Download Print this page

Alcatel OmniSwitch 6600 Family Network Configuration Manual

Alcatel OmniSwitch 6600 Family Network Configuration Manual

Omniswitch 6600 series

Hide thumbs Also See for OmniSwitch 6600 Family:

Configuration manual (62 pages)

Table Of Contents

page of 654

/ 654
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

See also: Configuration Manual

Part No. 060179-10, Rev. F

April 2006

OmniSwitch 6600 Family

Network Configuration Guide

www.alcatel.com

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the OmniSwitch 6600 Family and is the answer not in the manual?

Questions and answers

Summary of Contents for Alcatel OmniSwitch 6600 Family

Page 1 Part No. 060179-10, Rev. F April 2006 OmniSwitch 6600 Family Network Configuration Guide www.alcatel.com...
Page 2 The functionality described in this guide is subject to change without notice. Copyright © 2006 by Alcatel Internetworking, Inc. All rights reserved. This document may not be repro- duced in whole or in part without the express written permission of Alcatel Internetworking, Inc.
Page 3: Table Of Contents
Setting Flow Control ....................15-14 Enabling Flow Control ..................15-14 Disabling Flow Control .................15-14 Setting Flow Control Wait Time ................15-15 Configuring the Flow Control Wait Time .............15-15 Restoring the Flow Control Wait Time ............15-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 4 How LPS Authorizes Source MAC Addresses ............17-5 Dynamic Configuration of Authorized MAC Addresses ........17-5 Static Configuration of Authorized MAC Addresses ..........17-6 Understanding the LPS Table ................17-6 Enabling/Disabling Learned Port Security ..............17-7 Configuring a Source Learning Time Limit ..............17-7 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 5 Spanning Tree Port Parameter Defaults ................19-3 Multiple Spanning Tree (MST) Region Defaults ............19-3 Spanning Tree Overview ....................19-4 How the Spanning Tree Topology is Calculated ...........19-4 Bridge Protocol Data Units (BPDU) ...............19-5 Topology Examples ..................19-7 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 6 What is the Internal Spanning Tree (IST) Instance ..........20-9 What is the Common and Internal Spanning Tree Instance ........20-9 MST Configuration Overview ..................20-10 Using Spanning Tree Configuration Commands ..........20-10 Understanding Spanning Tree Modes ..............20-11 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 7 VLAN Rules Defaults ....................22-2 Sample VLAN Rule Configuration ................22-3 VLAN Rules Overview ....................22-4 VLAN Rule Types ....................22-4 DHCP Rules ....................22-5 Binding Rules ....................22-6 MAC Address Rules ..................22-6 Network Address Rules ...................22-6 Protocol Rules ....................22-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 8 Configuring Unidirectional Port Mapping .............23-4 Restoring Bidirectional Port Mapping ..............23-4 Sample Port Mapping Configuration ................23-5 Example Port Mapping Overview ................23-5 Example Port Mapping Configuration Steps ............23-6 Verifying the Port Mapping Configuration ..............23-6 viii OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 9 Configuring Mandatory Static Link Aggregate Parameters ........26-7 Creating and Deleting a Static Link Aggregate Group ..........26-8 Creating a Static Aggregate Group ..............26-8 Deleting a Static Aggregate Group ..............26-8 Adding and Deleting Ports in a Static Aggregate Group ........26-9 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 10 Modifying the Actor Port System Priority ............27-26 Modifying the Actor Port Priority ..............27-27 Modifying Dynamic Aggregate Partner Port Parameters ........27-28 Modifying the Partner Port System Administrative State ......27-28 Modifying the Partner Port Administrative Key ...........27-30 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 11 Enabling/Disabling IP Services ................28-17 Managing IP ........................28-19 Internet Control Message Protocol (ICMP) ............28-19 ICMP Control Table ..................28-22 ICMP Statistics Table ..................28-22 Using the Ping Command ..................28-23 Tracing an IP Route ....................28-23 Displaying TCP Information ................28-23 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 12 Enabling a RIP Interface ..................30-7 Configuring the RIP Interface Send Option ............30-7 Configuring the RIP Interface Receive Option ..........30-8 Configuring the RIP Interface Metric ..............30-8 Configuring the RIP Interface Route Tag ............30-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 13 Verifying the RDP Configuration ................31-11 Chapter 18 Configuring DHCP Relay ..................32-1 In This Chapter ......................32-1 DHCP Relay Specifications ..................32-2 DHCP Relay Defaults ....................32-3 Quick Steps for Setting Up DHCP Relay ..............32-4 OmniSwitch 6600 Family Network Configuration Guide April 2006 xiii...
Page 14 Quick Steps for Creating a Virtual Router ..............33-3 VRRP Overview ......................33-4 Why Use VRRP? ....................33-5 Definition of a Virtual Router ................33-5 VRRP MAC Addresses ..................33-6 ARP Requests ....................33-6 ICMP Redirects ....................33-6 VRRP Startup Delay ....................33-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 15 Configuring the RADIUS Client ................34-14 LDAP Servers ......................34-15 Setting Up the LDAP Authentication Server ............34-15 LDAP Server Details ....................34-15 LDIF File Structure ..................34-16 Common Entries ....................34-16 Directory Entries ...................34-17 Directory Searches ..................34-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 16 Port Binding and Authenticated VLANs .............35-28 Configuring Authenticated Ports .................35-28 Setting Up a DNS Path ....................35-29 Setting Up the DHCP Server ..................35-29 Enabling DHCP Relay for Authentication Clients ..........35-30 Configuring a DHCP Gateway for the Relay ............35-31 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 17 Verifying the 802.1X Port Configuration ..............36-19 Chapter 23 Managing Policy Servers ..................37-1 In This Chapter ......................37-1 Policy Server Specifications ..................37-2 Policy Server Defaults ....................37-2 Policy Server Overview ....................37-3 Installing the LDAP Policy Server ................37-3 OmniSwitch 6600 Family Network Configuration Guide April 2006 xvii...
Page 18 Clearing the QoS Log ..................38-16 Flow Timeout .......................38-16 Fragment Classification ..................38-17 Enabling/Disabling Fragment Classification ..........38-17 Setting the Fragment Timeout ...............38-17 Classifying Bridged Traffic as Layer 3 ..............38-18 Setting the Statistics Interval ................38-18 xviii OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 19 Creating Map Groups ...................38-44 Verifying Map Group Configuration ..............38-45 Applying the Configuration ..................38-46 Deleting the Pending Configuration ..............38-47 Flushing the Configuration ................38-47 Interaction With LDAP Policies ................38-48 Verifying the Applied Policy Configuration ............38-48 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 20 Configuring a UserPorts Group ................39-17 Configuring a DisablePorts ACL .................39-18 Configuring a DropServices Group ACL .............39-19 Configuring ICMP Drop Rules ................39-21 Configuring a BPDUShutdownPorts Group ............39-21 Verifying the ACL Configuration ................39-22 ACL Application Example ..................39-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 21 Modifying the Querier Aging and Election Timeout ...........40-10 Configuring the Querier Aging and Election Timeout ........40-10 Restoring the Querier Aging and Election Timeout ........40-10 IPMS Application Example ..................40-11 Displaying IPMS Configurations and Statistics ............40-13 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 22 Suppressing Port Monitoring File Creation ............41-23 Configuring Port Monitoring Direction ...............41-23 Displaying Port Monitoring Status and Data ............41-24 Remote Monitoring (RMON) ..................41-25 Ethernet Statistics ..................41-26 History (Control & Statistics) ................41-26 Alarm ......................41-26 Event ......................41-26 xxii OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 23 Displaying Switch Logging Records ..............42-12 Chapter 29 Monitoring Memory ....................43-1 In This Chapter ......................43-1 Memory Monitoring Specifications ................43-2 Memory Monitoring Defaults ..................43-2 Quick Steps for Configuring Memory Monitoring ............43-3 Debug Memory Commands Overview .................43-4 OmniSwitch 6600 Family Network Configuration Guide April 2006 xxiii...
Page 24 I. Agranat ......................A-11 J. RSA Security Inc..................... A-11 K. Sun Microsystems, Inc..................A-11 L. Wind River Systems, Inc................. A-12 M. Network Time Protocol Version 4 ..............A-12 Index ........................Index-1 xxiv OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 25: About This Guide
About This Guide This OmniSwitch 6600 Family Network Configuration Guide describes how to set up and monitor soft- ware features that will allow your switch to operate in a live network environment. The software features described in this manual are shipped standard with your OmniSwitch 6600 Family switch. These features are used when setting up your OmniSwitch in a network of switches and routers.
Page 26: Supported Platforms
The audience for this user guide is network administrators and IT support personnel who need to config- ure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain knowledge on how fundamental software features are implemented in the OmniSwitch 6600 Family will benefit from the material in this configuration guide.
Page 27: What Is In This Manual
This configuration guide includes information about configuring the following features: VLANs, VLAN router ports, mobile ports, and VLAN rules. • Basic Layer 2 functions, such as Ethernet port parameters, source learning, Spanning Tree, and Alcatel • interswitch protocols (AMAP and GMAP).
Page 28: What Is Not In This Manual
Family Switch Management Guide. Information on using WebView and OmniVista can be found in the context-sensitive on-line help available with those network management applications. Note. The OmniSwitch 6600 Family Switch Management Guide was originally known as the “OmniSwitch 6624/6648 Switch Management Guide.”...
Page 29: Documentation Roadmap
The OmniSwitch 6600 Family Switch Management Guide is the primary user guide for the basic software features on a single switch. This guide contains information on the switch directory structure, basic file and directory utilities, switch access security, SNMP, and web-based management.
Page 30 The OmniSwitch 6600 Family Advanced Routing Configuration Guide includes configuration information for networks using Open Shortest Path First (OSPF). Note. The OmniSwitch 6600 Family Advanced Routing Configuration Guide was originally known as the “OmniSwitch 66/24/6648 Advanced Routing Configuration Guide.” Anytime The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands supported by the switch.
Page 31: Related Documentation
About This Guide Related Documentation Related Documentation The following are the titles and descriptions of all the OmniSwitch 6600 Family user manuals: OmniSwitch 6600 Family Getting Started Guide • Describes the hardware and software procedures for getting an OmniSwitch 6600 Family switch up and running.
Page 32 Includes network configuration procedures and descriptive information on all the software features and protocols included in the advanced routing software package OSPF. Note. The OmniSwitch 6600 Family Advanced Routing Configuration Guide was originally known as the “OmniSwitch 66/24/6648 Advanced Routing Configuration Guide.”...
Page 33: User Manuals Web Site
Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more infor- mation on Alcatel’s Service Programs, see our web page at eservice.ind.alcatel.com, call us at 1-800-995-...
Page 34 Technical Support About This Guide page xxxiv OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 35: In This Chapter
The Ethernet software is responsible for a variety of functions that support the Ethernet and Gigabit Ether- net ports on OmniSwitch 6600 Family switches. These functions include diagnostics, software loading, initialization, configuration of line parameters, gathering statistics, and responding to administrative requests from SNMP or CLI.
Page 36: Chapter 1 Configuring Ethernet Ports
Layer 2 Switching/Layer 3 Routing Backbone Support Fast Ethernet and Gigabit Ethernet ports Port Mirroring Support Fast Ethernet and Gigabit Ethernet ports 802.1Q Hardware Tagging Fast Ethernet and Gigabit Ethernet ports page 1-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 37: Ethernet Port Defaults
42 Mbps (Fast Ethernet) 496 Mbps (Gigabit Ethernet) Auto negotiation interfaces autoneg Enable Crossover interfaces crossover Auto for all copper ports; Disable for all fiber modules Flow (pause) interfaces flow Enable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-3...
Page 38: Configuring Ethernet Ports Tutorial
0 to 100 Mbps for Fast Ethernet, or 0 to 996 Mbps for Gigabit Ethernet. For example, to configure the peak flood rate value for the interface in slot 1, port 1 to 42 Mbps enter: -> interfaces 1/1 flood rate 42 page 1-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 39 Lost Frames Unicast Frames Broadcast Frames Multicast Frames UnderSize Frames OverSize Frames Collision Frames Error Frames For more information about available show commands, refer to the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-5...
Page 40: Ethernet Ports Overview
Mbps Fast Ethernet interfaces. Port numbers 49, 50, 51 and 52 support 1000 Mbps Gigabit Ethernet when the Gigabit Ethernet modules are installed. For more information on Ethernet hardware configurations, refer to the OmniSwitch 6600 Family Hardware Users Guide. OmniSwitch 6648...
Page 41: Omniswitch 6624
Mbps Fast Ethernet interfaces. Port numbers 25, 26, 27, and 28 support 1000 Mbps Gigabit Ethernet when the Gigabit Ethernet modules are installed. For more information on Ethernet hardware configurations, refer to the OmniSwitch 6600 Family Hardware Users Guide. OmniSwitch 6624...
Page 42: Omniswitch 6600-P24
Port numbers 1 through 24 support both 10 Mbps Ethernet and 100 Mbps Fast Ethernet interfaces. Port numbers 25 and 26 support 1000 Mbps Gigabit Ethernet and port numbers 27 and 28 are stacking ports. For more information on Ethernet hardware configurations, refer to the OmniSwitch 6600 Family Hardware Users Guide.
Page 43: Omniswitch 6602-48
10/100 Crossover Supported By default, automatic crossover between MDI/MDIX (Media Dependent Interface/Media Dependent Interface with Crossover) media is supported on OmniSwitch 6600 Family 10/00 ports. Therefore, either straight-through or crossover cable can be used between two OmniSwitch 6600 Familyswitches as long as auto negotiation is configured on both sides of the link.
Page 44: Valid Port Settings
(ports 51–52) GNI-U2 is installed using LC fiber SFPs or copper 1000Base-T SFPs. OmniSwitch 6648 Wire-rate copper twisted 1000 full (ports 51–52) pair (1000Base-T) when an OS6600-GNI-C2 is installed. page 1-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 45 (ports 27–28) GNI-U2 is installed using LC fiber SFPs or copper 1000Base-T SFPs. OmniSwitch 6600-P24 Wire-rate copper twisted 1000 full (ports 27–28) pair (1000Base-T) when an OS6600-GNI-C2 is installed. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-11...
Page 46 Copper twisted pair (RJ-45) auto/10/100 auto/full/half (ports 1–48) OmniSwitch 6602-48 Wire-rate when an LC fiber 1000 full Yes (fiber) (ports 49–50) SFP or copper 1000Base-T No (copper) SFP is installed. page 1-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 47: Setting Ethernet Port Parameters
(/), the first port number, a hyphen (-), the last port number, and port link disable. For example, to disable trap port link messages ports 3 through 5 on slot 2 enter: -> trap 2/3-5 port link disable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-13...
Page 48: Setting Flow Control
To disable flow control on a range of ports, enter no flow followed by the slot number, a slash (/), the first port number, a hyphen, and the last port number. For example, to disable flow control on ports 1 through 3 on slot 2 enter: -> no flow 2/1-3 page 1-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 49: Setting Flow Control Wait Time
For example, to configure the flow control wait time as 96 microseconds on slot 2 port 3 and document the interface type as Fast Ethernet enter: -> flow fastethernet 2/3 wait 96 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-15...
Page 50: Restoring The Flow Control Wait Time
(-), the last port number, and the desired speed. For example, to set the line speed on ports 1 through 3 on slot 2 at 100 Mbps enter: -> interfaces 2/1-3 speed 100 page 1-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 51: Configuring Duplex Mode
For example, to set the duplex mode on port 3 on slot 2 and document the port as Fast Ethernet enter: -> interfaces fastethernet 2/3 duplex full OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-17...
Page 52: Enabling And Disabling Interfaces
(/), the first port number, a hyphen (-), the last port number, ifg, and the desired inter-frame gap value. For example, to set the inter-frame gap value on ports 51 through 52 on slot 2 to 10 bytes enter: -> interfaces 2/51-52 ifg 10 page 1-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 53: Resetting Statistics Counters
Layer 2 statistics (e.g., input and output errors, deferred frames received, unicast pack- ets transmitted). For information on using these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-19...
Page 54: Configuring Flood Rates
Gigabit Ethernet enter: -> interfaces gigaethernet 2 flood multicast Note. Enabling the maximum multicast flood rate with the interfaces flood multicast command will limit IP Multicast Switching (IPMS) and non-IPMS multicast traffic. page 1-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 55: Configuring Flood Rate Values
For example, to configure an alias of “ip_phone1” for port 3 on slot 2 and docu- ment the port as Fast Ethernet enter: -> interfaces fastethernet 2/3 alias ip_phone1 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-21...
Page 56: Configuring Auto Negotiation, Crossover, And Flow Control Settings
However, since the local device is set to auto negotiating at 10/100 full duplex it cannot form a 10/100 Mbps half duplex link in any of the above mentioned cases. One solution is to configure the local device to auto negotiation, 10/100 Mbps, with auto or half duplex. page 1-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 57: Configuring Crossover Settings
(/), the first port number, a hyphen (-), the last port number, flow, and either enable or disable. For exam- ple, to enable flow control on ports 1 through 3 on slot 2 enter: -> interfaces 2/1-3 flow enable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-23...
Page 58 Fast Ethernet enter: -> interfaces fastethernet 2/3 flow enable Note. If auto negotiation is disabled and then later enabled on an interface, the original flow setting will then be restored. page 1-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 59: Verifying Ethernet Port Configuration
These commands can be quite useful in troubleshooting and resolving potential configuration issues or problems on your switch. For more information about the resulting displays from these commands, see the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-25...
Page 60 Verifying Ethernet Port Configuration Configuring Ethernet Ports page 1-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 61: Chapter 2 Managing Source Learning
Creating a static MAC address table entry on page 2-4. • Configuring the MAC address table aging time on page 2-7. • Displaying MAC address table information on page 2-9. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-1...
Page 62: Source Learning Specifications
The show mac-address-table command is also useful for monitoring general source learning activity and verifying dynamic VLAN assignments of addresses received on mobile ports. Create VLAN 200, if it does not already exist, using the following command: -> vlan 200 page 2-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 63 To verify the new aging time value for VLAN 200, enter show mac-address-table aging-time vlan followed by 200. For example, -> show mac-address-table aging-time vlan 200 Mac Address Aging Time (seconds) for Vlan 200 = 1200 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-3...
Page 64: Mac Address Table Overview
MAC address is removed when it ages beyond the aging timer value. Note that static MAC addresses configured with a reset or timeout status are not captured when a snapshot of the switch’s running configuration is taken. page 2-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 65: Configuring Static Mac Addresses
-> no mac-address-table learned To verify static MAC address configuration and other table entries, use the show mac-address-table command. For more information about this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-5...
Page 66: Static Mac Addresses On Link Aggregate Ports
For example, the following command assigns the multicast address 01:25:9a:5c:2f:10 to port 1/24 and ports 2/1 through 2/6 in VLAN 20: -> mac-address-table static-multicast 01:25:9a:5c:2f:10 1/24 2/1-6 20 page 2-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 67: Static Multicast Mac Addresses On Link Aggregate Ports
This is necessary even if all VLANs will have the same aging time value. If there is only one instance of this command in the configuration file and it does not specify a VLAN ID, the aging time value is applied only to VLAN 1. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-7...
Page 68 -> no mac-address-table aging-time vlan 255 To display the aging time value for one or all VLANs, use the show mac-address-table aging-time command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 2-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 69: Displaying Mac Address Table Information
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show mac-address-table and show mac-address-table aging-time commands is also given in “Sample MAC Address Table Configuration” on page 2-2. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-9...
Page 70 Displaying MAC Address Table Information Managing Source Learning page 2-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 71: Configuring Learned Port Security
Selecting the security violation mode for an LPS port on page 3-10. • Displaying LPS configuration information on page 3-11. • For more information about source MAC address learning, see Chapter 2, “Managing Source Learning.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-1...
Page 72: Chapter 3 Configuring Learned Port Security
Maximum number of learned MAC addresses per OmniSwitch 6600 (applies to all ports on the switch). Maximum number of learned MAC addresses per stack of OmniSwitch 6600 Family switches (applies across all stack ports). Learned Port Security Defaults Parameter Description...
Page 73: Sample Learned Port Security Configuration
00:00:00:00:00:00 ff:ff:ff:ff:ff:ff 1/24 00:95:2a:00:00:5a 00:95:2a:00:00:6f To verify the source learning time limit value, use the show port-security shutdown command. For example: -> show port-security shutdown LPS Shutdown = 60 mins OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-3...
Page 74: Learned Port Security Overview
LPS functionality is supported on the following 10/100 and Gigabit Ethernet port types: Fixed (non-mobile) • Mobile • 802.1Q tagged • Authenticated • The following port types are not supported: Link aggregate • Tagged (trunked) link aggregate • page 3-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 75: How Lps Authorizes Source Mac Addresses
MAC address entry in the LPS table until the switch configuration file is saved and the switch is rebooted. If a reboot occurs before this is done, all dynamically learned MAC addresses in the LPS table are cleared. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 76: Static Configuration Of Authorized Mac Addresses
To view the contents of the LPS table, use the show port-security command. Refer to the OmniSwitch CLI Reference Guide for more information about this command. page 3-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 77: Enabling/Disabling Learned Port Security
MAC addresses learned meets or exceeds the maximum number of addresses allowed, even if the LPS time limit has not expired. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 78: Configuring The Number Of Mac Addresses Allowed
-> port-security 4/12 no mac 00:20:95:00:fa:5c Note that when a MAC address is cleared from the LPS table, it is automatically cleared from the source learning MAC address table at the same time. page 3-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 79: Configuring An Authorized Mac Address Range
00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a: -> port-security 2/8 mac-range low pp:da:25:59:0c -> port-security 2/10 mac-range high 00:da:25:00:00:9a Refer to the OmniSwitch CLI Reference Guide for more information about this command. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-9...
Page 80: Selecting The Security Violation Mode
Note. Using the port-security release command restores the port to the same operational state it was in prior to the security violation. This includes the activation of any existing LPS configuration for the port, LPS monitoring of the port is automatically restored. page 3-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 81: Displaying Learned Port Security Information
For more information about the resulting display from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show port-security and show port-security shutdown commands is also given in “Sample Learned Port Security Configuration” on page 3-3. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-11...
Page 82 Displaying Learned Port Security Information Configuring Learned Port Security page 3-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 83: Configuring Vlans
In a switch-based network, such as one comprised of Alcatel switching systems, a broadcast domain—or VLAN— can span multiple physical switches and can include ports from a variety of media types. For example, a single VLAN could span three different switches located in different buildings and include 10/100 Ethernet, Gigabit Ethernet, 802.1q tagged ports and/or a link aggregate of ports.
Page 84: Vlan Specifications
Maximum authenticated VLANs per stack MAC Router Mode Supported Single CLI Command Prefix Recognition All VLAN management commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6600 Family Switch Management Guide for more information. VLAN Defaults Parameter Description Command Default...
Page 85: Sample Vlan Configuration
: enabled 1x1 Spanning Tree State : enabled, Flat Spanning Tree State : enabled, Authentication : disabled, IP Router Port : on, IPX Router Port : NA Mobile Tag : off OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-3...
Page 86 To verify that ports 3/2-4 were assigned to VLAN 255, use the show vlan port command. For example: -> show vlan 255 port port type status --------+---------+-------------- default inactive default inactive default inactive default inactive page 4-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 87: Vlan Management Overview
This eliminates the need to physically change a network device connection or location when adding or removing devices from the VLAN broadcast domain. The VLAN management software handles the following VLAN configuration tasks performed on an Alcatel switch: Creating or modifying VLANs.
Page 88: Creating/Modifying Vlans
Configuring VLANs Creating/Modifying VLANs The initial configuration for all Alcatel switches consists of a default VLAN 1 and all switch ports are initially assigned to this VLAN. When a switching module is added to the switch, the module’s physical ports are also assigned to VLAN 1. If additional VLANs are not configured on the switch, then the entire switch is treated as one large broadcast domain.
Page 89: Enabling/Disabling The Vlan Administrative Status
-> vlan 455 name Marketing-IP-Network Defining VLAN Port Assignments Alcatel switches support static and dynamic assignment of physical switch ports to a VLAN. Regardless of how a port is assigned to a VLAN, once the assignment occurs, a VLAN port association (VPA) is created and tracked by VLAN management software on each switch.
Page 90: Changing The Default Vlan Assignment For A Port
VLAN and not the matching rule VLAN. Chapter 7, “Assigning Ports to VLANs,” Chapter 8, “Defining VLAN Rules,” for more informa- tion and examples of dynamic VLAN port assignment. page 4-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 91: Configuring Vlan Rule Classification
MAC address vlan mac vlan mac range Network address vlan ip vlan ipx Protocol vlan protocol Custom (user-defined) vlan user Port vlan port OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-9...
Page 92: Enabling/Disabling Vlan Mobile Tag Classification
If 802.1Q tagging is required on a fixed (non-mobile) port, then the vlan 802.1q command is still used to statically tag VLANs for the port. See Chapter 11, “Configuring 802.1Q,” for more information. page 4-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 93: Enabling/Disabling Spanning Tree For A Vlan
VLAN. Also, STP is enabled/disabled on individual ports. So even if STP is enabled for the VLAN, a port assigned to that VLAN must also have STP enabled. See Chapter 5, “Configuring Spanning Tree Parameters.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-11...
Page 94: Enabling/Disabling Vlan Authentication
VLAN are in essence firewalled from other VLANs. Note that at this time, IPX routing is not supported on the OmniSwitch 6600 Family. For information about how to configure an IP router interface, see Chapter 14, “Configuring IP.”...
Page 95: Bridging Vlans Across Multiple Switches
The key is that the port must belong to the same VLAN on each switch. To carry multiple VLANs between switches across a single physical connection cable, use the 802.1Q tagging feature (see Chapter 11, “Configuring 802.1Q”). OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-13...
Page 96: Verifying The Vlan Configuration
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show vlan and show vlan port commands is also given in “Sample VLAN Configuration” on page 4-3. page 4-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 97: Chapter 5 Configuring Spanning Tree Parameters
STP Bridge Protocol Data Units (BPDU) received on switch ports and port link up and down states in the event of a CMM fail over to a backup CMM. In addition, the Alcatel distributed implementation incorporates the following Spanning Tree features: Configures a physical topology into a single Spanning Tree to ensure that there is only one data path •...
Page 98: Spanning Tree Specifications
Tree instance (also referred to as MSTI 0). switch CLI Command Prefix Recognition All Spanning Tree commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6600 Family Switch Management Guide for more information. Spanning Tree Bridge Parameter Defaults Parameter Description...
Page 99: Spanning Tree Port Parameter Defaults
The number of Multiple Spanning Tree bridge msti 1 (flat mode instance) Instances (MSTI). The VLAN to MSTI mapping. bridge msti vlan All VLANs are mapped to the Common Internal Spanning Tree (CIST) instance OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-3...
Page 100: Spanning Tree Overview
Spanning Tree Overview Configuring Spanning Tree Parameters Spanning Tree Overview Alcatel switches support the use of the 802.1D Spanning Tree Algorithm and Protocol (STP), the 802.1w Rapid Spanning Tree Algorithm and Protocol (RSTP), and the 802.1s Multiple Spanning Tree Protocol (MSTP).
Page 101: Bridge Protocol Data Units (Bpdu)
The information in these BPDU is used to calculate and reconfigure the Spanning Tree topology. A Configuration BPDU contains the following information that pertains to the bridge transmitting the BPDU: OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-5...
Page 102 STP evaluates BPDU parameter values to select the best BPDU based on the following order of prece- dence: The lowest root bridge ID (lowest priority value, then lowest MAC address). page 5-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 103: Topology Examples
If a new switch is added to the network, the Spanning Tree topology is automatically recalculated to include the monitor- ing of links to the new switch. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-7...
Page 104 Switch D than the path between Switch B and Switch A. As a result, a network loop is avoided. page 5-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 105: Spanning Tree Operating Modes
VLAN configuration or tagged VLAN assignments, are considered part of one Spanning Tree instance. To see an example of a flat mode switch with MSTP (802.1s) as the active proto- col, see Chapter 6, “Using 802.1s Multiple Spanning Tree.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-9...
Page 106: Using 1X1 Spanning Tree Mode
However, if a VLAN appears as the configured default VLAN for the port, then BPDU are not tagged and the single Spanning Tree instance applies. To change the Spanning Tree operating mode to 1x1, enter the following command: -> bridge mode 1x1 page 5-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 107 On ports where VLAN 2 is the default VLAN, BPDU are not tagged. On ports where VLAN 2 is a tagged VLAN, BPDU are also tagged. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 108: Configuring Spanning Tree Bridge Parameters
The 1x1 keyword indicates that the instance number specified with the command is a VLAN ID. The msti keyword indicates that the instance number specified with the command is an 802.1s Multiple Spanning Tree Instance (MSTI). page 5-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 109 Configuring the forward delay time value for the single flat mode instance. bridge 1x1 forward delay Explicit Configuring the forward delay time value for a VLAN instance. bridge bpdu-switching Configuring the BPDU switching status for a VLAN. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-13...
Page 110: Selecting Bridge Protocol
The bridge priority is used to determine which bridge will serve as the root of the Spanning Tree. The lower the priority value, the higher the priority. If more than one bridge have the same priority, then the bridge with the lowest MAC address becomes the root. page 5-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 111: Configuring The Bridge Hello Time
Therefore, if this value is changed for the root bridge, all other bridges associated with the same STP instance will adopt this value as well. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 112: Configuring The Bridge Max Age Time
1x1 mode. For example, the following command changes the max age time for VLAN 455 to 10 seconds: -> bridge 455 max age 10 page 5-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 113: Configuring The Bridge Forward Delay Time
(1x1 or flat) and an instance number is not required. For example, the following commands change the forward delay time for the flat mode instance to 10: OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 114: Enabling/Disabling The Vlan Bpdu Switching Status
PPC value based on protocol) or 32bit.(always use a 32-bit PPC value). For example, the following command changes the default path cost mode, which is automatic, to 32-bit mode: -> bridge path cost mode 32bit page 5-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 115: Configuring Spanning Tree Port Parameters
Implicit commands are only allowed for defining STP or RSTP configurations. See Chapter 6, “Using 802.1s Multiple Spanning Tree,” for more information about these keywords and using implicit and explicit commands. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-19...
Page 116 Implicit Configuring the port connection type for the single flat mode instance. bridge 1x1 slot/port connection Explicit Configuring the port connection type for a VLAN instance. page 5-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 117: Enabling/Disabling Spanning Tree On A Port
Physical ports that belong to a link aggregate do not participate in the Spanning Tree Algorithm. Instead, the algorithm is applied to the aggregate logical link (virtual port) that represents a collection of physical ports. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-21...
Page 118: Configuring Port Priority
Note that when MSTP (802.1s) is the active flat mode protocol, explicit Spanning Tree bridge commands are required to configure parameter values. Implicit commands are for configuring parameters when the page 5-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 119: Port Priority On Link Aggregate Ports
Is a 16-bit path cost value is in use and the path_cost is set to zero, the following IEEE 802.1D recom- mended default path cost values based on link speed are used: IEEE 802.1D Link Speed Recommended Value 4 Mbps 10 Mbps 16 Mbps 100 Mbps OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-23...
Page 120 Implicit commands are for configuring parameters when the STP or RSTP protocols are in use. See Chapter 6, “Using 802.1s Multiple Spanning Tree,” for more infor- mation. page 5-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 121: Path Cost For Link Aggregate Ports
Note that for Gigabit ports the aggre- gate size is not applicable in this case: Aggregate Size Default Path Link Speed (number of links) Cost Value 10 Mbps 100 Mbps OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-25...
Page 122: Configuring Port Mode
1 as the instance number (e.g., bridge 1 1/24 mode dynamic). However, this is only available when the switch is already running in the flat mode and STP or RSTP is the active protocol. page 5-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 123: Mode For Link Aggregate Ports
VLAN instance associated with the port. If the switch is running in the flat Spanning Tree mode, then the connection type applies across all VLANs associated with the port. The flat mode instance is referenced as the port’s instance, even if the port is associated with other VLANs. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-27...
Page 124: Connection Type On Link Aggregate Ports
10 associated with VLAN 755 as an edge port: -> bridge 755 10 connection edgeport For more information about configuring an aggregate of ports, see Chapter 12, “Configuring Static Link Aggregation,” Chapter 13, “Configuring Dynamic Link Aggregation.” page 5-28 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 125: Sample Spanning Tree Configuration
• VLAN was enabled by default when the VLAN was created. VLAN 255 on each switch is configured to use the 802.1w (rapid reconfiguration) Spanning Tree • Algorithm and Protocol. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-29...
Page 126: Example Network Configuration Steps
Change the bridge priority value for VLAN 255 on Switch D to 10 using the following command (leave the priority for VLAN 255 on the other three switches set to the default value of 32768): page 5-30 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 127 Spanning Tree Port Summary for Vlan 255 Oper Path Desig Prim. Op Port Cost Cost Role Port Desig Bridge ID -----+-----+------+------+-----+-----+-----+----+------------------- FORW ROOT NPT 000A-00:d0:95:00:00:01 BLOCK BACK NPT 8000-00:d0:95:00:00:04 3/10 BLOCK ALTN 3/10 NPT 8000-00:d0:95:00:00:03 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-31...
Page 128: Verifying The Spanning Tree Configuration
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. An example of the output for the show spantree and show spantree ports commands is also given in “Example Network Configuration Steps” on page 5-30. page 5-32 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 129: In This Chapter
Tree configuration commands as they apply to all supported protocols (STP, RSTP, and MSTP), see Chapter 5, “Configuring Spanning Tree Parameters.” The following topics are included in this chapter as they relate to the Alcatel implementation of the 802.1s MSTP standard: “MST General Overview”...
Page 130: Using 802.1S Multiple Spanning Tree
Maximum aging time allowed for Span- bridge max age 20 seconds ning Tree information learned from the network. Spanning Tree port state transition time. bridge forward delay 15 seconds page 6-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 131: Spanning Tree Port Parameter Defaults
The number of Multiple Spanning Tree bridge msti 1 (flat mode instance) Instances (MSTI). The VLAN to MSTI mapping. bridge msti vlan All VLANs are mapped to the Common Internal Spanning Tree (CIST) instance OmniSwitch 6600 Family Network Configuration Guide April 2006 page 6-3...
Page 132: Mst General Overview
Tree (CST). The CST is a single spanning tree that uses 802.1D (STP) or 802.1w (RSTP) to provide a loop-free network topology. The Alcatel flat spanning tree mode applies a single CST instance on a per switch basis. The 1x1 mode is an Alcatel proprietary implementation that applies a single spanning tree instance on a per VLAN basis.
Page 133 The 4/8 to 5/2 connection and the 4/2 to 5/1 connection are considered redundant connections so they • are both blocked in favor of the 3/1 to 2/1 connection. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 6-5...
Page 134 CIST BPDU will only contain MSTI information. “Quick Steps for Configuring MSTIs” on page 6-16 for more information about how to direct VLAN traffic over separate data paths using MSTP. page 6-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 135: Comparing Mstp With Stp And Rstp
What is a Multiple Spanning Tree Instance (MSTI) An MSTI is a single Spanning Tree instance that represents a group of VLANs. Alcatel switches support up to 16 MSTIs on one switch. This number is in addition to the Common and Internal Spanning Tree (CIST) instance 0, which is also known as MSTI 0.
Page 136: What Is A Multiple Spanning Tree Region
MST BPDU information. In essence, this value defines the size of the region in that once the maximum number of hops is reached, the BPDU is discarded. The maximum page 6-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 137: What Is The Common Spanning Tree
Implicit commands are for configuring parameters when the STP or RSTP protocols are in use. See “Using Spanning Tree Configuration Commands” on page 6-10 more information. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 6-9...
Page 138: Mst Configuration Overview
6-16. Using Spanning Tree Configuration Commands The Alcatel implementation of the 802.1s Multiple Spanning Tree Protocol introduces the concept of implicit and explicit CLI commands for Spanning Tree configuration and verification. Explicit commands contain one of the following keywords that specifies the type of Spanning Tree instance to modify: cist–command applies to the Common and Internal Spanning Tree instance.
Page 139: Understanding Spanning Tree Modes
VLANs to a single Spanning Tree instance. The 1x1 mode is an Alcatel proprietary implementation that automatically calculates a separate Spanning Tree instance for each VLAN configured on the switch. This mode only supports the use of the STP and RSTP protocols.
Page 140: Mst Interoperability And Migration
If this is the case, then the PPC for the CIST is not reset when the protocol is changed to/from MSTP. This implementation of MSTP is compliant with the IEEE 802.1s standard and thus provides intercon- • nectivity with 802.1s compliant systems. page 6-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 141: Migrating From 1X1 Mode To Flat Mode Mstp
Migrating from 1x1 Mode to Flat Mode MSTP As previously described, the 1x1 mode is an Alcatel proprietary implementation that applies one Span- ning Tree instance to each VLAN. For example, if five VLANs exist on the switch, then their are five Spanning Tree instances active on the switch, unless Spanning Tree is disabled on one of the VLANs.
Page 142: Quick Steps For Configuring An Mst Region
(VLAN-to-MSTI mapping). The following steps are performed on each switch to define Alcatel Marketing as the MST region name, 2000 as the MST region revision level, map exiting VLANs to existing MSTIs, and 3 as the maximum...
Page 143 Revision Max hops : 3, Cist Instance Number All switches configured with the exact same values as shown in the above example are considered members of the Alcatel Marketing MST region. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 6-15...
Page 144: Quick Steps For Configuring Mstis
For example, the following commands assign ports 3/1, 4/2, 4/8, and 2/12 to VLANs 100, 150, 200, and 250 on Switch A: -> vlan 100 port default 3/1 -> vlan 150 port default 4/2 -> vlan 200 port default 4/8 -> vlan 250 port default 2/12 page 6-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 145 CIST-0 VLAN 150 VLAN 150 VLAN 200 VLAN 200 MSTI-1 MSTI-1 2/12 VLAN 250 VLAN 250 Switch A Switch B Flat Mode MSTP (802.1s) with Superior MSTI 1 PPC Values OmniSwitch 6600 Family Network Configuration Guide April 2006 page 6-17...
Page 146 Another solution to this scenario is to assign all VLANs to an MSTI, leaving no VLANs controlled by the CIST. As a result, the CIST BPDU will only contain MSTI information. See “How MSTP Works” on page 6-4 for more information. page 6-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 147: Verifying The Mst Configuration
Displays a summary of Spanning Tree connection information and instance associations for the specified port or a link aggregate of ports. For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 6-19...
Page 148 Verifying the MST Configuration Using 802.1s Multiple Spanning Tree page 6-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 149: Chapter 7 Assigning Ports To Vlans
Configuration procedures described in this chapter include: Statically assigning ports to VLANs on page 7-4. • Dynamically assigning ports to VLANs (port mobility) page 7-10. • Configuring mobile port properties (including authentication) on page 7-16. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-1...
Page 150: Port Assignment Specifications
Enable Layer 2 authentication on the vlan port authenticate Disabled mobile port Enable 802.1x port-based access vlan port 802.1x Disabled control on a mobile port page 7-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 151: Sample Vlan Port Assignment
-> show vlan port mobile 3/4 Mobility : on, Config Default Vlan: 255, Default Vlan Enabled: off, Default Vlan Perm : on, Default Vlan Restore: on, Authentication : off, Ignore BPDUs : off OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-3...
Page 152: Statically Assigning Ports To Vlans
VLAN management software on each switch. To display a list of all VPAs, use the show vlan port command. For more information, see “Verifying VLAN Port Associations and Mobile Port Properties” on page 7-19. page 7-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 153: How Dynamic Port Assignment Works
The following example shows how mobile ports are dynamically assigned using VLAN mobile tagging to classify mobile port traffic. This example includes diagrams showing the initial VLAN port assignment configuration and a diagram showing how the configuration looks after mobile port traffic is classified. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-5...
Page 154 VLAN 4. All three ports, however, retain their default VLAN 1 assignment, but now have an additional VLAN • port assignment that carries the matching traffic on the appropriate rule VLAN. page 7-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 155 Network 130.0.0.0 VLAN 1 VLAN 3 Default VLAN Network 138.0.0.0 Port 3 Port 1 Port 2 130.0.0.1 138.0.0.1 140.0.0.1 Dynamic VPA Default VLAN Tagged Mobile Port Traffic Triggers Dynamic VLAN Assignment OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-7...
Page 156: Vlan Rule Classification
VLAN 1 is the configured default VLAN for each port. • Three additional VLANs are configured on the switch, each one has an IP network address rule defined • for one of the IP subnets. page 7-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 157 VLAN 3 network address rule. Port 3 is assigned to VLAN 4 because the workstation is transmitting IP traffic on network 140.0.0.0 • that matches the VLAN 4 network address rule. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-9...
Page 158: Configuring Dynamic Vlan Port Assignment
VLAN should carry the traffic based on the type of classification, if any, defined for a particular VLAN. See “Dynamically Assigning Ports to VLANs” on page 7-4 for more information and examples of dynamic VLAN port assignment. page 7-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 159: Enabling/Disabling Port Mobility
The port is included in the Spanning Tree algorithm. • Mobility remains off on the port even if the port’s link is disabled or disconnected. Rebooting the • switch, however, will restore the port’s original mobile status. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-11...
Page 160 Spanning Tree is enabled on both the ports and their assigned VLANs) is not allowed. If mobility is required on this type of port, enable mobility and the BPDU ignore parameter when the port is not active. page 7-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 161: Understanding Mobile Port Properties
Mobile port receives IP and IPX protocol packets and one VLAN has an IP protocol rule and another • VLAN has an IPX protocol rule. The mobile port is dynamically assigned to both VLANs, which are now considered secondary VLANs for that port. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-13...
Page 162 VLAN. Restricts dynamic assignment to mobile port traffic that matches one or more VLAN rules. How Mobile Port Traffic that Does Not Match any VLAN Rules is Classified page 7-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 163 VPA again. VPAs created from occasional network users Appropriate for devices that only send occa- (e.g., laptop) are not unnecessarily retained. sional traffic. How Mobile Port VLAN Assignments Age OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-15...
Page 164: Configuring Mobile Port Properties
(e.g., mobile ports with default VLAN enabled or non-mobile, fixed ports). “Understanding Mobile Port Properties” on page 7-13 for an overview and illustrations of how this property affects mobile port behavior. page 7-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 165: Enable/Disable Default Vlan Restore
Only mobile ports are eligible for authentication. If enabled, the mobile port participates in the Layer 2 authentication process supported by Alcatel switches. This process restricts switch access at the VLAN level. The user is required to enter a valid login ID and password before gaining membership to a VLAN.
Page 166: Enable/Disable 802.1X Port-Based Access Control
Only mobile ports are eligible for 802.1X port-based access control. If enabled, the mobile port partici- pates in the authentication and authorization process defined in the IEEE 802.1X standard and supported by Alcatel switches. For more information, see Chapter 22, “Configuring 802.1X.”...
Page 167: Verifying Vlan Port Associations And Mobile Port Properties
Mobile port traffic is filtered for the VPA; only traffic received on the port that matches VLAN rules is forwarded. Occurs when a mobile port’s VLAN is administratively disabled or the port’s default VLAN status is disabled. Does not apply to fixed ports. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 7-19...
Page 168: Understanding 'Show Vlan Port Mobile' Output
Another example of the output for the show vlan port mobile command is also given in “Sample VLAN Port Assignment” on page 7-3. For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide. page 7-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 169: Defining Vlan Rules
For information about creating and managing VLANs, see Chapter 4, “Configuring VLANs.” For information about enabling port mobility and defining mobile port properties, see Chapter 7, “Assign- ing Ports to VLANs.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-1...
Page 170: Vlan Rules Specifications
802.1Q tagged fixed ports. Link aggregate ports. CLI Command Prefix Recognition All VLAN management commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6600 Family Switch Management Guide for more information. VLAN Rules Defaults Parameter Description Command...
Page 171: Sample Vlan Rule Configuration
For example: -> show vlan rules Legend: type: * = binding rule type vlan rule -----------------+------+------------------------------------------------------- ip-net 21.0.0.0, 255.0.0.0 protocol ipx-e2 mac-ip-port* 1500 00:da:95:00:ce:3f, 21.0.0.43, 3/10 dhcp-mac-range 00:da:95:00:59:10, 00:da:95:00:59:9f OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-3...
Page 172: Vlan Rules Overview
Use the show vlan rules command to display a list of rules already configured on the switch. For more information about this command, refer to the OmniSwitch CLI Reference Guide. page 8-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 173: Dhcp Rules
IP address as part of the rule, similar to IP network address rule defini- tions. The following DHCP rule types are available: DHCP MAC Address • DHCP MAC Range • DHCP Port • DHCP Generic • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-5...
Page 174: Binding Rules
Service Access Protocol (DSAP/SSAP) header values, or a Sub-network Access Protocol (SNAP) type. Note that specifying a SNAP protocol type restricts classification of mobile port traffic to the ethertype value found in the IEEE 802.2 SNAP LLC frame header. page 8-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 175: Custom (User Defined) Rules
VLAN assignments that are defined using port rules are exempt from the port’s default VLAN restore status. See Chapter 7, “Assigning Ports to VLANs,” for more information regarding a port’s default VLAN restore status and other mobile port properties. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-7...
Page 176: Understanding Vlan Rule Precedence
VLAN if the frame does not match any other VLAN rules and the mobile port’s default VLAN is enabled. page 8-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 177 Frame only contains a matching Frame is allowed; its source is port and/or protocol; source MAC not assigned to the rule’s VLAN. address does not match. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-9...
Page 178 MAC address. rule’s VLAN. 13. MAC Range Frame contains a source MAC Frame source is assigned to the address that falls within a specified rule’s VLAN. range of MAC addresses. page 8-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 179: Configuring Vlan Rule Definitions
Authenticated VLANs (AVLANs). However, these rules are not active until the avlan port-bound command is issued for the AVLAN. Note that these rules only apply to traffic received on authenti- cated ports. See Chapter 21, “Configuring Authenticated VLANs,” for more information. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-11...
Page 180: Defining Dhcp Mac Address Rules
DHCP MAC range rule described in the next section. Use the no form of the vlan dhcp mac command to remove a DHCP MAC address rule. -> vlan 255 no dhcp mac 00:00:da:59:0c:11 page 8-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 181: Defining Dhcp Mac Range Rules
-> vlan 255 dhcp port 4/1-5 5/12-20 6/10-15 Use the no form of the vlan dhcp port command to remove a DHCP port rule. -> vlan 255 no dhcp port 2/10-12 3/1-5 6/1-9 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-13...
Page 182: Defining Dhcp Generic Rules
Note that MAC-port-IP, MAC-port-Protocol, MAC-port, and port-IP binding rules are also supported on Authenticated VLANs (AVLANs). See Chapter 21, “Configuring Authenticated VLANs,” for more infor- mation. The following subsections provide information about how to define each of the binding rule types. page 8-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 183: How To Define A Mac-Port-Ip Address Binding Rule
-> vlan 455 no binding mac-port-protocol 00:00:20:11:4a:29 dsapssap 04/04 Note that this binding rule type is also supported on AVLANs. See Chapter 21, “Configuring Authenti- cated VLANs,” for more information. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-15...
Page 184: How To Define A Mac-Port Binding Rule
IP subnet address parameter value to identify which rule to remove. -> vlan 1502 no binding ip-port 172.16.6.4 Note that this binding rule type is also supported on AVLANs. See Chapter 21, “Configuring Authenti- cated VLANs,” for more information. page 8-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 185: How To Define A Port-Protocol Binding Rule
If dealing with a large number of MAC addresses, consider using MAC address range rules described in the next section. Use the no form of the vlan mac command to remove a MAC address rule. -> vlan 255 no mac 00:00:da:59:0c:11 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-17...
Page 186: Defining Mac Range Rules
Each class includes a range of IP addresses. The range an IP network address belongs to determines the default class for the IP network when a subnet mask is not specified. page 8-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 187: Defining Ipx Network Address Rules
IPX network address rule. Note that it is only necessary to specify the IPX network address to identify which rule to remove: -> vlan 1220 no ipx 250c OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-19...
Page 188: Defining Protocol Rules
IEEE 802.2 SNAP LLC frame header. Use the no form of the vlan protocol command to remove a protocol rule. -> vlan 1504 no protocol dsapssap f0/f0 page 8-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 189: Defining Custom (User) Rules
Note that it is possible to define a port rule for a non-mobile (fixed, untagged) port, however, the rule is not active until mobility is enabled on the port. Use the no form of the vlan port command to remove a port rule. -> vlan 755 no port 2/3 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-21...
Page 190: Application Example: Dhcp Rules
DHCP Relay functionality in external Router 2 to obtain their IP addresses from the DHCP server in the Branch VLAN. Both DHCP servers are assigned to their VLANs through IP network address rules. page 8-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 191 Branch VLAN DHCP Port Rule DHCP Client 6 Branch VLAN DHCP Port Rule DHCP Client 7 Branch VLAN DHCP MAC Address Rule DHCP Client 8 Branch VLAN DHCP MAC Address Rule OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-23...
Page 192 . With DHCP Relay enabled, this VLAN router can provide connectivity between the server in the Branch and the DHCP VLAN DHCP clients in the Production VLAN DHCP Port and MAC Rule Application Example page 8-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 193: Verifying Vlan Rule Configuration
For more information about the resulting display from this command, see the OmniSwitch CLI Reference Guide. An example of the output for the show vlan rules command is also given in “Sample VLAN Rule Configuration” on page 8-3. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 8-25...
Page 194 Verifying VLAN Rule Configuration Defining VLAN Rules page 8-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 195: Configuring Port Mapping
“Restoring Bidirectional Port Mapping” on page 9-4. Configuring an example Port Mapping Session—see “Sample Port Mapping Configuration” on • page 9-5. Verifying a Port Mapping Session—see “Verifying the Port Mapping Configuration” on page 9-6. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 9-1...
Page 196: Port Mapping Specifications
ID -> show port mapping 3 SessionID USR-PORT NETWORK-PORT -----------+----------------+------------------ You can also verify the status of a port mapping session by using the show port mapping status command. page 9-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 197: Creating/Deleting A Port Mapping Session
6, you would enter: -> no port mapping 6 Note. You must delete any attached ports with the port mapping user-port network-port command before you can delete a port mapping session. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 9-3...
Page 198: Enabling/Disabling A Port Mapping Session
-> port mapping 5 bidirectional Note. To change the direction of an active session with network ports, delete the network ports of the session, change the direction, and recreate the network ports. page 9-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 199: Sample Port Mapping Configuration
Switch A except 3/1, 3/2, and 3/3. They also interact with all the ports on Switch B and Switch C. Ports 3/1, 3/2, and 2/1 on Switch C can interact with all the user ports on the network except 3/1, 3/2, • 3/3 on Switch A. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 9-5...
Page 200: Example Port Mapping Configuration Steps
Displays the configuration of one or more port mapping sessions. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 9-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 201: Using Interswitch Protocols
10 Using Interswitch Protocols Alcatel Interswitch Protocols (AIP) are used to discover adjacent switches and retain mobile port informa- tion across switches. The following protocol is supported: Alcatel Mapping Adjacency Protocol (AMAP), which is used to discover the topology of •...
Page 202: Chapter 10 Using Interswitch Protocols
AIP Specifications Using Interswitch Protocols AIP Specifications Standards Not applicable at this time. AMAP is Alcatel propri- etary protocol. Maximum number of IP addresses propagated by AMAP AMAP Defaults Parameter Description Command Default AMAP status amap Enabled Discovery time interval...
Page 203: Amap Overview
AMAP Overview AMAP Overview The Alcatel Mapping Adjacency Protocol (AMAP) is used to discover the topology of OmniSwitches or Omni S/Rs in a particular installation. Using this protocol, each switch determines which OmniSwitches or Omni S/Rs are adjacent to it by sending and responding to Hello update packets. For the purposes of...
Page 204: Discovery Transmission State
Hello packet in reply. If a port transitions to the passive reception state, any remote switch entries for that port are deleted. page 10-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 205: Common Transmission And Remote Switches
To change the discovery timeout interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> amap discovery 60 -> amap discovery time 60 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 10-5...
Page 206: Configuring The Amap Common Timeout Interval
To change the common timeout interval, use either of these forms of the command with the desired value (any value between 1 and 65535). Note that use of the time command keyword is optional. For example: -> amap common 600 -> amap common time 600 page 10-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 207: Displaying Amap Information
Remote Device = OS6800, Remote Base MAC = 00:20:da:99:96:60, Remote Interface = 4/8, Remote Vlan = 455, Number of Remote IP Address(es) Configured = 3, Remote IP(s) = 192.206.183.10 192.206.184.20 192.206.185.30 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 10-7...
Page 208 OmniSwitch 7800 Remote Switch C Local Remote interface 1/8 0020da:999660 interface Remote interface 2/8 Remote interface 4/8 See the OmniSwitch CLI Reference Guide for information about the show amap command. page 10-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 209: Chapter 11 Configuring 802.1Q
For information on creating and managing VLANs, see Chapter 4, “Configuring VLANs.” For information on creating and managing link aggregation groups, see Chapter 12, “Configuring Static Link Aggregation” Chapter 13, “Configuring Dynamic Link Aggregation.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 11-1...
Page 210: 802.1Q Specifications
The following table shows the default settings of the configurable 802.1Q parameters. 802.1Q Defaults Parameter Description Command Default Value/Comments What type of frames accepted vlan 802.1q frame type Both tagged and untagged frames are accepted page 11-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 211: 802.1Q Overview
802.1Q Overview 802.1Q Overview Alcatel’s 802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identifi- cation. This chapter details procedures for configuring and monitoring 802.1Q tagging on a single port in a switch or a link aggregation group in a switch.
Page 212 QoS and trusted ports, see Chapter 24, “Configuring QoS.” Alcatel’s 802.1Q tagging is done at wire speed, providing high-performance throughput of tagged frames. The procedures below use CLI commands that are thoroughly described in “802.1Q Commands” of the OmniSwitch CLI Reference Guide.
Page 213: Configuring An 802.1Q Vlan
The VLAN used to handle traffic on the tagged port must be created prior to using the vlan 802.1q command. Creating a VLAN is described in Chapter 4, “Configuring VLANs.” For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 11-5...
Page 214: Enabling Tagging With Link Aggregation
Note. The link aggregation group must be created first before it can be set to use 802.1Q tagging For more specific information, see the vlan 802.1q command section in the OmniSwitch CLI Reference Guide. page 11-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 215: Configuring The Frame Type
Note. You cannot configure a link aggregation group to accept only tagged frames. For more specific information, see the vlan 802.1q frame type command section in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 11-7...
Page 216: Show 802.1Q Information
TAG PORT 3/4 VLAN 2 -> show 802.1q 2 Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG AGGREGATE 2 VLAN 3 To display all VLANs, enter the following command: -> show vlan port page 11-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 217: Application Example
Check the configuration using the show 802.1q command, as follows: -> show 802.1q 1/1 Acceptable Frame Type Any Frame Type Force Tag Internal Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG PORT 1/1 VLAN 2 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 11-9...
Page 218 3 802.1q 5 as shown below: -> vlan 3 802.1q 5 Check the configuration using the show 802.1q command, as follows: -> show 802.1q 5 Tagged VLANS Internal Description -------------+-------------------------------------------------+ TAG AGGREGATE 5 VLAN 3 page 11-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 219: Verifying 802.1Q Configuration
Displays 802.1Q tagging information for a single port or a link aggrega- tion group. For more information about the resulting display, see Chapter 1, “802.1Q Commands,” in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 11-11...
Page 220 Verifying 802.1Q Configuration Configuring 802.1Q page 11-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 221: Chapter 12 Configuring Static Link Aggregation
• Gigabit Ethernet backbones. Note. This chapter only covers static link aggregation for OmniSwitch 6600 Family switches. Please refer to the OmniSwitch 7700/7800/8800 Network Configuration Guide for information on configuring static link aggregation on OmniSwitch 7700, 7800, and 8800 switches and the OmniSwitch 6800 Series Network Configuration Guide for OmniSwitch 6800 Series switches.
Page 222: Configuring Static Link Aggregation
The table below lists default values and the commands to modify them for static aggregate groups. Parameter Description Command Default Value/Comments Administrative State static linkagg admin state enabled Group Name static linkagg name No name configured page 12-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 223: Quick Steps For Configuring Static Link Aggregation
-> static agg 1/11 agg num 1 -> static agg 1/12 agg num 1 Create a VLAN for this static link aggregate group with the vlan command. For example: -> vlan 10 port default 1 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-3...
Page 224 -> static agg 1/9 agg num 1 -> static agg 1/10 agg num 1 -> static agg 1/11 agg num 1 -> static agg 1/12 agg num 1 -> vlan 10 port default 1 page 12-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 225: Static Link Aggregation Overview
2, 4, 8, or 16 physical links in a stack. Up to 30 static and or dynamic link aggregation groups can be configured on a stack consisting of up to eight OmniSwitch 6600 Family switches. Static aggregate groups can be created between two OmniSwitch 6600 Family switches, between an OmniSwitch 6600 Family switch and an OmniSwitch 7700/7800 or 8800 switch, or between an OmniSwitch 6600 Family switch and an early-generation Alcatel switch such as an OmniSwitch/Router.
Page 226: Relationship To Other Features
Spanning Tree. For more information on Spanning Tree see Chapter 5, “Configuring Spanning Tree • Parameters.” Note. See “Application Example” on page 12-16 for tutorials on using link aggregation with other features. page 12-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 227: Configuring Static Link Aggregation Groups
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups Configuring Static Link Aggregation Groups This section describes how to use Alcatel’s Command Line Interface (CLI) commands to configure static link aggregate groups. See “Configuring Mandatory Static Link Aggregate Parameters” on page 12-7 more information.
Page 228: Creating And Deleting A Static Link Aggregate Group
5 from a switch’s configuration you would enter: -> no static linkagg 5 Note. You must delete any attached ports with the static agg agg num command before you can delete a static link aggregate group. page 12-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 229: Adding And Deleting Ports In A Static Aggregate Group
Note. You can add up to 16 ports to a single aggregate group in a stack as long as no more than 8 ports are added on a single switch. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-9...
Page 230 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6624 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6624/6600-U24/6600-P24 Valid Port Assignment Locations page 12-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 231 LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6648 LINK/ACT LINK/ACT LINK/ACT LINK/ACT CONSOLE EXPANSION/STACKING EXPANSION TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6648 Valid Port Assignment Locations OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-11...
Page 232 CLASS 1 LASER PRODUCT Size = 2 OmniSwitch 6602-24 Stack CLASS 1 LASER PRODUCT Size = 4 OmniSwitch 6602-24 Stack CLASS 1 LASER PRODUCT Size = 8 OmniSwitch 6624/6600-U24/6600-P24 Valid Port Configuration Locations page 12-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 233 CLASS 1 LASER PRODUCT Size = 2 OmniSwitch 6602-48 Stack CLASS 1 LASER PRODUCT Size = 4 OmniSwitch 6602-48 Stack CLASS 1 LASER PRODUCT Size = 8 OmniSwitch 6602-48 Valid Port Configuration Locations OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-13...
Page 234: Removing Ports From A Static Aggregate Group
-> static agg no 1/24 -> static agg no 1/23 -> static agg no 1/22 page 12-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 235: Modifying Static Aggregation Group Parameters
To disable a static aggregate group by entering static linkagg followed by the number of the group and admin state disable. For example, to disable static aggregate group 1 you would enter: -> static linkagg 1 admin state disable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-15...
Page 236: Application Example
Create VLAN 8 by entering: -> vlan 8 Configure 802.1Q tagging with a tagging ID of 8 on static aggregate group 1 (on VLAN 8) by entering: -> vlan 8 802.1q 1 page 12-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 237 Repeat steps 1 through 4 on Switch B. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. Optional. Use the show 802.1q command to display 802.1Q configurations. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 12-17...
Page 238: Displaying Static Link Aggregation Configuration And Statistics
Port position in the aggregate : 0, Primary port : NONE Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. page 12-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 239: Configuring Dynamic Link Aggregation
13 Configuring Dynamic Link Aggregation Alcatel’s dynamic link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation can provide the following benefits: Scalability. You can configure up to 30 link aggregation groups that can consist of 2, 4, or 8 on a •...
Page 240: Dynamic Link Aggregation Specifications
All dynamic link aggregation configuration com- mands support prefix recognition. (Dynamic link aggregation show commands do not support prefix recognition.) See the “Using the CLI” chapter in the OmniSwitch 6600 Family Switch Management Guide for more information. page 13-2 OmniSwitch 6600 Family Network Configuration Guide...
Page 241: Dynamic Link Aggregation Default Values
Actor Port Priority lacp agg actor port priority Partner Port Administrative Port lacp agg partner admin port Partner Port Priority lacp agg partner admin port priority OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-3...
Page 242: Quick Steps For Configuring Dynamic Link Aggregation
-> lacp agg 2/15 actor admin key 5 -> lacp agg 2/16 actor admin key 5 Create a VLAN for this dynamic link aggregate group with the vlan command. For example: -> vlan 2 port default 2 page 13-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 243 -> lacp agg 1/6 actor admin key 5 -> lacp agg 1/7 actor admin key 5 -> lacp agg 1/8 actor admin key 5 -> vlan 2 port default 2 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-5...
Page 244 -> lacp agg 2/14 actor admin key 5 -> lacp agg 2/15 actor admin key 5 -> lacp agg 2/16 actor admin key 5 -> vlan 2 port default 2 page 13-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 245: Dynamic Link Aggregation Overview
“Relationship to Other Features” on page 13-9 for more information on how link aggregation interacts with other software features.) Alcatel’s link aggregation software allows you to configure the following two different types of link aggregation groups: Static link aggregate groups •...
Page 246 Example of a Dynamic Aggregate Group Network Dynamic aggregate groups can be created between two OmniSwitch 6600 Family switches, between an OmniSwitch 6600 Family switch and an OmniSwitch 7700/7800 or 8800 switch, or between an OmniSwitch 6600 Family switch and another vendor’s switch if that vendor supports IEEE 802.3ad LACP.
Page 247: Relationship To Other Features
Spanning Tree. For more information on Spanning Tree see Chapter 5, “Configuring Spanning Tree • Parameters.” Note. See “Application Examples” on page 13-34 for tutorials on using link aggregation with other features. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-9...
Page 248: Configuring Dynamic Link Aggregate Groups
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation Configuring Dynamic Link Aggregate Groups This section describes how to use Alcatel’s Command Line Interface (CLI) commands to create, modify, and delete dynamic aggregate groups. See “Configuring Mandatory Dynamic Link Aggregate Parame- ters”...
Page 249: Creating And Deleting A Dynamic Aggregate Group
For example, Alcatel recommends assigning the actor admin key when you create the dynamic aggregate group to help ensure that ports are assigned to the correct group. To create a dynamic aggregate group with aggregate number 3 consisting of two ports with an admin actor key of 10, for example, enter: ->...
Page 250: Configuring Ports To Join And Removing Ports In A Dynamic Aggregate Group
Note. You can configure up to 16 ports to join a single aggregate group in a stack as long as no more than 8 ports are configured on a single switch. page 13-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 251 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6624 CONSOLE EXPANSION EXPANSION/STACKING TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6624/6600-U24/6600-P24 Valid Port Configuration Locations OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-13...
Page 252 LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 4 OmniSwitch 6648 LINK/ACT LINK/ACT LINK/ACT LINK/ACT CONSOLE EXPANSION/STACKING EXPANSION TEMP LINK/ACT LINK/ACT LINK/ACT LINK/ACT Size = 8 OmniSwitch 6648 Valid Port Configuration Locations page 13-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 253 CLASS 1 LASER PRODUCT Size = 2 OmniSwitch 6602-24 Stack CLASS 1 LASER PRODUCT Size = 4 OmniSwitch 6602-24 Stack CLASS 1 LASER PRODUCT Size = 8 OmniSwitch 6624/6600-U24/6600-P24 Valid Port Configuration Locations OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-15...
Page 254 CLASS 1 LASER PRODUCT Size = 2 OmniSwitch 6602-48 Stack CLASS 1 LASER PRODUCT Size = 4 OmniSwitch 6602-48 Stack CLASS 1 LASER PRODUCT Size = 8 OmniSwitch 6602-48 Valid Port Configuration Locations page 13-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 255 For example, to configure actor administrative key of 10, a local system ID (MAC address) of 00:20:da:06:ba:d3, and a local priority of 65535 to slot 4 port 1, enter: -> lacp agg 4/1 actor admin key 10 actor system id 00:20:da:06:ba:d3 actor system priority 65535 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-17...
Page 256: Removing Ports From A Dynamic Aggregate Group
The following is an example of how to delete ports in the proper sequence from the console -> lacp agg no 4/24 -> lacp agg no 4/23 -> lacp agg no 4/22 page 13-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 257: Modifying Dynamic Link Aggregate Group Parameters
The table on page 13-3 lists default group and port settings for Alcatel’s dynamic link aggregation soft- ware. These parameters ensure compliance with the IEEE 802.3ad specification. For most networks, these default values do not need to be modified or will be modified automatically by switch software. However,...
Page 258: Modifying The Dynamic Aggregate Group Administrative State
0 through 65535. For example, to configure dynamic aggregate group 4 with an administrative key of 10 you would enter: -> lacp linkagg 4 actor admin key 10 page 13-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 259: Modifying The Dynamic Aggregate Group Actor System Priority
(in the hexadecimal format of xx:xx:xx:xx:xx:xx), which is used as the system ID. For example, to configure the system ID on dynamic aggregate group 4 as 00:20:da:81:d5:b0 you would enter: -> lacp linkagg 4 actor system id 00:20:da:81:d5:b0 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-21...
Page 260: Modifying The Dynamic Aggregate Group Partner Administrative Key
To restore the dynamic aggregate group partner system priority to its default (i.e., 0) value use the no form of the lacp linkagg partner system priority command by entering lacp linkagg followed by the dynamic aggregate group number and no partner system priority. page 13-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 261: Modifying The Dynamic Aggregate Group Partner System Id
All of the commands to modify actor port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 1, “Configuring Ethernet Ports,”...
Page 262: Modifying The Actor Port System Administrative State
Specifying this keyword has no effect because the system always deter- mines its value. When this bit (bit 6) is set by the system, it indicates that the actor is using defaulted partner information administratively configured for the partner. page 13-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 263: Modifying The Actor Port System Id
You can configure the actor port system ID by entering lacp agg, the slot number, a slash (/), the port number, actor system id, and the user specified actor port system ID (i.e., MAC address) in the hexadeci- mal format of xx:xx:xx:xx:xx:xx. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-25...
Page 264: Modifying The Actor Port System Priority
(/), the port number, and no actor system priority. For example, to remove a user-configured system priority from dynamic aggregate actor port 5 in slot 2 you would enter: -> lacp agg 2/5 no actor system priority page 13-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 265: Modifying The Actor Port Priority
(/), the port number, and no actor port priority. For example, to remove a user-configured actor priority from dynamic aggregate actor port 1 in slot 2 you would enter: -> lacp agg 2/1 no actor port priority OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-27...
Page 266: Modifying Dynamic Aggregate Partner Port Parameters
All of the commands to modify partner port parameters allow you to add the ethernet, fastethernet, and gigaethernet keywords before the slot and port number to document the interface type or make the command look consistent with early-generation Alcatel CLI syntax. However, these keywords do not modify a port’s configuration. See Chapter 1, “Configuring Ethernet Ports,”...
Page 267 For example, to restore bits 0 (active) and 2 (aggregate) to their default settings on dynamic aggregate partner port 1 in slot 7 you would enter: -> lacp agg 7/1 partner admin state no active no aggregate OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-29...
Page 268: Modifying The Partner Port Administrative Key
00:00:00:00:00:00. The following subsections describe how to configure a user-specified value and how to restore the value to its default value with the lacp agg partner admin system id command. page 13-30 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 269: Modifying The Partner Port System Priority
CLI syntax. For example, to modify the administrative priority of dynamic aggregate partner port 49 in slot 4 to 100 and specify that the port is a Gigabit Ethernet port you would enter: -> lacp agg gigaethernet 4/49 partner admin system priority 100 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-31...
Page 270: Modifying The Partner Port Administrative Status
To configure the partner port priority to a value ranging from 0 to 255 by entering lacp agg, the slot number, a slash (/), the port number, partner admin port priority, and the user-specified partner port priority. page 13-32 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 271 For example, to remove a user-configured partner port priority from dynamic aggregate partner port 3 in slot 4 you would enter: -> lacp agg 4/3 no partner admin port priority OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-33...
Page 272: Application Examples
Note. Although you would need to configure both the local (i.e., Switch A) and remote (i.e., Switches B and C) switches, only the steps to configure the local switch are provided since the steps to configure the remote switches are not significantly different. page 13-34 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 273: Link Aggregation And Spanning Tree Example
-> bridge 10 5 mode priority 15 Repeat steps 1 through 5 on Switch B. All the commands would be the same except you would substi- tute the appropriate port numbers. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-35...
Page 274: Link Aggregation And Qos Example
8 and 9 above by entering: -> policy rule vlan12_rule enable condition vlan12_condition action vlan12_action Enable your 802.1p QoS settings by entering qos apply as shown below: -> qos apply page 13-36 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 275 Repeat steps 1 through 9 on Switch C. All the commands would be the same except you would substi- tute the appropriate port numbers. Note. If you do not use the qos apply command any QoS policies you configured will be lost on the next switch reboot. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-37...
Page 276: Displaying Dynamic Link Aggregation Configuration And Statistics
For example, to display detailed statistics for port 1 in slot 2 that is attached to dynamic link aggregate group 1 you would enter: -> show linkagg port 2/1 page 13-38 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 277 Partner Admin State : act0.tim0.agg1.syn1.col1.dis1.def1.exp0, Partner Oper State : act0.tim0.agg1.syn0.col1.dis1.def1.exp0 Note. See the “Link Aggregation Commands” chapter in the OmniSwitch CLI Reference Guide for complete documentation of show commands for link aggregation. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 13-39...
Page 278 Displaying Dynamic Link Aggregation Configuration and Statistics Configuring Dynamic Link Aggregation page 13-40 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 279: 14 Configuring Ip
Chapter 16, “Configuring RIP,” in this manual; or “Configuring OSPF” in the OmniSwitch 6600 Family Advanced Routing Configuration Guide. There are two versions of Internet Protocol supported: IPv4 and IPv6. For more information about using IPv6, see Chapter 15, “Configuring IPv6.”...
Page 280: Ip Specifications
The following table lists the defaults for IP configuration through the ip command. Description Command Default IP-Directed Broadcasts ip directed-broadcast Time-to-Live Value ip default-ttl 64 (hops) IP interfaces ip interface VLAN 1 interface. ARP filters arp filter page 14-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 281: Quick Steps For Configuring Ip Forwarding
Using only IP, which is always enabled on the switch, devices connected to ports on the same VLAN are able to communicate at Layer 2. The initial configuration for all Alcatel switches consists of a default VLAN 1. All switch ports are initially assigned to this VLAN. When another switch is added (stacked), all of that switch’s ports are also assigned to VLAN 1.
Page 282: Ip Overview
SNMP agents on an IP network. Network administrators use SNMP to monitor network perfor- mance and manage network resources. For more information, see the “Using SNMP” chapter in the OmniSwitch 6600 Family Switch Management Guide. Telnet—Used for remote connections to a device. You can telnet to a switch and configure the switch •...
Page 283: Additional Ip Protocols
Router Discovery Protocol (RDP)—Used to advertise and discover routers on the LAN. For more • information, see Chapter 17, “Configuring RDP.” Multicast Services—Includes IP multicast switching (IPMS). For more information, see Chapter 26, • “Configuring IP Multicast Switching.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-5...
Page 284: Ip Forwarding
IP network address (e.g., IP - 21.0.0.10). Alcatel switches support routing of IP traffic. A VLAN is available for routing when at least one router interface is defined for that VLAN and at least one active port is associated with the VLAN. If a VLAN does not have a router interface, the ports associated with that VLAN are in essence firewalled from other VLANs.
Page 285: Configuring An Ip Router Interface
ARP and primary interface status: -> ip interface Accounting address 71.0.0.1 mask 255.0.0.0 vlan 955 forward e2 mtu 1500 no local-proxy-arp no primary -> ip interface Accounting address 71.0.0.1 vlan 955 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-7...
Page 286: Modifying An Ip Router Interface
-> no ip interface Marketing To view a list of IP interfaces configured on the switch, use the show ip interface command. For more information about this command, see the OmniSwitch CLI Reference Guide. page 14-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 287: Creating A Static Route
0.0.0.0, and the IP address of the next hop (gateway). For example, to create a default route through gateway 171.11.2.1 you would enter: -> ip static-route 0.0.0.0 mask 0.0.0.0 gateway 171.11.2.1 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-9...
Page 288: Configuring Address Resolution Protocol (Arp)
When deleting an ARP entry, you only need to enter the IP address. For example to delete an entry for IP address 171.11.1.1, you would enter: -> no arp 171.11.1.1 Use the show arp command to display the ARP table and verify that the entry was deleted. page 14-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 289: Clearing Dynamic Arp Entries
ARP filter: An IP address (e.g., 193.204.173.21) used to determine whether or not an ARP packet is filtered. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-11...
Page 290 -> clear arp filter Use the show arp filter command to verify the ARP filter configuration. For more information about this and other ARP filter commands, see the OmniSwitch CLI Reference Guide. page 14-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 291: Ip Configuration
TTL value of 75, you would enter: -> ip default-ttl 75 The default hop count is 64. The valid range is 1 to 255. Use the show ip config command to display the default TTL value. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-13...
Page 292: Ip-Directed Broadcasts
SNMP trap. Decay value. A decay value is set. The running penalty total is divided by the decay value every • minute. page 14-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 293 Threshold = 2000 Decay = 3 10 TCP closed port packets Do Not Generate DoS Attack Warning 10 UDP closed port packets OmniSwitch 6648 Trap Minute 1 Penalty Total = 100 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-15...
Page 294 For example, to assign a penalty value of 10 to TCP/UDP packets destined for closed ports, enter the following: -> ip dos scan udp open-port-penalty 10 page 14-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 295: Enabling/Disabling Ip Services
To enable or disable more than one service in a single command line, enter each service name separated by a space. For example, the following command enables the telnet, ftp, and snmp service ports: -> ip service telnet ftp snmp OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-17...
Page 296 The following table lists ip service command options for specifying TCP/UDP services and also includes the well-known port number associated with each service: service port telnet http secure-http avlan-http avlan-secure-http avlan-telnet udp-relay network-time snmp proprietary 1024 proprietary 1025 page 14-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 297: Managing Ip
Time-Exceeded Message—Sent by the switch if an IP packet’s TTL field reaches zero. The TTL field • prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop. Once a packet’s TTL field reaches 0, the switch discards the packet. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-19...
Page 298 (obsolete) information reply (obsolete) address mask request address mask reply page 14-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 299 For example: -> icmp messages enable To disable all ICMP messages, enter the same command with the disable keyword. For example: -> icmp messages enable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-21...
Page 300: Icmp Control Table
The ICMP Statistics table displays ICMP statistics and errors. This data can be used to monitor and trou- bleshoot IP on the switch. Use the show icmp statistics command to display the table. page 14-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 301: Using The Ping Command
10 you would enter: -> traceroute 172.22.2.115 max-hop 10 Displaying TCP Information Use the show tcp statistics command to display TCP statistics. Use the show tcp ports command to display TCP port information. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-23...
Page 302: Displaying Udp Information
Displays the statistics on detected port scans for the switch. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 14-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 303: 15 Configuring Ipv6
This chapter provides an overview of IPv6 and includes information about the following procedures: “Configuring an IPv6 Interface” on page 15-10. • “Assigning IPv6 Addresses” on page 15-12. • “Configuring IPv6 Tunnel Interfaces” on page 15-14. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-1...
Page 304: Ipv6 Specifications
IPv6 Defaults The following table lists the defaults for IPv6 configuration through the ip command. Description Command Default Global status of IPv6 on the Enabled switch IPv6 interfaces ipv6 interface None page 15-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 305: Quick Steps For Configuring Ipv6 Routing
-> ipv6 rip interface v6if-v300 IPv6 routing is now configured for VLAN 200 and VLAN 300 interfaces, but is not active until at least one port in each VLAN goes active. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-3...
Page 306: Ipv6 Overview
Embedded IPv4 addresses in the four lower-order bits of the IPv6 address. • The remainder of this section provides a brief overview of the new IPv6 address notation, autoconfigura- tion of addresses, and tunneling of IPv6 over IPv4. page 15-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 307: Ipv6 Addressing
(::) is used to identify these words. For exam- ple, using zero compression the address 0:0:0:0:1234:531F:BCD2:F34A is expressed as follows: ::1234:531F:BCD2:F34A OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-5...
Page 308: Ipv6 Address Prefix Notation
0xFF and 0xFE between the third and fourth octets of the address. These modifications were done because IPv6 requires an interface ID that is derived using Modified EUI-64 format. page 15-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 309: Tunneling Ipv6 Over Ipv4
6to4 router can communicate with one or more other 6to4 routers across the IPv4 cloud. Two common scenarios for using 6to4 tunnels are described below. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-7...
Page 310 IPv6 hosts connected to an IPv6 domain. Therefore, the relay router participates in both the IPv4 and IPv6 routing domains. The following diagram illustrates the basic traffic flow between native IPv6 hosts and 6to4 sites: page 15-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 311: Configured Tunnels
15-14. For more detailed information about configured tunnels, refer to RFC 2893. Note that RFC 2893 also discusses automatic tunnels, which are not supported with this implementation of IPv6. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-9...
Page 312: Configuring An Ipv6 Interface
-> ipv6 interface v6if-v200 vlan 200 -> ipv6 interface v6if-tunnel-35 tunnel 35 To create an IPv6 interface for a 6to4 tunnel, the following command is used: -> ipv6 interface v6if-6to4 tunnel 6to4 page 15-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 313: Modifying An Ipv6 Interface
To remove an IPv6 interface from the switch configuration, use the no form of the ipv6 interface command. Note that it is only necessary to specify the name of the interface, as shown in the following example: -> no ipv6 interface v6if-v200 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-11...
Page 314: Assigning Ipv6 Addresses
Manual configuration of addresses is required for all additional addresses. “IPv6 Addressing” on page 15-5 for an overview of IPv6 address notation. Refer to RFC 3513 for more technical address information. page 15-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 315: Removing An Ipv6 Address
-> no ipv6 address 4100:1000::20/64 v6if-v200 Note that the subnet router anycast address is automatically deleted when the last unicast address of the same subnet is removed from the interface. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-13...
Page 316: Configuring Ipv6 Tunnel Interfaces
RIPng interface is created for the tunnel interface. For example, the following command creates an RIPng interface for tunnel v6if-tunnel-137: -> ipv6 rip interface v6if-tunnel-137 page 15-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 317: Verifying The Ipv6 Configuration
Displays the UDP Over IPv6 Listener Table. Contains information about UDP/IPv6 endpoints. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 15-15...
Page 318 Verifying the IPv6 Configuration Configuring IPv6 page 15-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 319: Chapter 16 Configuring Rip
– Configuring RIP Redistribution Policies (see page 16-10) – Configuring RIP Redistribution Filters (see page 16-11) RIP Security • – Configuring Authentication Type (see page 16-14) – Configuring Passwords (see page 16-15) OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-1...
Page 320: Rip Specifications
Redistribution Filter Metric ip rip redist-filter metric Redistribution Filter Control ip rip redist-filter redist-control all-subnets Redistribution Filter Route Tag ip rip redist-filter route-tag RIP Interface Authentication ip rip interface auth-type none page 16-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 321: Quick Steps For Configuring Rip Routing
Enable the RIP interface using the ip rip interface status command. For example: -> ip rip interface 171.11.1.1 status enable Enable redistribution of local routes on the switch using the ip rip redist command. For example: -> ip rip redist local OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-3...
Page 322: Rip Overview
Open Shortest Path First (OSPF)—An IGP that provides a routing function similar to RIP but uses • different techniques to determine the best route for a datagram. OSPF is part of Alcatel’s Advanced Routing Software. For more information see the “Configuring OSPF” chapter in the OmniSwitch 6624/ 6648 Advanced Routing Configuration Guide.
Page 323: Rip Version 2
VLAN 2, and a physical connection has been made between the switches. Therefore, workstations connected to VLAN 1 on Switch 1 can communicate with workstations connected to VLAN 3 on Switch 2. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-5...
Page 324: Loading Rip
-> ip rip status enable Use the ip rip status disable command to disable RIP routing on the switch. Use the show ip rip command to display the current RIP status. page 16-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 325: Creating A Rip Interface
• none. Interface will not forward RIP packets. • The default RIP send option is v2. Use the show ip rip interface command to display the current interface send option. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-7...
Page 326: Configuring The Rip Interface Receive Option
-> ip rip route-tag 1 The valid route tag value range is 1 to 2147483647. The default is 0. Use the show ip rip command to display the current route tag value. page 16-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 327: Rip Options
RIP. Basically, redistribution makes a non-RIP route look like a RIP route. Configuring RIP redistribution consists of the following tasks: Enabling RIP Redistribution Configuring a RIP Redistribution Policy OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-9...
Page 328: Enabling Rip Redistribution
Note. If you are configuring more than one route type, you must repeat the command for each one. Use the show ip rip redist command to display the status of RIP policies. page 16-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 329: Configuring A Redistribution Metric
Note. You must first configure a redistribution policy before configuring a filter for a route type. See “Configuring a RIP Redistribution Policy” on page 16-10 for information on configuring redistribution policies. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-11...
Page 330: Creating A Redistribution Filter
For example, if you wanted to redistribute all OSPF routes to the 172.22.0.0 network except routes to subnetwork 3 you would used the following commands: -> ip rip redist-filter ospf 172.22.0.0 255.255.0.0 effect permit -> ip rip redist-filter ospf 172.22.3.0 255.255.255.0 effect deny page 16-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 331: Configuring A Redistribution Filter Metric
For example, if you wanted to configure a route tag value of 1 for OSPF routes to the 172.22.0.0 network you would enter: -> ip rip redist-filter ospf 172.22.0.0 255.255.0.0 route-tag 1 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-13...
Page 332: Rip Security
For example, to configure RIP interface 172.22.2.115 for simple authentication you would enter: -> ip rip interface 172.22.2.115 auth-type simple To configure RIP interface 172.22.2.115 for MD5 authentication you would enter: -> ip rip interface 172.22.2.115 md5 auth-type md5 page 16-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 333: Configuring Passwords
Displays general RIP redistribution parameters. show ip rip redist-filter Displays currently-configured RIP redistribution filters. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 16-15...
Page 334 Verifying the RIP Configuration Configuring RIP page 16-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 335: Chapter 17 Configuring Rdp
17-9. • “Setting the Advertisement Lifetime” on page 17-10. • “Setting the Preference Levels for Router IP Addresses” on page 17-11. • “Verifying the RDP Configuration” on page 17-11. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-1...
Page 336: Rdp Specifications
(3 * maximum advertisement interval) advertisement- considered valid lifetime Preference level for IP addresses ip router-discovery interface preference- contained in an advertisement packet level page 17-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 337: Quick Steps For Configuring Rdp
To verify the configuration for a specific RDP interface, specify the interface IP router interface name when using the show ip router-discovery interface command. The display is similar to the one shown below. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-3...
Page 338 = 1800 secs, Preference Level = 0x0, #Packets sent = 3, #Packets received For more information about this command, refer to the “RDP Commands” chapter in the OmniSwitch CLI Reference Guide. page 17-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 339: Rdp Overview
ICMP messages on Network 17.0.0.0. RDP enabled routers RS-1 and RS-2 pick up these packets on their RDP interfaces 1/1 and 1/2 and respond with router advertisement ICMP messages. RS-1 and RS-2 also periodically send out router advertisements on their RDP interfaces. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-5...
Page 340: Rdp Interfaces
See “Defining the Advertisement Interval” on page 17-9 “Setting the Advertisement Life- time” on page 17-10 for more information. page 17-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 341: Security Concerns
Chapter 24, “Configuring QoS,” for more information about DoS attacks.) Note. Security concerns associated with using RDP are generic to the feature as defined in RFC 1256 and not specific to this implementation. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-7...
Page 342: Enabling/Disabling Rdp
VLAN associated with the Marketing interface. These packets contain the IP address associated with the Marketing interface for the purposes of advertising this interface on the network. page 17-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 343: Specifying An Advertisement Destination Address
16 seconds. This facilitates a quick discovery of this router on the network. After these initial transmissions, advertisements occur at random times within the advertisement interval value or in response to solicitation messages received from network hosts. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-9...
Page 344: Setting The Maximum Advertisement Interval
By default, the lifetime value is set to 3 * the current maximum interval value (1800 seconds if the maxi- mum interval is set to its default value of 600 seconds). page 17-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 345: Setting The Preference Levels For Router Ip Addresses
Guide. An example of the output for the show ip router-discovery and show ip router-discovery interface commands is also given in “Quick Steps for Configuring RDP” on page 17-3. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 17-11...
Page 346 Verifying the RDP Configuration Configuring RDP page 17-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 347: Chapter 18 Configuring Dhcp Relay
• Using the Relay Agent Information Option (Option-82) on page 18-15. • Using DHCP Snooping on page 18-17. • For information about the IP protocol, see Chapter 14, “Configuring IP.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-1...
Page 348: Dhcp Relay Specifications
Relay Service. IP addresses supported for the Maximum of 8 IP addresses for each VLAN relay service. Per-VLAN service Maximum of 256 VLAN relay services. Maximum number of DHCP Snooping VLANs page 18-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 349: Dhcp Relay Defaults
BootP type (BootP or DHCP) Relay Agent Information Option ip helper agent-informa- Disabled tion Switch-level DHCP Snooping ip helper dhcp-snooping Disabled VLAN-level DHCP Snooping ip helper dhcp-snooping Disabled vlan OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-3...
Page 350: Quick Steps For Setting Up Dhcp Relay
Forward Delay (seconds) = 15 Max number of hops Forward option = standard Forwarding Address: 128.100.16.1 For more information about this display, see the “DHCP Relay” chapter in the OmniSwitch CLI Reference Guide. page 18-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 351: Dhcp Relay Overview
Dynamic—DHCP assigns an IP address to a host for a limited period of time (or until the host explic- itly relinquishes the address). Manual—The network administrator assigns a host’s IP address and DHCP simply conveys the assigned address to the host. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-5...
Page 352: Dhcp And The Omniswitch
Using DHCP Relay with authenticated VLANs and clients also requires relay configuration of the router port address of the authenticated VLAN. See Chapter 21, “Configuring Authenticated VLANs,” for more information about this procedure. page 18-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 353: External Dhcp Relay Application
The DHCP server will assign a different IP address to each of the clients. The switch does not need an IP address assigned and all DHCP clients will be members of either a default VLAN or an IP protocol VLAN. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-7...
Page 354: Internal Dhcp Relay
DHCP Relay entity, it will be forwarded from VLAN 3 to VLAN 2. All the DHCP-ready clients in VLAN 3 must be members of the same VLAN, and the switch must have the DHCP Relay function configured. page 18-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 355: Dhcp Relay Implementation
If an IP address is not specified with this syntax, then all IP helper addresses are deleted. The following command deletes an IP helper address: -> ip helper no address 125.255.17.11 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-9...
Page 356: Per-Vlan Dhcp
DHCP server. The default values can be accepted for forward delay, hop count, and relay forwarding option. Alternately the relay function may be provided by an external router connected to the switch; in this case, the relay would be configured on the external router. page 18-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 357: Setting The Forward Delay
By default, the forwarding option is set to standard. To change the forwarding option value, enter ip helper followed by standard, avlan only, or per-vlan only. For example, -> ip helper avlan only -> ip helper standard -> ip helper per-vlan only OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-11...
Page 358: Using Automatic Ip Configuration
DHCP request packet to obtain an IP address for default VLAN 1. To disable automatic IP configuration for the switch, use the ip helper boot-up command with the disable option, as shown below: -> ip helper boot-up disable page 18-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 359: Configuring Udp Port Relay
UDP Port Relay on the generic service port. The second step involves specifying a VLAN that relay will forward traffic destined for the generic service port. Both steps are required and are described below. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-13...
Page 360: Enabling/Disabling Udp Port Relay
For example, the following command removes the VLAN 6 association with the NBNS/NBDD well-known service port: -> no ip udp relay nbnsnbdd vlan 6 For more information about using the ip udp relay vlan command, see the OmniSwitch CLI Reference Guide. page 18-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 361: Configuring Dhcp Security Features
The DHCP Option-82 feature is only applicable when DHCP relay is used to forward DHCP packets between clients and servers associated with different VLANs. In addition, a secure IP network must exist between the relay agent and the DHCP server. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-15...
Page 362: How The Relay Agent Processes Dhcp Packets From The Client
If the slot/port information does identify an actual port associated with the Circuit ID VLAN, then the agent strips the Option-82 data from the packet and unicasts the packet to the port identified in the Circuit ID suboption. page 18-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 363: Enabling The Relay Agent Information Option-82
A port is trusted if it is connected to a device inside the network, such as a DHCP server. A port is untrusted if it is connected to a device outside the network, such as a customer switch or workstation. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-17...
Page 364: Dhcp Snooping Configuration Guidelines
Configure ports connected to DHCP servers within the network as trusted ports. See “Configuring the • Port Trust Mode” on page 18-20 for more information. page 18-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 365: Enabling Dhcp Snooping
Disabling Option-82 is not allowed if the binding table is enabled. • Enabling the binding table is not allowed if Option-82 data insertion is not enabled at either the switch • or VLAN level. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-19...
Page 366: Configuring The Port Trust Mode
It is also possible to specify a range of ports. For example, the following command changes the trust mode for ports 2/1 through 2/10 to trusted: -> ip helper dhcp-snooping port 2/1-10 trust page 18-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 367: Configuring The Dhcp Snooping Binding Table
For example, the following command sets the timeout value to 600 seconds: -> ip helper dhcp-snooping binding timeout 600 Each time an automatic save is performed, the dhcpBinding.db file is time stamped. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-21...
Page 368: Synchronizing The Binding Table
See “Configuring the Binding Table Timeout” on page 18-21 for more information. page 18-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 369: Verifying The Dhcp Relay Configuration
Displays the VLAN assignments to which the traffic received on the specified UDP service port is forwarded. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 18-23...
Page 370 Verifying the DHCP Relay Configuration Configuring DHCP Relay page 18-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 371: Chapter 19 Configuring Vrrp
VRRP traps—see “Setting VRRP Traps” on page 19-12. • VRRP tracking—see “Creating Tracking Policies” on page 19-13. • Verifying the VRRP configuration—see “Verifying the VRRP Configuration” on page 19-14. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-1...
Page 372: Vrrp Specifications
1 second In addition, other defaults for VRRP include: Description Command Default VRRP traps vrrp trap Disabled VRRP tracking vrrp track Enabled VRRP delay vrrp delay 45 seconds page 19-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 373: Quick Steps For Creating A Virtual Router
= 255 Preempt = Yes Adv. Interval Virtual MAC = 00-00-5E-00-01-01 IP Address(es) 192.168.170.1 192.168.170.2 For more information about this and other show commands, see the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-3...
Page 374: Vrrp Overview
OmniSwitch B will respond to ARP requests for IP address B using the interface’s physical MAC address. It will not respond to ARP requests for IP address A or to the virtual router MAC address. page 19-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 375: Why Use Vrrp
Advertisement Interval is the time interval between VRRP advertisements, and Skew Time is calcu- lated based on the VRRP router’s priority value as follows: Skew Time = (256 - Priority) / 256 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-5...
Page 376: Vrrp Mac Addresses
The startup delay may be modified to allow more or less time for the router to stabilize its routing tables. In addition to the startup delay, the switch has an ARP delay (which not configurable). page 19-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 377: Vrrp Tracking
RDP will advertise IP addresses for any master routers; RDP will not adver- tise IP addresses for backup routers. For more information about RDP, see Chapter 17, “Configuring RDP.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-7...
Page 378: Configuration Overview
100. Note that the IP address owner will be automatically assigned a value of 255 if you do not specify the priority. See “Configuring Virtual Router Priority” on page 19-10 for more information about how priority is used. page 19-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 379: Specifying An Ip Address For A Virtual Router
In this example, virtual router 6 is disabled. (A virtual router must be disabled before IP addresses may be added/removed from the router.) IP address 10.10.2.3 is then removed from the virtual router with the no form of the vrrp ip command. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-9...
Page 380: Configuring The Advertisement Interval
255 when the router is enabled. To set the priority, use the vrrp command with the priority keyword and the desired value. For example: -> vrrp 6 4 disable -> vrrp 6 4 priority 50 page 19-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 381: Setting Preemption For Virtual Routers
In this example, a virtual router is created on VLAN 3 with a VRID of 7. An IP address is then assigned to the virtual router. The virtual router is then enabled on the switch. To disable a virtual router, use the disable keyword. -> vrrp 7 3 disable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-11...
Page 382: Setting Vrrp Traps
MIB. By default traps are enabled. In order for VRRP traps to be generated correctly, traps in general must be enabled on the switch through the SNMP CLI. See the OmniSwitch 6600 Family Switch Management Guide for more information about enabling SNMP traps globally.
Page 383: Creating Tracking Policies
Typically you should not configure the same IP address tracking policies on physical VRRP routers that back up each other; otherwise, the priority will be decremented for both master and backup when the entity being tracked goes down. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-13...
Page 384: Verifying The Vrrp Configuration
Displays information about tracking policies on the switch. show vrrp track-association Displays the tracking policies associated with virtual routers. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. page 19-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 385: Vrrp Application Example
Configure the IP addresses for each virtual router. -> vrrp 1 5 ip 10.10.2.250 -> vrrp 2 5 ip 10.10.2.245 Enable the virtual routers. -> vrrp 1 5 enable -> vrrp 2 5 enable OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-15...
Page 386 10.10.2.245 is assigned. If OmniSwitch B should become unavail- able, OmniSwitch A will become master for 10.10.2.245. This configuration provides uninterrupted service for the end hosts. page 19-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 387: Vrrp Tracking Example
1’s priority will be temporarily decremented to 50, allowing backup router 1 to take over and provide connectivity for those workstations. When port 3/1 on VRRP router A comes back up, master 1 will take over again. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 19-17...
Page 388 Note. The preempt option must be enabled on virtual router 1; otherwise the original master will not be able to take over. See “Setting Preemption for Virtual Routers” on page 19-11 for more information about enabling preemption. page 19-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 389: Managing Authentication Servers
For information about using servers for authenticating users to manage the switch, see the “Switch Secu- rity” chapter in the OmniSwitch 6600 Family Switch Management Guide. For information about using servers to retrieve authentication information for Layer 2 Authentication users (authenticated VLANs), see Chapter 21, “Configuring Authenticated VLANs.”...
Page 390: Chapter 20 Managing Authentication Servers
Authenticated Switch Access type CLI Command Prefix Recognition The aaa radius-server and aaa ldap-server commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6600 Family Switch Management Guide for more information. page 20-2 OmniSwitch 6600 Family Network Configuration Guide...
Page 391: Server Defaults
Timeout for server replies to authentication timeout requests Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-3...
Page 392: Quick Steps For Configuring Authentication Servers
Authenticated VLANs, see “AVLAN Configuration Overview” on page 21-4. For a quick overview of using the configured authentication servers with Authenticated Switch Access, see the OmniSwitch 6600 Family Switch Management Guide. page 20-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 393: Server Overview
For RADIUS and LDAP, additional servers may be configured as backups. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-5...
Page 394: Authenticated Vlans
OmniSwitch 6648 OmniSwitch 6648 The switch polls the servers for login information to Authenticated authenticate users through Authenticated VLAN 2 the switch. VLAN 1 Ethernet clients Servers Used for Authenticated VLANs page 20-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 395: Port-Based Network Access Control (802.1X)
OmniSwitch 6648 OmniSwitch 6648 authorization OmniSwitch granted RADIUS server Basic 802.1X Components For more information about configuring 802.1X ports on the switch, see Chapter 22, “Configuring 802.1X.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-7...
Page 396: Ace/Server
Attributes are not supported on ACE/Servers. These values must be configured on the switch through the user commands. See the “Switch Security” chapter of the OmniSwitch 6600 Family Switch Management Guide for more information about setting up the local user database.
Page 397: Radius Servers
Standard Attributes The following tables list RADIUS server attributes 1–39 and 60–63, their descriptions, and whether the Alcatel RADIUS client in the switch supports them. Attribute 26 is for vendor-specific information and is discussed in “Vendor-Specific Attributes for RADIUS” on page 20-11.
Page 398 Not supported. These attributes are used for dial-up sessions; Called-Station-Id not applicable to the RADIUS client in the switch. Calling-Station-Id NAS-Identifier Proxy-State Login-LAT-Service Login-LAT-Node Login-LAT-Group Framed-AppleTalk-Link Framed-AppleTalk-Network Framed-AppleTalk-Zone CHAP-Challenge NAS-Port-Type Port-Limit Login-LAT-Port page 20-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 399: Vendor-Specific Attributes For Radius
42 Alcatel-Acce-Priv-F-W2 hex. Configures functional write privileges for the user. The Alcatel-Auth-Group attribute is used for Ethernet II only. If a different protocol, or more than one protocol is required, use the Alcatel-Auth-Group-Protocol attribute instead. For example: Alcatel-Auth-Group-Protocol 23: IP_E2 IP_SNAP Alcatel-Auth-Group-Protocol 24: IPX_E2 In this example, authenticated users on VLAN 23 may use Ethernet II or SNAP encapsulation.
Page 400: Configuring Functional Privileges On The Server
Managing Authentication Servers Configuring Functional Privileges on the Server Configuring the functional privileges attributes (Alcatel-Acce-Priv-F-x) can be cumbersome because it requires using read and write bitmasks for command families on the switch. To display the functional bitmasks of the desired command families, use the show aaa priv hexa command.
Page 401: Radius Accounting Server Attributes
47 Acct-Input-Packets (Authenticated VLANs only) Tracked per port. 48 Acct-Output-Packets (Authenticated VLANs only) Tracked per port. 49 Acct-Terminal-Cause Indicates how the session was terminated: NAS-ERROR USER-ERROR LOST CARRIER USER-REQUEST STATUS-FAIL OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-13...
Page 402: Configuring The Radius Client
“Server Defaults” on page 20-3. To remove a RADIUS server, use the no form of the command: -> no aaa radius-server rad1 Note that only one server may be deleted at a time. page 20-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 403: Ldap Servers
Install the directory server software on the server. Copy the relevant schema LDIF files from the Alcatel software CD to the configuration directory on the server. (Each server type has a command line tool or a GUI tool for importing LDIF files.) Database LDIF files may also be copied and used as templates.
Page 404: Ldif File Structure
This is how the entry would appear with actual data in it. dn: uid=yname, ou=people, o=yourcompany objectClass: top objectClass: person objectClass: organizational Person cn: your name sn: last name givenname: first name page 20-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 405: Directory Entries
The general structure of entries in a directory tree is shown in the following illustration. It also includes example entries at various branches in the tree. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 406: Directory Searches
All attributes are automatically deleted when requests to delete the last value of an attribute are submitted. Attributes can also be deleted by specifying delete value operations without attaching any values. page 20-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 407: Directory Compare And Sort
(389), port need not be specified in the URL. SSL port number for directory server (default is 636). <base_dn> DN of directory entry where search is initiated. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-19...
Page 408: Password Policies And Directory Servers
Account Lockout • Reset Password Failure Count • LDAP Error Messages (e.g., Invalid Username/Password, Server Data Error, etc.) • For instructions on installing LDAP-enabled directory servers, refer to the vendor-specific instructions. page 20-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 409: Directory Server Schema For Ldap Authentication
To display the functional bitmasks of the desired command families, use the show aaa priv hexa command. On the LDAP server, configure the functional privilege attributes with the bitmask values. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-21...
Page 410: Ldap Accounting Attributes
OmniSwitch 6600 Family Switch Management Guide. Configuring Authentication Key Attributes The alp2key tool is provided on the Alcatel software CD for computing SNMP authentication keys.The alp2key application is supplied in two versions, one for Unix (Solaris 2.5.1 or higher) and one for Windows (NT 4.0 and higher).
Page 411 Log-in fail error code: nn. For error code descriptions refer to the vendor-specific listing for the • specific directory server in use. Log-out reason code, for example PASSWORD EXPIRED(7) or AUTHENTICATION FAILURE(21) • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-23...
Page 412: Dynamic Logging
ASA x—for an authenticated user session, where x is the num- ber of the session AVLAN—for Authenticated VLAN session in single authority mode AVLAN y—for Authenticated VLAN session in multiple authority mode, where y is relevant VLAN page 20-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 413: Configuring The Ldap Authentication Client
In this example, the switch will be able to communicate with an LDAP server (called ldap2) that has an IP address of 10.10.3.4, a domain name of cn=manager, a password of tpub, and a searchbase of c=us. These parameters must match the same parameters configured on the server itself. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-25...
Page 414: Modifying An Ldap Authentication Server
To delete an LDAP server from the switch configuration, use the no form of the command with the rele- vant server name. -> no aaa ldap-server topanga5 The topanga5 server is removed from the configuration. page 20-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 415: Verifying The Authentication Server Configuration
An example of the output for this command is given in “Quick Steps For Configuring Authentication Servers” on page 20-4. For more information about the output of this command, see the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-27...
Page 416 Verifying the Authentication Server Configuration Managing Authentication Servers page 20-28 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 417: Chapter 21 Configuring Authenticated Vlans
Layer 2 Authentication is different from another feature in the switch called Authenticated Switch Access, which is used to grant individual users access to manage the switch. For more information about Authenti- cated Switch Access, see the “Switch Security” chapter in the OmniSwitch 6600 Family Switch Manage- ment Guide.
Page 418: Authenticated Network Overview
Authentication clients—Authentication clients login through the switch to get access to authenticated VLANs. There are three types of clients: AV-Client. This is an Alcatel-proprietary authentication client. The AV-Client does not require an IP • address prior to authentication. The client software must be installed on the user’s end station. This chapter describes how to install and configure the client.
Page 419 Authentication agent in the switch—Authentication is enabled when the server(s) and the server author- ity mode is specified on the switch. See “Configuring the Server Authority Mode” on page 21-32. These components are described in more detail in the following sections. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-3...
Page 420: Avlan Configuration Overview
Setting up switch communication with authenti- aaa radius-server cation servers aaa authentication vlan single-mode Enabling authentication and setting the authority aaa authentication vlan multiple-mode mode for servers aaa accounting vlan Specifying accounting for AVLAN sessions. page 21-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 421: Sample Avlan Configuration
-> aaa radius-server rad1 host 10.10.1.2 key wwwtoe timeout 3 -> aaa ldap server ldap2 host 199.1.1.1 dn manager password foo base c=us Chapter 20, “Managing Authentication Servers,” for more information about setting up external serv- ers for authentication. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-5...
Page 422 -> show aaa accounting vlan All authenticated vlans 1rst authentication server = rad3, 2nd authentication server = local For more information about these commands, see the OmniSwitch CLI Reference Guide. page 21-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 423: Setting Up Authentication Clients
Setting Up Authentication Clients The following sections describe the Telnet authentication client, Web browser authentication client, and Alcatel’s proprietary AV-Client. For information about removing a particular client from an authenticated network, see “Removing a User From an Authenticated Network” on page 21-26.
Page 424: Configuring The Web Browser Client Language File
(to include a company logo, for example). The names of these files are: topA.html, topB.html, bottomA.html, bottomB.html, and myLogo.gif. The directory also contains files that must be installed on Mac OS Web browser clients as described in the next sections. page 21-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 425 Disconnect the Mac’s network connection before setting root access. Otherwise, the NetInfo Manager application in the Mac OS will send multiple DNS requests, and the process to set root access will take longer. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-9...
Page 426 Quit the current session and relogon as the root user. Make sure Ethernet-DCHP is selected in the Network Utility. Reconnect the Ethernet cable. If you are using a self-signed SSL certificate, or the certificate provided by Alcatel (wv-cert.pem), see “DNS Name and Web Browser Clients” on page 21-11.
Page 427: Ssl For Web Browser Clients
Authority (CA) or a self-signed (private) certificate must be installed on the switch. A self-signed certificate is provided by Alcatel (wv-cert.pem). If you are using a well-known certificate or some other self-signed certificate, you should replace the wv-cert.pem file with the relevant file.
Page 428: Installing The Av-Client
When the Select Network Protocol window appears, select Microsoft from the list of manufacturers and Microsoft 32-bit DLC from the list of Network Protocols. Click Follow the prompts requesting Windows files. page 21-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 429: Loading The Av-Client Software
After installing the update, it is recommended that the system be rebooted. Loading the AV-Client Software Windows 2000 and Windows NT Download the AV-Client from the Alcatel website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: OmniSwitch 6600 Family Network Configuration Guide...
Page 430 Configuring Authenticated VLANs We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation. Click on the Next button. The following window displays. page 21-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 431 AV-Client until you restart your computer. If you decide to restart now, be sure to remove any disks from their drives. Click the Finish button to end the installation procedure. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-15...
Page 432: Windows 95 And Windows 98
Configuring Authenticated VLANs Windows 95 and Windows 98 Download the AV-Client from the Alcatel website onto the Windows desktop. Double-click the AV-Client icon. The installation routine begins and the following window displays: We recommend that you follow the instructions on the screen regarding closing all Windows programs before proceeding with the installation.
Page 433 Click on the box next to “View the single sign-on Notes” to select this option. Click on the Finish button to end the installation process. Remember that you must restart your computer before you can run the AV-Client. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-17...
Page 434: Setting The Av-Client As Primary Network Login
OK. You can also browse to the directory where the AV-Client is installed and click OK. Select “Alcatel AVLAN Login Provider”. Select Alcatel AVLAN Login Provider as the Primary Network Login on the Configuration tab. Complete the setup as prompted by Windows.
Page 435 Note. If the user reboots the PC workstation, the client’s session with the network server is automatically terminated. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-19...
Page 436 The configuration utility includes a screen that lists each component, version and build date for the AV- Client. To view this screen, click on the Version tab and a screen similar to the following will display. page 21-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 437: Logging Into The Network Through An Av-Client
The user is now logged into the network and has access to all network resources in the VLAN with which this user shares membership. Note. If authentication is successful but an error was made while configuring VLANs, the user station may not move into the VLAN the user requested. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-21...
Page 438: Logging Off The Av-Client
When the AV-Client is logged into the network, the AV-Client icon on the Windows desktop has a blue background. When the logoff procedure is completed, the screen disappears and the background is gone from the AV-Client icon. page 21-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 439: Configuring The Av-Client For Dhcp
IP address will never be released. Increasing the value of the delay parameter can prevent this from happening. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 440 When you click on a box next to an option, the option is activated in the configuration window. When you click one of the features, an indicator is activated directly below the feature. Specify the number of seconds for the delay for the selected feature. page 21-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 441 To apply the change, click the Apply button. When you click the OK button, the screen will close and the change will take effect. If you decide not to implement the change, click the Cancel button and the screen will close without implementing a change. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-25...
Page 442: Configuring Authenticated Vlans
For more information about the output display for the aaa avlan no and show avlan user commands, see the OmniSwitch CLI Reference Guide. Note. The MAC addresses of users may also be found in the log files generated by accounting servers. page 21-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 443: Configuring Authentication Ip Addresses
Existing users on default vlan are not flushed. Users now do not belong to and cannot traffic in the default VLAN prior to authentication. Note that any existing users in the default VLAN are not flushed. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-27...
Page 444: Port Binding And Authenticated Vlans
By default, authentication clients cannot traffic in the default VLAN for the authentication port unless the avlan default-traffic command is enabled. See “Setting Up the Default VLAN for Authentication Clients” on page 21-27. page 21-28 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 445: Setting Up A Dns Path
IP addresses prior to authentication as well as after authenticating. The relay may be used to serve IP addresses both before and after authentication. Note. For more information about configuring DHCP relay in general, see Chapter 18, “Configuring DHCP Relay.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-29...
Page 446: Enabling Dhcp Relay For Authentication Clients
If you want to specify that the relay only be used for packets coming in on an authenticated port, enter the ip helper avlan only command. -> ip helper avlan only page 21-30 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 447: Configuring A Dhcp Gateway For The Relay
IP address if they do not belong to the VLAN associated with this gate- way address.) To remove a gateway address from the configuration, use the no form of the aaa avlan default dhcp command. For example: -> no aaa avlan default dhcp OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-31...
Page 448: Configuring The Server Authority Mode
In the illustration shown here, the Ethernet clients connect to the switch and initially belong to VLAN 1. Additional VLANs have been configured as authenticated VLANs. LDAP and RADIUS servers are configured with VLAN ID information for the clients. page 21-32 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 449 Chapter 20, “Managing Authentication Servers.”) To disable authenticated VLANs, use the no form of the command. Note that the mode does not have to specified. For example: -> no aaa authentication vlan OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-33...
Page 450: Configuring Multiple Mode
VLAN 3 OmniSwitch 6648 OmniSwitch 6648 Authenticated LDAP server VLAN 4 Authentication Clients OmniSwitch for VLANs 3 & 4 Authenticated VLAN 5 RADIUS servers for VLAN 5 Authentication Network—Multiple Mode page 21-34 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 451: Specifying Accounting Servers
In the following example, single-mode authentication is already set up on the switch, the aaa accounting vlan command configures a RADIUS server (rad1) for accounting. The local logging feature in the switch (local) is the backup accounting mechanism. -> aaa accounting vlan rad1 local OmniSwitch 6600 Family Network Configuration Guide April 2006 page 21-35...
Page 452: Verifying The Avlan Configuration
Displays the current global configuration for authenticated VLANs. show aaa avlan auth-ip Displays the IP addresses for authenticated VLANs. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 21-36 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 453: Chapter 22 Configuring 802.1X
“Setting 802.1X Switch Parameters” on page 22-10 • “Configuring 802.1X Port Parameters” on page 22-11 • “Using Access Guardian Policies” on page 22-8 • “Verifying the 802.1X Port Configuration” on page 22-19 • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-1...
Page 454: 802.1X Specifications
Whether or not the port is re-authen- no reauthentication | no reauthentication ticated. reauthentication Note. By default, accounting is disabled for 802.1X authentication sessions. page 22-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 455: Quick Steps For Configuring 802.1X
= 60, tx-period (seconds) = 30, supp-timeout (seconds) = 30, server-timeout (seconds) = 30, max-req = 2, re-authperiod (seconds) = 3600, reauthentication = no Supplicant polling retry count = 2 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-3...
Page 456 ->show 802.1x non-supp Slot Vlan Port Address Learned -----+-----------------+---------- 00:61:4f:11:22:33 00:61:4f:44:55:66 00:61:4f:77:88:99 00:61:22:15:22:33 00:61:22:44:75:66 See the OmniSwitch CLI Reference Guide for information about the fields in this display. page 22-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 457: 802.1X Overview
VLAN depending on the following conditions: If the authentication server returns a VLAN ID, then the supplicant is assigned to that VLAN. All • subsequent traffic from the supplicant is then forwarded on that VLAN. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-5...
Page 458: 802.1X Ports And Dhcp
Note. If the MAC address of the supplicant has aged out during the authentication session, the 802.1X software in the switch will alert the source learning software in the switch to re-learn the address. page 22-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 459: 802.1X Accounting
Chapter 4, “Configuring VLANs.” Both 802.1X and authenticated VLANs may use the same RADIUS authentication server. See Chapter 20, “Managing Authentication Servers,”for information about using a RADIUS server for authentication. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-7...
Page 460: Using Access Guardian Policies
When multiple policies are specified when configuring a device classification policy, they form a compound policy. Compound policies that use 802.1x authentication are supplicant policies; all others are non-supplicant policies. page 22-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 461 If there are no Group Mobility rules that match the client traffic, then the device is learned in the default VLAN for the port. “Configuring Access Guardian Policies” on page 22-14 for more information about how to use and configure policies. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-9...
Page 462: Setting Up Port-Based Network Access Control
To disable 802.1X on a port, use the disable option with vlan port 802.1x command. For more informa- tion about vlan port commands, See Chapter 7, “Assigning Ports to VLANs.” page 22-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 463: Configuring 802.1X Port Parameters
-> 802.1x 3/1 quiet-period 50 tx-period 25 supp-timeout 25 This command changes the quiet timeout to 50 seconds; the transmit timeout to 25 seconds; and the user timeout to 25 seconds. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-11...
Page 464: Configuring The Maximum Number Of Requests
25 seconds. To manually re-authenticate a port, use the 802.1x re-authenticate command. For example: -> 802.1x re-authentication 3/1 This command initiates a re-authentication process for port 1 on slot 3. page 22-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 465: Initializing An 802.1X Port
In this example, the RADIUS server rad1 will be used for accounting. If rad1 becomes unavailable, the local Switch Logging function in the switch will log 802.1X sessions. For more information about Switch Logging, see Chapter 28, “Using Switch Logging.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-13...
Page 466: Configuring Access Guardian Policies
If authentication is successful but does not return a VLAN ID, Group Mobility rules are checked for classification. If Group Mobility classification fails, the supplicant is assigned to the default VLAN ID for the 802.1x port. page 22-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 467: Configuring Supplicant Policies
VLAN, then the device is assigned to VLAN 43. If VLAN 43 does not exist or is an authenti- cated VLAN, then the device is blocked from accessing the switch on port 1/24. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-15...
Page 468 802.1x non- supplicant policy command. The following keywords are available with this command to specify one or more policies for classifying devices supplicant policy keywords group mobility vlan default-vlan block page 22-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 469 VLAN, the device is assigned to the default VLAN for port 2/1. If the default VLAN for port 2/1 is an authenti- cated VLAN, then the device is blocked from accessing the switch on port 2/1. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-17...
Page 470 VLAN, then the device is assigned to VLAN 43. If VLAN 43 does not exist or is an authenti- cated VLAN, then the device is blocked from accessing the switch on port 3/10. page 22-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 471: Verifying The 802.1X Port Configuration
Displays a list of RADIUS servers configured for MAC based authenti- cation. For more information about the displays that result from these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 22-19...
Page 472 Verifying the 802.1X Port Configuration Configuring 802.1X page 22-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 473: Chapter 23 Managing Policy Servers
23 Managing Policy Servers Quality of Service (QoS) policies that are configured through Alcatel’s PolicyView network management application are stored on a Lightweight Directory Access Protocol (LDAP) server. PolicyView is an OmniVista application that runs on an attached workstation. In This Chapter This chapter describes how LDAP directory servers are used with the switch for policy management.
Page 474: Policy Server Specifications
Priority value assigned to a server, used to preference 0 (lowest) determine search order Whether a Secure Socket Layer is configured ssl | no ssl no ssl for the server page 23-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 475: Policy Server Overview
See your server documentation for additional details on setting up the server. See the next sections of this chapter for information about modifying policy server parameters or viewing information about policy servers. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 23-3...
Page 476: Modifying Policy Servers
If the policy server is not created on the default port, the no form of the command must include the port number. For example: -> no policy server 10.10.2.4 5000 page 23-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 477: Modifying The Port Number
LDAP server to modify parameters on the server itself. Modifying the Searchbase The searchbase name is “o=alcatel.com” by default. To modify the searchbase name, enter the policy server command with the searchbase keyword. For example: -> policy server 10.10.2.3 searchbase "ou=qo,o=company,c=us"...
Page 478: Configuring A Secure Socket Layer For A Policy Server
To flush LDAP policies from the switch, use the policy server flush command. Note that any policies configured directly on the switch through the CLI are not affected by this command. -> policy server flush page 23-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 479: Interaction With Cli Policies
Displays the names of policies originating on a directory server that have been downloaded to the switch. show policy server events Displays any events related to a directory server. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 23-7...
Page 480 Verifying the Policy Server Configuration Managing Policy Servers page 23-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 481: Chapter 24 Configuring Qos
24 Configuring QoS Alcatel’s QoS software provides a way to manipulate flows coming through the switch based on user- configured policies. The flow manipulation (generally referred to as Quality of Service or QoS) may be as simple as allowing/denying traffic, or as complicated as remapping 802.1p bits from a Layer 2 network to ToS values in a Layer 3 network.
Page 482: Qos Specifications
Maximum number of IP addresses 16000 CLI Command Prefix Recognition Some QoS commands support prefix recognition. See the “Using the CLI” chapter in the OmniSwitch 6600 Family Switch Management Guide for more information. page 24-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 483: Qos General Overview
OmniSwitch OmniSwitch 6648 The Internet Prioritization OmniSwitch 6648 policy OmniSwitch 6648 video feed OmniSwitch 6648 Best Effort email server Sample QoS Setup OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-3...
Page 484: Qos Policy Overview
WebView, however, to override policies created in PolicyView. And vice versa. This chapter discusses policy configuration using the CLI. For information about using WebView to configure the switch, see the OmniSwitch 6600 Family Switch Management Guide. For information about configuring policies through PolicyView, see the PolicyView online help.
Page 485: Interaction With Other Features
LDAP server. LDAP policies may only be modified through PolicyView. For information about setting up a policy server and managing LDAP policies, see Chapter 23, “Managing Policy Servers.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-5...
Page 486: Condition Combinations
IP address or network group destination MAC or MAC group destination VLAN destination slot/port or port group destination interface type 802.1p bridging — source slot/port or port group source interface type page 24-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 487: Condition/Action Combinations
TCP/UDP port bridged is enabled IP protocol source IP address or network group 802.1p routing/bridging when qos classifyl3 source TCP/UDP port bridged is enabled IP protocol OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-7...
Page 488 IP address or network group disposition multicast rules only destination IP address or network group destination MAC or MAC group destination VLAN destination slot/port or port group destination interface type page 24-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 489: Qos Defaults
OmniVista applications Type of messages logged debug qos info Whether fragments are classified qos classify fragments Whether bridged traffic may be qos classifyl3 bridged classified with Layer 3 condi- tions OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-9...
Page 490: Qos Port Defaults
Whether the rule is saved to save Save option is enabled. flash immediately *However, policy rules configured with source and destination conditions and actions with disposi- tion, priority, or 802.1P configured are automatically bidirectional. page 24-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 491: Policy Action Defaults
Policy Port Groups—The switch has built-in policy port groups for each slot. The groups are called • Slot01, Slot02, etc. Use the show policy port group command to view the built-in groups. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-11...
Page 492: Qos Configuration Overview
Applying the Configuration. All policy rule configuration and some global parameters must be specifically applied through the qos apply command before they are active on the switch. See “Applying the Configuration” on page 24-46. page 24-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 493: Configuring Global Qos Parameters
If you want to create ACLs to allow some Layer 2 traffic through the switch, you must configure two rules for each type of Layer 2 traffic, one for source and one for destination. For more information about ACLs, see Chapter 25, “Configuring ACLs.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-13...
Page 494: Using The Qos Log
For example: -> qos log lines 30 The number of lines in the log is changed. To activate the change, enter the qos apply command. page 24-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 495: Log Detail Level
To disable immediate forwarding of events to the console, enter the following command: -> qos no log console To activate the change, enter the qos apply command. For more information about the qos apply command, see “Applying the Configuration” on page 24-46. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-15...
Page 496: Displaying The Qos Log
By decreas- ing the wait time, you can free some memory that the switch is using to keep track of flows; the default value is 300 seconds. page 24-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 497: Fragment Classification
The timeout will not be active on the switch until you enter the qos apply command. (For more informa- tion about the qos apply command, see “Applying the Configuration” on page 24-46.) The timeout does not take effect if the qos classify fragments command has not been entered. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-17...
Page 498: Classifying Bridged Traffic As Layer 3
For a list of global defaults, see “QoS Defaults” on page 24-9. Note. The qos reset command only affects the global configuration. It does not affect any policy configu- ration. page 24-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 499: Verifying Global Settings
Displays global information about the QoS configuration. show qos statistics Displays statistics about QoS events. For more information about the syntax and displays of these commands, see the OmniSwitch CLI Refer- ence Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-19...
Page 500: Qos Ports And Queues
Configuring Trusted Ports By default, all ports (except 802.1Q-tagged ports and mobile ports) are untrusted. The trust setting may be configured globally on the switch, or on a per-port basis. page 24-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 501: Using Trusted Ports With Policies
Displays information for all QoS queues or only those queues associated with a particular slot/port. See the OmniSwitch CLI Reference Guide for more information about the syntax and displays for these commands. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-21...
Page 502: Creating Policies
Create a policy action with the policy action command. For example: -> policy action action2 priority 7 Create a policy rule with the policy rule command. For example: -> policy rule my_rule condition cond3 action action2 page 24-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 503: Ascii-File-Only Syntax
QoS object’s origin be modified. The blt keyword indicates built-in; this keyword cannot be used on the command line. For information about built-in policies and QoS groups, see “How Policies Are Used” on page 24-4. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-23...
Page 504: Creating Policy Conditions
To remove a classification parameter from the condition, use no with the relevant keyword. For example: -> policy condition c3 no source ip The specified parameter (in this case, a source IP address) will be removed from the condition (c3) at the next qos apply. page 24-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 505: Deleting Policy Conditions
“Condition/Action Combinations” on page 24-7. See the OmniSwitch CLI Reference Guide for details about command syntax. policy action keywords disposition priority minimum bandwidth maximum bandwidth maximum depth maximum buffers OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-25...
Page 506: Removing Action Parameters
The rule (rule5) will only take effect after the qos apply command is entered. For more information about the qos apply command, see “Applying the Configuration” on page 24-46. The policy rule command may specify the following keywords: policy rule keywords precedence save page 24-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 507: Disabling Rules
To specify a precedence value for a particular rule, use the policy rule command with the precedence keyword. For example: -> policy rule r1 precedence 200 condition c1 action a1 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-27...
Page 508 (Rule1) is considered to have the highest precedence and will be used for the flow. Conflicting actions include the following: Action Action maximum bandwidth disposition any other action page 24-28 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 509: Saving Rules
-> policy rule rule5 no log Deleting Rules To remove a policy rule, use the no form of the command. -> no policy rule rule1 The rule will be deleted after the next qos apply. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-29...
Page 510: Verifying Policy Configuration
To display only policy rules that are active (enabled and applied) on the switch, use the show active policy rule command. For example: -> show active policy rule Policy From Prec Enab Inact Refl Log Save Matches mac1 Cnd/Act: dmac1 -> pri2 page 24-30 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 511 Although my_rule5 is administratively active, it is still pending and not yet applied to the configuration. Only mac1 is displayed here because it is active on the switch. See the OmniSwitch CLI Reference Guide for more information about the output of these commands. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-31...
Page 512: Testing Conditions
The display shows Layer 2 or Layer 3 information, depending on what kind of traffic you are attempting to classify. In this example, the display indicates that the switch found a rule, yuba, to classify destination traffic with the specified Layer 2 information. page 24-32 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 513 To activate any policy rules that have not been applied, use the qos apply command. To delete rules that have not been applied (and any other QoS configuration not already applied), use the qos revert command. See “Applying the Configuration” on page 24-46. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-33...
Page 514: Using Condition Groups In Policies
See the OmniSwitch CLI Reference Guide for more information about the output of this display. See “Verifying Condition Group Configuration” on page 24-42 for more information about using show commands to display information about condition groups. page 24-34 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 515: Creating Network Groups
In this example, netgroup3 is configured for condition c4 as source network group: -> policy condition c4 source network group netgroup3 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-35...
Page 516: Creating Services
An IP protocol (TCP or UDP), source IP port and/or destination IP port (or port range) must be associated with a service. IP port numbers are well-known port numbers defined by the IANA. For example, port numbers for FTP are 20 and 21; Telnet is 23. page 24-36 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 517: Creating Service Groups
The service group may then be associated with a condition through the policy condition command. For example: -> policy condition c6 service group serv_group OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-37...
Page 518: Creating Mac Groups
This command creates a condition called cond3 that may be used in a policy rule to classify traffic by source MAC addresses. The MAC addresses are specified in the MAC group. For more information about configuring conditions, see “Creating Policy Conditions” on page 24-24. page 24-38 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 519: Creating Port Groups
Note. Port group configuration is not active until the qos apply command is entered. To delete ports from a port group, use no and the relevant port number(s). -> policy port group techpubs no 2/1 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-39...
Page 520: Port Groups And Maximum Bandwidth
(Ports). A policy action with maximum bandwidth is created (MaxBw). The policy condition and policy action are combined in a policy rule called PortRule. -> policy port group pgroup 1/1-2 -> policy condition Ports source port group pgroup page 24-40 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 521 For flows that match a rule with a protocol condition, and the rule specifies a maximum bandwidth • action, maximum bandwidth will be applied to each port the flow egresses regardless of physical port location. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-41...
Page 522: Verifying Condition Group Configuration
When the qos apply command is entered, the plus sign (+) will be removed from netgroup1 in the display. See “Applying the Configuration” on page 24-46 for more information about the qos apply command. page 24-42 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 523: Using Map Groups
“Creating Policy Rules” on page 24-26. -> policy rule r3 condition Traffic action tosMap Apply the configuration. For more information about this command, see “Applying the Configuration” on page 24-46. -> qos apply OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-43...
Page 524: How Map Groups Work
To delete mapping values from a group, use no and the relevant values: -> policy map group tosGroup no 1-2:4 The specified values will be deleted from the map group at the next qos apply. page 24-44 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 525: Verifying Map Group Configuration
When the qos apply command is entered, the plus sign (+) will be removed from tosGroup in the display. “Applying the Configuration” on page 24-46 for more information about the qos apply command. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-45...
Page 526: Applying The Configuration
For more information about disabling/re-enabling a policy rule, see “Creating Policy Rules” on page 24-26. page 24-46 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 527: Deleting The Pending Configuration
Or, to delete all policy rule configuration, enter qos apply. If qos apply is entered, the empty set of pending policies will be written to the applied policies and all policy rule configuration will be deleted. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-47...
Page 528: Interaction With Ldap Policies
Sends Layer 2, Layer 3, or multicast information to the classifier to see how the switch will handle the packet. Use the applied keyword to examine only applied conditions. For more information about these commands, see the OmniSwitch CLI Reference Guide. page 24-48 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 529: Policy Applications
OmniSwitch ingress flow queues for egress traffic policy condition classifies the flow policy action determines how packets are queued OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-49...
Page 530: Basic Commands
First, create a condition for the traffic. In this example, the condition is called ip_traffic2. A policy action (flowShape) is then created to enforce a maximum bandwidth requirement for the flow. page 24-50 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 531: Icmp Policy Example
For Layer 2 flows, you cannot have more than one action that maps DSCP. • In this example, a policy rule (marking) is set up to mark flows from 10.10.3.0 with an 802.1p value of 5: OmniSwitch 6600 Family Network Configuration Guide April 2006 page 24-51...
Page 532 -> policy rule RuleA condition SubnetA action map_action -> policy rule RuleB condition SubnetB action map_action Subnet A OmniSwitch 10.10.5.0 OmniSwitch 6648 Network C OmniSwitch 6648 OmniSwitch 6648 Mapping Subnet B OmniSwitch 6648 policy 12.12.2.0 Mapping Application page 24-52 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 533: Chapter 25 Configuring Acls
Using ACL Security Features. Specific port group, action, service group, and policy rule combina- • tions are provided to help improve network security. See “Using ACL Security Features” on page 25-17. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-1...
Page 534: Acl Specifications
Note that in the current software release, the deny and drop options produce the same effect; that is, that traffic is silently dropped. For more information about QoS defaults in general, see Chapter 24, “Configuring QoS.” page 25-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 535: Quick Steps For Creating Acls
-> vlan 2 router ip 192.68.82.1 Apply the policy configuration using the qos apply command. For details about using this command, “Applying the Configuration” on page 24-46 Chapter 24, “Configuring QoS.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-3...
Page 536: Acl Overview
Note. QoS policy rules may also be used for traffic prioritization and other network scenarios. For a general discussion of QoS policy rules, see Chapter 24, “Configuring QoS.” page 25-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 537: Rule Precedence
-> policy rule r1 precedence 100 condition c1 action a1 -> policy rule r2 precedence 100 condition c1 action a2 When traffic comes into the switch that matches c1, the switch will use rule r1. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-5...
Page 538: Example: Layer 3 Rules With Compatible Actions
In this case, both rules have the same precedence value (the default, since no precedence is specifically configured). The rule that was configured first (Rule1) is considered to have the highest precedence and will be used for the flow. page 25-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 539: Interaction With Other Features
IP address cannot be included in a condition with a source IP network group. For more information about supported combinations, see “Condition Combinations” on page 24-6 “Condition/Action Combinations” on page 24-7 Chapter 24, “Configuring QoS.” OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-7...
Page 540: Acl Configuration Overview
Policies may then be set up to allow routed traffic through the switch. Note that in the current release of Alcatel’s QoS software, the drop and deny keywords produce the same result (flows are silently dropped; no ICMP message is sent).
Page 541 If you set the bridged disposition to deny or drop, and you configure Layer 2 ACLs, you will need two rules for each type of filter. For more information, see “Layer 2 ACLs” on page 25-12. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-9...
Page 542: Creating Condition Groups For Acls
IP port, or destination IP port. Or, the condition may simply refer to the network group, MAC group, port group, or service group. Typically ACLs use group keywords in policy conditions. A single rule, therefore, filters traffic for multiple addresses or ports. page 25-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 543: Creating Policy Actions For Acls
In this example, any traffic matching condition c3 will match rule7; rule7 is configured with the highest precedence value. If any other Layer 3 rules are configured for traffic with a source address of 10.10.4.8, OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 544: Layer 2 Acls
If the default bridged disposition is set to drop or deny, any rules for allowing Layer 2 traffic through the switch must be configured in two instances, once for source and once for destination. page 25-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 545: Layer 2 Acl: Example 1
Filter2 is created with cond5. Now when Layer 2 flows with a MAC address starting with 0020da arrive on the switch destined for any Ethernet interface, the flows will be allowed on the switch. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 546: Layer 3 Acls
Traffic with a source IP address of 192.68.82.0, a source IP port of 23, using protocol 6, will match condi- tion addr2, which is part of FilterL31. The action for the filter (Block) is set to deny traffic. The flow will be dropped on the switch. page 25-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 547: Layer 3 Acl: Example 2
If a destination group is specified, the corresponding single value keyword cannot be combined in the same condition. For example, if a destination port is specified, a destination port group cannot be speci- fied in the same condition. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-15...
Page 548 -> policy action ok disposition accept -> policy rule Mrule condition Mclient1 action ok In this example, any traffic coming in on VLAN 5 requesting membership to the 224.0.1.2 multicast group will be allowed. page 25-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 549: Using Acl Security Features
IP spoofed traffic is blocked while normal traffic is still allowed on the port. In addition, the UserPorts group must be specified using the exact capitalization shown here and in the above example. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 550: Configuring A Disableports Acl
Create a DisablePorts action with a string prefix, such as badDisablePorts, and an accept action. For example: -> policy action badDisablePorts -> policy action PASS disposition accept page 25-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 551: Configuring A Dropservices Group Acl
-> policy service tcp445 destination tcp port 445 -> policy service udp137 destination udp port 137 -> policy service udp138 destination udp port 138 -> policy service udp445 destination udp port 445 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-19...
Page 552 -> policy action DROP disposition drop -> policy action ACCEPT disposition accept -> policy rule r1 condition badGuys action DROP -> policy rule r2 condition goodGuys action ACCEPT -> qos apply page 25-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 553: Configuring Icmp Drop Rules
BPDU. To restore a disabled port to enabled status, disconnect and reconnect the cable or use the interfaces admin command to administratively enable the port. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 25-21...
Page 554: Verifying The Acl Configuration
(+) sign. The rule will not be used to classify traffic until the next qos apply. Only mac1 is actively being used on the switch to classify traffic. page 25-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 555 See the OmniSwitch CLI Reference Guide for more information about the output of these commands. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 556: Acl Application Example
-> policy service traffic_in source ip port 23 protocol 6 -> policy condition outside_cond service traffic_in -> policy action outside_action disposition drop -> policy rule outside condition outside_cond action outside_action page 25-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 557: Configuring Ip Multicast Switching
This mechanism is often referred to as IGMP snooping (or IGMP gleaning). Alcatel’s implementation of IGMP snooping is called IP Multicast Switching (IPMS). IPMS allows OmniSwitch 6600 Family switches to efficiently deliver multicast traffic in hardware at wire speed.
Page 558: Ipms Specifications
0 to 4294967295 seconds Flow Timeout 0 to 65535 seconds Querier Aging and Election Timeout 0 to 4294967295 seconds IPMS Default Values The table below lists default values for Alcatel’s IPMS software. Parameter Description Command Default Value/Comments Administrative Status ip multicast switching...
Page 559: Ipms Overview
The network interfaces verify that a multicast packet is received by the switch on the source (or expected) port. Note. Jumbo multicast packets are not supported. The maximum MTU size supported by Alcatel’s IPMS software is 1500. IPMS Example The figure on the following page shows an IPMS network where video content can be provided to clients that request it.
Page 560: Reserved Multicast Addresses
When a port moves to a link aggregation group all IPMS configurations on the port will be lost. • When the last port in a link aggregation group moves out of the group all IPMS configuration on the • link aggregation group will be lost. page 26-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 561: Configuring Ipms On A Switch
IPMS static neighbor ports receive all multicast streams on the designated VLAN and also receive IGMP reports for the VLAN. The following subsections describe how to configure and remove a static neighbor port with the ip multicast static-neighbor command. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 26-5...
Page 562: Configuring A Static Neighbor
For example, to configure link aggregation group 7 with designated VLAN 2 as a static querier you would enter: -> ip multicast static-querier 2 linkagg 7 page 26-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 563: Removing A Static Querier
For example, to remove a static member with an IP address of 11.0.0.1 on port 10 in slot 3 with desig- nated VLAN 3 you would enter: -> ip multicast no static-neighbor 11.0.0.1 3 3/10 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 26-7...
Page 564: Modifying Ipms Parameters
260 seconds. The following subsections describe how to configure a user-specified membership timeout value and how to restore it with the ip multicast membership-timeout command. page 26-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 565: Configuring The Membership Timeout
You can modify the IPMS querier timeout from 0 to 4294967295 seconds by entering ip multicast querier-timeout followed by the new value. For example, to set the querier timeout to 360 seconds you would enter: -> ip multicast querier-timeout 360 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 26-9...
Page 566: Restoring The Querier Timeout
To restore the querier aging and election timeout to its default (i.e., 255 seconds) value you use the no form of the ip multicast other-querier-timeout command by entering: -> ip multicast no other-querier-timeout page 26-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 567: Ipms Application Example
Configure the client attached to Port 2 as a static querier belonging to VLAN 5 by entering: -> ip multicast static-querier 5 1/2 Modify the membership timeout from its default value of 260 seconds to 3600 seconds by entering: -> ip multicast membership-timeout 3600 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 26-11...
Page 568 Source IP VLAN Slot/Port Expire Type Version --------------------+----+---------+------+-------+------- None 1/5 Never Static IGMPv2 ->show ip multicast queriers Source IP VLAN Slot/Port Expire Type Version --------------------+----+---------+------+-------+-------- None 1/2 Never Static IGMPv2 page 26-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 569: Displaying Ipms Configurations And Statistics
Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics Displaying IPMS Configurations and Statistics Alcatel’s IP Multicast Switching (IPMS) show commands provide tools to monitor IPMS traffic and settings and to troubleshoot problems. These commands are described below: show ip multicast switching Displays the current IPMS configuration on a switch.
Page 570 Displaying IPMS Configurations and Statistics Configuring IP Multicast Switching page 26-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 571: Diagnosing Switch Problems
27-20. • Enabling a Port Monitoring Session—see “Enabling a Port Monitoring Session” on page 27-21. • Disabling a Port Monitoring Session—see “Disabling a Port Monitoring Session” on page 27-21. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-1...
Page 572 “Resetting Health Statistics for the Switch” on page 27-38. • For information about additional Diagnostics features such as Switch Logging and System Debugging/ Memory Management commands, see Chapter 28, “Using Switch Logging” Chapter 29, “Monitoring Memory.” page 27-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 573: Port Mirroring Overview
(Example: A mirrored Fast Ethernet port supports 100 Mbps, while a Mirroring Gigabit Ethernet port supports 1000 Mbps). Range of Unblocked VLAN IDs 1 to 4094. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-3...
Page 574: Port Mirroring Defaults
Spanning Tree Enabled (Spanning Tree Disable) Mirroring Status port mirroring source destination Disabled Port Mirroring Direction port mirroring source destination Bidirectional Mirroring Session Configuration port mirroring Disabled page 27-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 575: Quick Steps For Configuring Port Mirroring
7 For more information about this command, see “Displaying Port Mirroring Status” on page 27-18 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-5...
Page 576: Port Monitoring Overview
Data File Creation port monitoring source Enabled Data File Size port monitoring source 16384 Bytes File Overwriting port monitoring source Enabled Time before session is deleted port monitoring source 0 seconds page 27-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 577: Quick Steps For Configuring Port Monitoring
----------+----------+----------+--------------+----------+-------------------- 2/ 3 Bidirectional For more information about this command, see “Port Monitoring” on page 27-20 or the “Port Mirroring and Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-7...
Page 578: Remote Monitoring (Rmon) Overview
RMON Traps Supported RisingAlarm/FallingAlarm These traps are generated whenever an Alarm entry crosses either its Rising Threshold or its Falling Threshold and generates an event con- figured for sending SNMP traps. page 27-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 579: Rmon Probe Defaults
“Displaying a List of RMON Probes” on page 27-28, “Displaying Statistics for a Particular RMON Probe” on page 27-29 or the “RMON Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-9...
Page 580: Switch Health Overview
A Resource Threshold was exceeded by its cor- responding utilization value in the previous cycle, but is not exceeded in the current cycle. Threshold Crossing Traps Supported Device, module, port-level threshold crossings. page 27-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 581: Switch Health Defaults
(e.g., memory). The display is similar to the one shown below: Memory Threshold = 85 For more information about this command, see “Displaying Health Threshold Limits” on page 27-35 the “Health Monitoring Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-11...
Page 582: Port Mirroring
ASIC as another 10/100 port (i.e, ports 1-24 can mirror each other, and ports 25-48 can mirror each other, but port 1 cannot mirror port 25, and vice versa). Gigabit ports on the OmniSwitch 6648 and the OmniSwitch 6602-48 mirror the same as the OmniSwitch 6624. page 27-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 583: How Port Mirroring Works
Bridging Spanning Tree until you protect it from Spanning Tree updates by specifying an unblocked VLAN as part of the configuration command line. The mirroring port does not transmit or receive any traffic on its own. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-13...
Page 584: Using Port Mirroring With External Rmon Probes
D..and port mirroring sends copies of the NMS Workstation Management frames to the mirroring port. OmniSwitch 6648 Mirroring Port Mirrored Port OmniSwitch 6648 RMON Probe OmniSwitch Port Mirroring Using External RMON Probe page 27-14 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 585: Creating A Mirroring Session
CLI command, and include the port mirroring session ID number, source and destination slot/ports, and unblocked VLAN ID number, as shown in the following example: -> port mirroring 6 source 2/3 destination 2/4 unblocked 750 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-15...
Page 586: Enabling Or Disabling Mirroring Status
To disable the mirroring status of the configured session between a mirrored port and a mirroring port (turning port mirroring off), use the port mirroring source destination CLI command. Be sure to include the port mirroring session ID number and the keyword disable. page 27-16 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 587: Configuring Port Mirroring Direction
For example: -> port mirroring 6 source 2/3 destination 6/4 bidirectional Note. Note that the port mirroring session identifier and slot/port locations of the designated interfaces must always be specified. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-17...
Page 588: Enabling Or Disabling A Port Mirroring Session (Shorthand)
(slot 1, port 14 and slot 1, port 16, respectively), along with the mirroring VLAN ID number (5), direction, and mirroring Status (port mirroring is OFF). page 27-18 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 589: Deleting A Mirroring Session
To delete a mirroring session, enter the no port mirroring command, followed by the port mirroring session ID number. For example: -> no port mirroring 6 In this example, port mirroring session 6 is deleted. Note. The port mirroring session identifier must always be specified. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-19...
Page 590: Port Monitoring
For example, to configure port monitoring session 6 on port 2/3 enter: -> port monitoring 6 source 2/3 Note. One port monitoring session can be configured per chassis or stack. page 27-20 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 591: Enabling A Port Monitoring Session
ID and resume. For example, to resume port moni- toring session 6 enter: -> port monitoring 6 resume OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-21...
Page 592: Configuring Port Monitoring Session Persistence
ID number, source, the slot number of the port to be monitored, a slash (/), the port number of the port, file, the name of the file, and overwrite on. page 27-22 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 593: Suppressing Port Monitoring File Creation
-> port monitoring 6 source 2/3 outport For example, to restore port monitoring session 6 on port 2/3 to its bidirectional direction enter: -> port monitoring 6 source 2/3 bidirectional OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-23...
Page 594: Displaying Port Monitoring Status And Data
01:80:C2:00:00:00 | 00:20:DA:8F:92:C6 | BPDU | 00:26:42:42:03:00:00:00:00:00 00:20:DA:BF:5B:76 | 08:00:20:95:F3:89 | | 08:00:45:00:00:6B:CF:87:40:00 Note. For more information about the displays that result from these commands, see the OmniSwitch CLI Reference Guide. page 27-24 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 595: Remote Monitoring (Rmon)
OmniSwitch 6648 Mirrored Port Mirroring Port OmniSwitch 6648 RMON Probe OmniSwitch D..and port mirroring sends copies of the Management frames to the mirroring port. Port Mirroring Using External RMON Probe OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-25...
Page 596: Ethernet Statistics
Alarm can be generated, printed and/or logged. Note. The following RMON groups are not implemented: Host, HostTopN, Matrix, Filter and Packet Capture. page 27-26 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 597: Enabling Or Disabling Rmon Probes
The following command enables all currently defined (disabled) RMON Alarm probes: -> rmon probes alarm enable Notes. Network activity on subnetworks attached to an RMON probe can be monitored by Network Management Software (NMS) applications. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-27...
Page 598: Displaying Rmon Tables
A display showing all current alarm RMON probes should appear, as shown in the following example: Entry Slot/Port Flavor Status Duration System Resources -------+-----------+-----------+----------+---------------+-------------------- 31927 1/35 Alarm Active 00:25:51 608 bytes page 27-28 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 599: Displaying Statistics For A Particular Rmon Probe
Probe’s Owner: Hawk Switch Auto Probe on Slot 4, Port 5 Entry 4005 Flavor = Ethernet, Status = Active Time = 48 hrs 54 mins, System Resources (bytes) = 275 OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-29...
Page 600: Sample Display For History Probe
= delta value Alarm Startup Alarm = rising alarm Alarm Variable = 1.3.6.1.2.1.16.1.1.1.5.4008 Entry 11235 Flavor = Alarm, Status = Active Time = 48 hrs 48 mins, System Resources (bytes) = 1677 page 27-30 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 601: Displaying A List Of Rmon Events
[Rising trap] “Rising Event,” an Alarm condition detected by the RMON probe in which a trap was generated based on a Rising Threshold Alarm, with an elapsed time of 39 minutes since the last change in status. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-31...
Page 602: Monitoring Switch Health
Maximum utilization level over the last hour (percentage) • Threshold level • Additionally, Health Monitoring provides the capacity to specify thresholds for the resource utilization levels it monitors, and generates traps based on the specified threshold criteria. page 27-32 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 603 —Displays health statistics for the switch, as percentages of total resource capacity. See • page 27-37 for more information. health statistics reset—Resets health statistics for the switch. See page 27-38 for details. • OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-33...
Page 604: Configuring Resource And Temperature Thresholds
Note. When you specify a new value for a threshold limit, the value is automatically applied across all levels of the switch (switch, module and port). You cannot select differing values for each level. page 27-34 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 605: Displaying Health Threshold Limits
Note. For detailed definitions of each of the threshold types, refer to “Configuring Resource and Tempera- ture Thresholds” on page 27-34, as well as Chapter 1, “Health Monitoring Commands,” in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 27-35...
Page 606: Configuring Sampling Intervals
To view the sampling interval, enter the show health interval command. The currently configured health sampling interval (measured in seconds) will be displayed, as shown below: -> show health interval Sampling Interval = 5 page 27-36 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 607: Viewing Health Statistics For The Switch
Threshold limit. For example, if the Current value for Memory displays as 85* and the Threshold Limit displays as 80, the asterisk indicates that the Current value has exceeded the Threshold Limit value. OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 608: Viewing Health Statistics For A Specific Interface
To reset health statistics for the switch, enter the health statistics reset command, as shown below: -> health statistics reset page 27-38 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 609: Chapter 28 Using Switch Logging
“Displaying Switch Logging Records” on page 28-12 • Note. Switch logging commands are not intended for use with low-level hardware and software debugging. It is strongly recommended that you contact an Alcatel Customer Service representative for assistance with debugging functions. OmniSwitch 6600 Family Network Configuration Guide...
Page 610: Switch Logging Specifications
Severity Levels/Types Supported 2 (Alarm - highest severity), 3 (Error), 4 (Alert), 5 (Warning) 6 (Info - default), 7 (Debug 1), 8 (Debug 2), 9 (Debug 3 - lowest severity) page 28-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 611: Switch Logging Defaults
No application ID or severity-level defaults The user must specify these values Enabling/Disabling switch logging swlog output Flash Memory and Console Output Switch logging file size swlog output flash 128000 bytes file-size OmniSwitch 6600 Family Network Configuration Guide April 2006 page 28-3...
Page 612: Quick Steps For Configuring Switch Logging
Only Applications not at the level ‘info’ (6) are shown Application ID Level ---------------------------- BRIDGE(10) warning (5) For more information about this command, or the “Switch Logging Commands” chapter in the OmniSwitch CLI Reference Guide. page 28-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 613: Switch Logging Overview
See the “Working with Configuration Files” chapter of the OmniSwitch 6600 Family Switch Management Guide for details. OmniSwitch 6600 Family Network Configuration Guide...
Page 614: Switch Logging Commands Overview
Numeric CLI Keyword Application ID Equivalent IDLE APPID_IDLE DIAG APPID_DIAGNOSTICS IPC-DIAG APPID_IPC_DIAGNOSTICS QDRIVER APPID_QDRIVER QDISPATCHER APPID_QDISPATCHER IPC-LINK APPID_IPC_LINK NI-SUPERVISION APPID_NI_SUP_AND_PROBER INTERFACE APPID_ESM_DRIVER 802.1Q APPID_802.1Q VLAN APPID_VLAN_MGR APPID_GROUPMOBILITY (RESERVED) BRIDGE APPID_SRCLEANING page 28-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 615 SNMP APPID_SNMP_AGENT APPID_WEBMGT MIPGW APPID_MIPGW SESSION APPID_SESSION_MANAGER TRAP APPID_TRAP_MANAGER POLICY APPID_POLICY_MANAGER APPID_DRC SYSTEM APPID_SYSTEM_SERVICES HEALTH APPID_HEALTHMON NAN-DRIVER APPID_NAN_DRIVER RMON APPID_RMON TELNET APPID_TELNET APPID_PSM APPID_FTP SMNI APPID_SMNI DISTRIB APPID_DISTRIB EPILOGUE APPID_EPILOGUE OmniSwitch 6600 Family Network Configuration Guide April 2006 page 28-7...
Page 616: Specifying The Severity Level
The following command makes the same assignment by using the severity level and application numbers. -> swlog appid 75 level 3 No confirmation message appears on the screen for either command. page 28-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 617: Removing The Severity Level
IP address is 168.23.9.100, you would enter: -> swlog output socket ipaddr 168.23.9.100 No confirmation message will appear on the screen. Note. You can also send syslog files to multiple hosts (maximum of four). OmniSwitch 6600 Family Network Configuration Guide April 2006 page 28-9...
Page 618: Disabling An Ip Address From Receiving Switch Logging Output
For this example, switch logging is enabled. Switch logging information is being sent to the switch’s flash memory and to the console. Additionally, the severity level for the chassis application ID has been set to the “debug3” (or “9”) severity level. page 28-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 619: Configuring The Switch Logging File Size
Note. Use the command, which is described in the OmniSwitch 6600 Family Switch Management Guide, to determine the amount of available flash memory. For example, to set the switch logging file to 500000 bytes enter: ->...
Page 620: Displaying Switch Logging Records
The Log Message field specifies the condition recorded by the switch logging feature. The informa- • tion in this field usually wraps around to the next line of the screen display as shown in this example. page 28-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 621: Chapter 29 Monitoring Memory
Notes. System Debug (kTrace and sysTrace) commands are intended for use by qualified Alcatel Customer Support personnel to assist customers in diagnosing or debugging system performance. For information about these commands, see the chapter titled, “Memory Monitoring Commands”...
Page 622: Memory Monitoring Specifications
Standard Out (console)/ Supported Switch Logging/ sysTrace Buffer. Memory Monitoring Defaults The following table shows Memory Monitoring default values: Parameter Description CLI Command Default Value/Comments Memory Monitoring debug memory monitor Disabled page 29-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 623: Quick Steps For Configuring Memory Monitoring
1588017 65536 5130020 25675316 For more information about this command, see “Displaying the Memory Monitor Log” on page 29-5 the “Switch Logging Commands” chapter in the OmniSwitch CLI Reference Guide. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 29-3...
Page 624: Debug Memory Commands Overview
To enable memory monitoring, enter: -> debug memory monitor enable No confirmation message will appear onscreen. To disable Memory Monitoring, enter: -> debug memory monitor disable No confirmation message will appear onscreen. page 29-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 625: Displaying The Memory Monitor Log
The Calling Function field displays the function that called the above-mentioned function. The Previous Caller field displays the function that called the above-mentioned function. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 29-5...
Page 626: Displaying The Memory Monitor Global Statistics
(currently and cumulatively) since the memory log was last enabled. For example, statistics displayed above indicate that 33741 bytes of memory are currently allo- cated and 687952 bytes were cumulatively allocated since the last enable. page 29-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 627: Displaying The Memory Monitor Task Statistics
Health 127649 221312 222236 Ipedr 31500 105868 NanDrvr 74396 Ftpd Telnetd 9552 9552 tCS_CVM tssApp65535_3 SsApp 49088 198284 SesMgr 69200 202029 SNMPagt 26347 210129 --Output continues on the following page-- OmniSwitch 6600 Family Network Configuration Guide April 2006 page 29-7...
Page 628 (currently and cumulatively) since the memory log was enabled. For example, statistics displayed in the second entry in the table indicate that 16169 bytes of memory are currently allocated and 20168 bytes were cumulatively allocated for the cliConsole task. page 29-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 629: Displaying The Memory Monitor Size Statistics
(in bytes). For example, statistics displayed in the last entry in the table indicate that 5130020 bytes are currently allocated and 25675316 bytes were cumula- tively allocated for the memory range greater than or equal to 65536 bytes. OmniSwitch 6600 Family Network Configuration Guide April 2006 page 29-9...
Page 630 Configuring Debug Memory Commands Monitoring Memory page 29-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 631: Appendix A Software License And Copyright Statements
A Software License and Copyright Statements This appendix contains Alcatel and third-party software vendor license and copyright statements. Alcatel License Agreement ALCATEL INTERNETWORKING, INC. (“AII”) SOFTWARE LICENSE AGREEMENT IMPORTANT. Please read the terms and conditions of this license agreement carefully before opening this package.
Page 632 Licensee’s computer or made non-readable. AII may terminate this License Agreement upon the breach by Licensee of any term hereof. Upon such termination by AII, Licensee agrees to return to AII or destroy the Licensed Materials and all copies and portions thereof. page A-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 633 Run-Time Module) are third part beneficiaries to this License Agree- ment with full rights of enforcement. Please refer to the section entitled “Third Party Licenses and Notices” on page A-4 for the third party license and notice terms. OmniSwitch 6600 Family Network Configuration Guide April 2006 page A-3...
Page 634: Third Party Licenses And Notices
OpenLDAP is a trademark of the OpenLDAP Foundation. Copyright 1999-2000 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy and distributed verbatim copies of this document is granted. page A-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 635: Linux
“work based on the Program” means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 636 Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software inter- change; or, page A-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 637 Many people have made generous contributions to the wide range of software distributed through that system in reliance on OmniSwitch 6600 Family Network Configuration Guide April 2006 page A-7...
Page 638 SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS page A-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 639 License. URLWatch: For notice when this page changes, fill in your email address. Maintained by: Webmaster, Linux Online Inc. Last modified: 09-Aug-2000 02:03AM. Views since 16-Aug-2000: 177203. OmniSwitch 6600 Family Network Configuration Guide April 2006 page A-9...
Page 640: University Of California
ITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. page A-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 641: Apptitude, Inc
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT OF THIRD PARTY RIGHTS. K. Sun Microsystems, Inc. This product contains Coronado ASIC, which includes a component derived from designs licensed from Sun Microsystems, Inc. OmniSwitch 6600 Family Network Configuration Guide April 2006 page A-11...
Page 642: Wind River Systems, Inc
* written prior permission. The University of Delaware makes no * representations about the suitability this software for any * purpose. It is provided "as is" without express or implied * warranty. ************************************************************************* page A-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 643 35-31 Layer 2 ACLs 39-13 aaa avlan dns command 35-29 Layer 3 ACLs 39-14 aaa avlan http language command 35-8 memory monitoring 43-3 mobile ports 21-3, 21-6, 21-8 OmniSwitch 6600 Family Network Configuration Guide April 2006 Index-1...
Page 644 VLANs 35-2 802.1X 36-2 automatic IP configuration 32-12 ACLs 39-2 AV-Client AMAP 24-2 configured for DHCP 35-23 assigning ports to VLANs 21-2 installing 35-12 authentication servers 34-3 DHCP Relay 32-3 Index-2 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 645 35-8 ethernet port 28-14 defaults 15-3 enabling traps 28-17 verify information about 15-25 setting decay value 28-17 setting penalty values 28-16 Setting Port Scan Penalty Value 28-17 DSCP trusted ports 38-20 OmniSwitch 6600 Family Network Configuration Guide April 2006 Index-3...
Page 646 24-3 ip multicast query-interval command 40-8 application examples 24-8 ip multicast static-member command 40-7 specifications 24-2 ip multicast static-neighbor command 40-5 ip multicast static-querier command 40-6 IP Multicast Switching see IPMS Index-4 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 647 40-8 SNMP attributes on authentication servers 34-22 neighbor timeout 40-9 34-26 overview 40-3 VSAs for Authenticated Switch Access 34-21 querier aging and election timeout 40-10 querier timeout 40-9 query interval 40-8 OmniSwitch 6600 Family Network Configuration Guide April 2006 Index-5...
Page 648 BPDU ignore 21-11 policy port group command 38-34, 39-10 default VLAN membership 21-13 policy port groups 38-39 restore default VLAN 21-13 policy rule command 38-22 policy server command 37-4 defaults 37-2 Index-6 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 649 38-15 resuming a session 41-21 qos port command 38-20 session persistence 41-22 qos port trusted command 38-21 specifications 41-6 qos reset command 38-18 suppressing file creation 41-23 qos revert command 38-47 OmniSwitch 6600 Family Network Configuration Guide April 2006 Index-7...
Page 650 30-11 viewing 41-36 redistribution policies 30-10 Secure Socket Layer security 30-14 see SSL specifications 30-2 security 31-7 unloading 30-6 severity level verify information about 30-15 see switch logging shared queues 38-20 Index-8 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 651 19-4 static MAC addresses 16-4 port states 19-5, 19-26 static route root bridge 19-4, 19-15, 19-16, 19-17 28-9 root path cost 19-4 metric 28-9 topology 19-4, 19-8 subnet mask 28-9 OmniSwitch 6600 Family Network Configuration Guide April 2006 Index-9...
Page 652 22-7, 22-21 28-24 precedence 22-8 statistics 28-24 protocol 22-6, 22-20 User Datagram Protocol types 22-4 see UDP vlan stp command 18-11 users vlan user command 22-21 functional privileges 34-12, 34-21 Index-10 OmniSwitch 6600 Family Network Configuration Guide April 2006...
Page 653 LDAP servers 34-21 for RADIUS authentication 34-9 RADIUS accounting servers 34-14 setting up for RADIUS servers 34-11 warnings 42-8 Web browser authentication client 35-7 installing files for Mac OS authentication 35-9 OmniSwitch 6600 Family Network Configuration Guide April 2006 Index-11...
Page 654: Index
Index Index-12 OmniSwitch 6600 Family Network Configuration Guide April 2006...

This manual is also suitable for:

Omniswitch 6624 Omniswitch 6648 Omniswitch 6600-u24 Omniswitch 6600-p24 Omniswitch 6602-24 Omniswitch 6602-48