Page 1 Sun Netra CP3240 Switch ™ User’s Guide Sun Microsystems, Inc. www.sun.com Part No. 820-3252-11 April 2009, Revision 01 Submit comments about this document at: http://www.sun.com/hwdocs/feedback...
Page 2 Etats-Unis et dans d’autres pays et licenciée exclusivement par X/Open Company, Ltd. Sun, Sun Microsystems, le logo Sun, Netra, Sun Ray, le logo Netra et le logo Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc., ou ses ﬁliales, aux Etats-Unis et dans d’autres pays.
Page 3 Please Recycle...
Page 5: Table Of Contents
Contents Preface xxix Getting Started 1 Default Settings 2 Initial Configuration 2 ▼ Obtain Configuration Information 3 In-band and Out-of-band Connectivity 3 Initial Access Configuration 3 MGMT Serial Configuration 3 Configuring for In-band Connectivity 4 ▼ Using DHCP 5 ▼ Using a Static IP 6 Configuring for Out-Of-Band Connectivity 6 ▼...
Page 6 Operation Flow 29 Command Completion and Abbreviation 30 CLI Error Messages 31 CLI Line-Editing Conventions 31 Using CLI Help 32 Accessing the CLI 34 Comments 34 Using the Web Interface 35 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 7 Configuring for Web Access 36 ▼ To Configure for Web Access 36 Starting the Web Interface 37 Web Page Layout 38 Configuring an SNMP V3 User Profile 41 Command Buttons 42 Establishing Management Security 43 Certificate Generation 44 Configuring Secure Shell 45 Configuring Secure Socket Layer 46 Using Certificate Generation Scripts 47 SSH sshKeygen.sh 47...
Page 8 Example 5: (Config) #ip igmp 74 Example 6: #show ip igmp 74 Example 7: (Interface 1/0/2) #ip igmp 75 Web Examples 76 Configuring Port Mirroring 85 Configuring Port Mirroring via CLI 86 viii Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 9 Example 1: Set Up a Port Mirroring Session 86 Example 2: Show the Port Mirroring Session 86 Example 4: Show Status of Source and Destination Ports 87 Configuring Port Mirroring via Web Interface 88 Configuring Port Security 93 Port Security Benefits 94 Configuring Port Security via CLI 95 Example 1: show port security 95 Example 2: show port security on a Specific Interface 95...
Page 10 Enable Routing and Assign IP for Ports 1/0/2, 1/0/3, and 1/0/4 133 Specify Router ID and Enable OSPF for the Switch 133 Enable OSPF for the Ports 134 Configuring OSPF via Web Interface 135 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 11 Configuring an Inter-Area Router 135 Configuring a Border Router 135 Configuring VLAN Routing 137 Understanding VLAN Routing 138 Configuring VLAN Routing via CLI 138 Example 1: Create Two VLANs 139 Example 2: Set Up VLAN Routing for the VLANs and the Switch 140 Configuring VLAN Routing via Web Interface 141 Configuring VLAN Routing With RIP 142 Configuring VLAN With RIP via CLI 143...
Page 12 Example 1: Create ACL 179 and Define an ACL Rule 178 Example 2: Define the Second Rule for ACL 179 178 Example 3: Apply the rule to Inbound Traffic on Port 1/0/2 178 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 13 Setting Up a MAC ACL via CLI 179 Example 1: Set up a MAC Access List 180 Example 2: Specify MAC ACL Attributes 180 Example 3: Configure MAC Access Group 181 Example 4: Set up an ACL with Permit Action 183 Example 5: Show MAC Access Lists 184 Setting Up ACLs via Web Interface 185 Configuring Class of Service Queuing 195...
Page 14 Example 5: copy nvram: script 257 Example 6: script validate running-config.scr 257 Example 7: Validate Another Configuration Script 258 Establishing an Outbound Telnet Connection 259 Configuring a Telnet Connection via CLI 260 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 15 Example 1: show network 260 Example 2: show telnet 261 Example 3: transport output telnet 261 Example 4: session-limit and session-timeout 262 Configuring a Telnet Connection via Web Interface 262 Creating a Pre-Login Banner 265 Creating a Pre-login Banner via CLI 266 ▼...
Page 16 Interpreting Log Files 285 Index 287 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 17 Figures FIGURE 2-1 Mode-based CLI 24 FIGURE 3-1 Web Interface Panel-Example 37 FIGURE 3-2 Web Interface Panel-Example 39 FIGURE 3-3 Configuring an SNMP V3 User Profile 39 FIGURE 5-1 VLAN Example Network Diagram 55 FIGURE 6-1 LAG Port Channel Example Network Diagram 63 FIGURE 8-1 IGMP Snooping - Global Configuration and Status Page 77 FIGURE 8-2...
Page 18 MAC ACL Configuration Page - Create New MAC ACL 185 FIGURE 22-3 MAC ACL Configuration Page 185 FIGURE 22-4 MAC ACL Summary 186 FIGURE 22-5 MAC ACL Rule Configuration - Create New Rule 186 xviii Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 19 FIGURE 22-6 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask 187 FIGURE 22-7 MAC ACL Rule Configuration Page - View the Current Settings 188 FIGURE 22-8 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask 188 FIGURE 22-9 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask 189 FIGURE 22-10...
Page 20 SNTP Server Status Page 275 FIGURE 34-1 Log - Syslog Configuration Page 283 FIGURE 34-2 Log - Hosts Configuration Page - Add Host 283 FIGURE 34-3 Log - Hosts Configuration Page 284 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 21 Tables TABLE 1-1 Quick Startup Software Version Information 10 TABLE 1-2 Quick Startup Physical Port Data 10 TABLE 1-3 Quick Startup User Account Management 11 TABLE 1-4 Quick Startup IP Address 12 TABLE 1-5 Quick Startup Uploading from Networking Device to TFTP Server 13 TABLE 1-6 Quick Startup Downloading from TFTP Server 13 TABLE 1-7...
Page 22 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 23 Code Examples CODE EXAMPLE 4-1 SSH sshKeygen.sh Example 47 CODE EXAMPLE 4-2 SSL pemCreate.sh Example 47 CODE EXAMPLE 4-3 SSL root.cnf Example 49 CODE EXAMPLE 4-4 SSH server.cnf Example 51 CODE EXAMPLE 5-1 Creating Two VLANs 56 CODE EXAMPLE 5-2 Assigning Ports to VLAN2 56 CODE EXAMPLE 5-3 Assigning Ports to VLAN3 57...
Page 24 Enabling Routing for the Switch 133 CODE EXAMPLE 16-6 Enabling Routing and Assigning IP Ports 1/0/2, 1/0/3, and 1/0/4 133 CODE EXAMPLE 16-7 Specifying Router ID and Enabling OSPF for the Switch 133 xxiv Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 25 CODE EXAMPLE 16-8 Enabling OSPF for the Ports 134 CODE EXAMPLE 17-1 Creating Two VLANs 139 CODE EXAMPLE 17-2 Enabling Routing for the VLANs 140 CODE EXAMPLE 17-3 Configuring IP Addresses and Subnet for the VLAN Ports 141 CODE EXAMPLE 17-4 Configuring VLAN Routing with RIP Support 143 CODE EXAMPLE 17-5 Enabling RIP for the Switch 145...
Page 26 CODE EXAMPLE 29-1 Configuring Traceroute 252 CODE EXAMPLE 30-1 script Command 255 CODE EXAMPLE 30-2 script list and script delete Commands 255 CODE EXAMPLE 30-3 script apply running-config.scr Command 256 xxvi Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 27 CODE EXAMPLE 30-4 show running-config Command 256 CODE EXAMPLE 30-5 copy nvram: script Command 257 CODE EXAMPLE 30-6 script validate running-config.scr Command 257 CODE EXAMPLE 30-7 script validate default.scr Command 258 CODE EXAMPLE 31-1 show network Command 260 CODE EXAMPLE 31-2 show telnet Command 261 CODE EXAMPLE 31-3 transport output telnet Command 261...
Page 28 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 29: Preface
CLI and Web interfaces. The Netra CP3240 switch can operate as a Layer 2 switch, a Layer 3 router, or a combination switch/router. The switch also includes support for network management and Quaility of Service functions such as Access Control Lists and Differientiated Services.
Page 30: Typographic Conventions
Replace command-line variables You must be superuser to do this. with real names or values. To delete a file, type rm filename. * The settings on your browser might differ from these settings. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 31: Related Documentation
Title Part Number Format Location Latest Sun Netra CP3x40 Switch Product 820-3260-xx Online information Notes Ponter doc Sun Netra CP3240 Switch Getting 820-3254-xx Printed Shipping Kit Started Guide Installation Sun Netra CP3240 Switch 820-3251-xx Online Installation Guide Reference Sun Netra CP3240 Switch Software...
Page 32 Sun will not be responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.
Page 33: Getting Started
C H A P T E R Getting Started This chapter provides information and instructions for configuring the switch. You must connect a serial console to the switch to begin configuration. This chapter contains the following topics: Section , “Default Settings” on page 1-2 ■...
Page 34: Default Settings
Note – The switch is not configured with a default user name and password. Note – All of the settings that follow are necessary to allow remote management of the switch through Telnet (Telnet client) or HTTP (Web browser). Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 35: Obtain Configuration Information
Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity. Initial Access Configuration Initial configuration of the Netra CP3240 switch must be done either through the serial console port or though the out-of-band Ethernet management port. MGMT Serial Configuration You can use a locally or remotely attached terminal to configure in-band and out-of- band management through the MGMT serial port.
Page 36: Configuring For In-Band Connectivity
In-band connectivity allows you to access the switch from a remote workstation. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway). Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 37: Using Dhcp
▼ Using DHCP 1. Enter the following command over the MGMT serial port to enable DHCP client: network protocol dhcp You can assign IP information over the network through BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is enabled. You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the command.
Page 38: Using A Static Ip
Out-of-band connectivity allows you to access the switch from a remote workstation using the Ethernet network over a private network. To use Out-of-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway). Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 39: Using Dhcp
▼ Using DHCP DHCP is enabled by default on the Netra CP3240 switch. You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the show command. Set up the server with the following values:...
Page 40: Saving Settings
Do not enter a password because the default mode does not use a password - after typing press Enter two times. admin, b. The CLI User EXEC prompt is displayed. i. Type to switch to the Privileged EXEC mode from User EXEC. enable Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 41: System Information And System Setup
ii. Type to switch to the Global Config mode from Privileged configure EXEC. iii. Type to return to the previous mode. exit iv. Enter to show a list of commands that are available in the current mode. 4. If you want to access the switch remotely, configure the switch for In-band or Out-of-Band connectivity.
Page 42: Quick Startup Software Version Information
Link Status - Indicates whether the link is up or down. Link Trap - Determines whether or not to send a trap when link status changes. LACP Mode - Displays whether LACP is enabled or disabled on this port. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 43: Quick Startup User Account Management
Quick Startup User Account Management Quick Startup User Account Management TABLE 1-3 Command Details Displays all of the users who are allowed to access the show users networking device (Privileged EXEC Mode) Access Mode - Shows whether the user is able to change parameters on the networking device(Read/Write) or is only able to view them (Read Only).
Page 44: Quick Startup Ip Address
The IP Address and the gateway must be on the same subnet. <ipaddr> <netmask> IP Address range from 0.0.0.0 to 255.255.255.255 [gateway] Subnet Mask range from 0.0.0.0 to 255.255.255.255 (Privileged EXEC Gateway Address range from 0.0.0.0 to 255.255.255.255 Mode) Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 45: Quick Startup Uploading From Networking Device To Tftp Server
Quick Startup Uploading from Networking Device to TFTP Server Quick Startup Uploading from Networking Device to TFTP Server TABLE 1-5 Command Details Starts the upload, displays the mode copy nvram:startup-config and type of upload, and confirms the <tftp://<ipaddress>/<filepath>/<f upload is progressing. ilename>>...
Page 46: Quick Startup Factory Defaults
(Privileged EXEC Mode) You can reset the networking device or cold start the networking device. Both work effectively. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 47: Using The Command-Line Interface
SSH. For detailed information about using the CLI with the switch’s software commands, refer to the Sun Netra CP3240 Switch Software Reference Manual (820-3253). This chapter describes the CLI syntax, conventions, and modes. It contains the following sections: “Command Syntax”...
Page 48: Command Syntax
Format shows the command keywords and parameters (required and optional). ■ Mode identifies the command mode you must be in to access the command. ■ Default shows the default value, if any, of a configurable setting on the device. ■ Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 49: Parameter Conventions
commands also contain a description of the information that the command show shows. Parameter Conventions The following conventions apply to parameters: Parameters are order dependent. ■ Variables are displayed in this document in italic font, and must be replaced with ■...
Page 50: Parameter Values
(LAG). You can use the logical slot/port to configure the port-channel. Character Use double quotation marks to identify character strings, for example, strings “System Name with Spaces.” An empty string (“”) is not valid. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 51: Slot/Port Naming Convention
Slot/Port Naming Convention Sun Netra CP3240 switch software references physical entities such as cards and ports by using a slot/port naming convention. The Sun Netra CP3240 switch software also uses this convention to identify certain logical entities, such as Port- Channel interfaces.
Page 52: No' Form Of A Command
User EXEC mode commands in the Privileged EXEC mode. For detailed information about using the CLI with the switch’s software commands and modes, refer to the Sun Netra CP3240 Switch Software Reference Manual (820- 3253). The command prompt changes in each command mode to help you identify the current mode.
Page 53: Table 2-5 Cli Command Modes
CLI Command Modes TABLE 2-5 Command Mode Access Method Prompt Exit or Access Previous Mode User Exec This is the first level of access Enter logout command Switch> for performing basic tasks and listing system information. Privileged Exec From the User Exec mode, Type exit or press Ctrl-Z to Switch# enter the enable command.
Page 54 From the Global Config mode, Type exit to exit to the Global Switch (Config- Config enter the ip dhcp pool Config mode, or press Ctrl-Z dhcp6-pool)# <pool-name> command. to switch to the Privileged EXEC mode. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 55: Mode-Based Topology
Mode-Based Topology The CLI tree is built on a mode concept in which the commands are available according to the interface. Some of the modes in the mode-based CLI are depicted in FIGURE 2-1 Note – The User Exec commands are also accessible in the Privileged Exec Mode. Note –...
Page 56: Figure 2-1 Mode-Based Cli
VLAN Global Config Interface DHCP Pool Bwprovisioning Policy Map Config Config Router OSPF Class Map Line Config Config Router RIP Router BGP Policy Class Config Config Stacking Config bwallocation traffic class Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 57: Mode-Based Command Hierarchy
Mode-Based Command Hierarchy The commands in one mode are not available until the operator switches to that particular mode, with the exception of the User Exec mode commands. The User Exec mode commands can also be executed in the Privileged Exec mode. The commands available to the operator at any time depend upon the mode.
Page 58: Interface Config
Use the class <class-name> command to access the QoS policy-classmap mode to attach or remove a diffserv class to a policy and to configure the QoS policy class. $ Switch (Config policy-map)# class <class-name> $ Switch (Config-policy-classmap)# Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 59 Class Map Config This mode consists of class creation, deletion, and matching commands. The class match commands specify layer 2, layer 3, and general match criteria. Use the class-map <class-map-name> commands to access the QoS class map configuration mode to configure QoS class maps. $ Switch (Config)# class-map <class-map-name>...
Page 60 $ Switch (Tacacs) # DHCP Pool Config Use the ip dhcp pool <pool-name> command to access the DHCP Pool Config mode. $ Switch (Config)# ip dhcp pool <pool-name> $ Switch (Config-dhcp-pool)# Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 61: Vlan Mode
DHCPv6 Pool Config Use the ip dhcp pool <pool-name> command to access the DHCP Pool Config mode. $ Switch (Config)# ip dhcpv6 pool <pool-name> $ Switch (Config-dhcp6-pool)# VLAN Mode This mode groups all the commands pertaining to VLANs. The command prompt shown at this level is $ Switch (Vlan)# Operation Flow This section captures the flow of operation for the CLI.
Page 62: Command Completion And Abbreviation
The value “Er” designates that the requested value was not internally accessible. This should not happen and indicates that the software is not handling this instance correctly. The value of “-----” designates that the value is unknown Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 63: Cli Error Messages
CLI Error Messages If you enter a command and the system is unable to execute it, an error message appears. Table 2-6 describes the most common CLI error messages. CLI Error Messages TABLE 2-6 Message Text Description Indicates that you entered an incorrect or unavailable % Invalid input detected command.
Page 64: Using Cli Help
Send ICMP echo packets to a specified IP address. quit Exit this session. Any unsaved changes are lost. show Display Switch Options and Settings. telnet Telnet to a remote host. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 65 Enter a question mark (?) after each word you enter to display available command keywords or parameters. (switch) #network ? javamode Enable/Disable. mgmt_vlan Configure the Management VLAN ID of the switch. parms Configure Network Parameters of the router. protocol Select DHCP, BootP, or None as the network config protocol.
Page 66: Accessing The Cli
! Display information about interfaces show ip interface 0/1 !Displays the information about the first interface ! Display information about the next interface show ip interface 0/2 ! End of the script file Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 67: Using The Web Interface
C H A P T E R Using the Web Interface This chapter is a brief introduction to the Web interface. This chapter explains how to access the Web-based management panels to configure and manage the system. This chapter contains the following topics: Section , “Configuring for Web Access”...
Page 68: Configuring For Web Access
Chapter 1 for instructions.) 2. Connect the switch to the network. 3. Use the command to verify the web server is enabled. ip http server By default, the web server is enabled. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 69: Starting The Web Interface
Starting the Web Interface 1. Enter the IP address of the switch in the Web browser address field. 2. Click Login when the Login panel (Figure ) displays. Web Interface Panel-Example FIGURE 3-1 3. Enter the appropriate User Name and Password. The User Name and associated Password are the same as those used for the terminal interface.
Page 70: Web Page Layout
At the bottom-right of the panel display, the currently selected device ■ configuration status and/or the user configurable information that you have selected from the tree view. Web Interface Panel-Example FIGURE 3-2 Configuring an SNMP V3 User Profile FIGURE 3-3 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 71 Chapter 3 Using the Web Interface...
Page 72: Configuring An Snmp V3 User Profile
8. To enable encryption, use the Encryption Protocol pull-down menu to select DES for the encryption scheme. Then, enter an encryption code of eight or more alphanumeric characters in the Encryption Key field. 9. Click Submit. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 73: Command Buttons
Command Buttons The following command buttons are used throughout the Web interface panels for the switch: Command Button Description Save Pressing the Save button implements and saves the changes you just made. Some settings may require you to reset the system in order for them to take effect.
Page 74 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 75: Establishing Management Security
C H A P T E R Establishing Management Security This chapter describes how to enable management security. Enabling management security is a two-step process. The first step involves generating and loading appropriate authentication keys (SSH) and security certificates (SSL). Optionally a reputable third party such as RSA Security, Inc.
Page 76: Certificate Generation
Generation of these credentials has been verified using both cygwin and Linux. Once the component files are created, the credentials must be loaded onto the Sun Netra CP3240 switch. This is accomplished using the "copy" command from a tftp server.
Page 77: Configuring Secure Shell
FASTPATH device. From privileged EXEC mode, issue the command: ip ssh This will allow secure shell sessions to be instantiated on the Sun Netra CP3240 switch. The message log should be checked for errors if a secure connection cannot be established. Entries such as the following indicate the nature of the problem.
Page 78: Configuring Secure Socket Layer
EXEC mode command: no ip http server As with secure shell, the best guide for information on FASTPATH commands controlling http and https access is the Sun Netra CP3240 Switch Software Reference Manual ( 820-3253) Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 79: Using Certificate Generation Scripts
Using Certificate Generation Scripts The following four scripts and helper files can be used to generate self-signed certificates and authentication keys. SSH sshKeygen.sh SSH sshKeygen.sh Example CODE EXAMPLE 4-1 #!/bin/sh ################################################################# #### # Generate key files for rsa and dsa ################################################################# #### # RSA V1...
Page 80 ################################################################# #### # Generate the Diffie-Hellman weak and strong parameters ################################################################# #### ${OPENSSL} dhparam -check -text -5 512 -out dh512.pem ${OPENSSL} dhparam -check -text -5 1024 -out dh1024.pem Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 81: Ssl Root.cnf
SSL root.cnf SSL root.cnf Example CODE EXAMPLE 4-3 # default settings for example. [ ca ] default_ca = ca [ ca ] dir = /opt/ca certificate = $dir/cacert.pem database = $dir/index.txt new_certs_dir = $dir/certs private_key = $dir/private/cakey.pem serial = $dir/serial default_crl_days = 7 default_days = 365 default_md = sha1...
Page 82 SSL root.cnf Example (Continued) CODE EXAMPLE 4-3 [ req_extensions ] basicConstraints = CA:true Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 83: Ssh Server.cnf
SSH server.cnf SSH server.cnf Example CODE EXAMPLE 4-4 # default settings for example. [ ca ] default_ca = ca [ ca ] dir = /opt/eca certificate = $dir/cacert.pem database = $dir/index.txt new_certs_dir = $dir/certs private_key = $dir/private/cakey.pem serial = $dir/serial default_crl_days = 7 default_days = 365 default_md = sha1...
Page 84 SSH server.cnf Example (Continued) CODE EXAMPLE 4-4 [ req_extensions ] basicConstraints = CA:true subjectAltName = DNS:localhost Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 85: Configuring Virtual Lans
C H A P T E R Configuring Virtual LANs This chapter provides examples for configuring LANS. This chapter contains the following topics: Section , “VLAN Configuration Example” on page 5-54 ■ Section , “CLI Examples” on page 5-56 ■ Section , “Web Interface”...
Page 86: Vlan Configuration Example
VLAN 2 only, and ports 0/3 and 0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 87: Figure 5-1 Vlan Example Network Diagram
VLAN Example Network Diagram FIGURE 5-1 Layer 3 Switch Port 1/0/4 Port 1/0/1 VLAN 3 VLAN 2 Port 1/0/2 Port 1/0/3 VLANs 2 & 3 VLAN 3 VLAN 2 VLAN 3 Chapter 5 Configuring Virtual LANs...
Page 88: Cli Examples
(DTI SWITCH) (Interface 0/2)#vlan participation include 2 (DTI SWITCH) (Interface 0/2)#vlan acceptframe vlanonly (DTI SWITCH) (Interface 0/2)#exit (DTI SWITCH) (Config)#exit (DTI SWITCH) #config (DTI SWITCH) (Config)#vlan port tagging all 2 (DTI SWITCH) (Config)#exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 89: Example 3: Assign Ports To Vlan3
Example 3: Assign Ports to VLAN3 This example shows how to assign the ports that will belong to VLAN 3, and to specify that untagged frames will be accepted on port 0/4. Note that port 0/2 belongs to both VLANs and that port 0/1 can never belong to VLAN 3.
Page 90: Example 5: Assign Ip Addresses To Vlan 2
Switching --> VLAN--> Configuration. To create VLANs and specify port ■ participation. Switching --> VLAN --> Port Configuration. To specify the handling of untagged ■ frames on receipt, and whether frames will be transmitted tagged or untagged. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 91: Private Edge Vlans
Private Edge VLANs Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other even if they are on the same VLAN. Protected ports cannot forward traffic to other protected ports in the same group, ■...
Page 92 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 93: Configuring Port Channels By Link Aggregation
C H A P T E R Configuring Port Channels by Link Aggregation This chapter describes how to use the Link Aggregation feature to configure port- channels via the CLI and the Graphical User Interface. This chapter contains the following topics: Section , “Using the Link Aggregation Feature”...
Page 94: Using The Link Aggregation Feature
Management functions treat a port-channel as if it were a single physical port. You can include a port-channel in a VLAN. You can configure more than one port- channel for a given switch. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 95: Configuring Link Aggregation Via Cli
Configuring Link Aggregation via CLI The following Figure 6-1 shows an example of configuring the software to support Link Aggregation (LAG) to a server and to a Layer 3 switch. LAG Port Channel Example Network Diagram FIGURE 6-1 Server Subnet Port 1/0/3 LAG_10 Port 1/0/2...
Page 96: Cli Example 1: Create Two Port Channels
Port Port Intf Name Link Mode Mode Mode Type Ports Speed Active ------ ------------- ----- ---- ---- ------ ------- ------ ------ --- ------ 1/1lag_10 Down Dis. Dynamic 1/2lag_20 Down Dis. Dynamic Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 97: Cli Example 2: Add Physical Ports To The Port Channels
CLI Example 2: Add Physical Ports to the Port Channels Adding Ports to the Port Channels CODE EXAMPLE 6-3 (DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/2 (DTI SWITCH) (Interface 0/2)#addport 1/1 (DTI SWITCH) (Interface 0/2)#exit (DTI SWITCH) (Config)#interface 0/3 (DTI SWITCH) (Interface 0/3)#addport 1/1 (DTI SWITCH) (Interface 0/3)#exit (DTI SWITCH) (Config)#exit (DTI SWITCH) #config...
Page 98: Configuring Link Aggregation Via Web Interface
To perform the same configuration as described in the previous CLI sections, use: Switching --> Link Aggregation --> Configuration on the Web interface. To create the port-channels, specify port participation and enable Link Aggregation (LAG) support on the switch. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 99: Configuring Storm Control
C H A P T E R Configuring Storm Control This chapter describes how to configure storm control on the switch. This chapter contains the following topics: Section , “Understanding Traffic Storms” on page 7-68 ■ Section , “CLI Examples” on page 7-69 ■...
Page 100: Understanding Traffic Storms
Using the “no” version of the “storm-control” command (not stating a “level”) disables that form of storm-control but maintains the configured “level” (to be active next time that form of storm-control is enabled). Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 101: Cli Examples
CLI Examples Example 1: Set Broadcast Storm Control for All Interfaces Set Broadcast Storm Control for All Interfaces CODE EXAMPLE 7-1 (DTI SWITCH) #config (DTI SWITCH) (Config)#storm-control broadcast ? Configure storm-control features for all ports. (DTI SWITCH) (Config)#storm-control broadcast all ? <cr>...
Page 102: Example 2: Set Multicast Storm Control For All Interfaces
Set Unicast Storm Control for All Interfaces CODE EXAMPLE 7-3 (DTI SWITCH) #config (DTI SWITCH) (Config)#storm-control unicast all (DTI SWITCH) (Config)#storm-control unicast all level 5 (DTI SWITCH) (Config)#exit (DTI SWITCH) # Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 103: Monitoring Igmp Snooping
C H A P T E R Monitoring IGMP Snooping This chapter describes the Internet Group Management Protocol (IGMP) feature: IGMPv3 and IGMP Snooping. The IGMP Snooping feature enables the switch to monitor IGMP transactions between hosts and routers. It can help conserve bandwidth by allowing the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
Page 104: Cli Examples
IGMP Snooping Multicast Router information. <1-4093>Display IGMP Snooping valid VLAN ID information. (DTI SWITCH) #show igmpsnooping Admin Mode.......Enable Multicast Control Frame Count....0 Interfaces Enabled for IGMP Snooping..0/10 Vlans enabled for IGMP snooping..20 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 105: Example 2: Show Ip Igmp Interface
Example 2: show ip igmp Interface show ip igmp Interface CODE EXAMPLE 8-2 (LVL7 FASTPATH Routing Switching) #show ip igmp interface ? <slot/port>Enter interface in unit/slot/port format. membershipDisplay interfaces subscribed to the multicast group. statsDisplay IGMP statistical information. (LVL7 FASTPATH Routing Switching) #show ip igmp interface 0/10 Slot/Port........0/10 IGMP Admin Mode........Enable Interface Mode.........Disable...
Page 106: Example 4: Show Ip Igmp Interface
Example 6: #show ip igmp #show ip igmp CODE EXAMPLE 8-6 (LVL7 FASTPATH Routing Switching) #show ip igmp ? <cr>Press Enter to execute the command. groupsDisplay the subscribed multicast groups. interfaceDisplay IGMP configuration information. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 107: Example 7: (Interface 1/0/2) #Ip Igmp
Example 7: (Interface 1/0/2) #ip igmp (Interface 1/0/2) #ip igmp CODE EXAMPLE 8-7 (LVL7 FASTPATH Routing Switching) (Interface 0/2)#ip igmp ? <cr>Press Enter to execute the command. last-member-query-countConfigure last member query count. last-member-query-interval Configure last member query interval. query-intervalConfigure IGMP query interval. query-max-response-timeConfigure maximum response time.
Page 108: Web Examples
Web Examples The following web pages are used in the IGMP Snooping feature. Click Help for more information on the web interface. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 109: Figure 8-1 Igmp Snooping - Global Configuration And Status
IGMP Snooping - Global Configuration and Status Page FIGURE 8-1 IGMP Snooping - Interface Configuration Page FIGURE 8-2 Chapter 8 Monitoring IGMP Snooping...
Page 110: Figure 8-3 Igmp Snooping Vlan Configuration
IGMP Snooping VLAN Configuration FIGURE 8-3 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 111: Figure 8-4 Igmp Snooping - Vlan Status
IGMP Snooping - VLAN Status Page FIGURE 8-4 IGMP Snooping - Multicast Router Statistics Page FIGURE 8-5 Chapter 8 Monitoring IGMP Snooping...
Page 112: Figure 8-6 Igmp Snooping - Multicast Router Configuration
IGMP Snooping - Multicast Router Configuration Page FIGURE 8-6 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 113: Figure 8-7 Igmp Snooping - Multicast Router Vlan Statistics
IGMP Snooping - Multicast Router VLAN Statistics Page FIGURE 8-7 Chapter 8 Monitoring IGMP Snooping...
Page 114: Figure 8-8 Igmp Snooping - Multicast Router Vlan Configuration
IGMP Snooping - Multicast Router VLAN Configuration Page FIGURE 8-8 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 115 Chapter 8 Monitoring IGMP Snooping...
Page 116 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 117: Configuring Port Mirroring
C H A P T E R Configuring Port Mirroring This chapter describes the Port Mirroring feature, which can serve as a diagnostic tool, debugging tool, or means of fending off attacks. Port mirroring selects network traffic from specific ports for analysis by a network analyzer, while allowing the same traffic to be switched to its destination.
Page 118: Configuring Port Mirroring Via Cli
(DTI SWITCH) #show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port Type ---------- ---------- ---------- ------------- ----- Enable 1/0/8 01/0/7 Rx,Tx Monitor session ID “1” - “1” is a hardware limitation. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 119: Example 4: Show Status Of Source And Destination Ports
Example 4: Show Status of Source and Destination Ports Use this command for a specific port. The output shows whether the port is the mirror or the probe port, what is enabled or disabled on the port, etc. Showing Status of Source and Destination Ports CODE EXAMPLE 9-3 (DTI SWITCH) #show port 0/7 Admin...
Page 120: Configuring Port Mirroring Via Web Interface
Configuring Port Mirroring via Web Interface The following web pages are used with the Port Mirroring feature. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 121: Figure 9-1 Multiple Port Mirroring
Multiple Port Mirroring FIGURE 9-1 Multiple Port Mirroring - Add Source Ports FIGURE 9-2 Chapter 9 Configuring Port Mirroring...
Page 122: Figure 9-3 Multiple Port Mirroring
Multiple Port Mirroring FIGURE 9-3 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 123: Figure 9-4 System - Port Summary
System - Port Summary FIGURE 9-4 Chapter 9 Configuring Port Mirroring...
Page 124 FIGURE 9-5 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 125: Configuring Port Security
C H A P T E R Configuring Port Security This chapter describes the Port Security feature. This chapter contains the following topics: Section , “Port Security Benefits” on page 10-94 ■ Section , “Configuring Port Security via CLI” on page 10-95 ■...
Page 126: Port Security Benefits
Dynamically locked MAC addresses are eligible to be learned by another port. ■ Static MAC addresses are not eligible for aging. ■ Dynamically locked addresses can be converted to statically locked addresses. ■ Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 127: Configuring Port Security Via Cli
Configuring Port Security via CLI The following are examples of the commands used in the Port Security feature. Example 1: show port security show port security CODE EXAMPLE 10-1 (DTI SWITCH) #show port-security ? <cr> Press Enter to execute the command. Display port-security information for all interfaces <slot/port>Display port security information for a...
Page 128: Example 3: (Config) Port Security
(LVL7 FASTPATH Routing) (Config)#port-security Configuring Port Security via Web Interfaces The following Web pages are used in the Port Security feature. Port Security Administration FIGURE 10-1 Port Security Interface Configuration FIGURE 10-2 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 129: Figure 10-3 Port Security Dynamically Learned Mac Addresses
Port Security Dynamically Learned MAC Addresses FIGURE 10-3 Port Security Violation Status FIGURE 10-4 Chapter 10 Configuring Port Security...
Page 130 FIGURE 10-5 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 131: Configuring Port Description
C H A P T E R Configuring Port Description This chapter describes the Port Description feature, which lets you specify an alphanumeric interface identifier that can be used for SNMP network management. This chapter contains the following topics: Section , “Configuring Port Description via CLI” on page 11-100 ■...
Page 132: Configuring Port Description Via Cli
CODE EXAMPLE 11-2 show port description 0/10 Interface..0/10 ifIndex..10 Description..Test MAC Address..00:00:00:01:00:02 Bit Offset Val..10 Configuring Port Description via the Web Interface Use the following Web screen to enter Port Description information. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 133: Figure 11-1 Port Security Administration
Port Security Administration FIGURE 11-1 Port Security Interface Configuration FIGURE 11-2 Chapter 11 Configuring Port Description...
Page 134: Figure 11-3 Port Security Dynamically Learned Mac Addresses
Port Security Dynamically Learned MAC Addresses FIGURE 11-3 Port Security Violation Status FIGURE 11-4 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 135 FIGURE 11-5 Chapter 11 Configuring Port Description...
Page 136 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 137: Configuring Link Layer Discovery Protocol
C H A P T E R Configuring Link Layer Discovery Protocol This chapter describes the Link Layer Discovery Protocol (LLDP) feature that allows individual interfaces on the switch to advertise major capabilities and physical descriptions. Network managers can view this information and identify system topology and detect bad configurations on the LAN.
Page 138: Configuring Lldp Via Cli
TTL. interval The interval in seconds to transmit local LLDP data. reinit The delay before re-initialization. (DTI SWITCH) (Config)#lldp timers hold 8 reinit 5 (DTI SWITCH) (Config)#exit (DTI SWITCH) # Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 139: Example 2: Set Interface Lldp Parameters
Example 2: Set Interface LLDP Parameters The following commands configure interface 0/10 to transmit and receive LLDP information. Setting Interface LLDP Parameters CODE EXAMPLE 12-2 (DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/10 (DTI SWITCH) (Interface 1/0/10)#lldp ? notification Enable/Disable LLDP remote data change notifications.
Page 140: Example 3: Show Global Lldp Parameters
TLVs Mgmt --------- ------ -------- -------- -------- ------- ---- 1/0/10 Down Enabled Enabled Disabled TLV Codes: 0- Port Description, 1- System Name 2- System Description, 3- System Capabilities (DTI SWITCH) # Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 141: Configuring Lldp Via Web Interface
Configuring LLDP via Web Interface The LLDP menu page contains links to the following features: LLDP Configuration ■ LLDP Statistics ■ LLDP Connections ■ LLDP Configuration ■ Use the LLDP Global Configuration page to specify LLDP parameters. LLDP Global Configuration FIGURE 12-1 The LLDP Global Configuration page contains the following fields: Transmit Interval (1-32768) —...
Page 142: Figure 12-2 Lldp Interface Configuration
Default is disabled. Notification Mode—Enables or disables remote change notifications. The default ■ is disabled. Included TLVs—Selects TLV information to transmit. Choices include System ■ Name, System Capabilities, System Description, and Port Description. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 143: Figure 12-3 Lldp Interface Summary
LLDP Interface Summary FIGURE 12-3 LLDP Statistics FIGURE 12-4 Chapter 12 Configuring Link Layer Discovery Protocol...
Page 144 FIGURE 12-5 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 145: Configuring Denial Of Service Attack Protection
Complies with Nessus. LVL7 tested Release 4.3 with Nessus version 2.0.10. ■ Nessus is a widely-used vulnerability assessment tool. Additionally, the Netra CP3240 switch software provides a number of features that help a network administrator protect networks against DoS attacks.
Page 146: Configuring Denial Of Service Via Cli
Configuring Denial of Service via CLI Enter from Global Config mode: Configuring DoS via CLI CODE EXAMPLE 13-1 dos-control sipdip dos-control firstfrag dos-control tcpfrag dos-control l4port dos-control icmp show dos-control Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 147: Configuring Port Routing
C H A P T E R Configuring Port Routing This chapter how to configure port routing. This chapter contains the following topics: Section , “Understanding Port Routing” on page 14-116 ■ Section , “Configuring Port Routing via CLI” on page 14-117 ■...
Page 148: Understanding Port Routing
0/2, 0/3, and 0/5. The router ID is set to the FASTPATH software’s management IP address, or to that of any active router interface if the management address is not configured. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 149: Configuring Port Routing Via Cli
The diagram in this section shows a Layer 3 switch configured for port routing. It connects three different subnets, each connected to a different port. The script shows the commands you would use to configure a Sun Netra CP3240 switch to provide the port routing support shown in the diagram.
Page 150: Example 1. Enabling Routing For The Switch
CODE EXAMPLE 14-2 config interface 0/2 routing ip address 192.150.2.1 255.255.255.0 exit exit config interface 0/3 routing ip address 192.150.3.1 255.255.255.0 exit exit config interface 0/5 routing ip address 192.150.5.1 255.255.255.0 exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 151: Configuring Port Routing Via Web Interface
Configuring Port Routing via Web Interface Use the following screens to perform the same configuration using the Web interface: Routing --> IP --> Interface Configuration --> System Routing Mode. To enable ■ routing for the switch. Routing --> IP --> Interface Configuration--> Slot Port /IP Address/ Subnet ■...
Page 152 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 153: Configuring Routing Information Protocol
C H A P T E R Configuring Routing Information Protocol This chapter describes how to configure the routing information protocol (RIP). Routing Information Protocol (RIP) is one of the protocols which may be used by routers to exchange network topology information. It is characterized as an “interior”...
Page 154: Understanding Routing Information Protocol
The routing table is sent to a multicast address, reducing network traffic ■ An authentication method is used for security ■ The Netra CP3240 switch supports both versions of RIP. You can configure a given port to: receive packets in either or both formats ■...
Page 155: Configuring Rip Via Cli
Configuring RIP via CLI The configuration commands used in the following example enable RIP on ports 0/2 and 0/3 as shown in the network illustrated in Figure 15-1 Port Routing Example Network Diagram FIGURE 15-1 Subnet 3 Port 1/0/3 192.130.3.1 Layer 3 Switch acting as a router Port 1/0/2...
Page 156: Example 2: Enable Routing For Ports
Example 3. Enable RIP for the Switch The next sequence enables RIP for the switch. The route preference defaults to 15. Enable RIP for the Switch CODE EXAMPLE 15-3 config router rip enable exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 157: Example 4. Enable Rip For Ports 1/0/2 And 1/0/3
Example 4. Enable RIP for Ports 1/0/2 and 1/0/3 This command sequence enables RIP for ports 0/2 and 0/3. Authentication defaults to none, and no default route entry is created. The commands specify that both ports receive both RIPv1 and RIPv2 frames, but send only RIPv2 formatted frames. Enable RIP for Ports 1/0/2 and 1/0/3 CODE EXAMPLE 15-4 config...
Page 158 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 159: Configuring Open Shortest Path First (Ospf)
C H A P T E R Configuring Open Shortest Path First (OSPF) This chapter describes how to configure OSPF. This chapter contains the following topics: Section , “Understanding Open Shortest Path First (OSPF)” on page 16-128 ■ Section , “Configuring OSPF via CLI” on page 16-129 ■...
Page 160: Understanding Open Shortest Path First (Ospf)
The Sun Netra CP3240 switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The...
Page 161: Configuring Ospf Via Cli
0.0.0.2 and 0.0.0.3. The example script shows the commands used to configure a Sun Netra CP3240 switch as the inter-area router in the diagram by enabling OSPF on port 0/2 in area 0.0.0.2 and port 0/3 in area 0.0.0.3.
Page 162: Enable Routing For The Switch
The following sequence specifies the router ID and enables OSPF for the switch. Disable 1583 compatibility to prevent the routing loop. pecifying Router ID and Enabling OSPF for the Switch CODE EXAMPLE 16-3 Config router ospf enable router-id 192.150.9.9 no 1583compatibility exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 163: Enable And Configure Ospf For The Ports
Example 2: Configuring OSPF on a Border Router The next diagram shows the same network segment with the Sun Netra CP3240 switch operating as the border router in area 0.0.0.2. The example script shows the commands used to configure the switch with OSPF enabled on port 1/0/2 for communication with the inter-area router in the OSPF backbone, and on ports 1/0/3 and 1/0/4 for communication with subnets within area 0.0.0.2.
Page 164: Figure 16-2 Ospf Example Network Diagram: Border Router
Inter-area Router Port 1/0/2 Port 1/0/2 192.150.2.1 192.150.2.2 Layer 3 Switch acting as a Border Router Border Router Port 1/0/2 192.150.2.2 Area 3 Port 1/0/4 Port 1/0/3 192.64.4.1 192.130.3.1 Area 2 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 165: Enable Routing For The Switch
Enable Routing for the Switch Enabling Routing for the Switch CODE EXAMPLE 16-5 config ip routing exit Enable Routing and Assign IP for Ports 1/0/2, 1/0/3, and 1/0/4 Enabling Routing and Assigning IP Ports 1/0/2, 1/0/3, and 1/0/4 CODE EXAMPLE 16-6 config interface 0/2 routing...
Page 166: Enable Ospf For The Ports
0.0.0.2 ip ospf priority 255 ip ospf cost 64 exit interface 0/4 ip ospf ip ospf areaid 0.0.0.2 ip ospf priority 255 ip ospf cost 64 exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 167: Configuring Ospf Via Web Interface
Configuring OSPF via Web Interface Similar configurations as described in the previous CLI sections can be performed using the Web interface. Configuring an Inter-Area Router Use the following screens to perform an inter-area router configuration using the Web interface: Routing --> IP --> Interface Configuration --> System Routing Mode. To enable ■...
Page 168 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 169: Configuring Vlan Routing
C H A P T E R Configuring VLAN Routing This chapter describes how to configure the Netra CP3240 switch with some ports supporting VLANs and some supporting routing. Also, this chapter shows how to configure VLAN with RIP and OSPF.
Page 170: Understanding Vlan Routing
Configuring VLAN Routing via CLI This section provides an example of how to configure the Sun Netra CP3240 switch to support VLAN routing. The configuration of the VLAN router port is similar to that of a physical port. The main difference is that, after the VLAN has been created, you must use the show ip vlan command to determine the VLAN’s interface ID so...
Page 171: Example 1: Create Two Vlans
VLAN Routing Example Network Diagram FIGURE 17-1 Layer 3 Switch Physical Port 1/0/2 Physical Port 1/0/3 VLAN Router Port 3/1 VLAN Router Port 3/2 192.150.3.1 192.150.4.1 Physical Port 1/0/1 Layer 2 Switch Layer 2 Switch VLAN 10 VLAN 20 Example 1: Create Two VLANs The following code sequence shows an example of creating two VLANs with egress frame tagging enabled.
Page 172: Example 2: Set Up Vlan Routing For The Vlans And The Switch
This returns the logical interface IDs that will be used instead of slot/port in subsequent routing commands. Assume that VLAN 10 is assigned ID 3/1 and VLAN 20 is assigned ID 3/2. Enable routing for the switch: config ip routing exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 173: Configuring Vlan Routing Via Web Interface
The next sequence shows an example of configuring the IP addresses and subnet masks for the virtual router ports. Configuring IP Addresses and Subnet for the VLAN Ports CODE EXAMPLE 17-3 config interface 3/1 ip address 192.150.3.1 255.255.255.0 exit interface 3/2 ip address 192.150.4.1 255.255.255.0 exit exit...
Page 174: Configuring Vlan Routing With Rip
The routing table is sent to a multicast address, reducing network traffic ■ An authentication method is used for security ■ The Netra CP3240 switch supports both versions of RIP. You can configure a given port to: receive packets in either or both formats ■...
Page 175: Configuring Vlan With Rip Via Cli
Configuring VLAN With RIP via CLI The following example adds support for RIPv2 to the configuration created in the base VLAN routing example. A second router, using port routing rather than VLAN routing, has been added to the network. RIP for VLAN Routing Example Network Diagram FIGURE 17-2 Router Router Port 1/0/5...
Page 176 10 vlan routing 20 exit show ip vlan config ip routing exit config interface 3/1 ip address 192.150.3.1 255.255.255.0 exit interface 3/2 ip address 192.150.4.1 255.255.255.0 exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 177: Example 2: Enable Rip For The Switch
Example 2: Enable RIP for the Switch This step enables RIP for the switch. The route preference will default to 15. Enabling RIP for the Switch CODE EXAMPLE 17-5 config router rip enable exit exit The next sequence configures the IP address and subnet mask for a non-virtual router port.
Page 178: Configuring Vlan Routing With Rip Via Web Interface
The Sun Netra CP3240 switch operating as a router and running OSPF determines the best route using the assigned cost and the type of the OSPF route. The order for choosing a route if more than one type of route exists is as follows: Sun Netra CP3240 Switch User’s Guide •...
Page 179: Configuring Vlan Routing With Ospf Via Cli
The following example adds support for OSPF to the configuration created in the base VLAN routing example. The script shows the commands you would use to configure the Sun Netra CP3240 switch as an inter-area router. Refer to Figure 17-1.
Page 180: Example 2: Specify The Router Id And Enable Ospf For The Switch
Example 2: Specify the Router ID and Enable OSPF for the Switch Specify the router ID. Speciying Router ID CODE EXAMPLE 17-9 config router ospf router-id 192.150.9.9 enable exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 181 Enable OSPF for the VLAN and physical router ports. Enabling OSPF for the VLAN and Router Ports CODE EXAMPLE 17-10 config interface 3/1 ip ospf areaid 0.0.0.2 ip ospf exit interface 3/2 ip ospf areaid 0.0.0.3 ip ospf exit exit Set the OSPF priority and cost for the VLAN and physical router ports.
Page 182: Configuring Vlan Routing Via Web Interface
Routing --> OSPF --> OSPF Info. To enable OSPF for the switch. ■ Routing --> OSPF--> Interface Configuration. To enable OSPF for the ports and ■ specify the priority and cost parameters. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 183: Configuring Virtual Router Redundancy Protocol
A given port may appear as more than one virtual router to the network, also, more than one port on a Sun Netra CP3240 switch may be configured as a virtual router. Either a physical port or a routed VLAN may participate.
Page 184: Configuring Vrrp Via Cli
Configuring VRRP via CLI The following example shows how to configure the Sun Netra CP3240 switch to support VRRP. Router 1 will be the default master router for the virtual route, and Router 2 will be the backup router. VRRP Example Network Configuration...
Page 185: Example 1: Configuring Vrrp On Fastpath As A Master Router
Example 1: Configuring VRRP on FASTPATH as a Master Router Enable routing for the switch. IP forwarding is then enabled by default. Enabling Routing for the Switch CODE EXAMPLE 18-1 config ip routing exit Configure the IP addresses and subnet masks for the port that will participate in the protocol.
Page 186: Example 2: Configuring Vrrp On Fastpath As A Backup Router
20 exit Assign virtual router IDs to the port that will participate in the protocol. Assigning a Virtual Router to the Port CODE EXAMPLE 18-10 config interface 0/4 ip vrrp 20 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 187: Configuring Vrrp Via Web Interface
Specify the IP address that the virtual router function will recognize. Since the virtual IP address on port 1/0/4 is the same as Router 1’s port 1/0/2 actual IP address, this router will always be the VRRP backup when Router 1 is active. Specifying the IP Address for the Virtual Router CODE EXAMPLE 18-11 ip vrrp 20 ip 192.150.2.1...
Page 188 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 189: Proxy Address Resolution Protocol (Arp)
C H A P T E R Proxy Address Resolution Protocol (ARP) This chapter describes the Proxy Address Resolution Protocol (ARP) feature: Proxy ARP allows a router to answer ARP requests where the target IP address is ■ not the router itself but a destination that the router can reach. If a host does not know the default gateway, proxy ARP can learn the first hop.
Page 190: Configuring Proxy Arp Via Cli
Encapsulation Type......Ethernet IP MTU......... 1500 Example 2: ip proxy-arp ip proxy-arp CODE EXAMPLE 19-2 (DTI SWITCH)(Interface 0/24)#ip proxy-arp ? <cr> Press Enter to execute the command. (DTI SWITCH) (Interface 0/24)#ip proxy-arp Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 191: Configuring Proxy Arp Via Web Interface
Configuring Proxy ARP via Web Interface The following web pages are used in the proxy ARP feature. ARP Create FIGURE 19-1 ARP Table Configuration FIGURE 19-2 Chapter 19 Proxy Address Resolution Protocol (ARP)
Page 192 FIGURE 19-3 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 193: Configuring Igmp Proxy
C H A P T E R Configuring IGMP Proxy This chapter describes how to configure the Internet Group Management Protocol (IGMP) proxy. This chapter contains the following topics: Section , “Understanding IGMP Proxy” on page 20-162 ■ Section , “Configuring IGMP Proxy via CLI” on page 20-163 ■...
Page 194: Understanding Igmp Proxy
(MFC) in order not to make the forwarding decision for subsequent multicast packets with same combination of source and group. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 195: Configuring Igmp Proxy Via Cli
Configuring IGMP Proxy via CLI The CLI component of FASTPATH allows the end users to configure the network device and to view device settings and statistics using a serial interface or telnet session. Example 1: Configuring the Interface This command enables the IGMP Proxy on the router. To enable IGMP Proxy on the router no multicast routing protocol should be enabled and also multicast forwarding must be enabled on the router.
Page 196: Example 3: Reset The Host Interface Status Parameters
This command displays parameters only when IGMP Proxy is enabled. Use the command from Privileged EXEC or User EXEC modes. Showing Host Interface Status CODE EXAMPLE 20-5 (DTI SWITCH) # show ip igmp-proxy interface Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 197: Example 6: Show Igmp Proxy Groups
Example 6: Show IGMP Proxy Groups Use this command to display information about multicast groups that IGMP proxy reported. It displays a table of entries with the following as the fields of each column. Use the command from Privileged EXEC or User EXEC modes. Showing IGMP Proxy Groups CODE EXAMPLE 20-6 (DTI SWITCH) # show ip-igmp-proxy groups...
Page 198 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 199: Configuring Internet Protocol (Ipv6)
C H A P T E R Configuring Internet Protocol (IPv6) This chapter describes how to configure Internet Protocol (IPv6). This chapter contains the following topics: Section , “Understanding PPv6” on page 21-168 ■ Section , “Using IPv6 Configurations” on page 21-169 ■...
Page 200: Understanding Ppv6
Ethertype (contained within the L2 header to indicate which L3 protocol is used). In order to route these packets across L3 requires an infrastructure equivalent to and parallel to that provided for IPv4. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 201: Using Ipv6 Configurations
Using IPv6 Configurations In FASTPATH, IPv6 will coexist with IPv4. As with IPv4, IPv6 routing can be enabled on physical and VLAN interfaces. Each L3 routing interface can be used for IPv4, IPv6 or both. Routing protocols, such as OSPF, are capable of computing routes for either IP version or both concurrently.
Page 202: Configuring Ipv6 Via Cli
1.1.1.1 exit ipv6 router ospf router-id 1.1.1.1 exit interface 0/1 routing ip address 20.20.20.1 255.255.255.0 ip ospf exit interface 0/2 routing ipv6 enable ipv6 address 2020:1::1/64 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 203 Device 1 (Continued) CODE EXAMPLE 21-1 ipv6 ospf ipv6 ospf network point-to-point exit interface tunnel 0 ipv6 address 2001::1/64 tunnel mode ipv6ip tunnel source 20.20.20.1 tunnel destination 10.10.10.1 ipv6 ospf ipv6 ospf network point-to-point exit interface loopback 0 ip address 1.1.1.1 255.255.255.0 exit exit Device 2...
Page 204 Device 2 (Continued) CODE EXAMPLE 21-2 ip address 2.2.2.2 255.255.255.0 exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 205: Configuring Access Control Lists (Acls)
C H A P T E R Configuring Access Control Lists (ACLs) This chapter describes how to configure the Access Control Lists (ACLs). This chapter contains the following topics: Section , “Understanding Access Control Lists” on page 22-174 ■ Section , “Configuring Access Control Lists” on page 22-176 ■...
Page 206: Understanding Access Control Lists
Using ACLs to mirror traffic is called flow-based mirroring because the traffic flow is defined by the ACL classification rules. This is in contrast to port mirroring, where all traffic encountered on a specific interface is replicated on another interface. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 207: Limitations
Limitations The following limitations apply to ACLs. These limitations are platform dependent. Maximum of 100 ACLs. ■ Maximum rules per ACL is 8-10. ■ The system supports ACLs set up for inbound traffic only. ■ You can configure mirror or redirect attributes for a given ACL rule, but not both. ■...
Page 208: Ip Acls
2. Create an IP ACL by specifying a number. 3. Add new rules to the ACL. 4. Configure the match criteria for the rules. 5. Apply the ACL to one or more interfaces. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 209: Setting Up An Ip Acl Via Cli
TCP traffic and one to UDP traffic. The content of the two rules is the same. TCP and UDP packets will only be accepted by the Sun Netra CP3240 switch if the source and destination stations have IP addresses that fall within the defined sets.
Page 210: Example 1: Create Acl 179 And Define An Acl Rule
179 permit udp 192.168.77.0 0.0.0.255 192.168.77.3 0.0.0.255 exit Example 3: Apply the rule to Inbound Traffic on Port 1/0/2 Only traffic matching the criteria will be accepted. interface 0/2 ip access-group 179 in exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 211: Setting Up A Mac Acl Via Cli
Setting Up a MAC ACL via CLI The following are examples of the commands used for the MAC ACLs feature. Chapter 22 Configuring Access Control Lists (ACLs)
Page 212: Example 1: Set Up A Mac Access List
Configure a match condition for all the destination MAC addresses in the Destination MAC Address field. bpdu Match on any BPDU destination MAC Address. (DTI SWITCH) (Config-mac-access-list)#deny any 00:11:22:33:44:55 ? <dstmacmask> Enter a MAC Address bit mask. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 213: Example 3: Configure Mac Access Group
Specify MAC ACL Attributes (Continued) CODE EXAMPLE 22-2 (DTI SWITCH) (Config-mac-access-list)#deny any 00:11:22:33:44:55 :00:00:00:FF:FF ? <ethertypekey> Enter one of the following keywords to specify an Ethertype (appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp). <0x0600-0xffff> Enter a four-digit hexadecimal number in the range of 0x0600 to 0xffff to specify a custom Ethertype value.
Page 214 (DTI SWITCH) (Interface 0/5)#mac access-group mac1 in 6 ? <cr> Press Enter to execute the command. (DTI SWITCH) (Interface 0/5)#mac access-group mac1 in 6 (DTI SWITCH) (Interface 0/5)#exit (DTI SWITCH) (Config)#exit (DTI SWITCH) # Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 215: Example 4: Set Up An Acl With Permit Action
Example 4: Set up an ACL with Permit Action Set Up ACL with Permit Action CODE EXAMPLE 22-4 (DTI SWITCH) (Config)#mac access-list extended mac2 (DTI SWITCH) (Config-mac-access-list)#permit ? <srcmac> Enter a MAC Address. Configure a match condition for all the source MAC addresses in the Source MAC Address field.
Page 216: Example 5: Show Mac Access Lists
(DTI SWITCH) #show mac access-lists mac1 MAC ACL Name: mac1 Rule Number: 1 Action......... deny Destination MAC Address......00:11:22:33:44:55 Destination MAC Mask......00:00:00:00:FF:FF Log..........TRUE (DTI SWITCH) # Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 217: Setting Up Acls Via Web Interface
Setting Up ACLs via Web Interface The following web pages are used in the ACL feature. MAC ACL Configuration Page - Create New MAC ACL FIGURE 22-2 MAC ACL Configuration Page FIGURE 22-3 Chapter 22 Configuring Access Control Lists (ACLs)
Page 218: Figure 22-4 Mac Acl Summary
MAC ACL Summary FIGURE 22-4 MAC ACL Rule Configuration - Create New Rule FIGURE 22-5 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 219: Figure 22-6 Mac Acl Rule Configuration Page - Add Destination Mac And Mac Mask
MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask FIGURE 22-6 Chapter 22 Configuring Access Control Lists (ACLs)
Page 220: Figure 22-7 Mac Acl Rule Configuration Page - View The Current Settings
MAC ACL Rule Configuration Page - View the Current Settings FIGURE 22-7 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask FIGURE 22-8 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 221: Figure 22-9 Mac Acl Rule Configuration Page - Add Destination Mac And Mac Mask
MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask FIGURE 22-9 Chapter 22 Configuring Access Control Lists (ACLs)
Page 222: Figure 22-10 Acl Interface Configuration
ACL Interface Configuration FIGURE 22-10 IP ACL Configuration Page - Create a New IP ACL FIGURE 22-11 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 223: Figure 22-12 Ip Acl Configuration Page - Create A Rule And Assign An Id
IP ACL Configuration Page - Create a Rule and Assign an ID FIGURE 22-12 IP ACL Configure IP ACL Rule Properties FIGURE 22-13 Chapter 22 Configuring Access Control Lists (ACLs)
Page 224: Figure 22-14 Ip Acl Rule Configuration Page - Rule With Protocol And Source Ip Configuration
IP ACL Rule Configuration Page - Rule with Protocol and Source IP Configuration FIGURE 22-14 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 225: Figure 22-15 Attach Ip Acl To An Interface
Attach IP ACL to an Interface FIGURE 22-15 IP ACL Summary FIGURE 22-16 Chapter 22 Configuring Access Control Lists (ACLs)
Page 226 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 227: Configuring Class Of Service Queuing
C H A P T E R Configuring Class of Service Queuing This chapter describes the Class of Service (CoS) feature and how to configure it. This chapter contains the following topics: Section , “Understanding Class of Service (CoS)” on page 23-196 ■...
Page 228: Understanding Class Of Service (Cos)
VLAN Port Priority in the Switching sub-menu) that determines the egress queue its traffic gets forwarded to. Packets that arrive without a priority designation, or packets from ports you’ve identified as “untrusted,” get forwarded according to this default. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 229: Ingress Port Configurations
Ingress Port Configurations Trusted and Untrusted Ports/CoS Mapping Table The first task for ingress port configuration is to specify whether traffic arriving on a given port is “trusted” or “untrusted.” A trusted port means that the system will accept at face value a priority designation within arriving packets.
Page 230: Egress Port Configurations
Queue management - tail drop ■ FASTPATH supports the tail drop method of queue management. This means that any packet forwarded to a full queue is dropped regardless of its importance. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 231: Configuring Cos Mapping And Queues Via Cli
Configuring CoS Mapping and Queues via CLI Figure 23-1 illustrates the network operation as it relates to CoS mapping and queue configuration. Four packets arrive at the ingress port 1/0/10 in the order A, B, C, and D. You’ve configured port 1/0/10 to trust the 802.1p field of the packet, which serves to direct packets A, B, and D to their respective queues on the egress port.
Page 232: Figure 23-1 Cos Mapping And Queue Configuration
1/0/8 is B, A, D, C. Thus, packet B, with its higher user precedence than the others, is able to work its way through the device with minimal delay and is transmitted ahead of the other packets at the egress port. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 233: Figure 23-2 Cos Configuration Example System Diagram
CoS Configuration Example System Diagram FIGURE 23-2 Port 1/0/10 Port 1/0/8 Server You will configure the ingress interface uniquely for all cos-queue and VLAN parameters. Configuring Ingress CODE EXAMPLE 23-1 configure interface 0/10 classofservice trust dot1p classofservice dot1p-mapping 6 3 vlan priority 2 exit interface 0/8...
Page 234: Configuring Cos Mapping And Queues Via Web Interface
Configuring CoS Mapping and Queues via Web Interface The following web pages are used for the Class of Service feature. CoS Trust Mode Configuration Page FIGURE 23-3 802.1p Priority Mapping Page FIGURE 23-4 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 235: Figure 23-5 Ip Precedence Mapping Configuration
IP Precedence Mapping Configuration Page FIGURE 23-5 IP DSCP Mapping Configuration Page FIGURE 23-6 Chapter 23 Configuring Class of Service Queuing...
Page 236 Note – Configure 802.1p Priority Mapping screen from the Switching ---> Class of Service menu. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 237: Figure 23-7 Cos Interface Configuration
CoS Interface Configuration Page FIGURE 23-7 Chapter 23 Configuring Class of Service Queuing...
Page 238: Figure 23-8 Cos Interface Queue Configuration
CoS Interface Queue Configuration Page FIGURE 23-8 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 239: Figure 23-9 Cos Interface Queue Status
CoS Interface Queue Status Page FIGURE 23-9 Chapter 23 Configuring Class of Service Queuing...
Page 240 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 241 Chapter 23 Configuring Class of Service Queuing...
Page 242 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 243: Configuring Differentiated Services
C H A P T E R Configuring Differentiated Services This chapter describes how to configure Differentiated Services (DiffServ). This chapter contains the following topics: Section , “Understanding Differentiated Services (DiffServ)” on page 24-212 ■ Section , “Configuring Differentiated Services via CLI” on page 24-214 ■...
Page 244: Understanding Differentiated Services (Diffserv)
CP3240 switch to identify which traffic class a packet belongs to, and how it should be handled to provide the desired quality of service. As implemented on the Sun Netra CP3240 switch, DiffServ allows you to control what traffic is accepted and what traffic is discarded.
Page 245 During configuration, you define DiffServ rules in terms of classes, policies and services: Class – A class consists of a set of rules that identify which packets belong to the ■ class. Inbound traffic is separated into traffic classes based on Layer 2, Layer 3, and Layer 4 header data.
Page 246: Configuring Differentiated Services Via Cli
Port 1/0/5: Outbound Port 1/0/1 Port 1/0/4 Port 1/0/2 Port 1/0/3 Development Finance Source IP 172.16.10.0 Marketing Test 255.255.255.0 Source IP 172.16.40.0 255.255.255.0 Source IP Source IP 172.16.20.0 172.16.30.0 255.255.255.0 255.255.255.0 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 247: Enabling Diffserv Inbound
Enabling DiffServ Inbound Ensure DiffServ operation is enabled for the switch. config diffserv Create a DiffServ class of type “all” for each of the departments, and name them. Define the match criteria -- Source IP address -- for the new classes. Creating a Diffserv Class Type All CODE EXAMPLE 24-1 class-map match-all finance_dept...
Page 248: Configuring Diffserv On Fastpath Software
1/0/5 based on a normal destination address lookup for internet traffic. Setting CoS Queue for Egress CODE EXAMPLE 24-4 interface 1/0/5 cos-queue min-bandwidth 0 25 25 25 25 0 0 exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 249: Configuring Differentiated Services Via Web Interface
Configuring Differentiated Services via Web Interface Use the following screens to perform the same configuration using the Graphical User Interface: DiffServ Configuration FIGURE 24-2 \DiffServ Class Configuration FIGURE 24-3 Chapter 24 Configuring Differentiated Services...
Page 250: Figure 24-4 Diffserv Class Configuration
DiffServ Class Configuration FIGURE 24-4 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 251: Figure 24-5 Source Ip Address
Source IP Address FIGURE 24-5 Chapter 24 Configuring Differentiated Services...
Page 252: Figure 24-6 Diffserv Class Configuration
DiffServ Class Configuration FIGURE 24-6 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 253: Figure 24-7 Diffserv Class Summary
DiffServ Class Summary FIGURE 24-7 Chapter 24 Configuring Differentiated Services...
Page 254: Figure 24-8 Diffserv Policy Configuration
DiffServ Policy Configuration FIGURE 24-8 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 255: Figure 24-9 Diffserv Policy Configuration
DiffServ Policy Configuration FIGURE 24-9 Chapter 24 Configuring Differentiated Services...
Page 256: Figure 24-10 Diffserv Policy Class Definition
DiffServ Policy Class Definition FIGURE 24-10 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 257: Figure 24-11 Assign Queue
Assign Queue FIGURE 24-11 Chapter 24 Configuring Differentiated Services...
Page 258: Figure 24-12 Diffserv Policy Attribute Summary
DiffServ Policy Attribute Summary FIGURE 24-12 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 259: Figure 24-13 Diffserv Policy Attribute Summary
DiffServ Policy Attribute Summary FIGURE 24-13 Chapter 24 Configuring Differentiated Services...
Page 260: Figure 24-14 Diffserv Service Configuration
DiffServ Service Configuration FIGURE 24-14 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 261: Figure 24-15 Diffserv Service Summary
DiffServ Service Summary FIGURE 24-15 DiffServ VoIP Example Network Diagram FIGURE 24-16 Chapter 24 Configuring Differentiated Services...
Page 262: Configuring Diffserv For Voice Over Ip (Voip)
This example shows one way to provide the necessary quality of service: how to set up a class for UDP traffic, have that traffic Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 263 marked on the inbound side, and then expedite the traffic on the outbound side. The configuration script is for Router 1 in the accompanying diagram: a similar script should be applied to Router 2. 1 2 3 4 5 6 7 8 9 * 8 # Port 1/0/2...
Page 264 5 of the egress port to which they are forwarded. Creating a Diffserv Policy CODE EXAMPLE 24-8 policy-map pol_voip in class class_ef assign-queue 5 exit class class_voip mark ip-dscp ef Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 265 Creating a Diffserv Policy CODE EXAMPLE 24-8 assign-queue 5 exit exit Chapter 24 Configuring Differentiated Services...
Page 266 Attach the defined policy to an inbound service interface. Attaching the Policy to Inbound Interface CODE EXAMPLE 24-9 interface 1/0/2 service-policy in pol_voip exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 267: Configuring Network Access Control
C H A P T E R Configuring Network Access Control This chapter describes how to configure network access control. This chapter contains the following topics: Section , “Understanding Port-Based Network Access Control” on page 25-236 ■ Section , “Configuring Network Access Control” on page 25-237 ■...
Page 268: Understanding Port-Based Network Access Control
Authentication can be handled locally or via an external authentication server. Two are: Remote Authentication Dial-In User Service (RADIUS) or Terminal Access Controller Access Control System (TACACS+). FASTPATH currently supports RADIUS. TACACS+ support implementation is planned for the future. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 269: Configuring Network Access Control
RADIUS supports an accounting function to maintain data on service usages. Under RFC 2866, an extension was added to the RADIUS protocol giving the client the ability to deliver accounting information about a user to an accounting server. Exchanges to the accounting server follow similar guidelines as that of an authentication server but the flows are much simpler.
Page 270 10.10.10.10 radius server key acct 10.10.10.10 secret secret radius accounting mode authentication login radiusList radius dot1x default-login radiusList dot1x system-auth-control interface 0/1 dot1x port-control force-authorized exit exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 271: Configuring Radius
C H A P T E R Configuring RADIUS This chapter describes how to configure the Remote Authentication Dial In User Service (RADIUS) protocol. This chapter contains the following topics: Section , “Authenticating Users Through RADIUS” on page 26-240 ■ Section , “Configuring RADIUS”...
Page 272: Authenticating Users Through Radius
If the server rejects the client or the shared “secrets” differ, the server returns no result. If the server requires additional verification from the user, it returns a challenge, and the request process begins again. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 273: Configuring Radius
Configuring RADIUS The following example configures two RADIUS servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The shared secrets are configured to be secret1 and secret2 respectively. The server at 10.10.10.10 is configured as the primary server. The process creates a new authentication list, called radiusList, which uses RADIUS as the primary authentication method, and local authentication as a backup method in the event that the RADIUS server cannot be contacted.
Page 274 10.10.10.10 secret1 secret1 radius server host auth 11.11.11.11 radius server key auth 11.11.11.11 secret2 secret2 radius server primary 10.10.10.10 authentication login radiusList radius local users defaultlogin radiusList exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 275: Configuring Access Control For Networked Devices
C H A P T E R Configuring Access Control for Networked Devices This chapter describes how to configure the access control for networked devices. This chapter contains the following topics: Section , “Understanding the Terminal Access Controller Access Control System” ■...
Page 276: Understanding The Terminal Access Controller Access Control System
Like RADIUS, the TACACS+ server can do the authentication itself, or redirect the request to another back-end device. All sensitive information is encrypted and the shared secret is never passed over the network - it is used only to encrypt the data. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 277: Configuring Access Control For Networked Devices
Configuring Access Control for Networked Devices The following example configures two TACACS+ servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The server at 10.10.10.10 has a default priority of 0, the highest priority, while the other server has a priority of 2. The process creates a new authentication list, called tacacsList, which uses TACACS+ to authenticate, and uses local authentication as a backup method.
Page 278 Configuring Access Control for Networked Devices CODE EXAMPLE 27-1 config tacacs-server host 10.10.10.10 key tacacs1 exit tacacs-server host 11.11.11.11 key tacacs2 priority 2 exit authentication login tacacsList tacacs local users defaultlogin tacacsList exit Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 279: Configuring Dhcp Filtering
C H A P T E R Configuring DHCP Filtering This chapter describes the Dynamic Host Configuration Protocol (DHCP) Filtering feature and how to configure DHCP filtering. This chapter contains the following topics: Section , “Understanding Dynamic Host Configuration Protocol (DHCP) ■...
Page 280: Understanding Dynamic Host Configuration Protocol (Dhcp) Filtering
DHCP (or BootP) response is forwarded on the port. If the port is untrusted, the response is dropped. The forwarding of DHCP or BootP request is unaffected. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 281: Configuring Dhcp Filtering
If DHCP Filtering is administratively disabled, the operation of the DHCP relay ■ function is unaffected. If Hardware support is available for DHCP Filtering, DHCP Filtering may be ■ enabled both routing and non-routing interfaces. If Hardware support is unavailable, DHCP Filtering may be enabled only on ■...
Page 282: Example 3: Show Dhcp Filtering Configuration
Example 3: Show DHCP Filtering Configuration show ip dhcp filtering Switch DHCP Filtering is Enabled Interface Trusted ----------- ---------- 1/0/1 1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 1/0/9 1/0/10 1/0/11 1/0/12 1/0/13 1/0/14 1/0/15 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 283: Configuring Traceroute
C H A P T E R Configuring Traceroute This chapter describes how to configure the Traceroute feature. Use Traceroute to discover the routes that packets take when traveling on a hop-by- hop basis to their destination through the network. Maps network routes by sending packets with small Time-to-Live (TTL) values ■...
Page 284: Configuring Traceroute
70 ms 60 ms 4.79.228.2 60 ms 60 ms 60 ms 216.115.96.185 110 ms 59 ms 70 ms 216.109.120.203 70 ms 66 ms 95 ms 216.109.118.74 78 ms 121 ms 69 ms Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 285: Generating Script Files
C H A P T E R Generating Script Files This chapter describes how to use Configuration Scripting to generate a text- formatted script file that shows the current configuration of the system. You can generate multiple scripts, and upload and apply them to more than one switch. This chapter contains the following topics: Section , “Understanding Configuration Scripting”...
Page 286: Understanding Configuration Scripting
Scripts cannot be modified or deleted while being applied. ■ Validation of scripts checks for syntax errors only. It does not validate that the ■ script will run. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 287: Configuring Scripting
Configuring Scripting The following are examples of the CLI commands used for the Configuration Scripting feature. Example 1: script script Command CODE EXAMPLE 30-1 (DTI SWITCH) # script ? apply Applies configuration script to the switch. delete Deletes a configuration script file from the switch. list Lists all configuration script files present on the switch.
Page 288: Example 3: Script Apply Running-Config.scr
Command CODE EXAMPLE 30-4 (DTI SWITCH) # show running-config running-config.scr Config script created successfully. (DTI SWITCH) #script list Configuration Script NameSize(Bytes) ----------------------------------- running-config.scr3201 1 configuration script(s) found. 1020799 bytes free. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 289: Example 5: Copy Nvram: Script
Example 5: copy nvram: script Use this command to upload a configuration script. copy nvram: script Command CODE EXAMPLE 30-5 (DTI SWITCH) # copy nvram: script running-config.scr tftp://192.168.77.52/running-config.scr Mode......TFTP Set TFTP Server IP...192.168.77.52 TFTP Path...../ TFTP Filename....running-config.scr Data Type....Config Script Source Filename....running-config.scr Are you sure you want to start? (y/n) y File transfer operation completed successfully.
Page 290: Example 7: Validate Another Configuration Script
00-18-00-00-00-10 interface 0/1 exit interface 0/2 exit interface 0/3 exit ... continues through interface 0/26 ... exit exit Configuration script 'default.scr' validation succeeded. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 291: Establishing An Outbound Telnet Connection
C H A P T E R Establishing an Outbound Telnet Connection This chapter describes the Outbound Telnet feature and how to establish a connection. This feature establishes an outbound telnet connection between a device and a ■ remote host. When a telnet connection is initiated, each side of the connection is assumed to ■...
Page 292: Configuring A Telnet Connection Via Cli
(DTI SWITCH)# show network IP Address.......192.168.77.151 Subnet Mask......255.255.255.0 Default Gateway......192.168.77.127 Burned In MAC Address....00:10:18.82.04:E9 Locally Administered MAC Address..00:00:00:00:00:00 MAC Address Type......Burned In Network Configuration Protocol Current...DHCP Management VLAN ID.......1 Web Mode.........Enable Java Mode .......Disable Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 293: Example 2: Show Telnet
Example 2: show telnet show telnet Command CODE EXAMPLE 31-2 (DTI SWITCH)# show telnet Outbound Telnet Login Timeout (minutes)..5 Maximum Number of Outbound Telnet Sessions..5 Allow New Outbound Telnet Sessions.....Yes Example 3: transport output telnet transport output telnet Command CODE EXAMPLE 31-3 (DTI SWITCH) (Config)# lineconfig ? <cr>...
Page 294: Example 4: Session-Limit And Session-Timeout
You can set up the Outbound Telnet session through the Web interface. Enable or disable administration mode ■ Set how many sessions you want ■ Set the session time outs ■ Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 295: Figure 31-1 Telnet Session Configuration
Telnet Session Configuration FIGURE 31-1 Chapter 31 Establishing an Outbound Telnet Connection...
Page 296 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 297: Creating A Pre-Login Banner
C H A P T E R Creating a Pre-Login Banner This chapter describes the Pre-Login Banner feature and how to create a banner. The Pre-Login Banner feature is only for the CLI interface. This chapter contains the following topics: Section , “Creating a Pre-login Banner via CLI”...
Page 298: Creating A Pre-Login Banner Via Cli
Are you sure you want to start? (y/n) y CLI Banner file transfer operation completed successfully! (DTI SWITCH) #exit (DTI SWITCH) >logout FASTPATH’s Login Banner - Unauthorized access is punishable by law. User: Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 299: Removing A Pre-Login Banner Via Cli
Removing a Pre-login Banner via CLI Use the no clibanner command to remove the banner from the switch. Chapter 32 Creating a Pre-Login Banner...
Page 300 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 301: Configuring Simple Network Time Protocol (Sntp)
C H A P T E R Configuring Simple Network Time Protocol (SNTP) This chapter describes how to configure the Simple Network Time Protocol (SNTP) feature. This chapter contains the following topics: Section , “Configuring SNTP via CLI” on page 33-270 ■...
Page 302: Configuring Sntp Via Cli
CODE EXAMPLE 33-2 (DTI SWITCH) # show sntp client Client Supported Modes: unicast broadcast SNTP Version: 4 Port: 123 Client Mode: unicast Unicast Poll Interval: 6 Poll Timeout (seconds): 5 Poll Retry: 1 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 303: Example 3: Show Sntp Server
Example 3: show sntp server show sntp server Command CODE EXAMPLE 33-3 (DTI SWITCH) # show sntp server Server IP Address:81.169.155.234 Server Type:ipv4 Server Stratum:3 Server Reference Id:NTP Srv: 212.186.110.32 Server Mode:Server Server Maximum Entries:3 Server Current Entries:1 SNTP Servers ------------ IP Address:81.169.155.234 Address Type:IPV4...
Page 304: Example 5: Configure Sntp Client Mode
CODE EXAMPLE 33-7 (DTI SWITCH)(Config) # sntp client port 1 ? <cr>Press Enter to execute the command. <6-10>Enter value in the range (6 to 10). Poll interval is 2^(value) in seconds. Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 305: Configuring Sntp Via Web Interface
Configuring SNTP via Web Interface The following are examples of Web Interface pages used when configuring the SNTP feature via the Web Interface. SNTP Global Configuration Page FIGURE 33-1 SNTP Global Status Page FIGURE 33-2 Chapter 33 Configuring Simple Network Time Protocol (SNTP)
Page 306: Figure 33-3 Sntp Server Configuration
SNTP Server Configuration Page FIGURE 33-3 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 307: Figure 33-4 Sntp Server Status
SNTP Server Status Page FIGURE 33-4 Chapter 33 Configuring Simple Network Time Protocol (SNTP)
Page 308 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 309: Storing And Collecting Message Logs With Syslog
C H A P T E R Storing and Collecting Message Logs with Syslog This chapter provides information about how to use the Syslog feature to store and collect message logs. This chapter contains the following topics: Section , “Configuring Syslog via CLI” on page 34-278 ■...
Page 310: Configuring Syslog Via Cli
Logging Client Local Port:514 CLI Command Logging:disabled Console Logging :disabled Console Logging Severity Filter:alert Buffered Logging:enabled Syslog Logging :enabled Log Messages Received :66 Log Messages Dropped :0 Log Messages Relayed :0 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 311: Example 2: Show Logging Buffered
Example 2: show logging buffered show logging buffered Command CODE EXAMPLE 34-2 (DTI SWITCH) # show logging buffered ? <cr>Press Enter to execute the command. (DTI SWITCH) # show logging buffered Buffered (In-Memory) Logging:enabled Buffered Logging Wrapping Behavior:On Buffered Log Count:66 <6>...
Page 312: Example 3: Show Logging Traplogs
(DTI SWITCH) # show logging hosts ? <cr> Press Enter to execute the command. (DTI SWITCH) # show logging hosts Index IP Address Severity Port Status ----- ----------------- ---------- ---- ------------- 192.168.21.253 critical Active Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 313: Example 5: Logging Port Configuration
Example 5: logging port configuration Logging Port Configuration Commands CODE EXAMPLE 34-5 (DTI SWITCH) # config (DTI SWITCH) (Config)# logging ? buffered Buffered (In-Memory) Logging Configuration. cli-command CLI Command Logging Configuration. console Console Logging Configuration. host Enter IP Address for Logging Host syslog Syslog Configuration.
Page 314 Logging Port Configuration Commands (Continued) CODE EXAMPLE 34-5 Index IP Address Port Status ----- ----------------- ---- ----------- 192.168.21.253 Active Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 315: Configuring Syslog Via Web Interface
Configuring Syslog via Web Interface The following web pages are used with the Syslog feature. Log - Syslog Configuration Page FIGURE 34-1 Log - Hosts Configuration Page - Add Host FIGURE 34-2 Chapter 34 Storing and Collecting Message Logs with Syslog...
Page 316: Figure 34-3 Log - Hosts Configuration
Log - Hosts Configuration Page FIGURE 34-3 Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 317 Chapter 34 Storing and Collecting Message Logs with Syslog...
Page 318: Interpreting Log Files
Interpreting Log Files <130> 00:00:06 0.0.0.0-1 UNKN [0x800023]: bootos.c(386) %% Event (0xaaaaaaaa) A.Priority B.Timestamp C.Stack ID D.Component Name E.Thread ID F.File Name G.Line Number Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 319 Index Symbols conﬁgure, 9 conﬁgure network protocol none, 5, 6, 7 ?, 9 conﬁgure sntp, 271 conﬁgure sntp client mode, 272 access-list, 178 conﬁgure sntp client port, 272 addport, 65 conﬁgure sntp server, 272 authentication login, 242 copy nvram errorlog, 13 authentication login radius, 238 msglog, 13 authentication login tacacs, 246...
Page 320 Line Conﬁg command mode, 21 policy-map, 215 Line Conﬁg mode, 26 port-channel, 64, 65 lldp, 106 port-security, 96 logging port conﬁguration, 281 Privileged Exec command mode, 21 logout, 11 Privileged Exec mode, 25 prompts Sun Netra CP3240 Switch User’s Guide • April 2009...
Page 321 Switch>, 21, 22 show port-security, 95 show running-conﬁg running-conﬁg.scr, 256 show sntp, 270, 271 radius accounting mode, 238 show sntp client, 270 radius server, 242 show sntp server, 271 radius server host auth, 238 show switchport protected, 59 radius server key auth, 238 show telnet, 261 Refresh button, 42 show users, 11...
Page 322 Web interface command buttons, 42 panel, 38 Sun Netra CP3240 Switch User’s Guide • April 2009...

Sun Microsystems Netra CP3240 User Manual

Preface

1 Getting Started

2 Using the Command-Line Interface

3 Using the Web Interface

4 Establishing Management Security

5 Configuring Virtual Lans

6 Configuring Port Channels by Link Aggregation

7 Configuring Storm Control

8 Monitoring IGMP Snooping

9 Configuring Port Mirroring

10 Configuring Port Security

11 Configuring Port Description

12 Configuring Link Layer Discovery Protocol

13 Configuring Denial of Service Attack Protection

14 Configuring Port Routing

15 Configuring Routing Information Protocol

16 Configuring Open Shortest Path First (OSPF)

17 Configuring VLAN Routing

18 Configuring Virtual Router Redundancy Protocol

19 Proxy Address Resolution Protocol (ARP)

20 Configuring IGMP Proxy

21 Configuring Internet Protocol (Ipv6)

22 Configuring Access Control Lists (Acls)

23 Configuring Class of Service Queuing

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Sun Microsystems Netra CP3240

Summary of Contents for Sun Microsystems Netra CP3240