receiver index, name, and the address to be monitored. For example: ->...
Page 807 Diagnosing Switch Problems sFlow Overview For more information about this command, see “sFlow” on page 35-29 or the “sFlow Commands” chapter in the OmniSwitch CLI Reference Guide. Follow the steps below to create a sFlow poller session. To create a sFlow poller session, use the sflow poller command by entering sflow poller, followed by the instance ID, port list, receiver, and the interval.
Page 808: Remote Monitoring (Rmon) Overview
Remote Monitoring (RMON) Overview Diagnosing Switch Problems Remote Monitoring (RMON) Overview The following sections detail the specifications, defaults, and quick set up steps for the RMON feature. Detailed procedures are found in “Remote Monitoring (RMON)” on page 35-34. RMON Specifications RFCs Supported 2819 - Remote Network Monitoring Management Information Base...
Page 809: Rmon Probe Defaults
Diagnosing Switch Problems Remote Monitoring (RMON) Overview RMON Probe Defaults The following table shows Remote Network Monitoring default values. Global RMON Probe Defaults Parameter Description CLI Command Default Value/Comments RMON Probe Configuration rmon probes No RMON probes configured. Quick Steps for Enabling/Disabling RMON Probes Enable an inactive (or disable an active) RMON probe, where necessary.
Page 810: Switch Health Overview
Switch Health Overview Diagnosing Switch Problems Switch Health Overview The following sections detail the specifications, defaults, and quick set up steps for the switch health feature. Detailed procedures are found in “Monitoring Switch Health” on page 35-41. Switch Health Specifications Health Functionality Supported –Switch level CPU Utilization Statistics (percentage);...
Page 811: Switch Health Defaults
Diagnosing Switch Problems Switch Health Overview Switch Health Defaults The following table shows Switch Health default values. Global Switch Health Defaults Parameter Description CLI Command Default Value/Comments Resource Threshold Limit Configuration health threshold 80 percent Sampling Interval Configuration health interval 5 seconds Switch Temperature health threshold...
Page 812: Port Mirroring
Port Mirroring Diagnosing Switch Problems Port Mirroring On OmniSwitch 9000 switches, you can set up port mirroring between Ethernet ports within the same switch chassis, while on OmniSwitch 6800 and 6850 switches, you can set up port mirroring across switches within a stack. Ethernet ports supporting port mirroring include 10BaseT/100BaseTX/1000BaseT (RJ-45), 1000BaseSX/LX/LH, and 10GBaseS/L (LC) connectors.
Page 813: What Happens To The Mirroring Port
Diagnosing Switch Problems Port Mirroring Note that when port mirroring is enabled, there may be some performance degradation, since all frames received and transmitted by the mirrored port need to be copied and sent to the mirroring port. Workstation Mirrored (Active) Port (w/ Incoming &...
Page 814 Port Mirroring Diagnosing Switch Problems The diagram on the following page illustrates how port mirroring can be used with an external RMON probe to copy RMON probe frames and Management frames to and from the mirroring and mirrored ports. Frames received from an RMON probe attached to the mirroring port can be seen as being received by the mirrored port.
Page 815: Remote Port Mirroring
Diagnosing Switch Problems Port Mirroring Remote Port Mirroring Remote Port Mirroring expands the port mirroring functionality by allowing mirrored traffic to be carried over the network to a remote switch. With Remote Port Mirroring the traffic is carried over the network using a dedicated Remote Port Mirroring VLAN, no other traffic is allowed on this VLAN.
Page 816: Application Example
Application Example Diagnosing Switch Problems Application Example In this section, the steps to configure Remote Port Mirroring between Source, Intermediate and Destina- tion switches are shown. The following diagram shows an example of a Remote Port Mirroring Configuration. Destination switch Intermediate switch Local MTP...
Page 817 Diagnosing Switch Problems Application Example Enter the following QoS commands to override source learning: -> policy condition c_is1 source vlan 1000 -> policy action a_is1 redirect port 2/2 -> policy rule r_is1 condition c_is1 action a_is1 -> qos apply Note. If the intermediate switches are not OmniSwitches, refer to the vendor's documentation for instruc- tions on disabling or overriding source learning.
Page 818: Creating A Mirroring Session
Application Example Diagnosing Switch Problems Creating a Mirroring Session Before port mirroring can be used, it is necessary to create a port mirroring session. The port mirroring source destination CLI command can be used to create a mirroring session between a mirrored (active) port and a mirroring port.
Page 819: Unblocking Ports (Protection From Spanning Tree)
Diagnosing Switch Problems Application Example -> port mirroring 1 source 1/2-6 1/9 2/7 3/5 destination 2/4 Note. Ports can be added after a port mirroring session has been configured. Unblocking Ports (Protection from Spanning Tree) If the mirroring port monitors mirrored traffic on an RMON probe belonging to a different VLAN than the mirrored port, it should be protected from blocking due to Spanning Tree updates.
Page 820: Configuring Port Mirroring Direction
Application Example Diagnosing Switch Problems Note. You can modify the parameters of a port mirroring session that has been disabled. Keep in mind that the port mirroring session configuration remains valid, even though port mirroring has been turned off. Note that the port mirroring session identifier and slot/port locations of the designated interfaces must always be specified.
Page 821: Displaying Port Mirroring Status
Diagnosing Switch Problems Application Example To enable a port mirroring session, enter the port mirroring command, followed by the port mirroring session ID number and the keyword enable. The following command enables port mirroring session 6 (turning port mirroring on): ->...
Page 822: Port Monitoring
Port Monitoring Diagnosing Switch Problems Port Monitoring An essential tool of the network engineer is a network packet capture device. A packet capture device is ® usually a PC-based computer, such as the Sniffer , that provides a means for understanding and measur- ing data traffic of a network.
Page 823: Configuring A Port Monitoring Session
Diagnosing Switch Problems Port Monitoring Configuring a Port Monitoring Session To configure a port monitoring session, use the port monitoring source command by entering port monitoring, followed by the user-specified session ID number, source, the slot number of the port to be monitored, a slash (/), and the port number of the port.
Page 824: Pausing A Port Monitoring Session
Port Monitoring Diagnosing Switch Problems Pausing a Port Monitoring Session To pause a port monitoring session, use the port monitoring command by entering port monitoring, followed by the port monitoring session ID and pause. For example, to pause port monitoring session 6, enter: ->...
Page 825: Suppressing Port Monitoring File Creation
Diagnosing Switch Problems Port Monitoring To prevent more recent packets from overwriting older packets in the data file, if the file size is exceeded, use the port monitoring source CLI command by entering port monitoring, followed by the user-speci- fied session ID number, source, the slot number of the port to be monitored, a slash (/), the port number of the port, file, the name of the file, and overwrite off.
Page 826: Displaying Port Monitoring Status And Data
Port Monitoring Diagnosing Switch Problems Displaying Port Monitoring Status and Data A summary of the show commands used for displaying port monitoring status and port monitoring data is given here: show port monitoring status Displays port monitoring status. show port monitoring file Displays port monitoring data.
Page 827: Sflow
Diagnosing Switch Problems sFlow sFlow sFlow is a network monitoring technology that gives visibility in to the activity of the network, by provid- ing network usage information. It provides the data required to effectively control and manage the network usage. sFlow is a sampling technology that meets the requirements for a network traffic monitoring solu- tion.
Page 828: Sampler
sFlow Diagnosing Switch Problems Sampler The sampler is the module which gets hardware sampled from Q-Dispatcher and fills up the sampler part of the UDP datagram. Poller The poller is the module which gets counter samples from Ethernet driver and fills up the counter part of the UDP datagram.
Page 829: Configuring A Fixed Primary Address
Diagnosing Switch Problems sFlow To configure a sFlow poller session, use the sflow poller command by entering sflow poller, followed by the instance ID number, the slot number of the port to be monitored, a slash (/), and the port number of the port and receiver, the receiver_index.
Page 830: Displaying A Sflow Sampler
sFlow Diagnosing Switch Problems Displaying a sFlow Sampler show sflow sampler command is used to display the sampler table. For example, to view the sFlow sampler table, enter the show sflow sampler command without specify- ing any additional parameters. A screen similar to the following example will be displayed, as shown below: ->...
Page 831: Deleting A Sflow Session
Diagnosing Switch Problems sFlow Agent Version = 1.3; Alcatel-Lucent; 6.1.1 Agent IP = 127.0.0.1 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. Deleting a sFlow Session To delete a sFlow receiver session, use the release form at the end of the...
Page 832: Remote Monitoring (Rmon)
Remote Monitoring (RMON) Diagnosing Switch Problems Remote Monitoring (RMON) Remote Network Monitoring (RMON) is an SNMP protocol used to manage networks remotely. RMON probes can be used to collect, interpret, and forward statistical data about network traffic from designated active ports in a LAN segment to an NMS (Network Management System) application for monitoring and analysis without negatively impacting network performance.
Page 833: Ethernet Statistics
Diagnosing Switch Problems Remote Monitoring (RMON) RMON probes can be enabled or disabled via CLI commands. Configuration of Alarm threshold values for RMON traps is a function reserved for RMON-monitoring NMS stations. This feature supports basic RMON 4 group implementation in compliance with RFC 2819, including the Ethernet Statistics, History (Control &...
Page 834: Enabling Or Disabling Rmon Probes
Remote Monitoring (RMON) Diagnosing Switch Problems Enabling or Disabling RMON Probes To enable or disable an individual RMON probe, enter the rmon probes CLI command. Be sure to spec- ify the type of probe (stats/history/alarm), followed by the entry number (optional), as shown in the following examples.
Page 835: Displaying Rmon Tables
Diagnosing Switch Problems Remote Monitoring (RMON) Displaying RMON Tables Two separate commands can be used to retrieve and view Remote Monitoring data: show rmon probes show rmon events. The retrieved statistics appear in a table format (a collection of related data that meets the criteria specified in the command you entered).
Page 836: Displaying Statistics For A Particular Rmon Probe
Remote Monitoring (RMON) Diagnosing Switch Problems Displaying Statistics for a Particular RMON Probe To view statistics for a particular current RMON probe, enter the show rmon probes command, specifying an entry number for a particular probe, such as: -> show rmon probes 4005 A display showing statistics for the specified RMON probe will appear, as shown in the following sections.
Page 837: Sample Display For History Probe
Diagnosing Switch Problems Remote Monitoring (RMON) Sample Display for History Probe The display shown here identifies RMON Probe 10325’s Owner description and interface location (Analyzer-p:128.251.18.166 on slot 1, port 35), the total number of History Control Buckets (samples) requested and granted (2), along with the time interval for each sample (30 seconds) and system-gener- ated Sample Index ID number (5859).
Page 838: Displaying A List Of Rmon Events
Remote Monitoring (RMON) Diagnosing Switch Problems Displaying a List of RMON Events RMON Events are actions that occur based on Alarm conditions detected by an RMON probe. To view a list of logged RMON Events, enter the show rmon events command without specifying an entry number for a particular probe, such as: ->...
Page 839: Monitoring Switch Health
Diagnosing Switch Problems Monitoring Switch Health Monitoring Switch Health To monitor resource availability, the NMS (Network Management System) needs to collect significant amounts of data from each switch. As the number of ports per switch (and the number of switches) increases, the volume of data can become overwhelming.
Page 840 Monitoring Switch Health Diagnosing Switch Problems The following sections include a discussion of CLI commands that can be used to configure resource parameters and monitor or reset statistics for switch resources. These commands include: • health threshold—Configures threshold limits for input traffic (RX), output/input traffic (TX/RX), memory usage, CPU usage, and chassis temperature.
Page 841: Configuring Resource And Temperature Thresholds
Diagnosing Switch Problems Monitoring Switch Health Configuring Resource and Temperature Thresholds Health Monitoring software monitors threshold levels for the switch’s consumable resources—bandwidth, RAM memory, and CPU capacity—as well as the ambient chassis temperature. When a threshold is exceeded, the Health Monitoring feature sends a trap to the Network Management Station (NMS). A trap is an alarm alerting the user to specific network events.
Page 842: Displaying Health Threshold Limits
Monitoring Switch Health Diagnosing Switch Problems Displaying Health Threshold Limits show health threshold command is used to view all current health thresholds on the switch, as well as individual thresholds for input traffic (RX), output/input traffic (TX/RX), memory usage, CPU usage, and chassis temperature.
Page 843: Configuring Sampling Intervals
Diagnosing Switch Problems Monitoring Switch Health Configuring Sampling Intervals The sampling interval is the period of time between polls of the switch’s consumable resources to moni- tor performance vis-a-vis previously specified thresholds. The health interval command can be used to configure the sampling interval between health statistics checks.
Page 844: Viewing Health Statistics For The Switch
Monitoring Switch Health Diagnosing Switch Problems Viewing Health Statistics for the Switch show health command can be used to display health statistics for the switch. To display health statistics, enter the show health command, followed by the slot/port location and optional statistics keyword.
Page 845: Viewing Health Statistics For A Specific Interface
Diagnosing Switch Problems Monitoring Switch Health Viewing Health Statistics for a Specific Interface To view health statistics for slot 4/port 3, enter the show health command, followed by the appropriate slot and port numbers. A screen similar to the following example will be displayed, as shown below: ->...
Page 846 Monitoring Switch Health Diagnosing Switch Problems page 35-48 OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008...
Page 847: Chapter 36 Using Switch Logging
“Displaying Switch Logging Records” on page 36-12 Notes. Switch logging commands are not intended for use with low-level hardware and software debugging. It is strongly recommended that you contact an Alcatel-Lucent Customer Service representa- tive for assistance with debugging functions.
Page 848: Switch Logging Specifications
Switch Logging Specifications Using Switch Logging Switch Logging Specifications Functionality Supported High-level event logging mechanism that for- wards requests from applications to enabled logging devices. Functionality Not Supported Not intended for debugging individual hardware applications. Logging Devices Flash Memory/Console/IP Address Application ID Levels Supported IDLE (255), DIAG (0), IPC-DIAG (1), QDRIVER (2), QDISPATCHER (3), IPC-LINK...
Page 849: Switch Logging Defaults
Using Switch Logging Switch Logging Defaults Switch Logging Defaults The following table shows switch logging default values. Global Switch Logging Defaults Parameter Description CLI Command Default Value/Comments Enabling/Disabling switch logging swlog Enabled Switch logging severity level swlog appid level Default severity level is info. The numeric equivalent for info is 6 Enabling/Disabling switch logging swlog output...
Page 850: Quick Steps For Configuring Switch Logging
Quick Steps for Configuring Switch Logging Using Switch Logging Quick Steps for Configuring Switch Logging Enable switch logging by using the following command: -> swlog Specify the ID of the application to be logged along with the logging severity level. ->...
Page 851: Switch Logging Overview
Using Switch Logging Switch Logging Overview Switch Logging Overview Switch logging uses a formatted string mechanism to process log requests from switch applications. When a log request is received, switch logging compares the severity level included with the request to the sever- ity level stored for the application ID.
Page 852: Switch Logging Commands Overview
Switch Logging Commands Overview Using Switch Logging Switch Logging Commands Overview This section describes the switch logging CLI commands, for enabling or disabling switch logging, displaying the current status of the switch logging feature, and displaying stored log information. Enabling Switch Logging swlog command initializes and enables switch logging, while no swlog...
Page 853 Using Switch Logging Switch Logging Commands Overview Numeric CLI Keyword Application ID Equivalent APPID_SPANNINGTREE LINKAGG APPID_LINKAGGREGATION APPID_QOS RSVP APPID_RSVP APPID_IP IPMS APPID_IPMS AMAP APPID_XMAP GMAP APPID_GMAP APPID_AAA IPC-MON APPID_IPC_MON IP-HELPER APPID_BOOTP_RELAY APPID_MIRRORING_MONITORING MODULE APPID_L3HRE APPID_SLB EIPC APPID_EIPC CHASSIS APPID_CHASSISUPER PORT-MGR APPID_PORT_MANAGER CONFIG APPID_CONFIGMANAGER...
Page 854: Specifying The Severity Level
Switch Logging Commands Overview Using Switch Logging Numeric CLI Keyword Application ID Equivalent EPILOGUE APPID_EPILOGUE LDAP APPID_LDAP NOSNMP APPID_NOSNMP APPID_SSL DBGGW APPID_DBGGW LANPOWER APPID_LANPOWER The level keyword assigns the error-type severity level to the specified application IDs. Values range from 2 (highest severity) to 9 (lowest severity).
Page 855: Removing The Severity Level
Using Switch Logging Switch Logging Commands Overview Removing the Severity Level To remove the switch logging severity level, enter the no swlog appid level command, including the application ID and severity level values. The following is a typical example: -> no swlog appid 75 level 5 Or, alternatively, as: ->...
Page 856: Disabling An Ip Address From Receiving Switch Logging Output
Switch Logging Commands Overview Using Switch Logging Disabling an IP Address from Receiving Switch Logging Output To disable all configured output IP addresses from receiving switch logging output, enter the following command: -> no swlog output socket No confirmation message will appear on the screen. To disable a specific configured output IP address from receiving switch logging output, use the same command as above but specify an IPv4 or IPv6 address.
Page 857: Configuring The Switch Logging File Size
Using Switch Logging Switch Logging Commands Overview Configuring the Switch Logging File Size By default, the size of the switch logging file is 128000 bytes. To configure the size of the switch logging file, use the swlog output flash file-size command.
Page 858: Displaying Switch Logging Records
Switch Logging Commands Overview Using Switch Logging Displaying Switch Logging Records show log swlog command can produce a display showing all the switch logging information or you can display information according to session, timestamp, application ID, or severity level. For details, refer to the OmniSwitch CLI Reference Guide.
Page 859: In This Chapter
37 Configuring Ethernet Ports The Ethernet software is responsible for a variety of functions that support Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet ports on OmniSwitch 6800, 6850, and 9000 switches. These functions include diagnostics, software loading, initialization, configuration of line parameters, gathering statistics, and responding to administrative requests from SNMP or CLI.
Page 860: Ethernet Specifications
Ethernet Specifications Configuring Ethernet Ports Ethernet Specifications IEEE Standards Supported 802.3 Carrier Sense Multiple Access with Collision Detection (CSMA/CD) 802.3u (100BaseTX) 802.3ab (1000BaseT) 802.3z (1000Base-X) 802.3ae (10GBase-X) Ports Supported Ethernet (10 Mbps) Fast Ethernet (100 Mbps) Gigabit Ethernet (1 Gb/1000 Mbps) 10 Gigabit Ethernet (10 Gb/10000 Mbps) Switching/Routing Support Layer 2 Switching/Layer 3 Routing...
Page 861: Non-Combo Port Defaults
Auto for all copper ports; MDI for all fiber ports (not config- urable on fiber ports) Combo Ethernet Port Defaults The following table shows combo Ethernet port default values for OmniSwitch 6800 Series switches only: Parameter Description Command Default Value/Comments...
Page 862: Ethernet Ports Overview
45 and the fiber port 45, the fiber SFP link will be the active one. If the SFP link goes down then the copper port will automatically become active. No user intervention is required. Note. See “Valid Port Settings on OmniSwitch 6800 Series Switches” on page 37-5 “Valid Port Settings on OmniSwitch 6850 Series Switches” on page 37-5 for more information on combo ports.
Page 863: Valid Port Settings On Omniswitch 6800 Series Switches
10000 full (ports 49–50) See the OmniSwitch 6800 Series Hardware Users Guide for more information about the OmniSwitch 6800 hardware that is supported in the current release. Valid Port Settings on OmniSwitch 6850 Series Switches This table below lists valid speed, duplex, and autonegotiation settings for the different OmniSwitch 6850 Series port types.
Page 864: Valid Port Settings On Omniswitch 9000 Series Switches
Ethernet Ports Overview Configuring Ethernet Ports Chassis Type Port Type User-Specified User-Specified Auto (Port Nos.) Port Speed Duplex Negotiation (Mbps) Supported Supported? Supported OmniSwitch 6850-48 Fiber XFP 10000 full (ports 49–50) OmniSwitch 6850- Fiber SFP 1000 full U24X (ports 1–22) OmniSwitch 6850- Combo copper RJ-45/ RJ-45: auto/10/...
Page 865: Crossover Supported
Configuring Ethernet Ports Ethernet Ports Overview See the OmniSwitch 9000 Hardware Users Guide for more information about the OmniSwitch 9000 hardware that is available in the current release. 10/100/1000 Crossover Supported By default, automatic crossover between MDI/MDIX (Media Dependent Interface/Media Dependent Interface with Crossover) media is supported on OmniSwitch 9000 10/100/1000 ports.
Page 866: Setting Ethernet Parameters For All Port Types
Setting Ethernet Parameters for All Port Types Configuring Ethernet Ports Setting Ethernet Parameters for All Port Types The following sections describe how to configure Ethernet port parameters using CLI commands that can be used on all port types. See “Setting Ethernet Parameters for Non-Combo Ports” on page 37-14 information on configuring non-combo ports and see “Setting Combo Ethernet Port Parameters on OmniSwitch 6800 and 6850 Switches”...
Page 867: Resetting Statistics Counters
Configuring Ethernet Ports Setting Ethernet Parameters for All Port Types Resetting Statistics Counters interfaces no l2 statistics command is used to reset all Layer 2 statistics counters on a specific port, a range of ports, or all ports on a switch (slot). To reset Layer 2 statistics on an entire slot, enter interfaces followed by the slot number and no l2 statistics.
Page 868: Configuring Flood Rate Limiting
Setting Ethernet Parameters for All Port Types Configuring Ethernet Ports As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet before the slot number. For example, to administratively disable port 3 on slot 2 and document the port as Gigabit Ethernet, enter: ->...
Page 869: Multicast Flood Rate Limiting
• Although you can configure a flood rate equal to the line speed you should not do so. Alcatel-Lucent recommends that you always configure the flood rate to be less than the line speed.
Page 870: Configuring A Port Alias
Setting Ethernet Parameters for All Port Types Configuring Ethernet Ports By default the following peak flood rate values are used for limiting the rate at which traffic is flooded on a switch port: parameter default Mbps (10 Ethernet) Mbps (100 Fast Ethernet) Mbps (Gigabit Ethernet) Mbps (10 Gigabit Ethernet) To change the peak flood rate for an entire slot, enter interfaces followed by the slot number, flood rate,...
Page 871: Configuring Maximum Frame Sizes
Configuring Ethernet Ports Setting Ethernet Parameters for All Port Types As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet before the slot number. For example, to configure an alias of “ip_phone1” for port 3 on slot 2 and docu- ment the port as Gigabit Ethernet, enter: ->...
Page 872: Setting Ethernet Parameters For Non-Combo Ports
Configuring Ethernet Ports Setting Ethernet Parameters for Non-Combo Ports The following sections describe how to use CLI commands to configure non-combo ports. (See the tables “Valid Port Settings on OmniSwitch 6800 Series Switches” on page 37-5, “Valid Port Settings on OmniSwitch 6850 Series Switches”...
Page 873: Configuring Duplex Mode
Configuring Ethernet Ports Setting Ethernet Parameters for Non-Combo Ports As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet before the slot number. For example, to configure the line speed on slot 2 port 3 at 100 Mbps and docu- ment the interface type as Gigabit Ethernet, enter: ->...
Page 874: Configuring Autonegotiation And Crossover Settings
Setting Ethernet Parameters for Non-Combo Ports Configuring Ethernet Ports To configure the inter-frame gap on an entire slot, enter interfaces, followed by the slot number, ifg, and the desired inter-frame gap value. For example, to set the inter-frame gap value on slot 2 to 10 bytes, enter: ->...
Page 875: Configuring Crossover Settings
Configuring Ethernet Ports Setting Ethernet Parameters for Non-Combo Ports As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet before the slot number. For example, to enable autonegotiation on port 3 on slot 2 and document the port as Ethernet, enter: ->...
Page 876: Setting Combo Ethernet Port Parameters On Omniswitch 6800 And 6850 Switches
Setting the Combo Port Type and Mode By default, all combo ports on OmniSwitch 6800 Series and OmniSwitch 6850 Series switches are set to preferred fiber. The following subsections describe how to set a single combo port, a range of combo ports, or all combo ports on an entire switch to forced fiber (see “Setting Combo Ports to Forced Fiber”...
Page 877: Setting Combo Ports To Preferred Copper
Configuring Ethernet Ports Setting Combo Ethernet Port Parameters on OmniSwitch 6800 and 6850 Switches Setting Combo Ports to Preferred Copper In preferred copper mode, combo ports will use the copper RJ-45 10/100/1000 port instead of the fiber SFP connector, if both ports are enabled and have a valid link. If the copper port goes down, then the switch will automatically switch to the fiber SFP connector.
Page 878: Setting Combo Ports To Preferred Fiber
(Available settings for this command depend on the available line speeds of your hardware interface. “Valid Port Settings on OmniSwitch 6800 Series Switches” on page 37-5 “Valid Port Settings on OmniSwitch 6850 Series Switches” on page 37-5 more information.)
Page 879: Configuring Duplex Mode For Combo Ports
In half duplex mode, the interface can only transmit or receive data at a given time. (Available settings for this command depend on the available line speeds of your hardware interface. See “Valid Port Settings on OmniSwitch 6800 Series Switches” on page 37-5 “Valid Port Settings on OmniSwitch 6850 Series Switches”...
Page 880: Configuring Autonegotiation And Crossover For Combo Ports
Setting Combo Ethernet Port Parameters on OmniSwitch 6800 and 6850 Switches Configuring Ethernet Ports copper, duplex, and the desired duplex setting (auto, full, or half). For example, to set the duplex mode on fiber combo ports 45 through 48 on slot 2 to full, enter: ->...
Page 881: Configuring Crossover Settings For Combo Ports
Configuring Ethernet Ports Setting Combo Ethernet Port Parameters on OmniSwitch 6800 and 6850 Switches Note. Please refer to “Autonegotiation Guidelines” on page 37-7 for guidelines on configuring autonegoti- ation. Configuring Crossover Settings for Combo Ports To configure crossover settings on a single combo port, a range of combo ports, or all combo ports in an entire slot, use the interfaces hybrid crossover command.
Page 882: Combo Port Application Example
Configuring Ethernet Ports Combo Port Application Example The figure below shows a sample application example for using OmniSwitch 6800 Series combo ports. Workstations A and B are connected with 100 Mbps links to copper combo ports 1/45 and 1/46, respec- tively.
Page 883 Configuring Ethernet Ports Combo Port Application Example Verify that combo ports 1/47 and 1/48 are set to the default setting of preferred fiber (which will make the SFP connectors 1/47 and 1/48 the primary connections while copper combo ports 1/47 and 1/48 will only become active if the equivalent SFP connectors go down) with the show interfaces status command...
Page 884: Verifying Ethernet Port Configuration
Verifying Ethernet Port Configuration Configuring Ethernet Ports Verifying Ethernet Port Configuration To display information about Ethernet port configuration settings, use the show commands listed in the following table: show interfaces flow control Displays interface flow control wait time settings in nanoseconds. show interfaces Displays general interface information, such as hardware, MAC address, input and output errors.
Page 885: Chapter 38 Configuring Udld
38 Configuring UDLD UniDirectional Link Detection (UDLD) is a protocol for detecting and disabling unidirectional Ethernet fiber or copper links caused by mis-wiring of fiber strands, interface malfunctions, media converter faults, etc. The UDLD operates at Layer 2 in conjunction with IEEE 802.3's existing Layer 1 fault detection mechanisms.
Page 886: Udld Specifications
UDLD Specifications Configuring UDLD UDLD Specifications RFCs supported Not applicable at this time IEEE Standards supported Not applicable at this time Probe-message advertisement timer 7 to 90 in seconds Echo-based detection timer 4 to 15 in seconds Maximum neighbors per UDLD port Maximum number of UDLD ports per system UDLD Defaults Parameter Description...
Page 887: Quick Steps For Configuring Udld
Configuring UDLD Quick Steps for Configuring UDLD Quick Steps for Configuring UDLD To enable the UDLD protocol on a switch, use the udld command. For example: -> udld enable To enable the UDLD protocol on a port, use the udld port command by entering udld port, followed by the slot and port number, and enable.
Page 888: Udld Overview
UDLD Overview Configuring UDLD UDLD Overview UDLD is a Layer 2 protocol used to examine the physical configuration connected through fiber-optic or twisted-pair Ethernet cables. UDLD detects and administratively shuts down the affected port, and alerts the user when a unidirectional link exists. Unidirectional links can create hazardous situations such as Spanning-Tree topology loops caused, for instance, by unwiring of fiber strands, interface malfunctions, media converter’s faults, etc.
Page 889: Mechanisms To Detect Unidirectional Links
Configuring UDLD UDLD Overview Mechanisms to Detect Unidirectional Links The UDLD protocol is implemented to correct certain assumptions made by other protocols, and to help the Spanning Tree Protocol to function properly to avoid the creation of dangerous Layer 2 loops. UDLD uses two basic mechanisms: •...
Page 890: Configuring Udld
Configuring UDLD Configuring UDLD Configuring UDLD This section describes how to use Command Line Interface (CLI) commands for enabling and disabling UDLD on a switch or port (see “Enabling and Disabling UDLD” on page 38-6), configuring the opera- tional mode (see “Configuring mode”...
Page 891: Configuring Mode
Configuring UDLD Configuring UDLD Configuring mode To configure the operational mode, use the udld mode command as shown: -> udld mode aggressive For example, to configure the mode for port 4 on slot 2, enter: -> udld port 2/4 mode aggressive To configure the mode for multiple ports, specify a range of ports.
Page 892: Clearing Udld Statistics
Displaying UDLD Information Configuring UDLD -> no udld port 4/6 echo-wait-timer The following command resets the timer for multiple ports: -> no udld port 1/8-21 echo-wait-timer Note that when a timer is reset, the default value of 8 seconds is set. Clearing UDLD Statistics To clear the UDLD statistics, use the clear udld statistics port...
Page 893: In This Chapter
39 Configuring Network Security Network Security (also known as Alcatel-Lucent’s Traffic Anomaly Detection feature) is a network monitoring feature that aims to detect the anomalies in the network by analyzing the patterns of ingress and egress packets on a port. These anomalies occur when the traffic patterns of a port do not meet the expectations.
Page 894: Chapter 39 Configuring Network Security
Network Security Specifications Configuring Network Security Network Security Specifications RFCs supported Not applicable at this time. IEEE Standards supported Not applicable at this time. Maximum number of monitor- ing-groups Time duration to observe traffic 5 to 3600 in seconds pattern Minimum traffic to activate 1 to 100000 anomaly detection...
Page 895: Quick Steps For Configuring Network Security
Configuring Network Security Quick Steps for Configuring Network Security Quick Steps for Configuring Network Security To create a monitoring-group and configure port associations for that group, use the netsec group port command. Enter netsec group followed by group name and port followed by the slot number, a slash(/), and the port number.
Page 896: Network Security Overview
Network Security Overview Configuring Network Security Network Security Overview Network Security detects the anomalies in the network traffic by monitoring the difference in the rate of ingress and egress packets on a port, matching a specific traffic pattern. The Network Security software monitors these packets at configured intervals, counts the packets matching certain patterns, and applies anomaly detection rules.
Page 897: Monitoring Group
Configuring Network Security Network Security Overview Fin Scan Occurs when a host receives a burst of FIN packets. Fin-Ack Diff Occurs when a host sees more or fewer FINACK packets than it sent. Rst Count Occurs when a host receives a flood of RST packets. Monitoring Group A monitoring-group is used by Network Security to configure the anomaly detection on sets of ports.
Page 898: Configuring Network Security
Configuring Network Security Configuring Network Security Configuring Network Security The following subsections describe how to configure Network Security using CLI commands. Creating monitoring-group and associating port range netsec group port command is used to create a monitoring-group and configure the port associations for that group.
Page 899 Configuring Network Security Configuring Network Security anomaly name tcp-port-scan tcp-addr-scan syn-flood syn-failure syn-ack-scan fin-scan fin-ack-diff rst-count To configure the anomaly to be monitored, enter netsec group, the group name, anomaly, the anomaly name, and the optional keywords shown in the table below: Anomaly parameters Description Specifies the status of anomaly detection.
Page 900: Verifying Network Security Information
Configuring Network Security Configuring Network Security Verifying Network Security information To display information about Network Security configuration settings, use the show commands listed in the following table: show netsec summary Displays the anomaly check summary. show netsec traffic Displays the anomaly specific traffic statistics. show netsec statistics Displays the pattern counts on ports.
Page 901: Alcatel-Lucent License Agreement
Licensee further acknowledges and agrees that all rights, title, and interest in and to the Licensed Materials are and shall remain with Alcatel-Lucent and its licen- sors and that no such right, license, or interest shall be asserted with respect to such copyrights and trade- marks.
Page 902 8. Support and Maintenance. Except as may be provided in a separate agreement between Alcatel- Lucent and Licensee, if any, Alcatel-Lucent is under no obligation to maintain or support the copies of the Licensed Files made and distributed hereunder and Alcatel-Lucent has no obligation to furnish Licensee with any further assistance, documentation or information of any nature or kind.
Page 903 Alcatel-Lucent License Agreement Lucent, Licensee agrees to return to Alcatel-Lucent or destroy the Licensed Materials and all copies and portions thereof. 10. Governing Law. This License Agreement shall be construed and governed in accordance with the laws of the State of California.
Page 904: Third Party Licenses And Notices
Alcatel-Lucent for a limited period of time. Alcatel-Lucent will provide a machine-readable copy of the applicable non-proprietary software to any requester for a cost of copying, shipping and handling.
Page 905: C. Linux
Third Party Licenses and Notices C. Linux Linux is written and distributed under the GNU General Public License which means that its source code is freely-distributed and available to the general public. D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
Page 906 Third Party Licenses and Notices verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term “modification”.) Each licensee is addressed as “you”. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope.
Page 907 Third Party Licenses and Notices b Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 908 Third Party Licenses and Notices consistent application of that system; it is up to the author/donor to decide if he or she is willing to distrib- ute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
Page 909 Third Party Licenses and Notices Appendix: How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program.
Page 910: E. University Of California
Third Party Licenses and Notices Material copyright Linux Online Inc. Design and compilation copyright (c)1994-2002 Linux Online Inc. Linux is a registered trademark of Linus Torvalds Tux the Penguin, featured in our logo, was created by Larry Ewing Consult our privacy statement URLWatch provided by URLWatch Services.
Page 911: H. Apptitude, Inc
Licensee, Licensee shall immediately return the EMWEB Product and any back-up copy to Alcatel- Lucent, and will certify to Alcatel-Lucent in writing that all EMWEB Product components and any copies of the software have been returned or erased by the memory of Licensee’s computer or made non-read- able.
Page 912: L. Wind River Systems, Inc
Time Module other than in connection with operation of the product. In addition, please be advised that: (i) the Run-Time Module is licensed, not sold and that Alcatel-Lucent and its licensors retain ownership of all copies of the Run-Time Module; (ii) WIND RIVER DISCLAIMS ALL IMPLIED WARRANTIES,...
Page 913 Index aaa authentication vlan multiple-mode command 14-32 aaa authentication vlan single-mode command 14-32 aaa avlan default dhcp command 14-31 aaa avlan dns command 14-29 aaa avlan http language command 14-8 aaa ldap-server command LDAP authentication 13-27 aaa radius-server command 15-11 RADIUS authentication 13-14, 13-16 qos log lines command...
Page 914 assigning ports to VLANs 11-3 Authenticated Switch Access authenticated VLANs 14-5 LDAP VSAs 13-23 authentication servers 13-4 authenticated VLANs 5-11, 14-1 combo ports 25-24 application example 14-5 Configuring 802.1AB DHCP Relay 10-6 DHCP Relay 10-4, 10-7, 10-8 port mobility 14-28 dynamic link aggregation 5-4, 5-29 removing a user...
Page 915 Bridge Protocol Data Units DVMRP contents dynamic link aggregation bridge slot/port command 8-25 Ethernet OAM bridge slot/port connection command 8-36 Ethernet ports 25-2, 25-3 bridge slot/port path cost command 8-33 interswitch protocols bridge slot/port priority command 8-31 built-in port groups 18-12 IPMS 20-4, 20-5...
Page 916 frame size 25-13 URL for Web browser authentication clients 14-8 full duplex 25-15, 25-21 6-22 half duplex 25-15, 25-21 enabling traps 6-26 multicast traffic 25-11 setting decay value 6-26 specifications 25-2 setting penalty values 6-25 verify information 25-26 Setting Port Scan Penalty Value 6-26 Ethernet OAM DSCP...
Page 917 GVRP interfaces speed command 25-14 application examples inter-frame gap value 25-15 display configuration on specified port 6-13 Internet Control Message Protocol specifications see ICMP gvrp applicant command 6-10 Internet Packet Exchange gvrp enable-vlan-advertisement command 6-12 see IPX gvrp enable-vlan-registration command 6-11 interswitch protocols gvrp maximum vlan command...
Page 918 ip redist command 8-12 deleting static members 20-13, 20-27 ip rip force-holddowntimer command deleting static neighbors 20-12 ip rip garbage-timer command 8-10 deleting static queriers 20-12, 20-26 ip rip holddown-timer command 8-10 displaying 20-39, 20-40 ip rip host-route command 8-11 DVMRP 20-8 ip rip interface auth-key command...
Page 919 ipx route command 12-8 overview IPX router ports 5-12 specifications ipx routing command 12-6 Learned Port Security Configuration ipx timers command 12-9 Application example ipx type-20-propagation command 12-8 Lightweight Directory Access Protocol see LDAP servers line speed 25-14, 25-20 link aggregation jumbo frames 25-2, 25-6 802.1Q...
Page 920 trusted 18-5, 18-28 policies configured via PolicyView 18-56 VLAN rules 13-1 policy for ACLs 19-11 application example 3-14 policy actions 19-10 Internal Spanning Tree (IST) Instance policy conditions 19-9 Interoperability 3-12 policy rule 19-11 Migration 3-12, 3-13 policy action 802.1p command 18-28 MSTI policy action command...
Page 921 enabling or disabling mirroring status 23-21 N-to-1 port mirroring 23-20 specifications 23-3 application examples 18-31, 18-57 unblocking ports 23-21 ASCII-file-only syntax 18-32 port mirroring command 23-23 configuration overview 18-13 port mirroring session defaults 18-10 creating 23-20 enabled/disabled 18-14 deleting 23-23 interaction with other features 18-5 enabling/disabling...
Page 922 standard attributes 13-9 RMON used for 802.1X 15-7 application examples 23-11 VSAs 13-11 defaults 23-11 Rapid Spanning Tree Algorithm and Protocol specifications 23-10 see RSTP RMON events 9-1, 9-5 displaying list 23-40 advertisement destination address displaying specific 23-40 advertisement interval RMON probes advertisement lifetime 9-10...
Page 923 deleting clusters 22-26 show icmp statistics command 6-31 deleting servers 22-26 show ip config command 6-16, 6-22 disabling 8-40, 22-23 show ip interface command disabling clusters 22-29 show ip redist command 8-16 disabling servers 22-30 show ip rip command displaying 22-35 show ip rip interface command enabling...
Page 924 bridged ports 8-27 switch health 23-12 designated bridge switch logging 24-2 flat operating mode 5-10, 8-12, 8-13 UDLD 26-2 path cost 8-32 VLAN rules 13-2 port connection types 8-36 12-5 Port ID port ID 8-31 for LDAP authentication servers 13-28 port path cost policy servers 17-6...
Page 925 VLAN advertisements application examples TCN BPDU vlan authentication command 15-4 see Topology Change Notification BPDU vlan authentication command 5-11 configuring authenticated VLANs 14-26 statistics 6-32 vlan binding mac-ip-port command 13-13 Telnet vlan binding mac-port command 13-14 authentication client 14-7 vlan binding port-protocol command 13-14 Timers vlan command...
Page 926 vlan svlan command 7-26, 8-17 vlan svlan port accept-frame-type command 7-28 warnings 24-8 vlan svlan port bpdu-treatment command 7-28 Web browser vlan svlan port command 7-27 authentication client 14-7 vlan svlan port legacy-bpdu command 7-28 installing files for Mac OS authentication 14-9 vlan svlan port lookup-miss command 7-28...

This manual is also suitable for:

Omniswitch 6850 series Omniswitch 9000 series

Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

About this Guide

Managing Source Learning

Chapter 2 Managing Source Learning

Chapter 8 Configuring Spanning Tree Parameters

Chapter 3 Using 802.1Q 2005 Multiple Spanning Tree

Configuring Learned Port Security

Chapter 4 Configuring Learned Port Security

Chapter 5 Configuring Vlans

Configuring Vlans

Chapter 1 Configuring 802.1AB

Chapter 6 Configuring GVRP

Configuring GVRP

Chapter 7 Configuring VLAN Stacking

Configuring Spanning Tree Parameters

Chapter 9 Configuring Ethernet OAM

Configuring MAC Retention

Chapter 10 Configuring MAC Retention

Chapter 11 Assigning Ports to Vlans

Chapter 35 Diagnosing Switch Problems

Chapter 12 Configuring Port Mapping

Chapter 13 12 Defining VLAN Rules

Quick Links

Related Manuals for Alcatel-Lucent OmniSwitch 6800 Series

Summary of Contents for Alcatel-Lucent OmniSwitch 6800 Series