Page 1: User Guide
Foundry NetIron M2404C and M2404F Metro Access Switches User Guide Version 2.0.03 ™ 4980 Great America Parkway Santa Clara, CA 95054 Tel 408.207.1700 www.foundrynetworks.com April 2008...
Page 2 Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, IronPoint, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of Foundry Networks, Inc. in the United States and other countries.
Page 3 Foundry Networks Introduction This chapter describes the purpose and intended audience of this User Guide. It details the organization of the guide, the subjects that will be covered, and a brief summary of each chapter. This chapter consists of the following sections: OVERVIEW ..............................
Page 4 The platforms are identical in their performance. Purpose The NetIron M2404C and M2404F User Guide contains the information that the user will need to configure the required functionality. This guide provides the complete syntax for all the commands available in the currently-supported software version and describes in detail all features and related commands supplied with the device.
Page 5: Document Organization
Introduction (Rev. 03) Document Organization The NetIron M2404C and M2404F User Guide comprises twenty-nine chapters, each focusing on a different feature or set of features. Each chapter begins with a brief features overview and follows with the corresponding command configuration section.
Page 6 Foundry NetIron M2404C and M2404F Metro Access Switches Introduction (Rev. 03) Chapter 11: Configuring Spanning Tree Protocol (STP) – describes the IEEE standard 802.1D Spanning Tree Protocol (STP) and explains how to configure it on the switch. STP is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network.
Page 7 Foundry NetIron M2404C and M2404F Metro Access Switches Introduction (Rev. 03) Chapter 23: Configuring System Message Logging - explains how to configure system message logging. It describes the message format, how to set the type of messages to display and more.
Page 8: Table Of Contents
Foundry Networks Using the Command Line Interface OVERVIEW ..............................2 GETTING STARTED WITH THE CLI....................... 3 CLI O ......................4 ASIC PERATING ONVENTIONS ............................... 4 PECIAL CLI C ....................... 5 OMMAND YNTAX ONVENTIONS CLI M ..............................6 ODES CLI M .............................
Page 9: Overview
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) Overview The configuration program uses a CLI (Command Line Interface) that enables the user to start using the device quickly and without extensive background knowledge. It does this by prompting the user for the information required to perform basic configuration procedures.
Page 10: Getting Started With The Cli
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) Getting Started with the CLI The device is configured through a VT-100 (or compatible terminal) connected to the Console port in the front panel. The CLI operates automatically when the user turns on the device. Before the user starts using the CLI command facility, the user must proceed as follows: Attach an RS-232 ASCII terminal to the Console port located on the front panel.
Page 11: Basic Cli Operating Conventions
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) //////////////////////////////////////////////////////////////////////////// Foundry Networks Switch model : NetIron M2404C SW version : 2.0.03b7 created Jan 19 2007 - 18:37:48 //////////////////////////////////////////////////////////////////////////// User Access Verification Password: If the user has configured a password, type it in; if not, press Enter. The device-name>...
Page 12: Cli Command Syntax Conventions
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) Function ENTER key again for next possible command. Backspace Delete the character that precedes the cursor. Ctrl-A Move to the beginning of the line. Ctrl-B Move backward one character.
Page 13: Cli Modes
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) o The part following the prompt symbol represents the command. Table 2 lists the symbols and word-formatting used in the CLI command syntax descriptions. Table 2: CLI Command Syntax Conventions...
Page 14: Configuration Modes
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) device-name# Configuration Modes Using the configuration modes (Global, Interface, etc.), the user can make changes to the device configuration. If the user saves the configuration, these commands are stored and used after rebooting.
Page 15 Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) Configuration Mode For configuring Prompt IP Interface device-name(config-if IFNAME)# The IP interfaces configuration. VLAN device-name(config vlan)# Virtual LANs (VLANs) configuration. Specific VLAN device-name(config vlan VLAN-...
Page 16: Cli Messages
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) CLI Messages The user might encounter some error messages while using the CLI to configure the device. Several messages may be issued in response to incorrect entries (e.g., wrong syntax, or incomplete commands).
Page 17: Command Aliases
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) Command Aliases The CLI allows the user to associate a contiguous character string as an alias to any command, optionally including specific arguments. This user-defined alias is then fully equivalent to the command expression to which the user has associated it, in the CLI mode in which the user has defined the alias.
Page 18: General Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) To search the output of show commands, enter the pipe character (the vertical bar). include (Optional). Includes only the lines that contain a specified regular expression. This is the default when no keyword is specified.
Page 19: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Using the Command Line Interface (Rev. 03) Acronyms Table 5 provides a list of acronyms that are used in this document and lists their meaning. Table 5: Acronyms Acronym Meaning Access Control Group...
Page 20 Foundry Networks Switch Setup and Maintenance This chapter discusses setup and maintenance of the device. It outlines the initial switch setup configuration. Sections describing functional features (using telnet, creating a banner, reloading the switch and etc.) are also included. The chapter consists of the following sections: TABLE OF FIGURES ............................
Page 21 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Table of Figures Figure 1: Initial Switch Setup Illustration ................3 Figure 2: Connect the workstation to the console port using a standard null modem...4 Figure 3: Web interface management over the network ............6 Figure 4: SNMP management over the network ..............7...
Page 22: Setup
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Setup The Initial Switch Setup configuration involves assigning network settings and a password to the device. Completing the basic configuration will allow the user to access the device applications and manage the device.
Page 23: Connecting To The Console Port
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Connecting to the Console Port In order to begin setup, the user must connect the Console to the Console Port. The example below shows how to connect a workstation to the console port using serial cable DB9-RJ45.
Page 24: Interface Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Table 1: Default IP Addresses Device Default IP Address sw0 IP interface 20.20.5.254/16 Outband0 IP interface 10.10.0.2/24 The user can change the default IP settings using the ip address and ip route commands. For more...
Page 25: Figure 3: Web Interface Management Over The Network
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Telnet A.B.C.D, (where A.B.C.D is the IP address of the device). 6. When the user is prompted for the password prompts, press Enter. If the user has logged on correctly, the device name> prompt is displayed.
Page 26: Downloading And Uploading The Application Software Image And Configuration Files
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Figure 4: SNMP management over the network To manage a switch via the Simple Network Management Protocol (SNMP): 1. The correct Management Information Bases (MIBs) must be installed on the management workstation.
Page 27: Ip Unicast Routing Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) • boots the switch. Foundry Networks Boot Loader Switch model : NetIron M2404C Loader version : 1.0.0 created Jun 22 2006 - 17:04:28 MAC Address : 00:12:F2:87:F0:0B Press any key to stop auto-boot...
Page 28 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Parameter Default Value IP Forwarding Enabled Debug Router Manager Disabled Processing LSRR packets Enabled Table 3: The Default Administrative Distances of the Dynamic Routing Protocols Route Source...
Page 29: Creating An Ip Interface
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) NOTE For the Layer 3 switches, the command displays the IP address to the sw0 IP interface Command Syntax device-name#show ip Example device-name#show ip IP-ADDR : 100.1.2.3 NET-MASK : 255.255.0.0 Assigning Switch Outband IP Address The OutBand IP interface belongs to the Out-of-Band port.
Page 30: Login And Password
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) device-name(config-if sw3)# Displaying and Changing the OutBand Port IP Address The ip-address command, in Loader Configuration mode, displays or changes the OutBand port IP address and subnet mask. If no argument is specified, the current IP address and subnet mask will be displayed.
Page 31: Default Passwords
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) NOTE If the user encounters problems in gaining access using the passwords, please contact Technical Support department. Table 4: Password Commands Command Description password Creates/changes the switch login password.
Page 32 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Argument Description PASSWORD A character string without blank spaces. The password is case sensitive. It is recommended to use a string up to 64 characters. CONFIRM-PASSWORD Retype the password for confirmation.
Page 33 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Setting the Loader Password The password loader command, in Global Configuration mode, changes the password for entering the switch loader. By default, no password is required to boot the switch.
Page 34: Password Recovery
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Creating the Local Database The username command, in Global Configuration mode, adds a username and an associated password to the local authentication database. The no form of this command removes the specified username and its associated password from the local authentication database.
Page 35 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) After rebooting, the device will return to its default configuration and loose all existing configurations. It is recommended to save the current configurations before the user performs this procedure.
Page 36: Accessing The Switch Using Telnet
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Accessing the Switch using Telnet The Telnet Protocol provides a general, bi-directional, eight-bit byte-oriented communications facility. Its primary goal is to allow a standard method of interfacing between terminal devices and terminal-oriented processes.
Page 37: Configuring Telnet
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Configuring Telnet Telnet Session Commands Table 7 lists the Telnet commands. Table 7: Telnet Configuration Commands Command Description telnet Initiates a Telnet client’s connection to a specified remote host (this command is available in Privileged (Enable) mode).
Page 38 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Command Syntax device-name(config)#telnet {start | stop} Argument Description start Enables Telnet connection to the device. stop Disables Telnet connection to the device. Displaying the Currently Open Connections to the Switch The who command, in View or Privileged (Enable) mode, displays all the currently open VTY connections to the switch.
Page 39 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Before executing the command, the application software checks if the user is not trying to terminate the master session (the VTY from which other sessions originate). If the result is negative, the command closes the specified session to the remote host.
Page 40: Vty (Virtual Telnet Type) Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) VTY (Virtual Telnet Type) Commands When using the Telnet Protocol to access a router, the user does it over a virtual terminal called VTY session. The application software supports up to five virtual terminal sessions (numbered VTY 1–5, inclusive) running on a router at the same time.
Page 41: Shortcut Keys
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Command Syntax device-name(config-vty)#exec-timeout [<minutes> [<seconds>] | unlimited] device-name(config-vty)#no exec-timeout Argument Description minutes (Optional). The timeout value in the range <0-35791> minutes. seconds (Optional). Addition of seconds to the timeout value that was defined in minutes in the range <0-59>...
Page 42: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) <Ctrl+]> Example device-name#telnet 192.0.103.13 connecting to 192.0.103.13... current session is 4. device-name(config)#<ctrl+shift+6> choose session to switch to: the current session is 4 your sessions are 0 4 > 0 current session is 0.
Page 43: Vty Terminal Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) >vty on telnet [1] connected from 212.192.50.2. VTY Terminal Commands This section describes how the user can customize the VTY interfaces. Table 9 lists the VTY command.
Page 44 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Argument Description number-of-lines Number of lines on the VTY screen, in the range <0-512> (0 indicates no line control i.e. unlimited). By default 25 lines. Setting the Name of the Switch The hostname command, in Global Configuration mode, sets the name of the device.
Page 45: Creating A Banner
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Creating a Banner The user can configure a message-of-the-day (MOTD) and a login banner. The MOTD banner displays on all connected terminals at login and is useful for sending messages that affect all network users (such as impending system shutdowns).
Page 46 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Setting a Single-line MOTD The banner set command, in Global Configuration mode, assigns the specified string to single-line MOTD (message-of-the-day). The no form of the command removes the banner.
Page 47 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Example To set multi-line MOTD enter a multi-line text, terminated by the caret (^) character in a separate line: device-name(config)#banner set multiline % Enter a multiline text. Finish with '^' string at the beginning of a >this is...
Page 48: Saving And Displaying The Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Saving and Displaying the Configuration When the router is operating, the configuration information is located in two places: (1) the default configuration in NVRAM, and (2) the running memory in RAM.
Page 49: Displaying The Switch Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Displaying the Switch Configuration Table 13 lists the commands to save and delete the configuration on the switch. Table 13: Commands to Display the Switch Configuration...
Page 50 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) snmp-server group private v1 read internet write internet notify internet snmp-server user public group public v1 snmp-server user private group private v1 Displaying the Start-up Configuration...
Page 51: How To Reload The Switch
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) How to Reload the Switch Reloading the Switch without Service Interruption The Fast Reset feature has been introduced to the L3 application software. Fast Reset allows end users to upgrade their device without affecting any routing and switching services during the process.
Page 52 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Command Syntax device-name#reload [save | no-save | to-defaults] Argument Description save (Optional). Save the running configuration definitions. This is the default. no-save (Optional). Do not save the running configuration definitions.
Page 53: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Acronyms The following table provides a list of acronyms that are used in this document and lists their meaning. Table 15: Acronyms Acronym Meaning Access Control List...
Page 54: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Setup and Maintenance (Rev. 03) Supported Platforms NetIron M2404C NetIron M2404F Features Accessing the Switch using Telnet VTY (Virtual Telnet Type) Commands Creating a Banner Saving and Displaying the Configuration How to Reload the Switch...
Page 55: Switch Administration
Foundry Networks Switch Administration This chapter describes how to administer devices. It explains how to perform initial switch configuration using the command-line-interface (configuring a single device, upgrading user’s system software, protecting the device from outside attacks and more). The chapter includes the following sections: TABLE OF FIGURES ............................
Page 56 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) ......................... 53 ARAMETERS OMMANDS ..........................55 EMORY EBUG OOLS ......................... 57 SYSTEM EPAIRING OOLS ........................58 ONFIGURATION XAMPLES PROTECTING ACCESS TO SWITCH ..................... 60 MANAGING THE SYSTEM TIME AND DATE..................64 ..............................
Page 57: Table Of Figures
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Table of Figures Figure 1: The Time Service When Used Via TCP ..............65 Figure 2: The Time Service When Used Via UDP .............65 Figure 3: The Rate Limit Mechanism .................80 Table of Figures ©...
Page 58: Managing The Mac Address Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Managing the MAC Address Table Overview The MAC (Media Access Control) address is the unique hardware number that identifies user’s computer on a local area network (LAN) or other network. On an Ethernet LAN, this address is the same as the Ethernet address.
Page 59 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) • A port is deleted from a VLAN. • A port enters blocking state in RSTP or in STP (only if Topology Change Detection is enabled). • A port QoS setting is changed.
Page 60: Associating Qos Profiles With A Mac Address Table Entry
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Associating QoS Profiles with a MAC Address Table Entry QoS can be associated with the MAC address (and VLAN) of a device by creating a permanent MAC address table entry and specifying QoS profiles. To associate a QoS profile with a MAC address table entry, use the qos mac command in Global Configuration mode.
Page 61: Configuring The Mac Address Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Parameter Default Value MAC-based DoS attack prevention Enabled New MAC address learning Enabled Displaying the learned MAC addresses Enabled Configuring the MAC Address Table Table 2 lists the MAC address table commands for adding new entries and changing the MAC address table settings.
Page 62: Removing Entries From The Mac Address Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax device-name(config)#mac-address-table {static | dynamic | secure} HH:HH:HH:HH:HH:HH interface UU/SS/PP vlan <vlan-id> Argument Description static Adds a static entry. dynamic Adds a dynamic entry manually. secure Adds a secure entry for the secured port feature.
Page 63: Clearing The Mac Address Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Table 3: Clear MAC Address Table Commands Command Description clear mac-address-table Removes specified addresses from the MAC address table. no mac-address-table Removes specified addresses from the MAC address table.
Page 64: Displaying The Mac Address Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) NOTE If any argument is omitted, the command clears all MAC addresses that comply with the arguments that are specified Displaying the MAC Address Table Table 4 lists the MAC address table commands for displaying the MAC address table.
Page 65 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Information is displayed about the MAC addresses for the specified VLAN, if they comply with all other specified arguments. SERVICE-NAME Specifies the service name per service MAC entry.
Page 66 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Displaying/Hiding MAC Addresses Learned on Specified VLANs/Interfaces The mac-address-table learning-display command, in Global Configuration mode, enables displaying the learned MAC addresses on the specified interfaces or VLANs. The no form of the command hides the MAC addresses that are learned on the specified interfaces or VLAN.
Page 67: Setting And Displaying The Mac Address Table Aging Time
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) device-name(config)#no mac-address-table learning-display interface 1/1/13 device-name(config)#exit device-name#show mac-address-table ===+========+======================+========+=========+=========== PORT STATUS | PRIORITY | ---+--------+----------------------+--------+---------+----------+ 1 | 0001 00:12:f2:00:00:02 self 2 | 0010 00:12:f2:00:00:02 self Example 2 The following example shows the command that hides the MAC addresses that are learned on...
Page 68: Command Description
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) If the value assigned to the aging time is too short, addresses may be removed from the table too soon. This would increase the amount of packets received by the device with unknown destinations, impairing performance by causing the device to flood such packets to all ports in the VLAN that includes the receiving port.
Page 69: Additional Mac Address Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Example 1 The following example shows how to display the currently configured aging time: device-name#show mac-address-table aging-time aging time is 1500 seconds Example 2 The following example shows how to display the currently configured “no aging time”:...
Page 70 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Description port learning new- Enables/disables learning of new MAC addresses per port. address Enabling/disabling Learning New MAC Addresses Globally The learning new-address command, in Global Configuration mode, enables/disables learning of new MAC addresses globally.
Page 71: Command Syntax
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax device-name(config-if UU/SS/PP)#port learning new-address {enable | disable} Argument Description enable Enables new MAC address learning. disable Disables new MAC address learning. Managing the MAC Address Table ©...
Page 72: Managing The Arp Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Managing the ARP Table The ARP table provides mapping between the IP address and 48 bit hardware address of a device. The ARP Table is a cache of IP/MAC address mappings. This table is built dynamically.
Page 73: Displaying The Arp Table
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax device-name(config)#ip arp A.B.C.D HH:HH:HH:HH:HH:HH [UU/SS/PP <vlan- id>] device-name(config)#no ip arp A.B.C.D Argument Description A.B.C.D The IP address of the static ARP entry. HH:HH:HH:HH:HH:HH The MAC address of the static ARP entry.
Page 74 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) NOTE A static CPU cache has been implemented where static MAC entries, defined using the ip arp command, are stored. The application software will first look up in this static CPU cache before looking up in the cache containing dynamic MAC entries.
Page 75: Script Files System
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Script Files System A script file is a text file that includes a sequence of CLI configuration commands. The file system contains a collection of configuration script files.
Page 76: Manipulating And Displaying The Script Files System
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Manipulating and Displaying the Script Files System Table 10 lists the commands available for manipulating and displaying configuration script-files. Table 10: Script File System Commands Command Description script-file-system Accesses Script-file-system Configuration mode.
Page 77: Copying A File
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax device-name(config script-file-system)#copy running-config [FILE-NAME] Argument Description FILE-NAME (Optional). The name of the application file. This file name is case sensitive. Example device-name(config script-file-system)#copy running-config building the configuration ...
Page 78 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) source device: (Optional) The device from which the file is to be copied. Can only be tftp: (TFTP server) or flash: (local flash system). source device:path (Optional) The original device and path to the file. The path should end with the name of the file.
Page 79 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) NOTE The specified file is deleted without requesting user’s confirmation. Command Syntax device-name(config script-file-system)#del FILE-NAME Argument Description FILE-NAME The name of the file to be deleted, in the script-file system.
Page 80 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) device-name#show script-file-system device-name>show script-file-system NOTE All files saved in script-file-system are saved in Flash:/usr/ directory. Example 1 device-name(config script-file-system)#dir Listing Directory flash:/Usr/: 2048 Jan 1 1993 15:41 ./ 2048 Jan 1 1993 00:00 ../...
Page 81: Renaming A File
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) new-file-name (Optional) The name assigned to the destination file. Renaming a File The rename command, in Script-file-system Configuration mode, renames files. The command first argument identifies the file to be renamed, and the second argument specifies the new name to be assigned to the file.
Page 82: Displaying The Current Directory
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Describing the Interactive Help System The help command, in Script-file-system Configuration mode, provides description of the interactive help system. Command Syntax device-name(config script-file-system)#help Setting File Attributes The attrib command, in Script-file-system Configuration mode, sets file attributes.
Page 83: File System
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) File System The File System (FS) provides a single interface to all the file systems available on the devices, including the Flash memory file systems and the Network file system (TFTP).
Page 84: Configuring And Displaying The System Loader
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Configuring and Displaying the System Loader File System Commands Table 13 lists the commands for the file system management. Table 13: The File System Management Commands Command Description Displays the contents of the current (root) or specified directory.
Page 85 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax Loader>pwd device-name#pwd Creating a Directory The mkdir command, in Loader or Privileged (Enable) mode, creates a directory in the specified path with the specified name. Command Syntax Loader>mkdir PATH...
Page 86 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Argument Description source path (Optional) The original path to the file. The path should end with the name of the file. source device: (Optional) The device from which the file is to be copied. Can only be tftp: (TFTP server) or flash: (local flash system).
Page 87: Displaying The Contents Of A File
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Displaying the Contents of a File The display command, in Loader, View or Privileged (Enable) mode, displays the contents of a text file. The command must not be applied to binary files.
Page 88: Deleting A File
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Argument Description source path (Optional) The original path to the file. The path should end with the name of the file. source device: (Optional) The device from which the file is to be moved. Can only be tftp: (TFTP server) or flash: (local flash system).
Page 89 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax Loader>format [DEVICE-NAME] Argument Description The device name, valid device can be flash:. DEVICE-NAME Downloading the Application Software by TFTP The copy application command, in Loader or Privilege (Enable) mode, downloads an application software version to the device by using TFTP Server.
Page 90: Downloading And Uploading The Software Image And Reload Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Downloading and Uploading the Software Image and Reload Commands Downloading the Application Software Image to the Switch Using TFTP Understanding How TFTP Software Image Downloads Work The user can download a software image to the device using the Trivial File Transfer Protocol (TFTP).
Page 91: Uploading The Software Image Using Tftp
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) 181 Jan 2 1993 18:35 profile.cfg 43796 Jan 1 1993 23:09 dflt_startup_bin.cfg 4182 Jan 1 1993 00:02 E1_CAS_Ext_Port1 Free disk space 4511744 For example, the dir boot command will display the current content of the boot directory.
Page 92: Downloading/Uploading Software Images Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Downloading/Uploading Software Images Commands Table 14 lists the commands to download/upload the software images. Table 14: Downloading/Upload Software Images Commands Command Description copy application Downloads a new software version to the device.
Page 93: Displaying Hardware Information
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) • Java version – the Java management system image is not supported. • Loader version – displays the installed Loader image. • Up time – displays the time elapsed since the unit was switched on.
Page 94: Downloading And Uploading Configuration Files Using Tftp
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Downloading and Uploading Configuration Files Using TFTP Understanding How TFTP Download and Upload of Configuration Files Work You can download the configuration file to the device or upload it from the device using TFTP.
Page 95: Commands For Downloading And Uploading Configuration Files
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) If the user is downloading the configuration file to the start-up configuration, reload the device by the reload no-save command for the configuration to be loaded. If the user is connected to the device through Telnet, the Telnet session will be disconnected.
Page 96 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Downloading a Configuration File to the Switch Start-up Configuration The copy file name startup-config command, in Privileged (Enable) mode, loads a start-up configuration with the specified file name from a remote server with the specified IP address.
Page 97 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax device-name#copy startup-config [<device>:[<server IP>/]][<path>]<file name> Argument Description device (Optional). The device to which the file is to be copied. It can be provided either as a TFTP server (the format used should be tftp://A.B.C.D) or as the local flash system (the format used should be flash:).
Page 98 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Argument Description device/ (Optional). The device from which the file is to be copied. It can be provided either as a TFTP server (the format used should be tftp://A.B.C.D) or as the local flash system (the format used should be flash:).
Page 99: Rebooting Of The Switch
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Rebooting of the Switch Table 16 lists the reboot commands Table 16: Rebooting Command Command Description reload Reboots the device with or without saving the current configuration. Resets the interface modules.
Page 100: Boot Loader
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Boot Loader The Loader starts after turning on or resetting the routing switch. The loader is designed for: Auto-starting the routing switch application; Configuration of basic parameters; Rescue tools in case of routing switch inoperability;...
Page 101: The Switch Loader Software Related Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) The Switch Loader Software Related Commands Table 18 lists the switch loader application software related commands. Table 18: Switch Loader Application Software Related Commands Command Description start application Terminates the loader and starts execution of the application software.
Page 102: Information Display Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Downloading Software by TFTP The copy application command, in Loader mode, downloads the software version to the device by using TFTP Server. Command Syntax Loader>copy application tftp://A.B.C.D/FILE-NAME [DST-FILENAME] Argument Description A.B.C.D...
Page 103 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Displaying the Loader Version The version command, in Loader mode, displays the switch model type and the loader version. Command Syntax Loader>version Displaying Hardware Details The manufacturing-details command, in Loader mode, displays detailed hardware information.
Page 104 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Description refresh Rewrites the FLASH memory. restore Restores the FLASH memory. Accessing the Loader Configuration Mode The config command, in Loader mode, switches the CLI from Loader mode to Loader Configuration mode.
Page 105 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Example 1 The following example displays the current MAC address: Loader(config)#mac-address Current MAC Address of switch = 00:12:F2:07:0F:77 Example 2 The following example assigns a new MAC address to the switch. The response indicates that the new MAC address is accepted and stored in the device memory.
Page 106 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Cleaning the FLASH memory The clean flash all command, in Loader Configuration mode, erases all FLASH memory records. Command Syntax Loader(config)#clean flash all Making a Backup Copy The backup command, in Loader Configuration mode, makes a backup copy of the FLASH or EEPROM memory contents.
Page 107: Boot Parameters Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax Loader(config)#restore flash {1 | 2} A.B.C.D FILE-NAME Argument Description Restores the primary flash. Restores the secondary flash. A.B.C.D Specifies the IP address of the TFTP server where the FLASH memory will be restored.
Page 108 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Setting the Application File Name The boot-param application command, in Loader Configuration mode, sets the name of the application file (only file name, without path). Command Syntax Loader(config)#boot-param application FILE-NAME...
Page 109: Memory Debug Tools
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Setting the Startup Configuration Name The boot-param startup-config command, in Loader Configuration mode, sets the name of the startup configuration. Command Syntax Loader(config)#boot-param startup-config [FILE-NAME | default | binary...
Page 110 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Table 22: The Memory Debug Commands Command Description memory Switches from Loader mode to Loader Memory mode. copy Copies a block of memory. display Displays a block of memory.
Page 111: File-System Repairing Tools
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Argument Description st-addr (Optional). Hexadecimal start address (optionally prefixed with 0x). blk-len (Optional). Hexadecimal or decimal block length (use 0x prefix for hexadecimal number). Filling a Block of Memory The fill command, in Loader Memory mode, fills a block of memory by the specified hexadecimal value.
Page 112: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Command Syntax Loader(config)#check-device flash: Example Loader(config)#check-device flash: flash:/ - disk check in progress ... dosChkLib : CLOCK_REALTIME is being reset to FRI JAN 01 00:04:26 1993 Value obtained from file system volume descriptor pointer: 0xfffe4a0...
Page 113 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) argument). If an application file with the specified target name exists, it will be overwritten. Loader(config)#exit Loader>copy application tftp://10.4.0.4/M2404Cv2.0.bin TFTP receiving file ... 3385202 3. Set the default application (when the file is already stored in FS): Loader>config...
Page 114: Protecting Access To Switch
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Protecting Access to Switch A simple way to provide secure terminal access to the network is to use passwords and assign privilege levels. Password protection restricts access to the network or network device. Privilege levels define the commands that users can enter after they have logged into a network device.
Page 115 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) NOTE Please note that the password is not displayed when typing in the login prompt. Command Syntax device-name(config)#password PASSWORD CONFIRM-PASSWORD Argument Description PASSWORD A character string without blank spaces. The password is case sensitive.
Page 116 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Password:switch12 device-name# Setting the Loader Password The password loader command, in Global Configuration mode, changes the password for entering the switch loader. There is no default password for booting the device, press <Enter> to start the application.
Page 117 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) % Warning! The password typed is all in uppercase characters. Please check if your CapsLock key is not pressed by mistake. Protecting Access to Switch © 2008 Foundry Networks, Inc.
Page 118: Managing The System Time And Date
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Managing the System Time and Date Network Time Protocol (NTP) is a protocol that provides a reliable way of transmitting and receiving the time over IP network such as the Internet or a corporate local area network. Network Time Protocol, present virtually on all computers, allows systems to synchronize their clocks with a time source over the IP networks.
Page 119 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) confirm or correct a system idea of the time, by making a brief poll of several independent sites on the network. This protocol may be used either above the Transmission Control Protocol (TCP) or above the User Datagram Protocol (UDP).
Page 120: Ntp Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) • The best peer is chosen on the basis of computed accuracy and reliability and sorts the list of candidate servers in order of estimated accuracy. The Switch Internal Clock The device internal clock runs from the moment the system starts up and keeps track of the date and time.
Page 121: Adding An Ntp Server
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Table 27: NTP Server Commands Command Description time-server ntp add Adds a server to the NTP server list. time-server ntp delete Deletes a server from the NTP server list.
Page 122: Configuring Ntp Server Authentication
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Starting the NTP Server Polling The time-server ntp start command, in Global Configuration mode, starts the NTP server polling. NOTE To end the NTP server polling use the command no time-server in Global Configuration mode.
Page 123 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Adding an MD5 Authentication Key The time-server ntp key add command, in Global Configuration mode, defines the MD5 authentication key. Time synchronization can be authenticated to ensure that the local device obtains its time services only from known sources.
Page 124: System Time And Date Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Displaying the MD5 Authentication Key The time-server ntp key show command, in Global Configuration mode, displays the existing MD5 authentication key ID and string. Command Syntax device-name(config)#time-server ntp key show...
Page 125 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Day in month, in the range <1-31>. MONTH Specifies the month: January February, March, April, May, June, July, August, September, October, November and December. year Year in four digits, in the range <1993-2035>.
Page 126 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Defining the Time Server The time-server command, in Global Configuration mode, sets the device to synchronize the system-time with the specified remote host. The no form of this command removes the time server definitions.
Page 127 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Example 2 The following command synchronizes the system time with host 192.168.0.1, using the Daytime Protocol. Synchronization will be performed every 10 minutes. Local time is two hours ahead of the server time.
Page 128 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) H:M:S Specifies the start summer-time time. first The first week of the month to end. week Specifies the week of the month to end, in the range <1-4>.
Page 129: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Example The following example demonstrates advancing the system time 1 hour on May 1st, 2004, at 02:00:00 and shifting it back on December 3rd, 2004, at 02:00:00: device-name(config)#time-server summer-time date 1 May 2004 2:0:0 3 Dec...
Page 130: Domain Name System (Dns) Resolver
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Domain Name System (DNS) Resolver The Domain Name System (DNS) is the means by which Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember “handle”...
Page 131: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) The first IP address is the primary gateway address and all others are secondary addresses. Command Syntax device-name(config)#ip dns server A.B.C.D device-name(config)#no ip dns server A.B.C.D Argument Description A.B.C.D...
Page 132 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Table 32: Named Access List/Class Commands Command Description access-list Creates a named access list that controls inbound and/or outbound data traffic according to specified criteria. show access-lists Displays the named access lists.
Page 133 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) device-name(config)#access-list filter permit 10.0.0.0/8 Displaying the Named Access Lists The show access-lists command, in Privileged (Enable) mode, displays the named access lists. Command Syntax device-name#show access-lists Example The following example displays a defined rule for any routing protocol. The access list named accept_all permits access from any source.
Page 134: Cpu Resource Control
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) CPU Resource Control One of the key enhancements provided in the application is the ability to control and customize system resources consumed by the networks connected to the device. The CPU resource control mechanism complements the network resource control.
Page 135: Cpu Resource Control Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) CPU Resource Profiling This feature allows the user to optimize the use of the device according to the specific application. For instance this will enable to allocate more ACL resources (up to 4K) in cases that routing resources are not needed and vice versa, it will enable to allocate more routing resources in cases that ACL resources are not needed.
Page 136 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Example The following example sets the threshold levels to: Accept all packets if the rate is less or equal to 300 packets per second; Accept only high-priority packets if the rate is higher than 300 packets per second, but not more than 4000 packets per second;...
Page 137: Related Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Related Commands Table 37 shows the CPU related commands. T able 37: CPU Related Commands 1 1 1 Command Description Described in add cpu-port Includes the CPU as a member of...
Page 138: Control Plane Priority Per Protocol
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Control Plane Priority per Protocol The following table lists the priority level of each control plane packet according to protocol. Table 38: Control Plane Priority per Protocol Protocol...
Page 139: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Acronyms Table 39 provides definitions of the acronyms used in this document and lists their meanings. Table 39: Acronyms Acronym Meaning Address Resolution Protocol Command Line Interface Data-Link Control...
Page 140: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Supported Platforms Features NetIron M2404F NetIron M2404C Managing the MAC Address Table Managing the ARP Table Statistics Configuring Switch-Management Ports Script Files System Files System Upgrading the Switch...
Page 141 Foundry NetIron M2404C and M2404F Metro Access Switches Switch Administration (Rev. 03) Features Standards MIBs RFCs Statistics IEEE 802.3 Ethernet RFC 1213, Management RFC 2863 The Interfaces Information Base for Group MIB IEEE 802.3u Fast Network Management of (configL2IfaceTable and...
Page 142 Foundry Networks Configuring Switch Authentication Features A variety of security features have been incorporated into the application software to provide protection from unauthorized access to remote network elements. The presented below features secure communication over the network and improve access control and accounting. The Configuring Switch Authentication features chapter consists of the following sections: TABLE OF FIGURES............................
Page 143 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) TACACS+....................39 ONFIGURING AND ISPLAYING ........................42 ONFIGURATION XAMPLES 802.1X PORT-BASED AUTHENTICATION .................... 45 ..............................45 VERVIEW ..........................46 ODE OF PERATION 802.1 ........................49 ONFIGURATION 802.1...
Page 144 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Table of Figures Figure 1: Security Alert Message Issued by the SSH Client..........14 Figure 2: SSH Configuration Flow..................15 Figure 3: RADIUS Communication Example..............20 Figure 4: The Authentication Steps..................21 Figure 5: The Accounting Steps ..................22...
Page 145: Overview
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Overview Configuring User Privilege Levels with CLI The user access rights and the associated functions that a user can perform can be control through the assignment of one of the sixteen user privilege level (ranging from Guest to Administrator).
Page 146: 802.1X Port-Based Authentication
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Features RADIUS server TACACS+ server Authentication and The Radius server combines The TACACS+ server Separates Authorization Authentication and Authorization. Authentication and Authorization. Packet Encryption The Radius server encrypts only...
Page 147: User Privilege Levels With Cli
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) User Privilege Levels with CLI The Command Line Interface supports privilege levels to allow access to particular commands. The user can use this feature to protect the system from unauthorized access.
Page 148: Tacacs+ Authentication And Privilege Groups
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) 2. For all users except for dot1x users, assign a privilege in the “users” file (refer to the example in “dictionary.foundry” file). Dot1x users who can also use the device as remote users on a different port, must have two user names and passwords - one required when accessing the device as remote users and one for accessing the device as dot1x users.
Page 149 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) key = TacacsPlus # Use /etc/shadow file to do authentication default authentication = file /etc/shadow # Where the accounting records should go to accounting file = /var/log/tac_acc.log #The default user.
Page 150: User Privileges Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) User Privileges Configuration User Privilege Levels Default Configuration Table 2 shows the default user privilege levels configuration. Table 2: User Privilege Level Default Configuration Parameter Default Value...
Page 151 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) password The password assigned to the user. A character string without blank spaces. Character string without blank spaces, specifying the password. It is PASSWORD recommended to use a string up to 64 characters.
Page 152: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) local local (Optional). Sets local authentication as primary and secondary method. Example The following commands create a user, assign a privilege level to this user and define...
Page 153 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) device-name(config)#tacacs-server host 10.2.42.137 device-name(config)#tacacs-server key TacacsPlus 2. Add a local user with username of ivo and password ivo123: device-name(config)#username ivo password ivo123 ivo123 group users 3. Add a local user with username of root and password rtpsw:...
Page 154: Secure Shell Server (Ssh)
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Secure Shell Server (SSH) SSH Secure Shell is a standard protocol, which provides a secure, remote connection to the devices. The protocol secures the sessions using standard cryptographic mechanisms. The SSH ensures data protection through the Internet as well as prevention of password stealing.
Page 155: Security Considerations
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Usage of SSH If SSH is enabled on device, telnet access can be disabled to force all administrative sessions to run over the encrypted channel that SSH provides. In such a case, attackers will not be able to find open telnet ports.
Page 156: Ssh Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) SSH Configuration Flow The following flow chart shows the process of configuring the SSH parameters. Start Set username and password Local or RADIUS Set database to Local...
Page 157: Ssh Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) SSH Configuration SSH Default Configuration Table 4 shows the default SSH configuration. Table 4: SSH Default Configuration Parameter Default Value Disabled Configuring SSH Server To set the SSH, proceed as follows: 1.
Page 158 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) NOTE Remember that the user must apply the ssh generate-key dsa command before starting the application software SSH server for the first time. The ssh generate-key dsa command will not be shown in the configuration file but will be saved after rebooting the device if one of the saving commands is applied (e.g.
Page 159: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Configuration Examples SSH with Local Database for Usernames and Passwords The following example shows how to configure an SSH Server for authentication of locally stored user names and passwords.
Page 160 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) DSA parameters will be stored only after writing configuration in memory!!! 5. Write configuration to the memory: device-name#write memory 6. Start the SSH Server: device-name(config)#ssh start SSH Configuration ©...
Page 161: Remote Authentication Dial In User Service (Radius)
The user entry in the database contains a list of requirements that must be met in order to allow access for the user. This always includes Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 20 of 70...
Page 162 2. The username and encrypted password are transmitted over the network to the RADIUS server. 3. The user receives one of the following responses from the RADIUS server: Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 21 of 70...
Page 163: Radius Accounting
5. The RADIUS server returns an Accounting Response packet in order to notify that the accounting information was successfully stored. Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 22 of 70...
Page 164 RADIUS Accounting server must be configured to log accounting messages. Radius Accounting is used to monitor the parameters of dot1x sessions. For more information on dot1x refer to “Network Administration Tools”. Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 23 of 70...
Page 165: Radius Configuration Flow
Is RADIUS authentication Configure RADIUS authentication server required? timers’ settings (see RADIUS Timers Setting) Is RADIUS accounting required? Figure 6: RADIUS Configuration Flow Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 24 of 70...
Page 166: Radius Default Configuration
# example freeradius user entry: # test Auth-Type := Local, User-Password == "test" Reply-Message = "Welcome, %u", Foundry-privilege-group = Network-admins VENDOR Foundry 1991 ATTRIBUTE Foundry -privilege-group integer Foundry Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 25 of 70...
Page 167: Radius Configuration Commands
If the UDP authentication port number is not specified, the port number 1812 is assigned. Command Syntax device-name(config)#radius-server host A.B.C.D [<port-number>] device-name(config)#no radius-server host A.B.C.D Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 26 of 70...
Page 168 (Optional). Sets TACACS+ authentication as primary method and RADIUS Authentication as secondary. radius tacacs+ (Optional). Sets RADIUS authentication as primary method and TACACS+ authentication as secondary. Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 27 of 70...
Page 169: Radius Timers Setting
The radius-server retransmit command, in Global Configuration mode, specifies the number of times a RADIUS request is resent to a server if that server is not responding or if it responds Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 28 of 70...
Page 170 A configured RADIUS server is presumed dead, if the timeout is reached in three authentication sessions (requests). Command Syntax device-name(config)#radius-server deadtime <minutes> device-name(config)#no radius-server timeout Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 29 of 70...
Page 171: Configuring Radius Accounting
The IP address of the RADIUS accounting server. port-number (Optional). The number of the UDP destination port for accounting requests in the range <1024-65535>. Example device-name(config)#radius-acc-server host 212.178.0.21 1024 Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 30 of 70...
Page 172: Radius Accounting Timers Setting
The no form of this command restores the allowed number of retransmissions to the default value of 3. Command Syntax device-name(config)#radius-acc-server retransmit <count> device-name(config)#no radius-acc-server retransmit Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 31 of 70...
Page 173 (requests). Command Syntax device-name(config)#radius-acc-server deadtime <minutes> device-name(config)#no radius-acc-server timeout Argument Description minutes Dead-time interval in minutes, in the range <0-1440>. Example device-name(config)#radius-acc-server deadtime 60 Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 32 of 70...
Page 174: Display The Radius Client Source Ip
3. Edit RADIUS Server “clients.conf” file and add the IP address with a distinctive key. Figure 7: RADIUS Configuration Example 4. Add the following lines to the “clients.conf” file: client 10.2.0.0/16 { secret = foundry shortname = n10 Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 33 of 70...
Page 175: Switch Configuration
5. Display the RADIUS configuration: device-name#show running-config Building the configuration ... ! Current Configuration: ! Router Manager Configuration: password a1h8RRzG11d4U radius-server host 10.2.42.137 Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 34 of 70...
Page 176 ACCEPT. After the last three queries, the device will log in successfully using the local authentication database. Remote Authentication Dial in User Service (RADIUS) © 2008 Foundry Networks, Inc. Page 35 of 70...
Page 177: Terminal Access Controller Access Control System Plus (Tacacs +)
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Terminal Access Controller Access Control System Plus (TACACS +) The Terminal Access Controller Access Control System Plus (TACACS+) is a security protocol for remote Authentication, Authorization and/or Accounting that communicates between network devices and an authentication database.
Page 178 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) The TACACS+ Negotiation Procedure An attempt by a user to login through a console by authenticating to a Network Access Server (NAS) using TACACS+ generates the following procedure: 1.
Page 179: Tacacs+ Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) TACACS+ Configuration Flow Figure 8 displays the process to configure TACACS+ parameters. Start Configure TACACS+ server Configure NAS for authentication Define the remote TACACS+ authentication server...
Page 180: Tacacs+ Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Figure 8: TACACS+ Configuration Flow TACACS+ Default Configuration Table 12 shows the TACACS+ default configuration Table 12: TACACS+ Default Configuration Parameter Default Value TACACS+ Disabled TCP port...
Page 181 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) To set a list of up to five servers, repeat the command with the proper arguments for each server. By default, the TCP port of the TACACS+ server is 49.
Page 182 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Command Syntax device-name(config)#tacacs-server timeout <timeout> Argument Description timeout Connection timeout in seconds. The range is <0-60> seconds. Example device-name(config)#tacacs-server timeout 20 Setting the TACACS+ Client Source IP The tacacs-client source-ip command, in Global Configuration mode, sets the source IP address for the TACACS+ client.
Page 183: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Configuration Examples Server Configuration Example This following example displays the contents of a configuration file that is used when TACACS+ protocol is used for authentication: # The shared secret key...
Page 184 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) # (Changes automatically to 0, see "User Privilege Levels" chapter) NOTE Privilege levels in the TACACS+ configuration file (0-15) are arranged in ascending order, from 0 for the lowest privilege (Guest level) to 15 for the highest privilege (an Administrator).
Page 185 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Username: richy Password: Username: If the user tries to access the device using local username root and password rtpsw, while the Tacacs+ server is absent, the result will be ACCEPT:...
Page 186: 802.1X Port-Based Authentication
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) 802.1x Port-Based Authentication The IEEE 802.1x standard offers a method for controlling port access in a central location on a user or device basis. 802.1x helps to facilitate the control of networks.
Page 187: Mode Of Operation
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Mode of Operation When a device is configured as an authenticator, the ports of the device must be configured for authorization. When the authenticator detects that the link with the host is active or an EAPOL start-packet is received, the authenticator port sends an EAP packet to the host requesting the supplicant’s...
Page 188: Ports In Authorized And Unauthorized States
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Mode Description the default host mode. Multiple Hosts More than one host can be authorized on a port. The first one that authenticates successfully unlocks the port and the other supplicants have full access to the device services.
Page 189 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) is received, the host sends the request for a fixed number of times. Because no response is received, the host begins sending frames as if the port is in the authorized state.
Page 190: 802.1X Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) NOTE The 802.1x VLAN assignment will not appear in the device configuration file, since the allocation is dynamic. 802.1x with VLAN assignment should be configured both on the device and on the RADIUS server, subject to the following rules: •...
Page 191: 802.1X Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Start Configure at least one RADIUS server Configure the switch as an authenticator (Enabled by default) Configure hosts with user name, password and certificates on the user/server side Configure 802.1x global configuration...
Page 192: Configuring And Displaying 802.1X
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Parameter Default Value Traffic Control Mode Bi-directional Authorization mode Force-Authorized Host Mode Single-Host mode Debug 802.1x Disabled 802.1x Accounting. Disabled Interim-Update messages Disabled Configuring and Displaying 802.1x The 802.1x implementation on the device consists of configuring the three participants for...
Page 193 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Command Description dot1x max-req Sets the number of times that the device sends an EAP- request/ identity frame to the host before restarting the authentication process.
Page 194 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) 3600. To set the time period, use the dot1x timeout re-authperiod command in Global Configuration mode. By default, the re-authentication is disabled. Command Syntax device-name(config)#dot1x re-authentication...
Page 195 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Example device-name(config)#dot1x timeout host 45 Setting the Period of Re-authentication The dot1x timeout re-authperiod command, in Global Configuration mode, sets the number of seconds between re-authentication attempts. The no form of this command sets the re- authentication period to its default value.
Page 196 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Setting a Period for Communication Timeouts The dot1x timeout tx-period command, in Global Configuration mode, sets the number of seconds that the device waits for a response to an EAP-request/identity frame from the host before retransmitting the request.
Page 197: 802.1X Interface Configuration Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Enabling 802.1x Accounting The dot1x accounting command, in Global Configuration mode, enables 802.1x accounting. The no form of the command disables 802.1x Accounting. Use the optional period argument to enable periodic Interim-Update messages and to set the time interval in seconds between their transmissions.
Page 198 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Command Description dot1x re-authenticate Activates re-authentication for all supplicants that are connected to a specified port. dot1x multiple-hosts Sets 802.1x to Multiple-Hosts mode on a specified port.
Page 199: Displaying The 802.1X Information
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Example device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#dot1x re-authenticate Setting 802.1x to Multiple-Hosts Mode for a Specified Port The dot1x multiple-hosts command, in Interface Configuration mode, sets 802.1x to Multiple- Hosts mode on the specified port.
Page 200 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Table 20: The 802.1x Display Commands Command Description dot1x Displays the 802.1x authentication setting globally and on a per- port basis. show dot1x Displays information regarding 802.1x authentication.
Page 201 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) ReAuthentication = DISABLED ReAuthentication timer = 3600 sec Unicast-clients compatibility = OFF Radius timeout = 30 sec Host timeout = 30 sec Tx-period timeout = 30 sec...
Page 202 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Command Syntax device-name#show dot1x interface UU/SS/PP [statistic] device-name(config-if UU/SS/PP)#dot1x Argument Description UU/SS/PP Interface unit/slot/port. statistic (Optional). Displays statistic information for a specific port. Example 1 device-name#show dot1x interface 1/1/5...
Page 203 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Hosts Authorized Hosts UnAuthorized Hosts Displaying the 802.1x Information for all Supplicants The show dot1x hosts command, in Privileged (Enable) mode, displays the 802.1x information for all supplicants.
Page 204 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) |Session Time |G. Words Rx|G. Words Tx|G.FramesRx|G.FramesTx ------------------------------------------------------------------------------- 00:12:F2:D6:AE:AA 1/1/27 00:00:04 ------------------------------------------------------------------------------- 00:40:95:08:32:2A 1/1/28 00:00:14 -------------------------------------------------------------------------------- Displaying the 802.1x Information for Dynamic VLAN Members The show dot1x vlan command, in Privileged (Enable) mode, displays the 802.1x information related to dynamic VLAN members.
Page 205: Debugging 802.1X
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) RADIUS Accounting server [192.168.0.31:1813]: Sent Packets: RADIUS Accounting Requests: Received Packets: RADIUS Accounting Responses: RADIUS Accounting Requests: Debugging 802.1x Table 21 lists the 802.1x debugging commands.
Page 206 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Command Syntax device-name#debug dot1x authsm {event | status | timers} device-name#no debug dot1x authsm {event | status | timers} Argument Description event Debug state machine events.
Page 207 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) send (Optional).Debug packets receiving. detail (Optional).Debug packets sending. RADIUS Events Debugging The debug dot1x radius command, in Privileged (Enable) mode, enables the RADIUS events debugging. The no form of this command turns off the RADIUS events debugging.
Page 208: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Example device-name#show debug dot1x core debugging 802.1x core process,Re-Authentication process PBA Authenticator State Machine debugging is on: status,events,timers PBA Backend State Machine debugging is on: status,events,timers...
Page 209: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Acronyms The following table provides a list of acronyms used in this document and their meaning. Table 22: Acronyms Acronym Meaning Authentication, Authorization and Accounting Command Line Interface...
Page 210: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) Supported Platforms Features NetIron M2404F NetIron M2404C User Privilege Levels with CLI Secure Shell Server (SSH) Remote Authentication Dial In User Service (RADIUS) Terminal Access Controller Access Control System Plus (TACACS +) 802.1x Port-Based Authentication...
Page 211 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Switch Authentication Features (Rev. 03) 802.1x Port-Based IEEE 802.1x, Standard No MIBs are supported RFC 2865, Remote Authentication by this feature. for Local and Authentication Dial In metropolitan area User Service (RADIUS)
Page 212: Configuring Interfaces
Foundry Networks Configuring Interfaces This chapter provides information about the interface configuration procedure. For additional information on the command syntax and parameters, refer to the following sections: TABLE OF FIGURES ............................ 2 FAST ETHERNET AND GIGA ETHERNET PORT ................. 3 ....................
Page 213 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Table of Figures Figure 1: Crossover and Straight-Through Connections............. 13 Figure 2: Four Ports Combined into a Link Aggregation Group ........25 Figure 3: Example of LAG Containing Two Ports ............. 38 Figure 4: Example of Two LAGs Configured on the Same Switch........
Page 214: Fast Ethernet And Giga Ethernet Port
Configuring Interfaces (Rev. 03) Fast Ethernet and Giga Ethernet Port The Foundry NetIron M2404C and M2404F Metro access switches support simultaneous, parallel conversations between Ethernet segments. Switched connections between Ethernet segments last only for the duration of the packet. New connections can be made between different segments for the next packet.
Page 215: Configuring Fast And Giga Ethernet Port Interfaces
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Parameter Default Value Port name None Backpressure mode Disabled Duplex speed For Fast Ethernet Fiber: Auto-negotiation. For Giga Ethernet Fiber: Auto-negotiation. For Fast Ethernet and Giga Ethernet Copper: Auto- negotiation.
Page 216 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Description remote-fault-detect Enables remote fault detection on the configured interface that is connected to a 100Base Fiber pair. packet-size-limit Sets the packet-size limit. Range is <512-9216>. crossover Enables crossover detection, which allows the device port to automatically detect transmit and receive of the Ethernet cable (i.e.,...
Page 217 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) device-name(config-if-group)#interface range {PORT-LIST | PORT-AG-LIST} Argument Description PORT-LIST One or more port numbers, specified by the following options: • UU/SS/PP – (unit, slot and port number, e.g. – 1/1/8) specifying a single port;...
Page 218 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Argument Description NAME String of up to 256 characters, which represents the port name. Spaces are allowed. Setting Interface Speed The speed command, in Interface Configuration mode, specifies the port speed.
Page 219 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Syntax device-name(config-if UU/SS/PP)#duplex {auto | full | half} Argument Description auto Enables the autonegotiate mode on the configured interface. full Enables the full duplex mode on the configured interface.
Page 220: Setting The Default Vlan
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Syntax device-name(config-if UU/SS/PP)#flow-control {enable | disable} Argument Description enable Enables flow control on the configured interface. disable Disables flow control on the configured interface. Setting the Default VLAN The default vlan command, in Interface Configuration mode, changes the Port VLAN ID (PVID) of the configured interface.
Page 221 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) NOTE Setting the limit to zero (0) will block all incoming broadcast (multicast) packets. Command Syntax device-name(config-if UU/SS/PP)#broadcast-limit {<limit> | unlimited} device-name(config-if UU/SS/PP)#no broadcast-limit Argument Description limit The broadcast rate limit is in packets per second. The valid range is 0 - 262143.
Page 222 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Setting a Rate limit to Layer 2 Unknown Packets The unknown-limit command, in Interface Configuration mode, sets a limit to the rate of the packets with unknown destination Layer-2 (MAC) address on the configured interface. The no form of the command disables the rate limit on the Layer 2 unknown packets.
Page 223 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Maximum Packet Size = 512 Setting Remote Fault Detection The remote-fault-detect command, in Interface Configuration mode, enables remote fault detection on the configured interface that is connected to a 100Base Fiber pair.
Page 224: Displaying Interface Settings And Statistics
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Figure 1: Crossover and Straight-Through Connections When automatic crossover detection is defined, the user can interconnect any combination of MDI/MDIX ports using either type of cable (crossover or straight-through) without distinction.
Page 225 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Argument Description UU/SS/PP (Optional). Represents the Unit, Slot and Port numbers respectively, each in one or two decimal digits. Example The following example displays the settings of a specific interface:...
Page 226: Dropevents
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Octets 24512 In/OutPkts 64 Collisions In/OutPkts 65-127 Broadcast In/OutPkts 128-255 Multicast In/OutPkts 256-511 CRCAlignErrors In/OutPkts 512-1023 Undersize In/OutPkts 1024-MaxFrameSize Oversize TotalInPkts Fragments TotalIn/OutPkts Jabbers DropCount DropEvents Last5secInPkts Last5secInBps...
Page 227 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Counter Description command packet-size-limit, oversized frames are counted as FCS errored. Fragments This counter is incremented once for every received packet that meets all the following conditions: •...
Page 228 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Counter Description includes rejected, received, and transmitted packets. TotalIn/OutPkts This counter is incremented once for every received and transmitted packet that is 64 to MaxFrameSize bytes in size. This counter includes rejected, received, and transmitted packets.
Page 229: Clearing Interface Statistics
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Table 5: The Counters Displayed by the show interface statistics extended Command Counter Description InOctets This counter is incremented once for every data octet of all received packets. This includes data octets of rejected and local packets that are not forwarded to the switching core for transmission.
Page 230: Configuring And Displaying Device-Management Ports
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Table 6: Interface Clearing Statistics Commands Command Description reset Clears the statistics of the configured interfaces. clear interface Clears the statistics of all interfaces. statistics Clearing the Port Statistics The reset command, in Interface Configuration mode, clears the statistics of the configured port.
Page 231 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Setting Management Ports The port management command, in Global Configuration mode, controls access to device management on specified ports. The no form of this command blocks access to the device management on specified ports.
Page 232 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Syntax device-name#show port management Example device-name#show port management Management ports: 1/1/2,1/1/5 Fast Ethernet and Giga Ethernet Port © 2008 Foundry Networks, Inc. Page 21 of 57...
Page 233: Configuring And Displaying Layer 3 Interfaces
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Configuring and Displaying Layer 3 Interfaces When a host in one VLAN wants to communicate with a host in another VLAN, the traffic is routed between them by creating Layer 3 Interfaces. A permanent Layer 3 interface (sw0) is attached to VLAN 1 referred to as “default VLAN”.
Page 234 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Displaying the IP Interface Configuration The show ip interface command, in Privileged (Enable) mode, displays the IP interface describes the parameters displayed by the show ip interface configuration and statistics.
Page 235 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Parameter Description broadcast The broadcast IP of the IP interface. Ethernet address The MAC address of the IP interface. packets received Number of packets received on the IP interface.
Page 236: Link Aggregation Groups (Lag)
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Link Aggregation Groups (LAG) Link Aggregation Groups (LAGs), also known as trunks, provide increased bandwidth and high reliability while saving the cost of upgrading the hardware. By combining several interfaces into one logical link, LAGs offer network channels tailored to need, filling the gaps between 10 Mbps, 100 Mbps and 1 Gbps with intermediate bandwidth values.
Page 237: Overview
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Overview Static Link Aggregation Groups (LAGs) Static LAGs provide the ability to treat multiple device ports as one device port. These port groups act as a single logical port for high-bandwidth connections between two network devices. A static LAG balances the traffic load across the links in the channel.
Page 238: Lacp Parameters
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) • Passive: The interface does not initiate the LACP exchange, but replies to the received LACP packet. A passive LAC interface may participate in exchanges of LACP PDUs only with a connected active LACP-enabled interface.
Page 239 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) LAG ID Numbers on the Devices LAG ID numbers, in the range <1-31>, are used to identify specific LAGs in configuration commands. Up to 8 ports can be added to each LAG.
Page 240: Prerequisites
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) If, as a result of an LACP exchange, the local LACP system decides to aggregate the port with one or more other port, it includes the port in an appropriate dynamic LAG. If an appropriate LAG does not exist, it is created.
Page 241: Configuring Static Lags
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Table 9: Link Aggregation Default Configuration Parameter Default Value Static Link Aggregation Disabled Global Link Aggregation Control Protocol (LACP) Disabled Per port Link Aggregation Control Protocol (LACP) Disabled...
Page 242: Configuring Lacp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Syntax device-name(config-if UU/SS/PP)#link-aggregation static id <id-number> device-name(config-if UU/SS/PP)#no link-aggregation Argument Description id <id-number> Link aggregation ID number in the range <1-31>, used for all the interfaces. Setting a Name for a Static LAG The link-aggregation static id command, in Global Configuration mode, sets a user defined name for a specified static aggregate specified by the LAG id number.
Page 243 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Description link-aggregation lacp Enables the configured interface to be added to a LAG or to be removed from a LAG dynamically by LACP. link-aggregation lacp Sets the LACP administrative key to the specified value.
Page 244 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Enabling and Configuring an Interface for LACP Aggregation The link-aggregation lacp command, in Interface Configuration mode, enables the configured interface to be added to or removed from a LAG dynamically by the LACP. It also sets LACP parameters.
Page 245: Configuring Lag Interfaces
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) device-name(config-if 1/1/1)#link-aggregation lacp device-name(config–if 1/1/1)#link-aggregation lacp key 65535 Value is displayed in the output issued by the show command: device-name#show link-aggregation lacp System ID = 00 12 f2 17 01 00...
Page 246: Displaying Link Aggregation Groups
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) If the user applies this command when the device is in LAG Interface Configuration mode, the mode is changed to the specified LAG Interface Configuration mode (for example, the user can use this command to change the mode from ag01 Configuration mode to ag02 Configuration mode).
Page 247 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Table 13: Commands to Display the Static LAG and LACP Configuration Command Description show interface link- Displays the Link Aggregation Groups configuration. aggregation show link-aggregation Displays a list of all LACP-enabled interfaces in the system with lacp the configured LACP parameters.
Page 248: Lag Distribution Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Example device-name#show link-aggregation lacp System ID = 00 12 f2 02 02 02 System priority = 32768 ========+========+=======+=======+ Port Mode | Prty --------+--------+-------+-------+ 1/1/25 | active | | 32768 |...
Page 249: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Syntax device-name#show link-aggregation distribute Example device-name#show link-aggregation distribute Link aggregation distribution mode is Layer 2 Configuration Examples Simple LACP Configuration The following example establishes dynamic link aggregation between two devices, as shown in...
Page 250 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) No LAC ports configured 4. Enable LACP on interface 1/1/1: device-name#configure terminal device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#link-aggregation lacp 5. Enable LACP on interface 1/1/4: device-name(config-if 1/1/1)#interface 1/1/4 device-name(config-if 1/1/4)#link-aggregation lacp device-name(config-if 1/1/4)#end 6.
Page 251 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Figure 4: Example of Two LAGs Configured on the Same Switch Configuring Switch 1: On Switch 1, LACP is enabled in active mode on the following interfaces: • 1/1/1, 1/1/2, 1/1/3 and 1/1/4, as an aggregated link to Switch 2;...
Page 252 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) 4. Display the LACP configuration: Switch1#show link-aggregation lacp System ID = 00 12 f2 03 04 05 System priority = 32768 ========+========+=======+======+ Port Mode |Prty --------+--------+-------+------+ 1/1/1 | active |...
Page 253 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) 1/1/4 | active | |32768 | ========+========+======+======+ Configuring Switch 3: On Switch 3, LACP is enabled in active mode on interfaces 1/1/9 and 1/1/12, as an aggregated link to Switch 1.
Page 254 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) ==========+========+=================+===================== Agg# |Type | Management Name | Ports ----------+--------+-----------------+--------------------+ AG01 | LACP | LACP1 | 1/1/1-1/1/4 ==========+========+=================+===================== Displaying Switch 3 Configuration: Switch3#show interface link-aggregation ==========+========+=================+===================== Agg# |Type | Management Name | Ports...
Page 255 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) 2. Enabling Static LAG on interfaces 1/1/1 and 1/1/4 Switch1#configure terminal Switch1(config)#interface 1/1/1 Switch1(config-if 1/1/1)#link-aggregation static id 1 Switch1(config-if 1/1/1)#interface 1/1/4 Switch1(config-if 1/1/4)#link-aggregation static id 1 3. Enabling Static LAG on interfaces 1/1/9 and 1/1/12...
Page 256 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) AG03 |static|TRUNK3 |1/1/9,1/1/12 2. Display the RSTP parameter settings and Rapid-Spanning-Tree topology: Switch2#show rapid-spanning-tree Rapid spanning tree = enabled ProtocolSpecification = ieee8021w Priority = 32768 TimeSinceTopologyChange = 4 (Sec)
Page 257: Network Wide Resilience
If the main link fails, the standby link immediately and automatically takes over the task of the main link. The Resilient Link can operate between a Foundry Networks switch and other devices in the network, such as router switches and servers, providing a fully redundant network and ensuring that there will be no link failures.
Page 258: Configuration Notes
A resilient-link pair can be defined only at the one end of the link. This provides the ability for full redundant network even when connecting the switch to other devices such as switches, routers and servers. To connect a Foundry Networks switch to other devices by the Resilient Link use the backup-link shut-down command in Resilient-link Configuration mode.
Page 259: Prerequisites
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Prerequisites Resilient Link with STP In order for the Resilient Link to work with one of the Spanning Tree protocols (STP, RSTP or MSTP), the following rule must be applied: A Spanning Tree protocol cannot be enabled while the Resilient Link backup port is in standby mode.
Page 260 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Table 16: Resilient Link Configuration Commands Command Description resilient-link Enters into a specified Resilient-link Configuration mode for settings of the specified resilient link. ports Adds a port pair as a resilient link.
Page 261: Selecting The Active Port
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Defining the Resilient Link Ports The ports command, in Resilient-link Configuration mode, adds a port pair as a resilient link. This adds a new resilient link to a list of already defined resilient links. Ports are defined in unit/slot/port notation.
Page 262: Resilient Links Display Commands
1. The power of the port is turned off (the port LED is off). This state enables connecting the device with the Resilient Link to a non- Foundry Networks device, or to another Foundry Networks switch. The other device can sense when the link is down and switch between the Resilient Link ports without any special settings.
Page 263 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Command Syntax device-name(config-resil-link N)#show [N1 | N1 N2] device-name#show resilient-links [N1 | N1 N2] Argument Description (Optional). ID number of resilient link to be displayed. N1 N2 (Optional). Range of ID numbers of resilient link to be displayed.
Page 264: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) device-name#show resilient-link counter [N1|N1 N2] Argument Description (Optional). ID number of resilient link to be displayed. N1 N2 (Optional). Range of ID numbers of resilient links to be displayed.
Page 265 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Figure 6: Example of a Resilient Link Topology 1. Enter into Resilient-link Configuration mode: device-name(config)#resilient-link 2 2. Set ports 1/1/1 and 1/1/9 as Resilient Links: device-name(config-resil-link 2)#ports 1/1/1 1/1/9 3.
Page 266: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Acronyms The following provides a list of acronyms that are used in this document and lists their meaning. Table 18: Acronyms Acronym Meaning LACP Link Aggregation Control Protocol...
Page 267: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Supported Platforms Features NetIron M2404F NetIron M2404C Fast Ethernet and Giga Ethernet Port Configuring Layer 3 Interface Link Aggregation Groups (LAG) Network Wide Resilience Supported Standards, MIBs and RFCs...
Page 268 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Interfaces (Rev. 03) Features Standards MIBs RFCs Network Wide No standards are Private MIB, No RFCs are supported Resilience supported by this feature. foundry_resilient_link.mib by this feature. Supported Platforms © 2008 Foundry Networks, Inc.
Page 269: Configuring Vlans
Foundry Networks Configuring VLANs This chapter describes how to logically segment networks using VLANs. It explains how to configure VLANs and use VLAN-related features such as VLAN security, Super VLAN and the GARP VLAN registration protocol. The information in this guide applies to all devices except where noted.
Page 270 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Tables of Figures Figure 1: Example of a Port-Based VLAN on the Switch ............5 Figure 2: VLAN Tagging Example..................6 Figure 3: Tagged VLANs with Link Aggregation Example ..........7 Figure 4: Ethernet Packet Encapsulation................8 Figure 5: VLAN Configuration Flow..................
Page 271: Virtual Lans
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Virtual LANs A virtual (or logical) LAN is a local area network with a definition that maps workstations on some basis other than geographic location (for example, by department, by user type, or by primary application).
Page 272: Benefits
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Rate Limiting Rate Limiting was created to help control congestion on service provider networks and to help ensure proper use of bandwidth resources. Rate Limiting allows network administrators to allocate specific amounts of bandwidth per user or flow.
Page 273 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 1: Example of a Port-Based VLAN on the Switch Members of different VLAN groups can communicate only through routing. In other words, users from different departments cannot communicate on Layer 2.
Page 274 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) If a port is defined as untagged on a certain VLAN and a tagged packet arrives at that port with the correct VLAN, then the packet will be switched to that VLAN.
Page 275: Port Vlan Identifier
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 3: Tagged VLANs with Link Aggregation Example Port VLAN Identifier In Port-based VLAN classification within a Bridge, the VID associated with an untagged or priority-tagged frame (i.e., a frame with no tag header, or a frame with a tag header that carries the null VLAN ID) is determined according to the port of arrival of the frame into the device.
Page 276 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 4: Ethernet Packet Encapsulation When the device detects ingress traffic that contains 802.1p prioritization information, it maps traffic to various hardware queues on its egress port. The transmitting hardware queue determines the bandwidth management and priority characteristics used when transmitting packets.
Page 277: Vlan Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) VLAN Configuration Flow The following figure displays the VLAN configurtion process. Start Create VLAN Add port(s) as tagged or untagged members Add default port VLAN If routing is needed?
Page 278: Configuring And Displaying Vlans
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Parameter Default Value All ports’ VLAN VLAN 1 PVID of all ports VLAN 1 VLAN management Enable Filter transmitted ARP Disable Configuring and Displaying VLANs To set a VLAN, proceed as follows: 1.
Page 279: Configuring Dynamic Vlans
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) • Adding ports to a VLAN • Removing ports from a VLAN • Adding a VLAN as PVID to ports • Restoring the port VIDs to VLAN ID 1 (the default VLAN) •...
Page 280: Creating And Removing Vlans
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) The config dynamic command converts the dynamic GVRP VLAN to static VLAN. This allows The user to add static ports to dynamic GVRP VLAN. To enable GVRP, use the gvrp enable command in Protocol Configuration mode.
Page 281 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) % VLAN <vlan-id> system name NOTE When the MAC Address table contains maximum number of entries, additional features like VLANs, VPLS and related features cannot be enabled. Command Syntax device-name(config vlan)#create NAME <vlan-id>...
Page 282 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Argument Description vlan-id Represents the ID number of an existing VLAN in the range <2- 4093>. Example This following example deletes the VLAN with ID 10: device-name(config vlan)#delete id 10...
Page 283 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Example The following example creates a sequence of VLANs and displays the results: device-name(config vlan)#create range 15 21 1/1/1-1/1/5 untagged 1/1/10 tagged device-name(config vlan)#show =================================================================== Name |VTag| Rout If | Tagged ports...
Page 284: Configuring The Vlan Parameters
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Configuring the VLAN Parameters Table 4 lists the commands for configuring the VLAN parameters, such as: adding/removing ports to a VLAN, setting/removing the VLAN as default on ports and attaching an IP interface to the VLAN.
Page 285 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) • UU/SS – all ports on the slot that is specified by unit and slot number; • A hyphenated range of ports, e.g. - 1/1/9-1/1/16; • Several port numbers and/or ranges, separated by commas, e.g. 1/1,1/1/11- 1/1/14,1/1/16.
Page 286 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Example The following example shows how to remove ports from the VLAN named xxx. The result displayed by the show command that can be applied in any Specific or Global VLAN...
Page 287 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Command Syntax device-name(config-vlan VLAN-NAME)#add cpu-port Excluding the CPU from Membership in the VLAN The remove cpu-port command, in Specific VLAN Configuration mode, excludes the device from membership in the VLAN. This feature prevents the device from receiving broadcast and multicast traffic in the VLAN.
Page 288: Displaying The Vlan Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) untagged. Displaying the VLAN Configuration Table 5 lists the commands to display the VLAN configuration. Table 5: VLAN Display Commands Command Description show Displays the static VLAN configuration. show vlan Displays the static VLAN configuration.
Page 289 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Table 6: VLAN Switch-Management Commands Command Description management Controls access to switch management on specified VLANs. management filter Sets filtering on the management traffic. show vlan Displays the management VLANs.
Page 290: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Argument Description VLAN-LIST List of VLAN IDs, in the form {k|k1-k2} [, {l | l1-l2}[, {m|m1-m2}[,… ]]], where commas separate between terms and hyphens indicate ranges. For example: The expression 2,4,8-32,64-512 represents VLAN IDs 2, 4, the range from 8 to 32 and the range from 64 to 512.
Page 291 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 6: VLAN Configuration Example Configuring Switch 1: 1. Create the VLAN user_100 with VLAN ID 100 Switch1#configure terminal Switch1(config)#vlan Switch1(config vlan)#create user_100 100 2. Add port 1/1/1 as untagged (connected to a user) to VLAN user_100 and add VLAN user_100 as PVID to port 1/1/1.
Page 292 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Switch1(config vlan)#create user_102 102 6. Add port 1/1/3 as untagged (connected to a user) to VLAN user_102 and add VLAN user_102 as PVID to port 1/1/3. Add port 1/1/9 as tagged (connected to Switch 4):...
Page 293 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Configuring Switch 2: 1. Create the VLAN user_200 with VLAN ID 200: Switch2#configure terminal Switch2(config)#vlan Switch2(config vlan)#create user_200 200 2. Add port 1/1/1 as untagged (connected to a user) to VLAN user_200 and add VLAN user_200 as PVID to port 1/1/1.
Page 294 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) interface 1/1/2 default vlan 201 interface 1/1/3 default vlan 202 ! VLAN configuration: vlan create user_200 200 config user_200 add ports 1/1/9 tagged add ports 1/1/1 untagged vlan create user_201 201...
Page 295 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) 5. Create the VLAN user_302 with VLAN ID 302: Switch3(config vlan)#create user_302 302 6. Add port 1/1/3 as untagged (connected to a user) to VLAN user_302 and add VLAN user_302 as PVID to port 1/1/3.
Page 296 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Configuring Switch 4: 1. Create the VLAN user_100 with VLAN ID 100: Switch4#configure terminal Switch4(config)#vlan Switch4(config vlan)#create user_100 100 2. Add ports 1/1/1, 1/1/9 as tagged (1/1/1 is connected to the users on Switch 1 and 1/1/9 is...
Page 297 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) 12. Add ports 1/1/2, 1/1/9 as tagged (1/1/2 is connected to the users on Switch 2 and 1/1/9 is connected to the router) to VLAN user_202: Switch4(config vlan)#config user_202...
Page 298 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) create user_100 100 config user_100 add ports 1/1/1,1/1/9 tagged vlan create user_101 101 config user_101 add ports 1/1/1,1/1/9 tagged vlan create user_102 102 config user_102 add ports 1/1/1,1/1/9 tagged...
Page 299 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) 2. Create an interface to the subnet sw2 and add the IP interface 21.10.3.6/16: device-name(config)#interface sw2 device-name(config-if sw2)#ip address 21.10.3.6/16 device-name(config-if sw2)#exit Create the VLAN Research with VLAN ID 100:...
Page 300: Management Vlan
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) vlan create production 200 config production add ports 1/1/6,1/1/8 untagged rif sw2 8. Display the subnet table (for sw2 and sw4): device-name#show subnet-tbl ===================================================================== Name | Subnet |VTag| Tagged ports...
Page 301 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) 1. Enter into VLAN configuration mode: device-name#configure terminal device-name(config)#vlan 2. Remove management from VLANs 1, 3-4093 (only ports configured with VLAN ID 2 can be use to manage the device): device-name(config vlan)#no management 1,3-4093 3.
Page 302 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config vlan)#config default device-name(config-vlan default)#remove ports 1/1/2-1/1/3,1/1/9-1/1/10, 1/1/11 device-name(config-vlan default)#end 12. Display the management VLANs: device-name#show vlan management Management VLANs: 2 management filter tx arp disabled 13. Display the VLAN configuration:...
Page 303: Port Security
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Port Security Port security can be used to block input to an Ethernet port when the MAC address of the station attempting to access the port does not match any of the MAC addresses specified for that port.
Page 304: Limiting The Number Of Mac Addresses
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Limiting the Number of MAC Addresses The application software provides the ability to limit the number of MAC addresses learned by a port. This feature acts differently from the port security feature that retains the MAC addresses in the MAC address table until either they are removed manually or the port security is disabled.
Page 305 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) NOTE Using the no port security action trap form of the command will disable the action on the violating MAC addresses. In the port security command, the arguments are optional and mutually exclusive. However, the...
Page 306 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) action trap Generates an SNMP trap and a log message when a security violation occurs. max-mac-count (Optional). The maximum numbers of secure addresses that this <number-of-addresses> port can support. The range is <1-2048> MAC addresses.
Page 307 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) learning limit on the specified port. The no port limit all command removes the port limit on a port per all VLANs. The MAC addresses that do not cross the limit on the port are learned as dynamic and the MAC addresses that cross the limit on the port are learned as filtered.
Page 308: Port Security Display Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config-if 1/1/11)#port limit max-mac-count 15 filter-learn- disable vlan 20 Port Security Display Commands Table 9 lists the port security display commands. Table 9: Port Security Display Commands Command Description...
Page 309 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config-if 1/1/1)#no port security max-mac-count vlan 5 device-name(config-if 1/1/1)#end device-name#show port security |===================================================================| |port # | vid | action | max addr |secure addr|filtered addr|status | |-------+-----+--------+----------+-----------+-------------+-------| |1/1/1 | trap...
Page 310 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Displaying the Configured MAC-Address Limit for a Port The show port limit command, in Privileged (Enable) mode, displays the port limit configuration and the current number of allowed MAC addresses on each port.
Page 311 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config-if 1/1/2)#interface 1/1/3 device-name(config-if 1/1/3)#port security max-mac-count 6 device-name(config-if 1/1/3)#port security action shutdown 3. Enable port security on interface 1/1/4 with a maximum of six MAC addresses. After six MAC addresses have been learned as secure, the...
Page 312 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config)#exit device-name#show mac-address-table +===========+===================+=========+===========+========== port status | priority +-----------+-------------------+---------+-----------+---------- 0000 00:12:f2:07:13:29| 0/0/0 self 0001 00:12:f2:07:13:29| 0/0/0 self 0002 00:02:4b:82:60:e2| 1/1/2 secure 0002 00:02:55:58:0d:8c| 1/1/2 secure 0002 00:02:55:98:52:f4| 1/1/2 secure...
Page 313 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config-if 1/1/4)#port security enable-shutdown-port device-name(config-if 1/1/4)#end device-name#show port security |===================================================================| |port#| vid |action |max addr|secure addr|filtered addr|status | |-----+---------+--------+--------+-----------+-------------+-------| |1/1/4|all vlans|shutdown| 5 |enabled| device-name#show port security 1/1/4 ALL VLANS:...
Page 314 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(config-if 1/1/3)#end device-name#show port security |===================================================================| |port#| vid |action |max addr|secure addr|filtered addr|status | |-----+---------+--------+--------+-----------+-------------+-------| |1/1/3|all vlans|shutdown| 5 | 16 |enabled | |1/1/4|all vlans|trap | 16 |enabled | Port Security ©...
Page 315: Super Vlans
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Super VLANs The Super VLAN is a mechanism that isolates hosts that reside in the same Local Area Network (LAN). Super VLAN provides several advantages over traditional VLAN architectures employed in large switched LANs today.
Page 316: Super Vlan Types
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 9: Switching Decisions with the Super VLAN Agent NOTE To add security to the user’s network, use the IP Control List feature described in the “Configuring Access Control List” chapter.
Page 317 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) • Super VLAN ring topology– Suits layer 2 ring topology networks that are based on the MSTP (Multiple Spanning Tree Protocol). Which interface on the ring will function as the uplink port is decided by MSTP.
Page 318: Super Vlan Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Super VLAN and MSTP fast ring features are configured on each device in the topology presented Figure 11. The Super VLAN uplink has to be one of the two ports that are connected to the rest of the ring.
Page 319: Super Vlan Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Start Ring or cascade Cascade Ring topology? Configure User Interface or Enable and configure MSTP Link Aggregation Interface (see Configuring Multiple Spanning Tree for SuperVLAN Protocol (MSTP)) Configure User Interface or...
Page 320: Configuring Super Vlan
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) NOTE The user cannot configure Super VLAN and VPLS/HVPLS services on the same access ports. Each port can be configured either as a VPLS access port or as a Super VLAN port.
Page 321: Super Vlan Display Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Command Syntax device-name(config-if UU/SS/PP)#super-vlan ring-topology {UU1/SS1/PP1 agNN1} {UU2/SS2/PP2 | agNN2} [vlan <vlan-id>] device-name(config-if UU/SS/PP)#no super-vlan Argument Description UU1/SS1/PP1 First ring-port of the super VLAN. UU2/SS2/PP2 Second ring-port of the super VLAN.
Page 322: Configuring Vlan Translation
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Configuring VLAN Translation Table 13 lists the VLAN Translation configuration commands. Table 13: VLAN Translation Configuration Commands Command Description residential-user Enables/disables the Residential User on a specified port. residential-user Enables or disables the VLAN translation mapping.
Page 323: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Enabling/Disabling the TLS VLAN Translation The residential-user vlan mapping command, in Global Configuration mode, enables or disables the VLAN translation mapping. VLAN translation mapping is used to allow additional MAC address learning, because traffic from and to the residential user will flow in the two different VLANs- user and transport.
Page 324 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 13: Super VLAN Configuration 1. Enable Super VLAN on interface 1/1/1 with the uplink 1/1/9: device-name#configure terminal device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#super-vlan 1/1/9 2. Enable Super VLAN on interface 1/1/2 with the uplink 1/1/9:...
Page 325 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name#show super-vlan ================================================== User Interface | Super VLAN Type | Uplink -----------------+-----------------+-------------- 1/1/1 | regular | 1/1/9 1/1/2 | regular | 1/1/9 1/1/3 | regular | 1/1/9 Super VLAN with Aggregated Uplink Configuration...
Page 326 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Configuring Switch 2: 1. Configure static link aggregation on interfaces 1/1/7 and 1/1/8: device-name#configure terminal device-name(config)#interface 1/1/7 device-name(config-if 1/1/7)#link-aggregation static id 7 device-name(config-if 1/1/7)#interface 1/1/8 device-name(config-if 1/1/8)#link-aggregation static id 7 2.
Page 327 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 15: Super VLAN Ring Topology Example Configuring Switch 1: 1. Enable MSTP and MSTP fast ring: Switch1#configure terminal Switch1(config)#protocol Switch1(cfg protocol)#mstp enable Switch1(cfg protocol)#mstp fast-ring enable 2. Configure Switch 1 as MSTP Root. Set the bridge priority for MST instance...
Page 328 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Switch3#configure terminal Switch3(config)#protocol Switch3(cfg protocol)#mstp enable Switch3(cfg protocol)#mstp fast-ring enable Switch3(cfg protocol)#exit 2. Configure Super-VLAN on the user interface 1/1/19: Switch3(config)#interface 1/1/9 Switch3(config-if 1/1/10)#super-vlan ring-topology 1/1/1 1/1/2 3. Display the Super VLAN configuration:...
Page 329 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) VLAN Translation Configuration The following example (Figure 16) shows how to enable VLAN translation mapping from user VLAN 10 to transport VLAN 100. The user port 1/1/8 is added to VLAN 10 and the transport VLAN ports 1/1/1 and 1/1/2 are added to VLAN 100.
Page 330 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) SwitchD3(config)#vlan SwitchD3(config vlan)#create vlan10 10 SwitchD3(config vlan)#config vlan10 SwitchD3(config vlan vlan10)#add ports 1/1/1,1/1/2 tagged SwitchD3(config vlan vlan10)#add ports 1/1/8 untagged SwitchD3(config vlan vlan10)#add ports default 1/1/8 SwitchD3(config-vlan vlan10)#exit 4. Configure VLAN100:...
Page 331: Garp Vlan Registration Protocol (Gvrp)
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) GARP VLAN Registration Protocol (GVRP) The GARP VLAN Registration Protocol (GVRP) defines a Generic Attribute Registration Protocol (GARP) Application. GVRP enables the device to exchange VLAN configuration information with other GVRP devices, in order to create and manage VLANs dynamically on the devices.
Page 332: Gvrp Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Figure 17: GVRP Example The GARP Timers The GARP is designed to provide a generic framework whereby devices in a bridged LAN, can register and de-register attribute values, such as VLAN Identifiers, with each other. In doing so, the attributes are propagated to devices in the bridged LAN, and these devices form a “reachability”...
Page 333: Gvrp Configuration Guidelines
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Table 14: GVRP Default Configuration Parameter Default Value GVRP global enable state Disabled GARP timers Join time: 200 ms Leave time: 600 ms Leave all time: 10,000 ms GVRP Configuration Guidelines Follow these guidelines when configuring GVRP: •...
Page 334 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Argument Description enable Enables GVRP. disable Disables GVRP. Example device-name(config)#protocol device-name(cfg protocol)#gvrp enable Only the first 64 vlans will be saved, proceed? [y/n] : y device-name(cfg protocol)#gvrp GVRP enabled NOTE The message that appears on the screen reports the number of VLANs that the switch can support (64 when GVRP is enabled).
Page 335: Gvrp Display Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Argument Description The GARP Join time is in the range <100-6666>, in milliseconds. Option Join join must be less than option Leave/3. leave The GARP Leave time is in the range <300-20000>, in milliseconds. Option Leave must be greater than option Join*3 and less than option LeaveAll.
Page 336: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Displaying the GARP Timers The show garp timer command, in Privileged (Enable) mode, displays the values of the GARP timers. Command Syntax device-name#show garp timer Example device-name#show garp timer...
Page 337 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name#show vlan dynamic ===================================================================== Name |VTag| Rout If | Tagged ports | Untagged ports -------------+----+----------+---------------------+----------------- Permanent | sw0 |1/1/1-1/1/28 Permanent |1/1/1,1/1/2 6. Display the dynamic VLANs after they are learned by GVRP, where port...
Page 338 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Configuring Switch 3: 1. Enter into Protocol Configuration mode from Global Configuration mode: device-name#config terminal device-name(config)#protocol 2. Enable GVRP on the switch: device-name(cfg protocol)#gvrp enable Only the first 64 vlans will be saved, proceed? [y/n] :y device-name(cfg protocol)#exit 3.
Page 339: The Default Vlan
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) device-name(cfg protocol)#garp timer leave 600 GARP leave timer value is set to 600 milliseconds. 4. Set the Join GARP timer: device-name(cfg protocol)#garp timer join 200 GARP join timer value is set to 200 milliseconds.
Page 340: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Acronyms Table 17 provides a list of acronyms that are used in this document and lists their meaning. Table 17: Acronyms Acronym Meaning Access Control List GARP Generic Attribute Registration Protocol...
Page 341: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring VLANs (Rev.03) Supported Platforms Features NetIron M2404F NetIron M2404C Virtual VLANs Port Security Super VLANs GARP VLAN Registration Protocol (GVRP) Supported Standards, MIBs and RFCs Features Standards MIBs RFCs Virtual VLANs IEEE 802.1Q-1998...
Page 342 Foundry Networks Configuring Transparent LAN Services (TLS) This chapter includes the information necessary to configure Transparent LAN Services (TLS). It contains a description of the TLS feature along with information of how this feature is configured on switches. All relevant commands can be found in the document. The chapter consists of the following sections: TABLE OF FIGURES ............................
Page 343 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Table of Figures Figure 1: IP Packet Frame Format..................3 Figure 2: IP Packet Frame Format with the Additional TLS Tag Header......4 Figure 3: TLS Implementation ....................4 Figure 4: Protocol Tunneling Network Configuration ............5 Figure 5: TLS Configuration Flow..................6...
Page 344: Transparent Lan Services (Tls)
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Transparent LAN Services (TLS) Service providers are discovering significant new revenue opportunities with Layer 2 services that extend customer LANs across geographically dispersed sites. Using metro Ethernet technology, service providers can offer services that connect multiple enterprise customer offices at Ethernet networks from 10-Mbps up to 10-Gbps LAN speeds.
Page 345: Overview
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Figure 2: IP Packet Frame Format with the Additional TLS Tag Header Overview TLS implies Layer 2 connectivity offered by a service provider to multiple customer sites in a manner that is transparent to the Customer Edge (CE) devices.
Page 346: Prerequisites
The ingress edge switch rewrites the destination MAC address of the PDUs received on a Layer 2 tunnel port with the Foundry Networks proprietary multicast address (00:12:F2:FF:FF:00) and adds the TLS tag header. The PDU is then flooded to the Layer 2 tunnel port.
Page 347: Tls Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) additional tag. The packet priority can also be based on the IP ToS field. For more information see “Configuration Access Control List (ACL)”. The TLS ports must be set on a VLAN. The VLAN number could be any VLAN from the VLAN range <1-4093>...
Page 348: Configuring Tls
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Table 1: TLS Default Configuration Parameter Default Value Transparent LAN Services Disabled TLS port Residential port EtherType 0x8100 IEEE control packets tunneling Disabled Configuring TLS To set the TLS, proceed as follows: 1.
Page 349 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Enabling/Disabling the TLS The tls command, in Global Configuration mode, enables or disables the TLS. NOTE By default, all ports are set as residential ports. Command Syntax device-name(config)#tls {enable | disable}...
Page 350 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) NOTE The TLS must be enabled before executing this command. To enable the TLS use the tls enable command in Global configuration mode. The TLS core port must be configured as tagged member on the TLS VLAN.
Page 351: Displaying Tls Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Enabling Tunneling of IEEE Control Packets The tls tunneled-ieee-pdu command, in Interface Configuration mode, enables tunneling of IEEE Control packets. The no form of this command disables tunneling of IEEE Control packets.
Page 352: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) • The TLS access (user) ports. Command Syntax device-name#show tls Example device-name#show tls TLS is enabled TLS EtherType 0x8100 +===========+========+ Interface | Mode +-----------+--------+ 1/1/1 | user 1/1/9...
Page 353: Configuring Tls With Mstp Tunneling
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) 1. Enable TLS: device-name#configure terminal device-name(config)#tls enable 2. Set EtherType to 0x7000: device-name(config)#tls ethertype 0x7000 3. Set the TLS core (uplink) port on interface 1/1/9: device-name(config)#interface 1/1/9 device-name(config-if 1/1/9)#tls uplink 4.
Page 354 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Figure 7: TLS Example with MSTP Tunneling Down Switch Configuration: 1. Enable TLS: device-name#configure terminal device-name(config)#tls enable 2. Create the TLS VLAN: device-name(config vlan)#create vlantls 10 device-name(config vlan)#config vlantls...
Page 355 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) 2. Create the TLS VLAN: device-name(config vlan)#create vlantls 10 device-name(config vlan)#config vlantls device-name(config-vlan vlantls)#add ports 1/1/1,1/1/2 tagged device-name(config-vlan vlantls)#exit device-name(config vlan)#exit 3. Set the TLS core (uplink) ports:...
Page 356: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Acronyms Table 4 provides a list of acronyms that are used in this document and lists their meaning. Table 4: Acronyms Acronym Meaning Access Control List Local Area Network...
Page 357: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring TLS (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Transparent LAN Services (TLS) Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Transparent LAN No standards are No MIBs are supported...
Page 358 Foundry Networks Configuring Ethernet Services This chapter introduces Ethernet Services based on Q-in-Q encapsulation. The chapter provides an introduction of the networking principles utilized and contains the related configuration commands. This chapter consists of the following sections: TABLE OF FIGURES ............................ 2 ETHERNET SERVICES..........................
Page 359: Table Of Figures
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Table of Figures Figure 1: Ethernet Services ....................4 Figure 2: Ethernet Services Configuration Flow..............5 Figure 3: Example Configuration and Performance............14 Table of Figures © 2008 Foundry Networks, Inc.
Page 360: Ethernet Services
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Ethernet Services Ethernet Services are based on Transparent LAN Services (TLS) technology. TLS implements a single LAN between multiple subscriber locations across a metro area network. Providers can use TLS to create Virtual Private Network (VPN) tunnels for each customer, giving the appearance of a dedicated LAN for each user.
Page 361: Ethernet Services Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Figure 1: Ethernet Services Learning MAC addresses on PEs is done on a per-Service VLAN and per-customer VLAN basis. Within the PE devices double MAC learning takes place and for this reason packets are switched both in the customer and Service VLANs, instead of being flooded.
Page 362: Configuring Ethernet Services
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Start Enable TLS (see Configuring Transparent LAN Services (TLS)) Create TLS VLANs (see Configuring VLANs) Set TLS Uplink and TLS User ports (see Configuring Transparent LAN Services (TLS))
Page 363 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Command Description sap c-vlans Creates a Service Access Point, comprising a Port and VLAN, for the service being configured. sap c-vlan-wildcard Creates a Service Access Point, comprising one Port and multiple VLANs, for the service being configured.
Page 364 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) |001 | TEST1 | 0012 | 0001 |QinQ Defining Encapsulation Type The encapsulate qinq command, in Service Configuration mode, defines the type of encapsulation that will be used for customer traffic.
Page 365 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Command Syntax device-name(config-tls SERVICE-NAME)#sap UU/SS/PP c-vlan-wildcard {all | VALUE MASK} [untagged] device-name(config-tls SERVICE-NAME)#no sap UU/SS/PP c-vlan-wildcard {all | VALUE MASK} [untagged] Argument Description UU/SS/PP The port at which customer traffic arrives.
Page 366: Configuring Mac Address Learning
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Example device-name(config-tls TEST1)#sdp 1/1/25 s-vlan 12 Enabling Traffic Filtering The sap filter unknown command, in Service Configuration mode, enables filtering of unknown traffic sent to SAP interfaces.
Page 367 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) dynamic The created MAC address entry is dynamic. secure The created MAC address entry is secure. filtered The created MAC address entry is filtered. HH:HH:HH:HH:HH:HH The MAC address in hexadecimal format.
Page 368: Configuring Watermark
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Command Syntax device-name#show mac-address-table [static | dynamic | secure | filtered] [address HH:HH:HH:HH:HH:HH] service SERVICE-NAME [sap UU/SS/PP vlan C- VLAN | sdp UU/SS/PP] Argument Description static (Optional). Displays static entries from the MAC address table.
Page 369 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) NOTE MAC addresses learned as filtered do not age. If users need to switch traffic from a MAC address that is learned as filtered, this MAC address should first be manually deleted from the FDB.
Page 370: Oam Configuration Command
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Specifying the MAC Addresses Learning Mode The security policy, in Service Configuration mode, specifies the mode of learning MAC addresses. MAC addresses can be learned as secured or dynamic.
Page 371 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Configuration Examples Configuring Ethernet Services on devices Figure 3: Example Configuration and Performance Figure 3 network nodes SW1, SW2 and SW3 are members of distant customer networks. SW3 is connected to the Provider Network (PN) through Edge Device R1, and SW1 and SW2 are connected to the Provider Network through R2.
Page 372 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) R1(config-vlan tlsvlan)#add ports 1/1/25 tagged R1(config-vlan tlsvlan)#exit R1(config-vlan)#create v12 12 R1(config-vlan)#config v12 R1(config-vlan v12)#add ports 1/1/25 tagged R1(config-vlan v12)#add ports 1/1/1 untagged Configuring Switches 1, 2 and 3 1.Configure sw1:...
Page 373 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) R2(config)#tls enable R2(config)#interface 1/1/1 R2(config-if 1/1/1)#tls user R2(config-if 1/1/1)#interface 1/1/9 R2(config-if 1/1/9)#tls user R2(config-if 1/1/2)#interface 1/1/25 R2(config-if 1/1/25)#tls uplink R2(config-if 1/1/25)#end 2. Configure TLS on R1 device:...
Page 374 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) sdp 1/1/25 s-vlan 12 sap 1/1/1 c-vlans 3-4 sap 1/1/9 c-vlans 3-4 Service State: 6. Display all services that have been configured on the R1 device so far:...
Page 375: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Acronyms Table 5 provides a list of acronyms that are used in this document and lists their meaning. Table 5: Acronyms Acronym Meaning Local Area Network MEF OAM...
Page 376: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Ethernet Services (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Ethernet Services Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Ethernet Services No Standards are supported No MIBs are supported by No RFCs are supported by by this feature.
Page 377 Foundry Networks Configuring Simple Network Management Protocol (SNMP) The following chapter provides detailed information about the Simple Network Management Protocol (SNMP) - the Internet standard protocol for managing nodes on an IP network. This chapter explains how SNMP works and describes how to set it up on the network. The chapter consists of the following sections: TABLE OF FIGURES ............................
Page 378 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Table of Figures Figure 1: SNMP Agent and Manager Communication ............3 Figure 2: Trap Sent to SNMP Manager Successfully ............5 Figure 3: Inform Request Sent to SNMP Manager Successfully ..........5 Figure 4: Trap Unsuccessfully Sent to SNMP Manager ............6...
Page 379: Simple Network Management Protocol
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Simple Network Management Protocol The Simple Network Management Protocol (SNMP) architectural model is a collection of network management stations and network elements. Network management stations execute management applications that monitor and control network elements. Network elements are devices that have management agents responsible for performing the network management functions requested by the network management stations.
Page 380: Snmp Manager
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Structure of Management Information (SMI) Management information is a collection of managed objects, residing in a virtual information store, termed the Management Information Base (MIB). Collections of related objects are defined in MIB modules.
Page 381 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) that receives an Inform request acknowledges the message with an SNMP response PDU. If the manager does not receive an Inform request, it does not send a response. If the sender does not receive a response after a particular time interval, the Inform request can be sent again.
Page 382 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Figure 4: Trap Unsuccessfully Sent to SNMP Manager Figure 5, the agent sends an Inform request to the manager, but the Inform request does not reach the manager. Since the manager did not receive the Inform request, it does not send a response.
Page 383 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) To match the described requirements, we need an additional configuration of users, on whose behalf Inform PDUs can be sent. User keys are required to be localized with the snmpEngineID of the Manager (the authoritative side).
Page 384 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Versions of SNMP The application software supports the following versions of SNMP: SNMPv1 SNMPv1 is version 1 of the Simple Network Management Protocol. It enables the user to get and set MIB objects, traverse the MIB tree using the getNext operation and enable the management station to receive asynchronous messages from the agent using the trap mechanism.
Page 385: Snmp Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Table 1: Security Levels Available in the SNMPv3 Security Models Level Authentication Encryption Explanation noAuthNoPriv Username All PDUs are sent unencrypted and not authenticated in the network. authNoPriv...
Page 386: Configuring And Displaying The Snmp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Parameter Default Value SNMP agent Disabled UDP port SNMP user Not configured Retry inform operation 3 times Inform operation timeout 30 seconds SNMP notification log Disabled NOTE User names, group names and view names are limited to 32 characters.
Page 387 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Command Description snmp-server view Defines the subset of all MIB objects accessible to the given view. snmp-server group Creates an SNMP group with a specified security model (v1, v2c or v3) and defines the access-right for this group by associating views to this group.
Page 388 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Description ENGINE-ID A string of 10 to 64 characters (represented internally by 5 to 32 bytes) that represents the agent’s Engine ID as a hexadecimal number. Use an even number of characters in the range <0 –...
Page 389 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) (type of rule and mask). The mask is optional and defines wildcard characters for matching multiple Object IDs. The mask is entered as a hexadecimal value, and is interpreted as a binary value.
Page 390: Defining Snmp Groups
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Example 3 The following command removes the specified view data. If the optional Object ID is not supplied, all the data of the view VIEWNAME will be deleted. If the user enters an Object ID (by name or dot-notation), then only the rule with the view family that matches the Object ID will be deleted.
Page 391 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Description NAME Configures a new SNMP group on the device. The name of the group is limited to 32 characters. Version 1 of the SNMP protocol. Version 2 of the SNMP protocol.
Page 392 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) If the security model is v3, enter the security level for the user. For SNMPv3 users, if no security level is specified, noAuthNoPriv security level is assumed. If...
Page 393 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) device-name(config)#snmp-server user TOM group g_all_v1 v1 Example 2 The following example shows how to create a user named TOM that uses SNMP v3 with authentication and privacy. The privacy password is privPass and the authentication password is...
Page 394: Notification Configuration Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) To remove the upper access list from user “IVAN”, the user can type: device-name(config)#no snmp-server access-list IVAN Hiding the OutBand Interface The snmp-server if-tables hide outBand command, in Global Configuration mode, hides the OutBand data in the SNMP ifTable/ifXTable/ipAddrTable/ipForwardTable.
Page 395 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Command Description clear snmp-server log-notify Clears the SNMP notification log. snmp-server target-addr Defines the notification target address. snmp-server set-execute-trap Enables sending snmpSetExecuted notifications. snmp-server authentication- Enables sending authentication failure traps.
Page 396 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Example device-name(config)#snmp-server notify linkUp tag1 Table 5: Notification Name Argument Values Argument Value Description portSecurityViolation This trap indicates that a security violation was made on a port defined as a secure port.
Page 397 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Value Description authenticationFailure This trap indicates that the SNMP entity, acting as an agent, has received a protocol message that is not properly authenticated. The authentication method depends on the version of SNMP that is used.
Page 398 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Value Description portsBroadcastExceeded This trap indicates that the sending agent sensed that the number of broadcasts packets has passed the programmed threshold on one of the interfaces.
Page 399 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Value Description batmPortSECViolation This trap is sent when port security is enabled on a port, and security violation was detected. The notification will contain the following information:...
Page 400 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Value Description cliconfigurationChanged This trap informs the user if a change of configuration has been performed through the CLI (telnet, SSH session) and logged in NVRAM. This notification does not contain any variable bindings because the software does not have SNMP support for configuration history.
Page 401 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Value Description batmPwVcTDMStatusChange This trap is sent when the operational or administrative status of circuit changes. batmSapCreated This trap is sent when a new row is created in the sapBaseInfoTable.
Page 402 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Value Description saaThresholdCrossed This notification is generated when a SAA monitored parameter is detected to have crossed preconfigured threshold in any direction, raising or falling. batmDuplicatedMACAddressAlarm This notification is sent once the duplicate MAC address, per VLAN, is learned on different port.
Page 403 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Every notification that was sent through the network is logged. The log entry includes the target addresses to which it was sent. When this command is applied, one entry per notification is added for each IP address that the notification was destined to, including the sequence ID for each of the IP addresses.
Page 404 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) noauth Security level, which implies no authentication and no encryption of the PDUs. auth Authentication of the PDUs based on HMAC-MD5 or HMAC-SHA. No encryption. priv Authentication based on HMAC-MD5 or HMAC-SHA and CBC-DES encryption for the message data.
Page 405 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Example 2 device-name(config)#snmp-server target-addr XYZ addtag tag2 Enabling Sending snmpSetExecuted Notifications The snmp-server set-execute-trap command in Global Configuration mode, enables sending snmpSetExecuted notifications upon each successful SET request. The no form of this command disables sending snmpSetExecuted notifications.
Page 406 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Description PROFILE- The name of the profile. NAME OBJECT-ID The starting point inside the MIB tree given in dot-notation or as an object name. included The Object-ID is included in the profile.
Page 407: Snmp Mib-Ii System Group Elements Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Argument Description time The time in seconds to wait for an acknowledgement before resending an unacknowledged Inform PDU. Example The following example sets the time for to wait for an acknowledgement before resending an...
Page 408 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Command Syntax device-name(config)#snmp-server contact .LINE-TEXT device-name(config)#no snmp-server contact Argument Description .LINE-TEXT Descriptive system contact string, up to 80 characters long. Example device-name(config)#snmp-server contact tom@comp.com Defining the System Name The snmp-server system-name command, in Global Configuration mode, sets the MIB-II system name.
Page 409: Snmp Display Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) SNMP Display Commands Table 7 lists the display commands for the SNMP Agent. Table 7: SNMPv3 Agent Display Commands Command Description show snmp-server Displays the status of the SNMP server – enable or disable, and the UDP port on which the SNMP server is enabled.
Page 410 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Inform timeout 2 secs Displaying the Engine-ID The show snmp-server engineID command, in Privileged (Enable) mode, displays the local SNMP engine ID of the SNMP agent, all Engine IDs that are known to the agent, and information about the Inform operation values that are different from their default values.
Page 411 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Group: GR1 model:v3 Auth Displaying All Configured Views The show snmp-server view command, in Privileged (Enable) mode, displays all configured views. This command displays the viewmask of a particular view if it is configured. If the name of the view is specified, only data for the views with the specified name is displayed on the screen.
Page 412 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Displaying the Notification Target Parameters The show snmp-server target-param command, in Privileged (Enable) mode, displays the notification target parameters. Command Syntax device-name#show snmp-server target-param Example device-name#show snmp-server target-param...
Page 413 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Notify Name: resilientLinkStatusChange Notify type: trap Tag: tag Displaying the Notification Log The show snmp-server log-notify command, in Privileged (Enable) mode, displays the SNMP notification log. Command Syntax...
Page 414 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) • SENDING_PROBE, indicating that the agent has no knowledge of the notification recipient’s snmpEngineID and SNMP engine ID discovery procedure is under its way. • WAITING_RETRANSMISSION, indicating that the agent knows the snmpEngineID of the notification recipient (and is already time-synchronized with it), and sends correct Inform PDUs to it, but the manager has not acknowledged it yet.
Page 415: Configuration Examples
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) User name: IVAN Access List: MyLyst device-name#show access-lists Standard routing-protocol access-list MyLyst permit 220.132.0.0/16 Configuration Examples Using SNMPv1 In this example two SNMP users will be added to the device. Both users use SNMPv1. The first user will use the public community with read-only permission and the second user will use the private community with read-write access.
Page 416 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) device-name(config)#snmp-server view viewAll 1.3 included 3. Create a group named gall, which supports only notification view: device-name(config)#snmp-server group gall v1 read none write none notify viewAll 4. Create a user named trap_v1 with group gall for SNMPv1: device-name(config)#snmp-server user trap_v1 group gall v1 5.
Page 417 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) device-name#configure terminal device-name(config)#snmp-server enable 2. Create snmp view, starting from the 1.3.6 object ID in the MIB tree: device-name(config)#snmp-server view MyView 1.3.6 included 3. Create group public_grp with SNMP v1 security level and define the access...
Page 418: Using Snmpv3
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) PDUs received with community name public. device-name(config)#snmp-server user public group public_grp v2 4. Attach the user public to the group public_grp for the security model v3. The restrictions of the v3_read and v3_write views will be applied on the SNMPv3 PDUs received with the user name public for security level AuthPriv.
Page 419 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Configuring a Target Address to Receive Informs and Traps The following example shows how to configure RMON risingAlarm as an Inform notification and RMON fallingAlarm as a trap. It also shows how to deliver RMON risingAlarm and RMON fallingAlarm to a specified IP address (192.168.0.30).
Page 420 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Specify a read view – all. Specify a write view – all. Finally specify the notify view – all: device-name(config)#snmp-server group grpLocal v3 auth read all write all notify all 11.
Page 421 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) device-name#show snmp-server log-notify 1993/01/01 00:02:26 linkUp notification sent: interface 1/1/1 1993/01/01 00:04:11 linkDown notification sent: interface 1/1/1 8. Prevent the notifications grouped in tag NotifyTag2 (linkDown in this particular case) from...
Page 422: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Acronyms Table 8 provides a list of acronyms that are used in this document and lists their meaning. Table 8: Acronyms Acronym Meaning Management Information Base Protocol Data Unit...
Page 423: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Simple Network Management Protocol Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Simple Network STD0015, Simple Network No MIBs are supported RFC 1157, SNMPv1 –...
Page 424 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring SNMP (Rev. 03) Feature Standards MIBs RFCs RFC 3416, Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP) RFC 3417, Transport Mappings for the Simple Network Management...
Page 425: Configuring Spanning Tree Protocol
Foundry Networks Configuring Spanning Tree Protocol (STP) This chapter provides an overview of Spanning Tree Protocol (STP), its parameters and concepts. STP configuration commands, examples, and some guidelines are presented. The chapter consists of the following sections: TABLE OF FIGURES ............................ 2 SPANNING TREE PROTOCOL (STP)......................
Page 426 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Table of Figures Figure 1: Bridge ID Field of a Bridge Protocol Data Unit ............3 Figure 2: Example for the BPDU Age Parameter ..............5 Figure 3: Example for Calculating the Diameter ..............9 Figure 4: Spanning Tree Port States..................10...
Page 427: Spanning Tree Protocol (Stp)
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. An Ethernet network will function properly if only one active path exists between any two stations.
Page 428: Election Of The Root Bridge
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Election of the Root Bridge The devices in the network exchange data messages, called Bridge Protocol Data Units (BPDUs) to gather), for information about other switches in the network.
Page 429 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Table 1: Spanning Tree Protocol Timers Variable Description Hello timer Determines how often the broadcasts hello messages to other devices. Forward-delay Determines how long each of the listening and learning states lasts before timer the port begins forwarding.
Page 430 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) • Switch B and C will receive a config BPDU from A with a message age of zero. On the port going to A, it will take max age seconds before the information ages out (20 seconds by default).
Page 431 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Maximum_frame_lifetime = dia transit_delay + med_access_delay • Maximum transmission halt delay - the time it can take to effectively block a port once it has decided to do so. IEEE counts one second as the maximum for this event. This is expressed by...
Page 432 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) And the following formula for the forward delay: forward_delay = (End-to-end_BPDU_propa_delay + Message_age_overestimate + maximum_frame_lifetime + Maximum_transmission_halt_delay ) / 2 = (lost_msg + 1) hello + (BPDU_Delay (dia - 1) + (dia - 1)
Page 433: Stp Port States
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Figure 3: Example for Calculating the Diameter The user can see from the diagram that there is no pair of devices that would give a diameter higher than five.
Page 434 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Figure 4: Spanning Tree Port States When the device is powered up and STP is enabled, every port in the device goes through the blocking state and the transitory states of listening and learning. Spanning tree stabilizes each port at the forwarding or blocking state.
Page 435 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) • Discards frames switched from another port for forwarding • Does not learn addresses • Receives BPDUs. Listening State The listening state is the first state a port enters after the blocking state. The port enters this state when STP determines that the port should participate in frame-forwarding.
Page 436: Stp Address Management
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) STP Address Management IEEE 802.1D specifies 17 multicast addresses, ranging from 0x0180C2000000 to 0x0180C2000010, to be used by different bridge protocols. These addresses are static addresses that cannot be removed.
Page 437 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Figure 6: Topology Change Example Figure 6 shows an example for the network reaction to a topology change. The initial data path between Computer A and Computer B was: Switch A =>...
Page 438 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Figure 7: Topology Change Example with TCN Message Figure 8, the root bridge generates messages with the TC flag set, causing all the bridges to reduce their address aging timer to forward-delay time.
Page 439 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) The error level is considered critical when the CRC error rate exceeds 1% within a 3-second interval. When the error level reaches the critical value, the switch triggers a Spanning Tree or Rapid Spanning Tree reconfiguration.
Page 440: Stp Configuration Flow
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) The mrouter port of Switch C that links to Switch B is blocked. If a topology change occurs and the link between Switch C and Switch A goes down, the blocked port of Switch C turns into forwarding state.
Page 441: Stp Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Start Enable STP Is the bridge going to be a root? Change the priority to be the lowest in the net Set the STP Timers (Hello, hold, forward delay, etc…) (see “STP Global...
Page 442: Configuring And Displaying Stp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Parameter Default Value STP IGMP Fast Recovery Disabled Debug STP Disabled Configuring and Displaying STP Normally, the STP default parameter values are sufficient for obtaining a loop free redundant network topology.
Page 443 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Enabling/Disabling STP The spanning-tree command, in Protocol Configuration mode, enables/disables the Spanning Tree option. To disable the spanning tree the user can also use the no form of the command.
Page 444 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) The hello time is the interval between the generations of configuration messages by the root switch. These messages indicate that the switch is alive. The user needs to use this command when the unit is the root of the Spanning Tree, or trying to become so.
Page 445 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) By default, the MaxAge value is 20 second, and the range depends on the hello time and forward delay values (between 4 and 30 seconds). NOTE The MaxAge value must be greater than 2*(hello-time + 1) and less than 2*(forward-delay –...
Page 446: Stp Interface Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) disable Disables the Spanning Tree IGMP fast recovery. vlan VLAN-LIST List of VLAN IDs, in the form {k|k1-k2} [, {l | l1-l2}[,{m|m1-m2}[,… ]]], where commas separate between terms and hyphens indicate ranges.
Page 447 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Table 4: STP Interface Configuration Commands Command Description spanning-tree path-cost Sets the STP port path-cost. spanning-tree priority Sets the STP port priority. spanning-tree defaults Restores the STP parameters to their defaults for the configured interface.
Page 448: Stp Display Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Argument Description priority STP priority value in range <0-255>, which assigned to the configured interface. Restoring the STP Interface Parameters to Their Defaults The spanning-tree defaults command, in Interface Configuration mode, restores the STP parameters to their defaults for the configured interface.
Page 449 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Displaying the STP Configuration The spanning-tree command, in Protocol Configuration mode, displays the current STP parameter describes the parameters displayed by the spanning-tree command. configuration. Table 6 Command Syntax...
Page 450 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Parameter Description ForwardDelay The minimum time period in seconds to elapse between the transmissions of Configuration BPDUs through a given LAN Port: at most one Configuration BPDU shall be transmitted in any Hold Time period.
Page 451 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Argument Description UU/SS/PP Unit, slot and port number of interface to be configured. The configuration mode is changed accordingly. The configuration mode does not change. Spanning Tree topology for all ports is displayed.
Page 452 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Parameter Description PortPathCost The contribution of the path through this port, when the port is the Root Port, to the total cost of the path to the Root for this Bridge.
Page 453 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Table 8: Parameters Displayed by STP Show Commands for All Interfaces Parameter Description Port The interface unit/slot/port. The port priority, which is part of the port identifier. State The current state of the port (i.e., Disabled, Listening, Learning,...
Page 454 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Displaying the STP Interface Configuration for a Specific Interface The show spanning-tree interface command, in Privileged (Enable) mode, displays the Spanning- Tree topology for the specified port. Table 7 describes the parameters displayed by this command.
Page 455: Debugging Stp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Spanning tree enabled ProtocolSpecification = ieee8021d Priority = 32768 TimeSinceTopologyChange = 0 (Sec) TopChanges DesignatedRoot = This bridge is the root MaxAge = 20 (Sec) HelloTime (Sec) ForwardDelay...
Page 456: Configuration Example
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Activates debugging when the device receives TCN or transmits BPDU with topology change ACK. Displaying the Status of the STP Debug The show debug stp command, in Privileged (Enable) mode, displays the debug status for the STP.
Page 457 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Figure 12: Spanning Tree Configuration Example Configuration of Switch A: 1. Enable Spanning Tree Protocol: SwitchA#configure terminal SwitchA(config)#protocol SwitchA(cfg protocol)#spanning-tree enable 2. Set the STP bridge priority to 4096, to make Switch A the Bridge Root.
Page 458 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) 4. Set the STP Maximum aging time to 10. This calculation was done according dia) - 2, when the hello- to the following formula Max_age = (4 hello) + (2...
Page 459 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) SwitchE(config-if 1/1/4)#no spanning-tree detect-tc Displaying the Configuration of Switch D: SwitchD#show spanning-tree Spanning tree enabled ProtocolSpecification = ieee8021d Priority = 8192 TimeSinceTopologyChange = 0 (Sec) TopChanges DesignatedRoot = 04096.00:12:F2:11:29:92...
Page 460 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) 01/01/10 128 frwrd 19 32768.0012F2030303 128.10 1 Enabled Spanning Tree Protocol (STP) © 2008 Foundry Networks, Inc. Page 36 of 38...
Page 461: Acronyms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Acronyms Table 10 provides a list of acronyms used in this document and their meaning. Table 10: Acronyms Acronym Meaning Access Control List Bridge ID BPDU Bridge Protocol Data Units...
Page 462: Supported Platforms
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring STP (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Spanning Tree Protocol Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Spanning Tree Protocol IEEE 802.1D-1998 Private MIB, idbStp.mib No RFCs are supported by this feature.
Page 463 Foundry Networks Configuring Rapid Spanning Tree Protocol (RSTP) The following chapter provides detailed information about the Rapid Spanning Tree Protocol. The chapter also explains how to configure the RST protocol and concludes with an illustrated configuration example. This document contains the following major sections: TABLE OF FIGURES ............................
Page 464 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Table of Figures Figure 1: Proposal and Agreement Handshaking for Rapid Convergence......5 Figure 2: Sequence of Events during Rapid Convergence............6 Figure 3: RSTP BPDU Flags....................6 Figure 4: Spanning Tree IGMP Example................8 Figure 5: Spanning Tree IGMP Fast Recovery Example............9...
Page 465 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Rapid Spanning Tree Protocol (RSTP) The Rapid Spanning Tree Protocol is based on IEEE Std 802.1w and is part of Amendment 2: Rapid Reconfiguration to IEEE Std 802.1D and IEEE Std 802.1t-2001.
Page 466 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) In a stable topology with consistent port roles throughout the network, the RSTP ensures that the immediate transition of every root port and designated port to the forwarding state and the alternate and backup ports are all kept in the discarding state (equivalent to the blocking state in STP).
Page 467: Synchronization Of Port Roles
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Figure 1: Proposal and Agreement Handshaking for Rapid Convergence Determining the Port Link Type The device determines the link type of a port according to the port duplex mode: •...
Page 468 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Figure 2: Sequence of Events during Rapid Convergence RSTP BPDU Format and Processing The RSTP BPDU has the same format as the STP BPDU except for the protocol version, which is set to 2.
Page 469 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) RSTP uses the Topology Change (TC) flag to indicate topology changes. Unlike STP, the RSTP does not have a separate topology change notification (TCN) BPDU. However, for interoperability with STP switches, the RSTP switch processes and generates TCN BPDUs.
Page 470 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Figure 4: Spanning Tree IGMP Example The multicast router sends an IGMP query to the clients for their multicast group memberships. IP hosts reply with IGMP Reports. The traffic flows from the router, through Switch D and Switch A, to Switch C.
Page 471 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Figure 5: Spanning Tree IGMP Fast Recovery Example The STP IGMP Fast recovery is disabled by default. To set the STP IGMP Fast recovery, use the spanning-tree igmp-fast-recovery command in Protocol Configuration mode.
Page 472 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Start Enable RSTP Is the bridge going to be a root? Change the priority to be the lowest in the net Set the RSTP Timers (Hello, hold, forward delay, etc…)
Page 473 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Parameter Default Value RSTP Link Type Auto RSTP Interface Path-cost Table 4 RSTP Interface Priority RSTP debug Disabled Table 4: Default Path Cost Values (IEEE802.1s) Link Speed Recommended Value...
Page 474: Rstp Global Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) RSTP Global Configuration Table 5 lists the RSTP global configuration commands. Table 5: RSTP Global Configuration Commands Command Description rapid-spanning-tree Enables/disables the RSTP option. rapid-spanning-tree Assigns the RSTP bridge priority value.
Page 475 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) NOTE RSTP uses a single Access List resource for each GigE port / each group of 8 Fast- Ethernet ports. To understand resource allocation of Access Lists, please refer to the “Configuring Access Control Lists (ACLs)”...
Page 476 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Argument Description hello-time The time interval, in seconds, between BPDU transmissions from the ports of this unit. The range is <1-9> seconds. The default value is 2 seconds.
Page 477 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Argument Description max-age The time, in seconds, during which learned Rapid Spanning Tree information is kept before being discarded. The range is <6-28> seconds. The default value is 20 seconds.
Page 478 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) This functionality is provided in order to permit bridge ports that are (administratively) known to be at the edge of the Bridged LAN to transition to Forwarding without delay.
Page 479 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) The device entity has been configured by management means for full-duplex operation. Otherwise, the MAC is considered to be connected to a LAN segment that is not point-to- point (shared media).
Page 480 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) point-to-point Indicates that the configured interface is connected to one device, which runs RSTP. shared Indicates that the interface is not connected to a single switch that is running RSTP.
Page 481 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Argument Description priority RSTP priority value in range 0 (highest priority) to 240 (lowest priority), assigned to the configured interface in increments of 16. Any other number will be rounded down.
Page 482 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Command Description rapid-spanning-tree Displays the settings of RSTP parameters of the specified interface interface, changes the mode to the configuration mode of this interface, and enables the setting of the RSTP in the specified interface.
Page 483 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Parameter Description Priority The bridge priority, which is part of the bridge identifier. TimeSinceTopologyChange The time since topology change occurred, counted in seconds. TopChanges Counts of the number of times the Topology Change flag parameter for the bridge has been set since the device was powered-up.
Page 484 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Displaying the RSTP Interface Configuration for All Interfaces The rapid-spanning-tree interface command, in Protocol Configuration mode, displays the settings of the RSTP parameters on the specified interface. The command switches the CLI to Interface Configuration mode, in which the user can configure the specified interface.
Page 485 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) device-name(cfg protocol)#rapid-spanning-tree interface all ============================================================================ Port |Pri|Prt role|State |PCost |DCost |Designated bridge |DPrt |FwrdT --------+---+--------+-------+-------+-------+------------------+------+- 01/01/01 128 Designat frwrd 40000 400000 32768.0012F2010101 128.01 2 01/01/03 128 Designat frwrd...
Page 486 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Parameter Description DesignatedBridge The unique Bridge Identifier of one of the following: • The Bridge to which the port belongs, in the case of a Designated port. •...
Page 487 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Parameter Description Root port, to the total cost of the path to the port for this Bridge. This parameter is used, added to the value of the Designated Cost...
Page 488 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Example In the following example the DesignatedRoot value indicates that the bridge is the root: device-name#show rapid-spanning-tree interface 1/1/1 PortPriority = 128 PortState = forwarding PortRole = Designated Port...
Page 489 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) 01/01/01 128 Designat frwrd 40000 400000 32768.0012F2010101 128.01 2 01/01/03 128 Designat frwrd 200000 400000 32768.0012F2010101 128.03 1 01/01/04 128 Designat frwrd 200000 400000 32768.0012F2010101 128.04 1 01/01/20 128 Altern...
Page 490 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) 0xa139eb20 (tSpanPRT): Designated synced port 1/1/12 0xa139eb20 (tSpanPRT): Designated proposing port 1/1/12 0xa1391880 (tSpanPRS): 0xa1391880 (tSpanPRS): Select-Port-Roles 0xa1391880 (tSpanPRS): ================= 0xa1391880 (tSpanPRS): 0xa1391880 (tSpanPRS): Port 1/1/9 Is DesignatedPort...
Page 491 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) RSTP debug handshake is on Configuration Example The following is an example for the use of the Rapid Spanning Tree Protocol. Figure 7 shows the network configuration followed by the switches configuration. For more information regarding the formulas that appear in this example see chapter “Configuring Spanning Tree Protocol (STP)”.
Page 492 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) 2. Set the RSTP bridge priority to 4096, to make Switch A the Root Bridge: SwitchA(cfg protocol)#rapid-spanning-tree priority 4096 3. Set the RSTP forwarding delay timer to 7. This calculation was done...
Page 493 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) 3. Configure ports 1/1/3 and 1/1/4 on Switch D as edge ports, since they are connected to PCs. This will disable topology change detection on these ports: SwitchD(config-if 1/1/1)#interface 1/1/3...
Page 494 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) NOTE Interface 1/1/20 is the alternate port since the DPrt of 1/1/21 is better. Switch A is the root since its bridge priority has the lowest value (4096).
Page 495 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Acronyms Table 12 provides a list of acronyms used in this document and their meaning. Table 12: Acronyms Acronym Meaning Access Control List BPDU Bridge Protocol Data Units...
Page 496 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring RSTP (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Rapid Spanning Tree Protocol Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Rapid Spanning Tree IEEE 802.1d-1998 draft-rstpmib-00.mib No RFCs are supported Protocol by this feature.
Page 497 Foundry Networks Configuring Multiple Spanning Tree Protocol (MSTP) This chapter describes how to configure the Multiple Spanning Tree Protocol (MSTP). The chapter focuses on a spanning-tree instance called MST-Instance (MSTI), Fast Ring mode and the other important aspects of this protocol. MSTP commands and examples are presented. The chapter consists of the following sections: TABLE OF FIGURES ............................
Page 498 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Table of Figures Figure 1: MSTP within a Region ..................5 Figure 2: MST Regions, IST Masters, and the CST Root.............5 Figure 3: MSTP in Ring Topology in a Link-Down Event..........10 Figure 4: MSTP in Ring Topology with a Router in Link-Down Event......12...
Page 499 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Overview The Multiple Spanning Tree Protocol (MSTP) carries the concept of the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) a leap forward by allowing you to group and associate VLANs to multiple spanning tree instances (forwarding paths).
Page 500: Operations Within An Mst Region
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) The MST configuration determines to which MST region each switch belongs. The configuration includes the name of the region, the revision number, and the MST instance-to-VLAN assignment map.
Page 501 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Figure 1: MSTP within a Region Operation between MSTP Regions If there are multiple regions or legacy 802.1D switches within the network, MSTP establishes and maintains the CST, which includes all MST regions and all legacy STP switches in the network.
Page 502 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Only the CST instance sends and receives BPDUs, and MST instances add their spanning-tree information into the BPDUs to interact with neighboring switches and calculate the final spanning- tree topology.
Page 503: Boundary Ports
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) MST Instances The application software supports up to 16 instances. Each spanning tree instance is identified by an instance ID that ranges from 0 to 15. Instance 0 is mandatory and is always present. Instances 1 through 15 are optional.
Page 504: Edge Ports
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Regional Root The root bridge of each MSTI in a region is referred to as the MSTI’s regional root. In the case of the IST (MSTI0), it is referred to as the CIST Regional root. Therefore, the terms “IST Master”...
Page 505: Path Cost
Using this mode of operation for any other topology is strongly disapproved. Foundry Networks offers two Fast Ring solutions, MSTP Fast Ring and Interoperability Fast Ring: 1. Fast Ring – Can be used when all the devices in the ring are NetIron M2404F switches and all of them can be configured with MSTP enable.
Page 506 • Switch 14 will “feel” link-down on its root port. • Foundry Networks’s ring solution will occur and the traffic will flow in the new direction in a split second. Figure 3: MSTP in Ring Topology in a Link-Down Event...
Page 507 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Interoperability Fast Ring The Interoperability Fast Ring solution enables the user to use a non-gateway device as part of the ring and still enjoy the device Fast Ring convergence time and redundancy. This solution was designed especially for interoperation with routers that do not support MSTP or RSTP protocols.
Page 508 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Figure 4: MSTP in Ring Topology with a Router in Link-Down Event NOTE When MSTP Fast Ring is used, all of the user ports must be configured as MSTP edge ports.
Page 509 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Spanning Tree IGMP Fast Recovery Using the STP IGMP Fast recovery, the Multicast traffic takes advantage of the connectivity and convergence time provided by the Spanning Tree Protocols.
Page 510 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) result, the traffic for client(s) connected to Switch C is transmitted through Switch B instead of through Switch A, as shown on Figure Figure 6: Spanning Tree IGMP Fast Recovery Example The STP IGMP Fast recovery is disabled by default.
Page 511 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) records. Table 2, displays an example of a BPDU generated in Cisco-compliant mode. In Cisco- compliant mode, the switch generates and parses BPDUs with the format generated by Cisco...
Page 512 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) BPDU Field Content Message age 00 00 Max age 14 00 Hello Time 02 00 Forward Delay 0f 00 Version 1 length (should be 0) Version 3 length (Mrecords total...
Page 513 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Field name Value Note Protocol version Identifier BPDU type CIST Flags CIST Root Identifier 60 00 00 07 eb d5 a2 00 CIST Ext. Path Cost 00 00 00 00...
Page 514 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Field name Value Note MSTID The whole M-Record structure is different. In the 802.1s there is no MSTID field. The priority of the sending bridge and the port...
Page 515 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) 1. The difference between Cisco-compliant mode and IEEE 802.1s-compliant mode concerns the conditions under which the Agreement flag is set in a BPDU being sent: • In Cisco-compliant mode, MSTP sends a BPDU with the Agreement flag set when o the port is a Root port o the port is synced, i.e.
Page 516 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Prerequisites The MSTP implementation operates over MSTIs, which are in turn, mapped into groups of VLANs. However, since MSTP does not enforce VLAN membership state for ports, a situation of inconsistency between the MSTP port’s state and the real state of the port may arise.
Page 517 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Start Enable MSTP Is the bridge going to be a root? Change the priority to be the lowest in the net Assign VLANs to Instances Set the MSTP Timers (Hello, hold, forward delay, etc…)
Page 518 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Table 3: MSTP Default Configuration Parameter Default Value Multiple Spanning tree mode Disabled (MSTP) Spanning tree port priority Hello time 2 seconds Forward delay time 15 seconds Maximum aging time...
Page 519: Configuring And Displaying Mstp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Link Speed Recommended Value Recommended Range Range 100 Gbps 20-2,000 1-200,000,000 1 Tbps 2-200 1-200,000,000 10 Tbps 1-20 1-200,000,000 Configuring and Displaying MSTP Normally, the MSTP default parameter values are sufficient for obtaining a loop free redundant network topology.
Page 520 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) NOTE The MSTP implementation is used to achieve load balancing by diverting traffic associated with different VLANs to different links. However, when MSTP decides on which port the traffic is to be sent (i.e., which port is forwarding) for a specific MSTI (VLAN group) it does not take into account the VLAN membership of that port.
Page 521 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Argument Description enable Enables MSTP. disable Disables MSTP. Example The following command changes the CLI mode to Protocol MSTP Configuration mode: device-name(cfg protocol)#mstp enable device-name(cfg protocol)#mstp device-name(cfg protocol mstp)# Setting the Region Name The name command, in Protocol MSTP Configuration mode, sets the MST region name.
Page 522 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Exiting Protocol MSTP Mode without Storing the MST Map The abort command, in Protocol MSTP Configuration mode, exits Protocol MSTP Configuration mode without saving the MST configuration map.
Page 523 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) The forward delay is the number of seconds a port waits before changing from its spanning-tree learning and listening states to the forwarding state. By default, the forward delay time is 15 seconds.
Page 524 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Avoid using this command for any topology other than Ring topology. By default, the MSTP fast ring mode is disabled. Command Syntax device-name(cfg protocol)#mstp fast-ring ring-ports {UU1/SS1/PP1 | AGN1}...
Page 525 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Specifies the preferred ring link aggregation interface's name, where N1 represents the LAG ID number. Defining the Learning/Flushing Approach in MSTP Fast-ring The mstp learn-mode command, in Protocol Configuration mode, defines the mode in which the mac-addresses are learned/flushed.
Page 526: Setting The Bridge Priority
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) To specify a list of VLANs, use a comma. The list must be entered in increasing order of ID numbers. For example, instance 1 vlan 10, 20, 30 maps VLANs 10, 20, and 30 to MST instance 1.
Page 527 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) NOTE The following MSTP interface configuration commands can also be applied to an interface range: mstp port-priority mstp path-cost mstp bpdu-rx mstp detect-bpdu-loss mstp detect-protocols mstp edge-port mstp restrict-root mstp restrict-tcn.
Page 528 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) By default, the spanning tree port priority is 128. Command Syntax device-name(config-if UU/SS/PP)#mstp <instance-id> port-priority <priority> device-name(config-if UU/SS/PP)#no mstp <instance-id> port-priority Argument Description instance-id The MST instance ID. The range is <0-15>.
Page 529 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) administrative state variable according to the port’s knowledge of whether or not any BPDUs have been received on the Port. • EdgePort The Bridge Detection state machine controls the value of the corresponding operational state variable, operational EdgePort, which may be used in order to determine whether a port that becomes Designated is permitted to transit directly to Forwarding.
Page 530 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) o The port’s link-type is set to Auto, and the MST algorithm has determined that the LAN segment is to be operated in full duplex mode. o The port has been configured by management means for full duplex operation.
Page 531 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) By default, MSTP Link Flapping is disabled. Command Syntax device-name(config-if UU/SS/PP)#mstp link-flapping <period> device-name(config-if UU/SS/PP)#no mstp link-flapping Argument Description period Control period in milliseconds to which the actual time between switching the LinkDown and LinkUp port statuses is compared.
Page 532 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Changing the Switch Compliance Mode The mstp cisco-compliant command, in Interface Configuration mode, forces the port to work in compliance with Cisco devices (Cisco-compliant mode) and not according to IEEE 802.1s (IEEE 802.1s-compliant mode).
Page 533 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Enabling/Disabling BPDU Transmission The mstp bpdu-tx command, in Interface Configuration mode, enables/disables sending of BPDU packets on the specified interface. By default, the BPDU transmission is enabled. Command Syntax...
Page 534 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Command Syntax device-name(config-if UU/SS/PP)#mstp restrict-root {enable | disable} Argument Description enable Enables root restriction on an interface. disable Disables root restriction on an interface. Example The following example shows how to enable root restriction on interface 1/1/4:...
Page 535 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Command Description show mstp Displays the MSTP configuration in the current region. configuration show mstp Displays the whole MSTP configuration. show mstp instance Displays the configured instances. Displaying the Temporary Configuration The show pending command, in Protocol MSTP Configuration mode, displays the temporary Multiple Spanning Tree Protocol (MSTP) configuration.
Page 536: Displaying The Mstp Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Displaying the MSTP Region Configuration The show mstp configuration command, in MSTP Configuration or Privileged (Enable) mode, displays the MSTP configuration in current region. Command Syntax device-name(cfg protocol mstp)#show mstp configuration...
Page 537 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Regional Root = This bridge is the root RemainingHopCount TimeSinceTopologyChange = 3039 (Sec) TopChanges Border Bridge = enabled ===================================================================== Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt --------+---+--------+-----+------+-------+------------------+------- 01/01/02 128 Root...
Page 538 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Parameter Description BridgeMaxAge The value of the Max Age parameter in seconds when the Bridge is the Root or is attempting to become the Root. BridgeHelloTime The value of the Hello Time parameter in seconds, which...
Page 539 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Parameter Description Bridge, when it is not the Root. DCost The path cost of the Bridge recorded as the Root in the Root Identifier parameter of Configuration BPDUs transmitted by the Designated Bridge for the LAN to which the Port is attached.
Page 540 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Port State = forwarding Forward Transitions = 34 Port Role = Root Port Path Cost = 200000 CIST Root = 24576.0009B7990300 ExternalPortPathCost= 200000 Designated Root = This bridge is the regional root...
Page 541 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Parameter Description Running Version The running version is RSTP when the neighbor on this port is an RSTP or MSTP device. The running version is STP when the neighbor on this port is an STP device.
Page 542 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) mstp:Port 1/1/1 msti 0 Agrees mstp:Reroot bridge by ( 1/1/1 ) mstp:Port 1/1/1 msti 0 Rerooted By default, the debug is disabled. Command Syntax device-name#debug mstp {roles | handshake} {all | <instance-id>} device-name#no debug mstp {roles | handshake} {all | <instance-id>}...
Page 543: Mstp Port Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) device-name(config)#protocol device-name(cfg protocol)#mstp device-name(cfg protocol mstp)#instance 1 vlan 1-10 2. Assign to the MSTP region the name region1 and the revision number 1: device-name(cfg protocol mstp)#name region1 device-name(cfg protocol mstp)#revision 1 3.
Page 544 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) BPDU processing = Standard AdminLink-Type = PointToPoint Link-Type = PointToPoint RestrictedRoot = enabled RestrictedTCN = enabled Detect lost BPDUs = enabled Running Version = RSTP Link flapping = disabled...
Page 545: Network Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) TopChanges CIST Root = 00001.00:12:F2:0F:2F:27 MaxAge = 20 (Sec) HelloTime = 2 (Sec) ForwardDelay = 5 (Sec) BridgeMaxAge = 34 (Sec) BridgeHelloTime = 4 (Sec) BridgeForwardDelay = 5 (Sec)
Page 546 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Figure 8: Schematic MSTI Configuration Configuring Switch 1: 1. Create VLANs V100 and V200 and add the appropriate ports to each VLAN: device-name#configure terminal device-name(config)#vlan device-name(config vlan)#config default...
Page 547 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) device-name(config-vlan default)# remove ports 1/1/1-1/1/3 device-name(config-vlan default)#exit device-name(config vlan)#create v100 100 device-name(config vlan)#config v100 device-name(config-vlan v100)#add ports 1/1/1,1/1/3 tagged device-name(config-vlan default)#exit device-name(config vlan)#create v200 200 device-name(config vlan)#config v200...
Page 548 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) device-name(cfg protocol mstp)#instance 0 vlan 1-99,101-199,201-4093 device-name(cfg protocol mstp)#instance 1 vlan 100 device-name(cfg protocol mstp)#instance 2 vlan 200 Configuring Switch 4: 1. Create VLAN V200 and add the appropriate ports to the VLAN::...
Page 549 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) FastRing = disabled LearnMode = Standard MST00 VLAN mapped = 1-99,101-199,201-4093 Priority = 32768 Regional Root = 32768.00:A0:00:01:09:0B RemainingHopCount = 39 TimeSinceTopologyChange = 3039 (Sec) TopChanges Border Bridge...
Page 550 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) MaxAge = 20 (Sec) HelloTime (Sec) ForwardDelay = 15 (Sec) BridgeMaxAge = 20 (Sec) BridgeHelloTime (Sec) BridgeForwardDelay = 15 (Sec) ProtoMigratioDelay (Sec) MaxHopCount = 40 TxHoldCount SpanIgmpFastRecovery = disabled...
Page 551 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Displaying the Configuration on Switch 3: device-name#show mstp Multiple spanning trees = enabled ProtocolSpecification = ieee8021s Priority TimeSinceTopologyChange = 0 (Sec) TopChanges CIST Root = 32768.00:12:00:01:09:0B MaxAge = 20 (Sec)
Page 552 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) 01/01/01 128 Altern block 200000 0 32768.0012F20A0168 128.001 01/01/02 128 Root frwrd 200000 0 00000.00A00001090B 128.001 01/01/10 128 Designat frwrd 200000 0 32768.0012F2BBBBBB 128.010 Displaying the Configuration on Switch 4:...
Page 553 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) TimeSinceTopologyChange = 3039 (Sec) TopChanges Border Bridge = Disabled ========================================================================== Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt --------+---+--------+-----+---------+---------+------------------+------- 01/01/01 128 Root frwrd 200000 0 00000.00A00001090B 128.002 01/01/02 128 Altern...
Page 554 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) RemainingHopCount = 39 TimeSinceTopologyChange = 3039 (Sec) TopChanges Border Bridge = Disabled ========================================================================== Port |Pri|Prt role|State|PCost |DCost |Designated bridge |DPrt --------+---+--------+-----+---------+---------+------------------+------- 01/01/02 128 Designat frwrd 200000 0 32768.0012F20A0168 128.002...
Page 555 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) MST00 VLAN mapped = 1-99,101-199,201-4093 Priority = 32768 Regional Root = 32768.00:A0:00:01:09:0B RemainingHopCount = 39 TimeSinceTopologyChange = 3039 (Sec) TopChanges Border Bridge = Disabled ========================================================================== Port |Pri|Prt role|State|PCost...
Page 556 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Figure 10: Spanning Tree IGMP Fast Recovery Configuration Example Configuration of Switch 1: 1. Enable the MSTP protocol: Switch1#configure terminal Switch1(config)#protocol Switch1(cfg protocol)#mstp enable 2. Set the bridge priority for MST instance 0 to zero: Switch1(cfg protocol)#mstp 0 priority 0 3.
Page 557 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Switch2(cfg protocol)#mstp fast-ring ring-ports 1/1/9 1/1/10 Switch2(cfg protocol)#mstp learn-mode temporary-disabled 2 3. Enable the Spanning tree IGMP fast recovery: Switch2(cfg protocol)#spanning-tree igmp-fast-recovery Switch2(cfg protocol)#exit 4. Set port 1/1/12 as an edge port:...
Page 558 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Figure 11: BPDU guard, Loop guard, Restricted Root and Restricted TCN Configuration Example Configuration of Switch 1: 1. Enable the MSTP protocol: Switch1#configure terminal Switch1(config)#protocol Switch1(cfg protocol)#mstp enable 2.
Page 559 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Switch2(config-if 1/1/8)#mstp restrict-tcn enable Switch2(config-if 1/1/8)#exit 3. Enable Loop guard on ports 1/1/1 and 1/1/2: Switch2(config)#interface 1/1/1 Switch2(config-if 1/1/1)#mstp detect-bpdu-lost enable Switch2(config-if 1/1/1)#interface 1/1/2 Switch2(config-if 1/1/2)#mstp detect-bpdu-lost enable...
Page 560 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Figure 12: Fast Ring Topology Configuration of Switch 1 1. Enter Protocol MSTP Configuration mode and enable MSTP; disable learning and make Switch1 the root switch: Switch1#configure terminal...
Page 561 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Configuration of Switch 2 1. Enter Protocol MSTP Configuration mode and enable MSTP; disable learning and configure fast-ring ports: Switch2#configure terminal Switch2(config)#protocol Switch2(cfg protocol)#mstp enable Switch2(cfg protocol)#mstp learn-mode none Switch2(cfg protocol)#mstp fast-ring ring-ports 1/1/25 1/1/26 2.
Page 562: Configure Vlans
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Switch3#configure terminal Switch3(config)#vlan Switch3(config vlan)#create v10 10 Switch3(config vlan)#create v20 20 Switch3(config vlan)#create v30 30 Switch3(config vlan)#config default Switch3(config-vlan default)#remove ports 1/1/1-1/1/26 Switch3(config-vlan default)#config v10 Switch3(config-vlan v10)#add ports 1/1/25,1/1/26 tagged...
Page 563 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Switch4(config-vlan v30)#end Configuration of Switch 5 1. Enter Protocol MSTP Configuration mode and enable MSTP; disable learning and configure fast-ring ports: Switch5#configure terminal Switch5(config)#protocol Switch5(cfg protocol)#mstp enable Switch5(cfg protocol)#mstp learn-mode none Switch5(cfg protocol)#mstp fast-ring ring-ports 1/1/25 1/1/26 2.
Page 564 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Acronyms The following table defines terms that are used in this document and lists their acronyms as specified in the IEEE 802.1s standard. Table 13: Acronyms Acronym Term...
Page 565 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Acronym Term Definition MST Region A set of LANs and MST Bridges physically connected via Ports on those MST Bridges, where each LAN’s CIST Designated Bridge is an MST Bridge, and each...
Page 566 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring MSTP (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Multiple Spanning Tree Protocol Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Multiple Spanning Tree IEEE 802.1d-1998 Private MIB, No RFCs are supported Protocol by this feature.
Page 567 This document provides information on Multicast VLAN Registration, GARP Multicast Registration and IGMP Snooping. It describes how to configure these protocols on devices of the Foundry Networks brand. The document contains in-depth explanations of all commands involved when using these three protocols. It consists of the following sections: TABLE OF FIGURES ............................
Page 568 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Table of Figures Figure 1: IGMP Version 1 Message Fields ................3 Figure 2: IGMP Version 2 Message Fields ................4 Figure 3: Initial IGMP Join Message ..................5 Figure 4: Second Host Joining a Multicast Group ..............6...
Page 569: Igmp Snooping
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) IGMP Snooping Traditionally, IP packets are transmitted in either of two ways - Unicast (one sender to one recipient) or Broadcast (one sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network.
Page 570: Igmp Version 2
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) IGMP version 1 does not have a Leave mechanism. When a host does not want to receive the IGMP traffic any more, it just quits silently. IGMP multicast routers periodically send host membership query messages (hereinafter called queries) to discover which host groups have members on their attached local networks.
Page 571: Joining A Multicast Group
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) NOTE According to RFC 2236, all IGMP Version 2 messages should contain a Router Alert option in their IP header. IGMP will drop any IGMP Version 2 message that contains no Router Alert option in its IP header.
Page 572 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Note that the device architecture allows the CPU to distinguish IGMP information packets from other packets for the multicast group. The device recognizes the IGMP packets through its filter engine.
Page 573: Leaving A Multicast Group
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Leaving a Multicast Group In IGMP version 1, if a host does not want to receive the IGMP traffic, it just silently quits the group. IGMP multicast routers periodically send host membership query messages to discover if any member is still interested in the specific multicast group traffic.
Page 574 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) configuration (see the example). Multicast traffic will be forwarded to group members regardless of the configuration of the incoming port. Prerequisites By default, the maximum number of multicast entries that can be configured on a device is 256.
Page 575 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Start Enable IGMP snooping Disable IGMP snooping per VLAN where it is not needed Synchronize IGMP timers with other IGMP switches Is there a multicast/IGMP router?
Page 576: Configuring The Igmp Snooping Parameters
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Parameter Default Value IGMP Snooping per VLAN Enabled if IGMP Snooping is enabled. Immediate Leave Disabled Query Interval 125 seconds Query response time 10 seconds Robustness...
Page 577 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Command Description ip igmp snooping vlan Configures a host or physical interface statically to join a static multicast group. ip igmp snooping vlan Enables IGMP Immediate Leave Processing on the VLAN.
Page 578 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Command Syntax device-name(config)#ip igmp snooping vlan <vlan-id> device-name(config)#no ip igmp snooping vlan <vlan-id> Argument Description vlan-id The VLAN ID in the range <1-4094>. Example device-name(config)#ip igmp snooping vlan 200...
Page 579 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Example device-name(config)#ip igmp snooping vlan 200 mrouter interface 1/1/1 Setting a Static Multicast MAC Address The ip igmp snooping vlan static command, in Global Configuration mode, configures a host or physical interface statically to join a multicast group.
Page 580 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) NOTE IGMP Snooping Immediate Leave is suitable only if one receiver is connected on the port. By default, Immediate Leave processing is disabled. Command Syntax device-name(config)#ip igmp snooping vlan <vlan-id> immediate-leave device-name(config)#no ip igmp snooping vlan <vlan-id>...
Page 581 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Argument Description Port list, of the form u[[/s[/p]]][-u[[/s[/p]]][,u[[/s[/p]]]]]... PORT-LIST Where u, s and p represent a 1- or 2-digit unit number, slot number and port number respectively. The user can specify: •...
Page 582 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) 1. The device sends a specific query for that group, with the response time field set to 1 second (last-member interval); 2. The device waits 1 second (last-member interval);...
Page 583 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Setting the Query Source IP Addresses to Zeroes The ip igmp snooping query-source-ip-zero command, in Global Configuration mode, enables generating queries (on Leave and on xSTP change) with source IP address that is all zeros (i.e.
Page 584 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Example device-name#show ip igmp snooping vlan 1 ==== IGMP snooping is globally enabled. IGMP snooping is enabled on this VLAN. IGMP snooping immediate-leave is disabled on this Vlan.
Page 585 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) robustness (Optional). Displays the number of specific query packets sent by the device. last-member (Optional). Displays the time interval, in seconds, between two specific queries. Example...
Page 586 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) 0001 | 01:00:5e:01:01:07 |igmp |1/1/3-1/1/4 0001 | 01:00:5e:01:01:08 |igmp |1/1/3-1/1/4 0001 | 01:00:5e:01:01:09 |igmp |1/1/3-1/1/4 0001 | 01:00:5e:01:01:0a |igmp |1/1/3-1/1/4 0001 | 01:00:5e:01:01:0b |igmp |1/1/3-1/1/4 0001...
Page 587 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) query-interval <query- (Optional). Specifies the interval between queries in seconds, interval-value> in the range <1-300>. By default the value is 120 seconds. response-time <response- (Optional). Specifies the host response timeout, in seconds, to time-value>...
Page 588 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Displaying the IGMP Snooping Statistics The show ip igmp statistics command, in Privileged (Enable), displays the current settings of various IGMP Statistics Counters, according to the specified parameter.
Page 589 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Figure 6: IGMP Snooping Configuration Example Configuring Switches 1, 2: Enable IGMP Snooping: device-name#configure terminal device-name(config)#ip igmp snooping Configuring Switch 3: 1. Enable IGMP Snooping: device-name#configure terminal device-name(config)#ip igmp snooping 2.
Page 590 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) IGMP snooping is enabled vlan 1 ======= IGMP snooping is globally enabled. IGMP snooping is enabled on this VLAN. IGMP snooping immediate-leave is disabled on this Vlan.
Page 591 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) device-name#show ip igmp snooping statistics reports 3 report packets received device-name#show ip igmp snooping vlan 1 vlan 1 ======= IGMP snooping is globally enabled. IGMP snooping is enabled on this VLAN.
Page 592 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Multicast VLAN Registration (MVR) Multicast VLAN Registration (MVR) is designed for applications using wide-scale deployment of multicast traffic (for example, broadcast of multiple television channels) across an Ethernet ring- based service provider network.
Page 593: Immediate Leave
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Figure 7: Example of a Layer 2 MVR Configuration This setup allows cross-VLAN multicast frames to be sent from VLAN 2 to users on other VLANs through registered receiver ports.
Page 594 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Start Create MVR (source) VLAN Add source ports as tagged or untagged to MVR VLAN (see Configuring VLANs) Add receiver ports as untagged to MVR VLAN...
Page 595: Configuring Mvr
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) MVR Default Configuration Table 8 shows the default MVR configuration. Table 8: MVR Default Configuration Parameter Default Value Multicast VLAN Registration (MVR) Disabled Multicast addresses None configured...
Page 596 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Command Description mvr mode Sets the MVR mode of operation. mvr vlan Specifies the VLAN ID on which multicast data is received. mvr group Statically sets up all IP multicast addresses that will participate in MVR.
Page 597 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Command Syntax device-name(config)#mvr mode dynamic [group A.B.C.D [<count>]] [querytime <value>][vlan <vlan-id>] device-name(config)#mvr mode static [vlan <vlan-id>] Argument Description dynamic The device forces the multicast server to send all configured multicast-group data to the source port, without waiting for join requests from receiver ports.
Page 598 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) configured IP multicast. If no IP address is specified, the no form of the command removes all configured MVR IP multicast addresses. Any multicast data sent to this address is sent to all source ports and all receiver ports that have elected to receive data on that multicast address.
Page 599 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) This command overrides the query response time indicated in the IGMP query packets received from the query router. By default, the MVR query time is 10 seconds.
Page 600 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) NOTE If the queries and the multicast data are received from different ports, configure the port from which the queries are received as the source port.
Page 601 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) NOTE This command applies only to receiver ports and should only be enabled on receiver ports to which a single receiver device is connected. Command Syntax...
Page 602 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) MVR Max Multicast Groups: 256 MVR Current multicast groups: 256 MVR Global query response time: 5 MVR Mode: Dynamic Displaying the MVR Ports Configuration The show mvr interface command, in Privileged (Enable) mode, displays the current MVR ports configurations.
Page 603 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) device-name(config)#mvr 3. Set MVR mode to dynamic: device-name(config)#mvr mode dynamic % mvr enabled with dynamic mode 4. Set MVR on VLAN ID 2: device-name(config)#mvr vlan 2 5.
Page 604 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) 1/1/3 | Receiver | Inactive/down | Enable device-name#show mvr members ============================================================= MVR Group | Active Interface List ------------+------------------------------------------------ 224.1.1.7 none 224.1.1.27 none Multicast VLAN Registration (MVR) ©...
Page 605 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) GARP Multicast Registration Protocol (GMRP) GARP Multicast Registration Protocol (GMRP) is a Generic Attribute Registration Protocol (GARP) application that provides a constrained multicast flooding facility similar to IGMP snooping.
Page 606: Configuring And Displaying Gmrp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Parameter Default Value GARP timers Join time: 200 ms Leave time: 600 ms Leave-all time: 10,000 ms. NOTE GMRP uses a single access-list resource for each Gigabit Ethernet port and for each group of 8 Fast-Ethernet ports.
Page 607 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Displaying the GMRP Status The gmrp command, in Protocol Configuration mode, and the equivalent show gmrp command in Privileged (Enable) mode, display the current GMRP status, enabled or disabled.
Page 608 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Acronyms Table provides a list of acronyms that are used in this document and lists their meaning. Acronym Meaning Central Processing Unit GARP Generic Attribute Registration Protocol...
Page 609 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Multicast Layer 2 (Rev. 03) Supported Platforms Features NetIron M2404F NetIron M2404C Multicast VLAN Registration (MVR) GARP Multicast Registration Protocol (GMRP) IGMP Snooping Supported Standards, MIBs and RFCs Features Standards MIBs...
Page 610 Foundry Networks Configuring Quality of Service (QoS) This chapter includes all information necessary to configure Quality of Service on the switches. It contains an overall description of QoS principles along with information of how this feature is configured. All relevant commands can be found in the document: TABLE OF FIGURES ............................
Page 611 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Table of Figures Figure 1: Basic QoS Architecture ..................4 Figure 2: 802.1p Priority Header Fields ................5 Figure 3: Type of Service (ToS) Header Fields ..............6 Figure 4: Strict Priority Queuing................... 7 Figure 5: Weighted Round Robin Queuing................8...
Page 612 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Overview Today’s networks transmit data streams for various applications using many different protocols. Different types of traffic sharing a data path through the network can interact in ways that affect their application performance.
Page 613 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Video applications are similar in needs to voice applications, with the exception that bandwidth requirements are somewhat larger, depending on the encoding. It is important to understand the behavior of the video application being used. Some applications can transmit large amounts of data for multiple streams in one “spike”, with the expectation that...
Page 614 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Sorting Packets for QoS Handling Packet Sorting by 802.1p Priority Values The devices support the standard 802.1p priority bits that are part of a tagged Ethernet packet. The 802.1p bits can be used to prioritize the packet.
Page 615 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Figure 3: Type of Service (ToS) Header Fields When a packet arrives at the device on an ingress port, the device examines the first six of eight ToS bits, called the code point. The device can assign the QoS priority used to subsequently transmit the packet based on the code point.
Page 616 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) NOTE When changing the priority on the port, the priority of the dynamic MAC address also changes. Traffic Scheduling Congestion management features allow the user to control congestion by determining the order in which packets are transmitted based on priorities assigned to those packets.
Page 617 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Benefits of SP Queuing SP provides absolute preferential treatment to high priority traffic, ensuring that mission-critical traffic traversing various WAN links gets priority treatment. In addition, SP provides a faster response time than do other methods of queuing.
Page 618 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Hybrid Queuing This scheduling method combines Strict Priority and WRR scheduling. One or two queues are serviced with strict priority whereas the rest of the queues are serviced in accordance with the WRR algorithm.
Page 619 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Figure 6: IPv4 Header Structure Figure 7 shows the IP ToS octet fields. PRECEDENCE Figure 7: ToS Octet Fields The ToS fields are described in Table 1 Table...
Page 620 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Binary Value Precedence Level CRITIC/ECP Flash Override Flash Immediate Priority Routine Network Control Per-Hop Behaviors RFC 2475 defines PHB as the externally observable forwarding behavior applied at a DiffServ- compliant node to a DiffServ Behavior Aggregate (BA).
Page 621 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) value of 100). These Class-Selector PHBs ensure that DS-compliant nodes can coexist with IP Precedence-based nodes. For more information about Class-Selector PHB, refer to RFC 2474, Definition of the Differentiated Services Field in IPv4 and IPv6 Headers.
Page 622 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Expedited Forwarding PHB EF PHB is ideally suited for applications such as VoIP, video, and online trading programs that require low bandwidth, guaranteed bandwidth, low delay, and low jitter. The EF PHB, a key ingredient of DiffServ, supplies this level of service by providing low loss, low latency, low jitter, and assured bandwidth.
Page 623 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) slow-down packet-transmission until all packets arrive at their destinations. Then, responding to the consequent cessation of packet drops, the TCP hosts will resume their normal transmission rates. WRED does not check the protocol (i.e. TCP versus UDP). Since most VoIP installations grant higher priority to their VoIP traffic, which is typically UDP, WRED is more likely to drop the lower-priority TCP traffic.
Page 624 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) B 0.5 0.75 0.875 0.9375 0.96875 0.984375 0.992188 0.996094 … 0.999969 Thus, setting a small value to the exponential weight factor n tends to cause large fluctuations as traffic levels change.
Page 625: Qos Default Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) QoS Configuration Flow Table 4 shows the default The following flow chart shows the process of configuring the QoS parameters. Start Set the Priority Value Mapping to QoS Queues Set 802.1p Priority Information on a Port...
Page 626: Priority Queue
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Feature Default Value Priority-to-queue assignment Table 5 Priority remark Table 6 QoS scheduling algorithm Strict Priority Port Priority Drop level per user priority Green DSCP priority DSCP drop level...
Page 627 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Queue Priority Table 7: Tail-drop Profiles Default Configuration Profile Threshold Value Green 100% (128 pps), no tail-drop algorithm is used Yellow 100% (128 pps), no tail-drop algorithm is used...
Page 628: Configuring Quality Of Service Features
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Configuring Quality of Service Features To set the QoS mapping, proceed as follows: 1. To configure mapping of the 802.1p priority levels to internal transmit queue values, see Configuring Priority Value Mapping to QoS Queues.
Page 629 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Table 9: Priority Mapping Commands Command Description qos map Assigns 802.1p priority level to the Transmit-Queue mapping. show qos Displays the priority mapping assignments. priority-txq-map Configuring Priority Value Mapping to QoS Queues The qos map command, in Global Configuration mode, assigns 802.1p priority level to the...
Page 630 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Displaying the Mapping Assignments The show qos priority-txq-map command, in Privileged (Enable) mode, displays the priority mapping. Command Syntax device-name#show qos priority-txq-map QoS Assignment Configuration Commands Table 10 lists the commands to configure the priority assignment.
Page 631 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Priority Level QoS Egress Queue Command Syntax device-name(config-if UU/SS/PP)#qos priority <priority> device-name(config-if UU/SS/PP)#no qos priority Argument Description priority The 802.1p priority level in range <0-7>. Example The following example assigns the 802.1p priority levels for all incoming packets on interface 1/1/1.
Page 632 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#no qos mac [[static | secure] [HH:HH:HH:HH:HH:HH] [vlan <vlan-id>] [UU/SS/PP]] priority <priority> Argument Description static Static MAC address. secure Secured MAC address, used for Port Security. HH:HH:HH:HH:HH:HH 6-byte MAC address represented hexadecimal.
Page 633 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) • For Layer 2 applications in which the DSCP value is insignificant, the user should use the set traffic-class command with the index argument and should not include the dscp argument in the qos traffic-class command.
Page 634 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#end device-name#show qos traffic-class ====================================== Index | DSCP | Priority | Drop Level -------+------+----------+------------ | none | none | none | none | none | none | green...
Page 635 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Command Syntax device-name(config)#qos policy dscp <dscp-value> {green |yellow} set dscp <dscp-set> priority <priority-set> txq <queue-set> drop-level {green | yellow} device-name(config)#no qos policy dscp Argument Description dscp-value DSCP value for matching in the range <0-63>.
Page 636: Configuring Traffic Shaping
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#no qos policy priority Argument Description priority-value Priority value for matching in the range <0-63>. Match all priority values. green Match according to Conforming precedence level. yellow Match according to Non-conforming precedence level.
Page 637 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Example The following example configures the transmit rate of 2M to interface 1/1/1. The show qos tx shaper command displays the results: device-name(config-if 1/1/1)#qos tx shaper rate 2m burst 16k...
Page 638 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 1/ 1/ 1 1/ 1/ 2 1/ 1/ 3 … 1/ 1/ 8 1/ 1/ 9 1/ 1/ 10 | 0 1/ 1/ 11 | 0 … 1/ 1/ 24 | 0...
Page 639 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Displaying the DSCP Remarking Policy The show qos policy dscp command, in Privileged (Enable) mode, displays the DSCP remarking policy for remarking DSCP, priority, transmit queue and drop precedence level by DSCP and conformance level.
Page 640 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) ----------+-----+---------------------+--------- green 4 | yellow green 4 | yellow green 4 | yellow green 4 | yellow green 4 | yellow green 4 | yellow green 4 | yellow...
Page 641 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Command Description qos scheduling hybrid-2 Configures second hybrid-type scheduling. qos scheduling hybrid-3 Configures from 3rd hybrid-type scheduling. qos scheduling hybrid-4 Configures from 4th hybrid-type scheduling. qos scheduling hybrid-5 Configures from 5th hybrid-type scheduling.
Page 642 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#qos scheduling wrr 1 1 1 1 2 2 1 1 device-name(config)#exit device-name#show qos scheduling ================================================================ Interface | scheduling |txq0|txq1|txq2|txq3|txq4|txq5|txq6|txq7 -----------+------------+----+----+----+----+----+----+----+---- All int | wrr Configuring Hybrid-1 QoS Queue Handling The qos scheduling hybrid-1 command, in Global Configuration mode, applies and configures the first hybrid QoS algorithm.
Page 643 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) • When both txq6 and txq7 are empty, the rest of the queues are serviced according to their assigned weights. By default, the SP scheduling is applied. Command Syntax device-name(config)#qos scheduling hybrid-2 <txq0-weight>...
Page 644 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Example The following example configures hybrid-3 scheduling. The show qos scheduling command displays the scheduling configuration on all ports. device-name(config)#qos scheduling hybrid-3 10 1 1 1 1 % Actual proportions may differ due to limited granularity...
Page 645 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Configuring Hybrid-5 QoS Queue Handling The qos scheduling hybrid-5 command, in Global Configuration mode, is used to apply and configure the fifth hybrid QoS algorithm. In the fifth hybrid algorithm, txq3, txq4, txq5, txq6 and txq7 are set to behave according to strict priority scheduling, and the rest of the queues behave according to Weighted Round Robin (WRR).
Page 646 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) • When txq4 is empty, txq3 is serviced as long as it has packets. • When txq4 is empty, txq2 is serviced as long as it has packets.
Page 647 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Command Description qos tx tail-drop Attaches the profile of the Tail-drop congestion avoidance mechanism to the configured interface. show qos tx tail-drop Displays the Tail-drop profile and interface configuration.
Page 648 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Assigning the Tail-drop Profile to an Interface The qos tx tail-drop command, in Interface Configuration mode, attaches the profile of the Tail- drop congestion avoidance mechanism to the configured interface. The no form of the command removes the Tail-drop profile from the configured interface.
Page 649 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) | 3|128(100%)| 64( 50%)| | 4|128(100%)|128(100%)| | 5|128(100%)|128(100%)| | 6|128(100%)|128(100%)| | 7|128(100%)|128(100%)| +==+=========+=========+ queue-set 2 ----------- +==+=========+=========+ |Pr| Green | Yellow +--+---------+---------+ | 0|128(100%)|128(100%)| | 1|128(100%)|128(100%)| | 2|128(100%)|128(100%)|...
Page 650 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#no qos tx queue-set <set-id> random-detect [priority <priority>] Argument Description queue-set The queue set random-detect definition in the range <1-3>. The queue set <profile> will be attached to an interface. The profile index is shared between the Tail- drop and the WRED algorithms.
Page 651: Displaying The Wred Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#qos tx queue-set 1 random-detect priority 3 50 10 60 device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#qos tx random-detect queue-set 1 Displaying the WRED Configuration The show qos tx random-detect command, in Privileged (Enable) mode, displays the Weighted Random Early Detection (WRED) profile and interface configuration.
Page 652 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) +==+=========+=========+======+=========+=========+======+======+ QoS DSCP Mapping Commands Table 15 lists the commands to configure the QoS DSCP mapping. Table 15: QoS DSCP Mapping Commands Command Description qos tos-map Sets the DSCP mapping per port.
Page 653 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Argument Description <0-63> DSCP value in the range <0-63>. <0-7> The 802.1p priority level in range <0-7>. green If congestion occurs, this packet will be discarded based on Conforming precedence level.
Page 654 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Specifies that the DSCP-to-Priority map table will be displayed. Example 1 device-name#show qos tos interface interface 1/1/1 qos tos-map any 1 interface 1/1/2 qos tos-to-cos Example 2 device-name#show qos tos map...
Page 655 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 46 | 0 | green 47 | 0 | green 48 | 0 | green 49 | 0 | green 50 | 0 | green 51 | 0 | green...
Page 656 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Performing the One-to-One Mapping of Outer EXP Field The qos mpls-outer-label exp-to-cos command, in Interface Configuration mode, performs the one-to-one mapping of outer EXP field of the MPLS header.
Page 657 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Displaying the MPLS EXP Mapping Configuration The show qos mpls-exp-map command, in Privileged (Enable) mode, displays the current MPLS EXP mapping configuration. Command Syntax device-name#show qos mpls-exp-map Example The following example overwrites the VPT option to 1 for all incoming MPLS labels.
Page 658 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 3. Display the new priority to queue mapping: device-name#show qos priority-txq-map =============================== priority-level | txq -----------------+------------- QoS Rx Priority Assignment Assigning Priority on Rx per Port The following example assigns the 802.1p priority levels for all incoming packets on interfaces 1/1/1 and 1/1/2.
Page 659 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config)#qos mac static 00:01:02:03:04:05 vlan 1 1/1/5 priority 3 2. Set static MAC address 00:01:02:03:04:06 on VLAN 1, interface 1/1/5 with priority 6: device-name(config)#qos mac static 00:01:02:03:04:06 vlan 1 1/1/5 priority 6 3.
Page 660 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) | none | none | none | none | none | none | none | none | none | none | none | none | none | none...
Page 661 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) | 7| 64( 50%)|128(100%)| 5| 96( 75%)|128(100%)| +==+=========+=========+======+=========+=========+======+======+ 3. Display the WRED configuration on interface 1/1/5 device-name#show qos tx random-detect 1/1/5 interface 1/1/5 --------------- queue-set 1 ----------- +==+=========+=========+======+=========+=========+======+======+...
Page 662 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name#show qos tx random-detect 1/1/3 interface 1/1/3 --------------- queue-set 2 ----------- +==+=========+=========+======+=========+=========+======+======+ |Pr|Green |Green |Green |Yellow |Yellow |Yellow|Weight| |Min |Max |Prob |Min |Max |Prob +--+---------+---------+------+---------+---------+------+------+ | 0| 64( 50%)|128(100%)|...
Page 663 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 6| 25( 20%)|128(100%)| 5| 16( 13%)|128(100%)| 7| 25( 20%)|128(100%)| 5| 16( 13%)|128(100%)| +==+=========+=========+======+=========+=========+======+======+ 5. Display the WRED configuration on interface 1/1/3 device-name#show qos tx random-detect 1/1/3 interface 1/1/3...
Page 664 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) • Bronze traffic class is assigned to web traffic. We shall assign ~20% of the interface bandwidth to this class, giving it preference lower than the Silver class.
Page 665 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 2. Set ACG 102 for RADIUS (Gold class), marking the DSCP value with 26 and vpt value with 4: device-name(config-if 1/1/9)#ip access-group 102 option device-name(config-if 1/1/9 acg 102)#set traffic-class dscp 26...
Page 666 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 12. Set the ACLs to match the bronze class traffic received on interface 1/1/10: device-name(config)#access-list 113 remark Silver1 device-name(config)#access-list 113 permit tcp any any vpt 3 eq telnet...
Page 667 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config-if 1/1/9)#ip access-group 125 device-name(config-if 1/1/9)#interface 1/1/10 device-name(config-if 1/1/10)#ip access-group 123 device-name(config-if 1/1/10)#ip access-group 124 device-name(config-if 1/1/10)#ip access-group 125 4. Set ACL permiting bronze class and apply it:...
Page 668 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) 2. Set ACLs to match the best-effort class: device-name(config)#access-list 117 remark Best-effort device-name(config)#access-list 117 permit ip any any 3. Set ACG 111 for Voice (Premium class), marking the DSCP value with 46, vpt value with 5...
Page 669 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) device-name(config-if 1/1/10)#exit 10. Set the minimum traffic weight for each class: Platinum – Strict priority Gold ~ 50% Silver ~ 30% Bronze ~ 20% Best-effort – 64kbps. device-name(config)#qos map 5 txq7 device-name(config)#qos scheduling hybrid-1 1 2 4 4 6 1 1 11.
Page 670 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Acronyms Table 18 provides a list of acronyms that are used in this document and lists their meaning. Table 18: Acronyms Acronym Meaning Access Control List DSCP Differentiated Services Code Point...
Page 671 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring QoS (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Quality of Service (QoS) Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Quality of Service IEEE 802.1p No MIBs are...
Page 672 Foundry Networks Configuring Hierarchical Quality of Service (HQoS) This chapter describes how the device can enable multi-level service level agreement (SLA) assurance, based on Hierarchical Quality of Service (HQoS) implementation. It provides information necessary for system administrators to perform tasks and configure HQoS features and configurations in provider networks environment.
Page 673 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Table of Figures Figure 1: Carrier Ethernet Services over MPLS Core (example)..........4 Figure 2: Legacy ‘flat’ QoS Typical Functional Model............6 Figure 3: Legacy ‘flat’ QoS vs. Hierarchical QoS Traffic Management ......7 Figure 4: Multi-Application SLA..................9...
Page 674 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Carrier Grade Ethernet Services and HQoS Introduction Telecom service providers make every effort to support complex, multi-level Service-Level Agreements (SLAs) with their customers. Such SLAs include QoS parameters on both the Provider and individual Customer’s Service levels, while multiple customers can be connected to the same...
Page 675 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Figure 1: Carrier Ethernet Services over MPLS Core (example) The device serves as a main service enabling platform for both VPWS and VPLS-based services, as it allows the customers whose network gateways/routers don’t support MPLS natively, to connect to an MPLS core via VPLS/VPWS pseudowires.
Page 676 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) to the same SDP. Such is the case with Customers #1-#3 in Figure 1. Each one is connected to their own distinct SAP for the internet access, but all the traffic is sent via the same SDP.
Page 677 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Overview General The legacy (or ‘flat’) QoS is supported by most of the equipment used in service provider’s Carrier Ethernet/IP today. A typical functional model of legacy QoS implementation is shown in the figure below.
Page 678 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Normal QoS Hierarchical QoS Figure 3: Legacy ‘flat’ QoS vs. Hierarchical QoS Traffic Management The HQoS capabilities are a critical component in providing “hard QoS” guaranties required by current and next generation carrier Ethernet services (e.g. triple-play).
Page 679 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Multi-service Multi-application o Policies can be configured once and applied to multiple services for ease of configuration and EMS/NMS integration • Extensive statistics o Per queue and scheduler statistics on ingress and egress: Transmitted &...
Page 680 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Hierarchical QoS Usage Examples Some examples of the possible HQoS model implementations are described below: Example 1: Multi-Application SLA In this example a customer has several applications. The customer has a single site and the packets streamed from/to this site are classified into the various applications by EVCs (VLANs) over the same UNI (physical port), or VLAN priority values (VPT) over the same VLAN.
Page 681 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) 10Mb/s Figure 5: Multi-Office SLA Example 3: Multi-Service SLA In this example a customer is subscribed to two or more services, e.g. VPN and DIA (Direct Internet Access). All the customer’s traffic flows through the same UNI and services are differentiated using EVCs.
Page 682 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) QoS/HQoS Implementation Overview The device is designed as an optimized access/aggregation device, aggregating user traffic into the service provider’s network (and vice versa). The device is a true enhanced services enabling...
Page 683 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) NOTE For ACL and legacy QoS configuration, please refer to the “Configuring ACL” and “Configuring QoS” chapters; respectively. • The 2x1Gb/s Packet Processor ports serve internal connection links. An intelligent load- balancing mechanism makes sure that both links are fully utilized.
Page 684 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Figure 8: Internal Architecture and Main Functional Blocks The main functions of the Packet Processor are: • Classification is responsible to determine the flow, to which each packet belongs, so that other functions (filtering, policing, mapping, queuing, etc.) can be performed based on dedicated...
Page 685 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) them to the ES Processor (and vice versa). Traffic is sent to the ES Processor via two 1Gb/s links with load-balancing between them, which makes sure the bandwidth on these links is fully used and the chances of internal congestion are low.
Page 686 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • Hierarchical Service Ingress/Egress Queuing/Scheduling/Shaping. The ES Processor implements an advanced, hierarchical queuing/scheduling/shaping mechanism in both Service Ingress and Service Egress directions: o Queuing: Up to 32,768 queues (for 16,384 for Service Ingress and 16,384 for Service Egress).
Page 687 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) does not replicate the multicast packets destined towards the User side, in order to save its own resources and the bandwidth on the internal connection to the Packet Processor.
Page 688 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) ACL-based 802.1p/DSCP->FC+Color OR Single-Rate metering + Filtering Port->FC+Color OR 802.1p marking/DSCP Flow (classified)-> FC+Color remarking Dest. MAC->FC+Color (FC maps to egress queue…) Local Switching: traffic goes back to Service...
Page 689 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • Marking/Remarking o Marking of VPT field according to the internal FC and Color. Egress VPT is not affected by the results of policing. o Remarking of DSCP field according to the internal FC and Color. Egress DSCP is affected by the results of policing (if Color was changed), allowing ‘Egress Policing’...
Page 690 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) ACL-based 802.1p/DSCP->FC+Color OR Single-Rate metering + Filtering Port->FC+Color OR 2-Color marking + Flow (classified)-> FC+Color 802.1p/DSCP remarking Dest. MAC->FC+Color (FC maps to egress queue…) Local Switching: traffic goes back to Service...
Page 691 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • Flow classification using enhanced and flexible Access Control Lists (ACLs). The classification rules can be defined per SAP (access port or VLAN). Up to 256 conditions can be defined on most access ports. The conditions can be based on various parameters from the Ethernet and IP header, including IP and MAC addresses, Ethertype, VPT, IP Protocol, IP ToS, UDP/TCP Ports and some ICMP and IGMP parameters.
Page 692 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) immediately, without causing starvation among the lower priority traffic. This also allows for more flexible SLA definitions. Shaping. Single-rate shaping can be performed on 2 levels: per queue and per port. This •...
Page 693 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • Network Egress Queuing. Up to 24 queues can be allocated for Network Egress traffic. These queues share the buffer space with all the other queues existing in the ‘ES Processor’. The queue for each packet is chosen according to output network port (either of the two Enhanced Uplink Ports) + FC + Traffic Type.
Page 694 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) FC Mapping MPLS Switching Map EXP -> FC Drop path: traffic goes to the Service Side + Color Replication for multicast traffic is done by the ‘Service Processor’ Net. Egress...
Page 695 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) At this stage the ES Processor also decides to which of the internal connection links each packet will be sent. This decision is performed based on an intelligent load-balancing algorithm, based on service/VC.
Page 696 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) parameters for each one of the 8 queues, and then the complete profile can be attached to a port). The profiles are color-aware and so the algorithms are able to start dropping Yellow traffic before any Green traffic is dropped.
Page 697 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Weighted Fair Queuing (WFQ) Scheduling The device uses weighted fair queuing (WFQ) for scheduling transmitted traffic in cases of congestion. WFQ is used for traffic passing through the ES Processor.
Page 698 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Drop Probability 100% Packets Dropped Max. Probability (Green) Max. Probability (Yellow) Min. Threshold Min. Threshold Max. Threshold Max. Threshold Avg. Queue (Yellow) (Green) (Yellow) (Green) Depth Figure 14: WRED Drop Probability Per Color (Green/Yellow)
Page 699 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) instance. In this example, there is no direct relation between the number of Queue Policies and the number of WRED Profiles. Please note that in the current release of the product, only the HQoS resources implemented on the ‘ES Processor’...
Page 700 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) NOTE Multiple SAPs with different service policies configured can be applied with the same scheduling policy and as a result share the same schedulers (equivalent to configuring the scheduling policy on a customer-site with multiple SAPs associated with it).
Page 701 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • WFQ Profile o Applied to service queues, L2 schedulers and network queues. o Defines WFQ weights for in-profile and out-of-profile traffic. Shaper Profile • o Applied to service-related shapers (L2 or L1), network queues shapers and network port shapers.
Page 702 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Scheduler Configuration The following entities may optionally be applied per scheduler: • Shaper profile. • WFQ profile. Network Interface Configuration The following entities must be applied per network interface (if not configured then default parameters will be used): •...
Page 703 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) queue on service egress or network egress. Each queue that is subjected to configuring has a single parent scheduler. For configuring service policies see section “Service Policy Commands” in this document. For configuring network policies see section “Network Policy...
Page 704 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Configuration NOTE The HQoS feature is supported on both M2404F and M2404C switches. HQoS Default Configuration WFQ Default Configuration Table 1 shows the default WFQ configuration. Table 1: WFQ Default Configuration...
Page 705 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • Yellow Max = 2048KB • Yellow Drop Probability = 0% • Green Min = 384KB • Green Max = 2048KB • Green Drop Probability = 20%. The default WRED network queue profile is WRED profile 57.
Page 706 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) HQoS parameter Range allowed by CLI Step 4096Kbps - 16384Kbps 64Kbps 16384Kbps - 65536Kbps 256Kpbs 65536Kbps - 1G 4096Kbps Network queues CBS and MBS 0KB - 256KB 256KB - 2MB...
Page 707 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Configuration NOTE The HQoS feature is supported on both M2404F and M2404C switches. HQoS Configuration Flow Figure Figure 17 Figure 18 display the process to configure HQoS parameters. Configuration ©...
Page 708 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Start Configure the shaper-profile parameters Configure the network-wfq-profile weights Set the wred-profile Configure the wred-profile parameters Define the network egress queue policy Define the queue Set the queue level...
Page 709 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Start Configure the shaper-profile parameters (L1 and L2) Configure the scheduler-wfq-profile weights Define the service egress scheduler policy Define the Root (L1) scheduler Set level shaper for the Root scheduler...
Page 710 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Start Configure the shaper-profile parameters (L1 and L2) Configure the scheduler-wfq-profile weights Define the service igress scheduler policy Define the Root (L1) scheduler Set level shaper for the Root scheduler...
Page 711 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) HQoS Default Configuration WFQ Default Configuration Table 2 shows the WFQ default configuration. Table 2: WFQ Default Configuration Parameter Profile # Default Values Cir_Weight Pir_Weight ingress service WFQ egress service WFQ...
Page 712 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Each created queue will have WRED profile applied to it. Either the user configured WRED profile or, in case that the user does not configure WRED profile, the default policy will be applied.
Page 713 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Service Ingress Policy Default Configuration default service ingress policy is predefined in the system (policy ID = 1). The default service This policy ingress policy cannot be deleted by the user.
Page 714 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Table 8: Default Configuration of 8 High-Priority Service Queues Queues Parent Shaping Ingress Service WRED Profile # WFQ Profile # L2 scheduler High8 (high disabled priority scheduler) Service Egress Policy Default Configuration A default service egress policy is predefined in the system (policy ID = 1).
Page 715 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Table 11: Default Configuration of Control Traffic, Mapped to a Single High-Priority Queue Queues Parent Shaping Egress Service WRED Remarking WFQ Profile # Profile # L2 scheduler DefEg8 disabled...
Page 716 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Forwarding Class (FC) Unicast Queue Multicast Queue Default Priority High-2 (h2) Queue 5 Queue 13 Expedited (ef) Queue 6 Queue 14 High High-1 (h1) Queue 7 Queue 15 High...
Page 717 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Table 15: Service Policy Configuration Commands Command Description hqos-ingress-policy Creates a Service Ingress QoS Policy. (in HQoS Configuration mode) hqos-egress-policy Creates a Service Egress QoS Policy. (in HQoS Configuration mode)
Page 718 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Syntax device-name(config hqos)#hqos-ingress-policy <hqos-ingress-policy-id> device-name(config hqos)#no hqos-ingress-policy <hqos-ingress-policy- id> Argument Description Specifies the policy ID in the range <1-64>. The default policy hqos-ingress-policy-id ID is 1. The default policy can be configured, but it cannot be deleted.
Page 719 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Example 1 device-name(config hqos)#hqos-ingress-policy 3 device-name(config hqos-in 3)#description Ingress Policy device-name(config hqos-in 3)# device-name#show hqos service ingress-policy 3 ============================================================ Service Ingress Policy ============================================================ Policy Id: Description: Ingress Policy ------------------------------------------------------------...
Page 720 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Syntax device-name(config hqos-in id)#queue <queue-id> parent SCHEDULER NAME device-name(config hqos-in id)#no queue <queue-id> parent SCHEDULER NAME device-name(config hqos-eg id)#queue <queue-id> parent SCHEDULER NAME device-name(config hqos-eg id)#no queue <queue-id> parent SCHEDULER NAME...
Page 721 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Argument Description default Sets as default FC for all vpt values that do not have an explicit rule. This option is only available for Service Ingress Policy. Specifies the VPT value.
Page 722 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Mapping Forwarding Class to Broadcast Queue The broadcast-queue command, in HQoS Ingress/HQoS Egress Forwarding Class Configuration mode, sets the mapping between the Broadcast Queue and the Forwarding Class. Command Syntax device-name(config hqos-in-fc FC-NAME)#broadcast-queue <1-32>...
Page 723 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Argument Description wred-profile-id Specifies the WRED profile ID in the range <1-64>. Before associating the policy to the queue, the policy must be created using the wred-profile <wred-profile-id> command, in HQoS Configuration mode.
Page 724 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Argument Description hqos-egress-policy-id Specifies the egress policy ID value, created with the hqos-egress-policy <hqos-egress-policy-id> command, in HQoS Configuration mode. NOTE Scheduling for traffic transmitted from the SAP is done in two stages.
Page 725 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Description default fc Specifies the Forwarding Class to which traffic that has not been assigned to a specific FC will be redirected. lsp-exp fc Sets the mapping between the LSP-EXP value and the Forwarding Class on network ingress.
Page 726 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Description: NetwPolicy Test Remarking: Enabled Ingress mapping: ------------------------------------------------------------------- Color ------------------------------------------------------------------- ----- ------------------------------------------------------------------- Egress mapping: ------------------------------------------------------------------- Color ------------------------------------------------------------------- ----- =================================================================== Configuring Egress Network Policy The egress command, in HQoS Network Policy Configuration mode, changes the mode so that the egress network policy can be configured.
Page 727 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Syntax device-name(config hqos-net-eg NETWORK-POLICY-NAME)#fc {be | l2 | af | 11 | h2 | ef | h1 | nc} {green | yellow} lsp-exp <0-7> device-name(config hqos-net-eg NETWORK-POLICY-NAME)#no fc {be | l2 | af |...
Page 728 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Specifies that the forwarding class to which unassigned traffic will be redirected is the “Low-1” Forwarding Class. Specifies that the forwarding class to which unassigned traffic will be redirected is the “High-2”...
Page 729 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Applying Network Policy The hqos-network-policy command, in Interface Configuration mode, applies network policy to the enhanced uplink interface. The default network policy must be removed from the enhanced uplink port before Network policy to be applied.
Page 730 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) NOTE The network queue policy is only available on network egress. Command Syntax device-name(config hqos)#network-egress-queue-policy NETWORK-QUEUE- POLICY-NAME Argument Description NETWORK-QUEUE-POLICY-NAME Specifies the network queue policy name as a text string of up to 6 chars.
Page 731 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Defining Network Queue The queue command, in HQoS Network Queue Policy Configuration mode, creates a network queue. The no form of this command deletes the network queue. Command Syntax device-name(config hqos-net-queue NETWORK-QUEUE-POLICY-NAME)#queue <queue-id>...
Page 732 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Defining Network Queue Priority The level command, in Network Queue Configuration mode, defines strict priority for this network queue relative to other network queue of the same interface. The no form of this command resets the level to the default value. The default value is ‘low’.
Page 733 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Syntax device-name(config hqos-net-queue-fc FC-NAME)#queue <queue-id> Argument Description queue-id Specifies the Network Queue ID in the range <1-24>. Mapping Forwarding Class to Broadcast Queue The broadcast-queue command, in HQoS Network Queue Policy Forwarding Class Configuration mode, sets the mapping between the Broadcast Queue and the Forwarding Class.
Page 734 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Scheduler Policy Commands Table 18 lists the scheduler policy configuration commands. Table 18: Scheduler Policy Configuration Commands Command Description ingress-scheduler-policy Creates a hierarchical ingress scheduler policy. (in HQoS configuration mode) egress-scheduler-policy Creates a hierarchical egress scheduler policy.
Page 735 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Argument Description SCHEDULER-POLICY-NAME Specifies the name of the scheduler policy as a text string of up to 6 characters. Configuring a Scheduler Policy Description The description command, in HQoS Ingress/Egress Scheduler Configuration mode, associates a description with a scheduler policy.
Page 736 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) device-name(config hqos-eg-sched-policy SCHEDULER-POLICY-NAME)#no scheduler SCHEDULER NAME [root] Argument Description The new scheduler name used in the parent command by children SCHEDULER NAME queues or schedulers. This is a text string of up to 6 characters.
Page 737 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Applying WFQ Profile on a Scheduler The scheduler-wfq-profile command, in Scheduler Ingress/Egress Policy Configuration mode, applies a WFQ profile on a scheduler. WFQ profile can be applied only on L2 schedulers.
Page 738 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Applying Scheduler Policy to a SAP The ingress-scheduler-policy and egress-scheduler-policy commands in VPLS-SAP Configuration mode, applies a scheduler policy to the SAP. The no form of these commands removes the scheduler policy from the SAP.
Page 739 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Table 19: Customer Site Configuration Command Command Description customer-site Creates a customer site. Configuring Customer Site The customer-site command, in Global Configuration mode, creates a customer site. The no form of this command deletes the customer site.
Page 740 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Description shaper-profile Creates a shaper profile. (in HQoS Configuration mode) shaper-profile Assigns a shaping profile to a scheduler. (in Scheduler configuration mode) shaper-profile Assigns a shaping profile to a network queue.
Page 741 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Argument Description ingress The WFQ profile to be applied on ingress L2 schedulers. egress The WFQ profile to be applied on egress L2 schedulers. scheduler-wfq-profile-id Specifies the WFQ profile ID for schedulers.
Page 742 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) weight Specifies the weight assigned for both committed and excess traffic in the range <1-240>. Values will be rounded automatically in SW to fit the following range: 1-32, 40, 48, 56, …, 216.
Page 743 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Syntax device-name(config hqos-net-que-que queue-id)#network-wfq-profile <net- wfq-profile-id> device-name(config hqos-net-que-que queue-id)#no network-wfq-profile Argument Description Specifies the Network Queue WFQ Profile ID. net-wfq-profile-id Configuring Network Shaping Profiles The shaper-profile command, in HQoS Configuration mode, creates a shaper profile. The shaper can be applied to the following entities: •...
Page 744 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) NOTES 1. The hardware rounds the values of the above arguments. These values are written to the running configuration. Rates and buffer reservation values are rounded to the ones accepted by the hardware.
Page 745 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) NOTES 1. The hardware rounds the values of the above arguments. These values are written to the running configuration. Rates and buffer reservation values are rounded to the ones accepted by the hardware.
Page 746 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) The formula for calculating minimum buffer size is: Min. Buffer Size = 0.5 * (Packet Count * Ceil ( Packet Length in Bytes / 512)), where each buffer is 512 Bytes.
Page 747 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Argument Description Specifies the Minimum Congestion Level in kilobytes. The allowed range of values is <0-32768>. Once this value is reached partial dropping of yellow packets will start according to the drop probability configured for yellow traffic.
Page 748 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Description show hqos service sap Displays the policies configured on the respective SAPs. show hqos network egress-queue-policy Displays the network queue policy configuration. show hqos network policy Displays the network policy configuration.
Page 749 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) ------------------------------------------------------------------- DSCP Color ------------------------------------------------------------------- green green ------------------------------------------------------------------- Service Association ------------------------------------------------------------------- SAP Name: 1/1/1:0 1/1/2:0 1/1/9:3 Customer Site: SiteA SiteB Displaying Service Egress Policy The show hqos service egress-policy command, in Privileged (Enable) mode, displays service egress policy.
Page 750 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) ------------------------------------------------------------------- Service Association ------------------------------------------------------------------- Service Name: 1/1/1:0 1/1/2:0 1/1/9:3 Customer Site: SiteA SiteB =================================================================== Displaying Scheduler Policy The show hqos scheduler-policy command, in Privileged (Enable) mode, displays the scheduler policy information.
Page 751 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Example device-name#show hqos service sap =================================================================== Ingress Policy Egress Policy Customer Site Ingress Scheduler Egress Scheduler ------------------------------------------------------------------- 1/1/25:10 SLA1 SLA1 1/1/25:11 POL2 POL3 1/1/26:11 Customer1 Displaying Service Scheduler The show hqos service sap command, in Privileged (Enable) mode, displays the overall HQoS configuration of the SAP.
Page 752 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) |---(Q): 22 =================================================================== Displaying Network Queue Policy The show hqos network egress-queue-policy command, in Privileged (Enable) mode, displays the network queue policy configuration. Command Syntax device-name#show hqos network egress-queue-policy NETWORK-QUEUE-POLICY-...
Page 753 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Displaying Network Policy The show hqos network policy command, in Privileged (Enable) mode, displays the network policy configuration. Command Syntax device-name#show hqos network-policy NETWORK-POLICY-NAME Argument Description NETWORK-POLICY-NAME Specifies the name of the network policy.
Page 754 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Example device-name#show hqos network interface =================================================================== Network Interface Egress Queue Policy Network Policy ------------------------------------------------------------------- 1/1/27 NET_Q1 NET_P1 1/1/28 NET_Q1 NET_P1 =================================================================== Displaying WRED Profile The show hqos wred-profile command, in Privileged (Enable) mode, displays the WRED profile configuration.
Page 755 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Example device-name#show hqos shaper-profile 71 ingress =================================================================== L2 Ingress Scheduler Shaper Id: 71 =================================================================== ------------------------------------------------------------------- 2000 =================================================================== device-name#show hqos shaper-profile 10 egress =================================================================== L1 Egress Scheduler Shaper Id: 10...
Page 756 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Command Syntax device-name#clear hqos service sap NAME statistics [scheduler] [reset] Argument Description NAME Specifies the name of the SAP. statistics Displayed are statistics on the SAP. scheduler (Optional). Displays statistics on the scheduler.
Page 757 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) =================================================================== Resetting the Statistics The clear hqos networks interface statistics command, in Privileged (Enable) mode, resets the statistics of the configured interface. Command Syntax device-name#clear hqos network interface UU/SS/PP statistics...
Page 758 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) • Platinum scheduler policy - handles the traffic of customer Corp 2 (two priority levels are configured for this customer, CES and VoIP). The policy includes strict priority between L2 schedulers on service ingress.
Page 759 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) HQoS configuration on SW1 Table 23: Testing Streams to Switch 1 VPN 30 VoIP1 Gold 1/1/1-SW1 VLAN VPN 30 VPN1 Gold 1/1/1-SW1 VLAN Mbps Intern VPN 30 Gold 1/1/1-SW1...
Page 760 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW1(config hqos-in 10)#queue 10 parent Sched1 SW1(config hqos-in-que 10)#wred-profile 5 SW1(config hqos-in-que 10)#service-wfq-profile 20 SW1(config hqos-in-que 10)#exit SW1(config hqos-in 10)#queue 11 parent Sched1 SW1(config hqos-in-que 11)#service-wfq-profile 21 9. Apply FCs to service ingress Queues:...
Page 761 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW1(config hqos-in-sched-policy-sched VPN2)#exit 6. Create QoS ingress policy: SW1(config hqos)#qos-ingress-policy 11 7. Create queues on service ingress: SW1(config hqos-in 11)#queue 10 parent VoIP2 SW1(config hqos-in-que 10)#exit SW1(config hqos-in 11)#queue 11 parent VPN2 8.
Page 762 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW1(config hqos-in 12)#queue 10 parent CES SW1(config hqos-in-que 10)#exit SW1(config hqos-in 12)#queue 11 parent VoIP3 7. Apply FECs to service ingress Queues: SW1(config hqos-in 10)#fc ef SW1(config hqos-in-fc ef)#dscp 46 green...
Page 763 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW2(config hqos)#egress-scheduler-policy Gold 5. Create Root Scheduler and apply shaper to it: SW2(config hqos-eg-sched-policy Gold)#scheduler Bank root 6. Create Layer 2 scheduler and apply Shaping profile to it: SW2(config hqos-eg-sched-policy Gold)#scheduler Sched1...
Page 764 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW2(config hqos-eg-sched-policy Silver)#scheduler Corp1 root SW2(config hqos-eg-sched-policy-sched Corp1)#shaper 5 5. Create Layer 2 schedulers and apply WFQ and Shaping profiles to them: SW2(config hqos-eg-sched-policy Silver)#scheduler VoIP2 SW2(config hqos-eg-sched-policy-sched VoIP2)#parent Corp1...
Page 765 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW2(config hqos-eg-sched-policy Platinum)#scheduler CES SW2(config hqos-eg-sched-policy-sched CES)#parent Corp2 SW2(config hqos-eg-sched-policy-sched CES)#shaper 73 SW2(config hqos-eg-sched-policy-sched CES)#level high SW2(config hqos-eg-sched-policy-sched CES)#exit SW2(config hqos-eg-sched-policy Platinum)#scheduler VoIP3 SW2(config hqos-eg-sched-policy-sched VoIP3)#parent Corp2 SW2(config hqos-eg-sched-policy-sched VoIP3)#shaper 74 5.
Page 766 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW3(config hqos)#shaper 1 5000 5000 8 8 SW3(config hqos)#shaper 20 1000 1000 8 8 4. Create network policy and map FECs to lsp-exp bits: SW3(config hqos)#network-policy NetPol SW3(config hqos-net NetPol)#ingress...
Page 767 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) SW3(config hqos)#network-egress-queue-policy Queue 2. Create network queues and apply WFQ profiles to them SW3(config hqos-net-queue Queue)#queue 11 SW3(config hqos-net-que-que 11)#network-wfq-profile 11 SW3(config hqos-net-que-que 11)#exit SW3(config hqos-net-queue Queue)#queue 12 SW3(config hqos-net-que-que 12)#network-wfq-profile 12...
Page 768 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Acronyms Table 26 shows a list of abbreviations that are used in this document. Table 26: Acronyms Acronym Meaning Committed Burst Size Committed Information Rate Class of Service Excess Burst Size...
Page 769 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring HQoS (Rev.03) Supported Platforms Feature NetIron M2404F NetIron M2404C Hierarchical Quality of Service (HQoS) Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Hierarchical MEF-10 No MIBs are No RFCs are supported by this...
Page 770: Configuring Access Control Lists
Foundry Networks Configuring Access Control Lists (ACLs) This chapter provides information necessary to work with Access Control Lists and Access Control Groups. It consists of the following sections: TABLE OF FIGURES ............................ 2 OVERVIEW ..............................3 ACL C ........................11...
Page 771 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Table of Figures Figure 1: Ports Grouped Under Port Controllers..............5 Figure 2: Example for Internet Services to Complexes of Apartment Buildings....8 Figure 3: Packet Flow Architecture..................8 Figure 4: Redirecting Traffic with Access Control Group (ACG)........10 Figure 5: ACL Configuration Flow..................11...
Page 772 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Overview The application software provides Access Control Lists (ACL) to filter the packets that pass through a device. The ACLs filter network traffic by controlling whether packets are forwarded or blocked at the interfaces.
Page 773 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) • Extended IP ACLs use source and destination IP addresses for matching operations, optional VPT (VLAN Priority Tag), IP protocol type and other IP information for finer granularity of control.
Page 774 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) • Ports 27 and 28 in slot #1. • The total number of conditions for a single ACL rule that can be applied to the ports that are grouped under the same port controller is limited. The limit depends on whether a rate...
Page 775 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Rule Number of Conditions Used ip access-group with QoS marking, using the set The number of entries changed by the user traffic-class command without an argument. in the qos traffic-class table, up to 64.
Page 776 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Traffic Rate Limit Traffic congestion is a problem that affects many different types of networks. The problem usually arises on network uplink ports that serve as aggregation points for all other nodes in the network.
Page 777 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 2: Example for Internet Services to Complexes of Apartment Buildings Today switches must provide users with a wide variety of services, such as integrated voice, video, data and online gaming. They are also required to be able to implement policies such as bandwidth rate-limiting and network access hierarchies, to ensure the integrity of the network.
Page 778: Redirecting Traffic
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Rate limiting can be applied to individual interfaces or VLANs. When an interface or VLAN is configured with this feature, the traffic rate will be monitored by the hardware to verify conformity.
Page 779 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 4: Redirecting Traffic with Access Control Group (ACG) To set the traffic redirection, use the redirect command in Interface or VLAN ACG Configuration mode. VLAN Rewrite The traffic redirection feature can also be used for changing the VLAN tag field inside the VLAN header.
Page 780 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) ACL Configuration Flow Figure 5 displays the process to configure ACL parameters. Start Consider ACL type specific notes and ACL processing: Sequential Processing Deny by Default Ordered Processing...
Page 781: Default Acl Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Default ACL Configuration Table 4 shows the default ACL configuration. Table 4: Default ACL Configuration Parameter Default Value Access Control List (ACL) Not defined Access Control Group (ACG)
Page 782 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Table 5: ACL Configuration Commands Command Description access-list (standard) Creates a standard IP ACL. access-list (extended) Creates an extended IP ACL. access-list (extended Creates a Multicast Group extended IP ACL.
Page 783 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) provider-vlan (Optional). Specifies the provider VLAN identifier in the range <1- 4093>. The provider-vlan option is applied to the tls uplink interface in <vlan-id> order to match the external VLAN.
Page 784 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 6: Standard ACL Configuration Example device-name(config)#access-list 1 permit host 192.98.2.1 device-name(config)#access-list 1 deny 192.98.0.0/16 device-name(config)#access-list 1 permit 192.0.0.0/8 To apply this ACL to interface 1/1/1, use the ip access-group command:...
Page 785 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) • ICMP code in the ICMP packet header (see Table 9 for valid literal values). • VLAN Priority Tag (VPT) in the VLAN tag header. In order to distinguish between extended Access Control Lists and other types of Access Control Lists, the extended ACLs are created with acl-number values in the range 100 to 199.
Page 786 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) deny Denies access if the conditions are matched. permit Permits access if the conditions are matched. protocol number Name or number of an Internet protocol. It can be one of the keywords icmp, igmp, ip, tcp, udp, or an integer in the range 0 through 255 representing an IP protocol number.
Page 787 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) (Optional). Compares source or destination ports (equal). If the operator is positioned after the source and source-wildcard, it must match the source port. If the operator is positioned after the destination and destination-wildcard, it must match the destination port.
Page 788 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Valid Literal Value Description Value routine Match packets with routine precedence Table 7: Valid ToS Literal Values Valid Literal Value Description Value max-reliability Match packets with max reliable TOS...
Page 789 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Valid Literal Value Description Value time-exceeded Time Exceeded timestamp-reply Timestamp Reply timestamp-request Timestamp traceroute Traceroute unreachable Destination unreachable Table 9: Valid ICMP Code Literal Values Valid Literal Value...
Page 790 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Valid Literal Value Description Value domain Domain Name Service echo Echo exec Exec (rsh) finger Finger File Transfer Protocol ftp-data FTP data connections (used infrequently) gopher Gopher hostname...
Page 791 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Valid Literal Value Description Value discard Discard dnsix DNSIX security protocol auditing domain Domain Name Service echo Echo isakmp Internet Security Association and Key Management Protocol mobile-ip Mobile IP registration...
Page 792 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 7: Extended ACL Configuration Example 1 We need to define two ACGs: • ACG 100 will be defined on the clients interface (1/1/3); • ACG 101 will be defined on the server interface (1/1/1) device-name(config)#access-list 100 permit tcp 192.98.0.0/16 host...
Page 793 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 8: Extended ACL Configuration Example 2 device-name(config)#access-list 102 deny tcp host 192.98.1.2 any tos 5 precedence 3 device-name(config)#access-list 102 deny udp host 192.98.1.2 any tos 5 precedence 3 device-name(config)#access-list 102 deny igmp host 192.98.1.2 any tos 5...
Page 794 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) NOTE The IGMP ACLs in the range <300-399>, filter only the IGMP network traffic. The rest of the traffic is forwarded. For more information regarding IGMP Snooping see “Configuring Multicast Layer 2”.
Page 795 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) DESTINATION- (Optional). Wildcard bits to be applied to the destination. There are two ways WILDCARD to specify the destination wildcard: 1. Use a 32-bit quantity in 4-part dotted-decimal format. Place ones in the bit positions that need to be ignored.
Page 796 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Argument Description acl-number Number used to identify the ACL. Valid values are in the range <400-499>. SOURCE-MAC MAC address of source, from which the packet is sent. The user can specify the source MAC address in either of two ways: 1.
Page 797 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) multicast (Optional). Matches the multicast traffic. broadcast (Optional). Matches the broadcast traffic. known-unicast (Optional). Matches the known-unicast traffic, which will be forwarded <port-list> to one or more port numbers, specified by the following options: UU/SS/PP –a single port specified by unit, slot and port number, e.g.
Page 798 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) type-code 16-bit hexadecimal value specifying the EtherType to be matched. See Table 13 for EtherType known values. wildcard Mask to be applied to the EtherType value. Place ones in bit positions the user wants to be ignored.
Page 799 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Value Description 0x8847 MPLS (Multi-Protocol Label Switching) unicast 0x8848 MPLS (Multi-Protocol Label Switching) multicast 0x8863 PPPoE (PPP Over Ethernet) Discovery Stage 0x8864 PPPoE (PPP Over Ethernet) PPP Session Stage...
Page 800 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Configuring Access Control Groups (ACGs) Table 14 lists commands used to configure Access Control Groups (ACGs). An ACG is a collection of ACLs with the same number. The ACG can be attached to an interface or to a VLAN.
Page 801 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) NOTE The ACLs in the range <300-399> cannot be applied to an interface or VLAN with the ACG options since the IGMP traffic is forwarded only to the CPU.
Page 802 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 9: IP ACG over Interface Configuration Example device-name#configure terminal device-name(config)#access-list 100 deny tcp host 192.82.52.36 any device-name(config)#access-list 100 deny tcp any any eq telnet device-name(config)#access-list 101 deny tcp any host 192.82.52.36...
Page 803 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Applying a MAC ACG to an Interface or VLAN The mac access-group command, in Interface or VLAN ACG Configuration mode, assigns a MAC Access Control Group (ACG) to an interface or VLAN. To remove the specified MAC ACG, use the no form of this command.
Page 804 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Figure 10: MAC ACG over Interface Configuration Example device-name#configure terminal device-name(config)#access-list 400 permit 00:00:5a:63:56:78 00:00:00:00:00:00 00:a0:cc:d6:b0:fa 00:00:00:00:00:00 device-name(config)#access-list 400 permit 00:00:54:67:f5:61 00:00:00:00:00:00 00:a0:cc:d6:b0:fa 00:00:00:00:00:00 device-name(config)#interface 1/1/1 device-name(config-if 1/1/1)#mac access-group 400...
Page 805 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Argument description acl-number Number of the ACL. Valid values are in the range <500-599>. option (Optional). Defines the action that will be performed to the traffic that matches the applied ACL: rate limit, traffic redirecting, priority assignment and statistics.
Page 806 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Setting DSCP-to-CoS Mapping The set traffic-class command, in Interface or VLAN ACG Configuration mode, sets DSCP-to- CoS mapping of the configured ACG to the specified interface and VLAN. The no form of this command cancels the DSCP-to-CoS mapping.
Page 807 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) 2. Set the priority remarking policy (use the qos policy priority command in Global Configuration mode). 3. Apply the ACG on the incoming interface/VLAN with the option keyword (use the ip access- group command in Interface/VLAN Configuration mode).
Page 808 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) priority (Optional). Remarks the priority and drop precedence level according to the policy set by the qos policy priority command in Global Configuration mode. This argument is effective only if the user sets the priority remarking policy...
Page 809 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) device-name(config-if UU/SS/PP acg acl-num)#set vlan <vlan-id> device-name(config-if UU/SS/PP acg acl-num)#no set vlan <vlan-id> device-name(config vlan VLAN-NAME acg acl-num)#set vlan <vlan-id> device-name(config vlan VLAN-NAME acg acl-num)#no set vlan <vlan-id>...
Page 810 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Command Description show ip access-groups Displays QoS statistics information for all interfaces, AG or statistics VLAN to which QoS statistics are applied. show ether-type access- Displays the EtherType ACGs configured on the interfaces and groups VLANs.
Page 811: Displaying Qos Statistics
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) device-name(config)#access-list 402 permit 00:00:0b:21:19:75 00:00:00:00:00:00 00:00:12:64:53:15 00:00:00:00:00:ff device-name(config)#access-list 404 permit any host 00:12:f2:02:43:33 unknown-unicast device-name(config)#access-list 405 permit any host 00:12:f2:02:43:32 known-unicast 1/1/2-1/1/4 device-name(config)#access-list 406 permit any any multicast...
Page 812 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Example The following example displays QoS statistics per interface, showing the number of packets which match the applied access group. device-name(config-if 1/1/1)#ip access-group 100 option device-name(config-if 1/1/1 acg 100)#statistics...
Page 813 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) VLAN 10 ether type access-group 520 Displaying Access Control Groups The show access-groups command, in Privileged (Enable) mode, displays the Access Control Groups configured on interfaces, aggregation groups and VLANs.
Page 814 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) device-name(config)#access-list 101 permit ip any 211.202.212.130/26 3. Set the access list for the traffic from PC2 to the server: device-name(config)#access-list 102 permit ip 211.202.212.3/26 any 4. Set the access list for the traffic from the server to PC2: device-name(config)#access-list 103 permit ip any 211.202.212.3/26...
Page 815 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) permit ip any 211.202.212.3 0.0.0.63 10. Display the configured access groups: device-name#show ip access-groups interface 1/1/1 ip access-group 101 option rate-limit single-rate 3000K 256K 256K ip access-group 103 option...
Page 816 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) 1. Set an ACL with a ToS rule for ToS 8: device-name(config)#access-list 101 permit ip any any tos 8 device-name(config)#access-list 1 permit any 2. Set the ACG on the desired interface with VPT remarking to 5:...
Page 817 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) interface 1/1/2 ip access-group 1 option rate-limit single-rate 1000K 250K 250K policy dscp 5. Display the DSCP remarking policy: device-name#show qos policy dscp ====================================================== Index Remarked COS -----------------+------+------------+-----+----------...
Page 818 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) green 7 | green green 7 | green green 7 | green yellow none | none yellow none | none yellow none | none yellow none | none...
Page 819 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring ACLs (Rev. 03) Supported Platforms Feature NetIron M2404F NetIron M2404C Configuring ACLs Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Configuring ACLs No standards are Private MIB, RFC 2697, A Single Rate supported by this feature.
Page 820 Foundry Networks Configuring Routing Information This chapter describes the configuration and management of the routing process and related protocols, such as IRDP. It consists of the following sections: TABLE OF FIGURES ............................ 2 CONFIGURING IP UNICAST ROUTING....................3 ..............................3...
Page 821 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Table of Figures Figure 1: The LSRR Option ....................5 Figure 2: Hosts Connected to Proxy ARP Server ...............32 Figure 3: Network Diagram....................35 Figure 4: The IRDP Discovery Method ................40 Table of Figures ©...
Page 822: Configuring Ip Unicast Routing
(subnets) on the device by using the ip-forward command in IP Table Configuration mode. Populating the Routing Table A Foundry Networks router maintains an IP routing table for both network routes and host routes. The table is populated from the following sources: • Dynamic routes, typically learned from routing protocol packets;...
Page 823 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Static Routes Static routes are manually entered into the routing table. Static routes are important in the following cases: • When the router cannot build a route to a particular destination automatically.
Page 824 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) The option comprises a sequence of bytes beginning with the option type code. The second byte specifies the option length, which includes the option type, code byte, the length byte, the pointer byte and number of bytes that comprise the route data.
Page 825: Configuring Static Routes
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Parameter Default Value Debug Router Manager Disabled Processing LSRR packets Enabled Table 2: The Default Administrative Distances of the Dynamic Routing Protocols Route Source Default Distance Connected IP interface...
Page 826 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Argument Description Route IP destination address, in A.B.C.D format – used in destination-address conjunction with netmask to define a network address. Destination network mask, in A.B.C.D format – used in conjunction netmask with destination-address.
Page 827: Adding A Static Arp Entry
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Example The following command shows the existing routes in the routing table: device-name#show ip route Codes: K - kernel route, C - connected, S - static, O - OSPF >...
Page 828: Configuring The Ip Interface
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) NOTE When a statically configured host may migrate via ports due to manual or dynamic network re-configuration, the user might not configure the Interface and VLAN parameters.
Page 829 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) device-name(config-if IFNAME)# device-name (config-if IFNAME )#interface { | outBand0 | loN} device-name(config)#no interface swN Argument Description Number of the IP interface. The range is 0-255. Enters into the OutBand IP Interface Configuration mode.
Page 830 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) device-name(config-if IFNAME)#no ip address A1.B1.C1.D1 {/M | M1.M1.M1.M1} [secondary] device-name(config)#ip address A1.B1.C1.D1 [/M | M1.M1.M1.M1] Argument Description IP address of the configured IP interface. A1.B1.C1.D1 Subnet mask of the configured IP interface in the range <1-30>.
Page 831 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) The cost is associated with each IP interface. The lower cost (higher bandwidth) increases the likelihood that the IP interface will be used (in case we have equal paths in the domain).
Page 832: Parameters Description
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Displaying the IP Unicast Routing Information Table 5 lists the commands for displaying the IP unicast routing information. Table 5: Displaying Commands Command Description Displays the IP interface configuration and statistics.
Page 833 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Parameters Description BROADCAST – The broadcast address is valid. NOTRAILERS – The device must avoid using trailers. RUNNING – The router has successfully allocated needed resources. SIMPLEX – The router cannot hear its own transmissions.
Page 834 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) NOTE A static CPU cache has been implemented where static MAC entries, defined using the ip arp command, are stored. The software will first look up in this static CPU cache before looking up in the cache containing dynamic MAC entries.
Page 835 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Command Syntax device-name(config ip table)#ip-forward {enable | disable} Argument Description Enables the routing on the device. enable Disables the routing on the device. disable LSRR Commands Table 8 lists the LSRR commands.
Page 836 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Debugging the Router Manager Table 9 lists the router manager debugging commands. Table 9: The Router Manager Debug Commands Command Description Displays the information related to communication between the Routing debug Protocol (OSPF) and the Router Manager.
Page 837 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Configuration Example Creating an IP Interface The following commands create an IP interface and a VLAN, and bind the IP interface to the created VLAN. The IP interface that is bound to VLAN ports defines a routing IP interface. The VLAN commands can be found in chapter “Configuring VLANs”.
Page 838 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) ===================================================================== Name | Subnet |VTag| Tagged ports | Untagged ports ----------+-------------------+----+--------------+----------- |011.000.000.011/8 |1/1/1, 1/1/6- |1/1/28 |010.003.002.001/24 |100 |1/1/2-1/1/5 Setting a Static ARP Entry 1. Create a static ARP entry with IP address 130.0.0.6 and MAC address...
Page 839: Autonomous Systems
The access lists, IP prefixes and route maps represent the routing filters in Foundry Networks. Routing filters are used to exchange and redistribute routing information as well as for policy routing. Filtering features are included in the routing protocol implementations.
Page 840 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Route Updates All routing protocols exchange information about networks and subnets through route updates. Route updates transmit the reachability information that routers need for building and maintaining their route tables.
Page 841 When no match condition is met, the default policy is to drop the control packets. Foundry Networks switches express these filtering rules in the form of access lists, prefix lists, and route maps.
Page 842: Filtering Commands
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Access list statements are entered one per line, and the list is scanned for a match in the order at which the statements were entered. Once the first match is found the rest of the access list is ignored.
Page 843 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Table 11: Route Filtering Commands Command Description Sets a prefix list to filter the routing information. ip prefix-list Displays summary, detailed or specific information on IP prefix show ip prefix-list lists, depending on command arguments.
Page 844 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Argument Description Name of the prefix list. NAME (Optional). Keyword seq followed by a sequence number in the seq <sequence- range <1-4294967295>. number> Permits access to routes with prefixes that match the criteria.
Page 845 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Information displayed refers only to the prefix-list entry with the specified seq <num> sequence number. This argument is specified only following a prefix-list name, as an additional constraint. The range is <1-4294967295>.
Page 846: Defining Route Maps
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) ip prefix-list aaa4: 2 entries seq 5 permit 192.168.0.0/24 le 32 ge 32 Removing Entries from the Prefix-List Table The clear ip prefix-list command, in Privileged (Enable) mode, removes the specified entries from the prefix-list table.
Page 847 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) device-name(config)#route-map RMP1 permit 10 device-name(config-route-map)# < match and set commands for instance 10 > device-name(config)#route-map RMP1 permit 20 device-name(config-route-map)# < match and set commands for instance 20 >...
Page 848 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Command Syntax device-name(config-route-map)#match ip address ACL-NAME device-name(config-route-map)#no match ip address ACL-NAME Argument Description Name of routing access list that defines the match criteria. ACL-NAME Matching Next-hop The match ip next-hop command, in Route-map Configuration mode, creates an entry in the configured route map based on a next-hop router address defined in the specified named access list.
Page 849 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Configuring Route Map Set Commands The set commands, in Route-map Configuration mode, specify the actions to be performed when all of a route map match criteria are met. When all match criteria are met, the set actions are performed.
Page 850 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Setting IP Next-hop The set ip next-hop command, in Route-map Configuration Mode, sets the specified IP address as the next-hop field for matched routes. The no form of this command cancels the next-hop setting.
Page 851: Configuring Proxy Arp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Configuring Proxy ARP Proxy Address Resolution Protocol (ARP) was designed to enable ARP-capable devices to respond to ARP request packets on behalf of ARP-incapable devices. Proxy ARP can also be used to achieve router redundancy and simplify IP client configuration.
Page 852: Enabling Proxy Arp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Advantages and Drawbacks of Using Proxy ARP The user should use Proxy ARP on a network in which IP hosts are not configured with default gateways, or that does not have any routing intelligence.
Page 853 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) The application software uses proxy ARP to help hosts that do not have routing knowledge to determine the media addresses of hosts on other networks or subnets. For example, if the router...
Page 854 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Figure 3: Network Diagram To reach Host D, Host A needs the MAC address of Host D. Therefore, Host A broadcasts an ARP request on Subnet A, as follows:...
Page 855 ARP is in use. The Foundry Networks router IP interface should be configured to accept and respond to proxy ARP. This is disabled by default. Proxy ARP can be enabled on a per IP interface basis with the IP...
Page 856: Directed Broadcast
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Directed Broadcast Overview An IP directed broadcast is an IP datagram that is sent to the broadcast/network address of a network, to which the sender is not directly connected. Directed broadcast is routed to the target subnet as a unicast packet.
Page 857 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Enabling Forwarding of IP Directed-Broadcast Packets The ip directed-broadcast command, in IP Interface Configuration mode, enables forwarding of IP directed broadcast packets. The no form of this command disables forwarding of the directed broadcast.
Page 858 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) ICMP Router Discovery Protocol (IRDP) The ICMP Router Discovery Protocol (IRDP) provides an improved method of configuring and detecting default gateways. Instead of manually configuring default gateways or using DHCP to set them, hosts can dynamically discover routers on their subnet, and can automatically device to a backup router if the primary router fails or the network administrators change router preferences.
Page 859 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Figure 4: The IRDP Discovery Method If a network failure occurs with Router B, the IRDP host considers the validity of the advertised Router B address within the specified length of time (lifetime) and chooses Router A for default gateway.
Page 860: Configuring Irdp
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Parameter Default Value IRDP min-advert-interval timer Two thirds (2/3) the value max-advert- interval Debug ICMP Router Discovery Protocol (IRDP) Disabled Configuring IRDP To set the IRDP, proceed as follows: 1.
Page 861: Defining A Default Gateway
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Defining a Default Gateway The ip irdp address command, in IP Interface Configuration mode, advertises another device as the default gateway. The command argument is the IP address of the desired default gateway. The no form of this command sets the current router as the default gateway.
Page 862 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Command Syntax device-name(config-if sw1)#ip irdp multicast IRDP Timers Configuration Commands Table 21 lists the IRDP timers setting commands. To view the IRDP timers configuration, use the show running-config or show startup-config command in Privileged (Enable) mode.
Page 863 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Argument Description Upper IRDP advertisement interval boundary, 0 or any number of seconds in the value range <4-1800>. If 0 is specified, the value is set to 600 seconds (the default value). Otherwise, the value may not be less than the minadvertinterval value.
Page 864 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) device-name#no debug irdp packet [recv | send] Argument Description (Optional). Sets debug for received packets. recv (Optional). Sets debug for sent packets. send Displaying the Status of the IRDP Debug Actions The show debug irdp command, in Privileged (Enable) mode, displays the status of the ICMP Router Discovery Protocol (IRDP) debug actions that are currently activated in the device.
Page 865 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) device-name(config)#interface sw1 device-name(config-if sw1)#ip irdp 2. Advertise the IP router address 192.168.0.100 as the default gateway. device-name(config-if sw1)#ip irdp address 192.168.0.100 3. Set a preference value of –10 to the default gateway.
Page 866 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Acronyms The following table provides a list of acronyms used in this document and their meaning. Acronym Meaning Access Control List Address Resolution Protocol Autonomous System ASBR...
Page 867 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Routing Information (Rev. 03) Supported Platforms Features  NetIron M2404F NetIron M2404C IP Unicast Routing Controlling and Modifying Routing Information Proxy ARP Directed Broadcast ICMP Router Discovery Protocol Supported Standards, MIBs and RFCs...
Page 868 Foundry Networks Configuring Advanced Routing Information This chapter provides in-depth explanation of Foundry implementation of the Open Shortest Path First protocol. The chapter consists of the following sections: TABLE OF FIGURES ............................ 2 OPEN SHORTEST PATH FIRST (OSPF)....................3 ..............................3...
Page 869 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Table of Figures Figure 1: OSPF Topology .....................4 Figure 2: Virtual Link Providing Redundancy..............6 Figure 3: OSPF Configuration Flow ..................7 Figure 4: OSPF Configuration Example ................48 Figure 5: BFD Protection Domain: OSPF Neighbors ............
Page 870 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Open Shortest Path First (OSPF) Open Shortest Path First (OSPF) is an IP routing protocol initially developed by the Internet Engineering Task Force (IETF) in 1987. OSPF is classified as an Interior Gateway Routing Protocol (IGP), meaning that it is normally implemented on an autonomous system.
Page 871 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Figure 1: OSPF Topology OSPF defines the following three router types: Internal routers (IR) - having all of their IP interfaces within the same area. •...
Page 872: Ospf Neighbors
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Table 1: LSA Type Names and Numbers LSA Number LSA Type LSA Description Originated by all routers. A router-LSA describes the Router-LSAs collected states of the router IP interfaces to an area.
Page 873: Virtual Links
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Point-to-Point networks, since only two routers exist on a segment. They exchange link state information and routes as peers across the common subnet. This is the default network type for point-to-point frame relay sub-interfaces.
Page 874: Ospf Timers And Authentication
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Route Re-Distribution Both RIP and OSPF can be enabled simultaneously on the device. Route re-distribution allows the device to exchange routes, including static routes between two routing protocols – RIP and OSPF.
Page 875 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) OSPF Default Configuration Table 2 shows the OSPF default configuration. Table 2: OSPF Default Configuration Parameter Default Value Open Shortest Path First (OSPF) Disabled Reference bandwidth for cost calculation According to the bandwidth of the IP interface.
Page 876 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Table 3: Default Administrative Distances Route Source Default Distance Connected IP interface Static route OSPF Unknown Configuring and Displaying OSPF To set the OSPF, proceed as follows: 1.
Page 877: Enabling Ospf
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Command Description default-metric Assigns a default metric value for the redistributed routes. distance Assigns an administrative distance for filtering routing information according to their source. redistribute Redistributes OSPF routes from one routing domain into another routing domain.
Page 878 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description A.B.C.D The IP address assigned to the router. Controlling Default Metrics The auto-cost reference-bandwidth command, in Router OSPF Configuration mode, sets the reference-bandwidth for OSPF cost calculations to a specified value. The no form of this command sets the default value.
Page 879 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Command Syntax device-name(config-router)#compatible rfc1583 device-name(config-router)#no compatible rfc1583 device-name(config-router)#ospf rfc1583compatibility device-name(config-router)#no ospf rfc1583compatibility Generating the Default Route The default-information command, in Router OSPF Configuration mode, generates a default route into an OSPF routing domain.
Page 880 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Setting the Default Metric Value The default-metric command, in Router OSPF Configuration mode, assigns a default metric value for the redistributed routes. To return to the default state, use the no form of this command.
Page 881 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) NOTE The user can also use administrative distance to rate the routing information from routers running the same routing protocol. This application is generally discouraged if the user is unfamiliar with this particular use of administrative distance, because it can result in inconsistent routing information, including forwarding loops.
Page 882 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Redistributing Routing Information between Routing Domains The redistribute command, in Router OSPF Configuration mode, redistributes OSPF routes from one routing domain into another routing domain. The no form of this command disables redistribution.
Page 883 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) device-name(config-route-map)#match metric 1 device-name(config-route-map)#set metric 5 device-name(config-route-map)#set metric-type 1 device-name(config-route-map)#exit device-name(config)#router ospf device-name(config-router)#redistribute rip route-map rip2ospf Defining a Distribute List The distribute-list command, in Router OSPF Configuration mode, filters routes according to the access list that specifies which routes will be advertised.
Page 884 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description A.B.C.D Non-broadcast neighbor IP interface IP address. Example device-name(config-router)#neighbor 192.168.0.1 poll-interval 90 Enabling OSPF for a Specified Network The network command, in Router OSPF Configuration mode, enables OSPF for the specified network and assigns the specified area for the network.
Page 885 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) standard Standard behavior (RFC 2328 OSPF Version 2). This is the default ABR behavior. Setting a Limit to the Number of LSAs The overflow number lsa external command, in Router OSPF Configuration mode, sets the upper limit to the number of LSAs allowed in the router Link-State Database (LSDB).
Page 886 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Configuring the OSPF Timers Table 5 lists the OSPF timers’ configuration commands. Table 5: OSPF Timers Configuration Commands Command Description overflow interval Sets the time countdown, starting when the router enters Overflow state, after which the router will attempt to resume transmitting LSAs.
Page 887: Configuring Spf Timers
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Example The following example specifies a refresh timer of 45 seconds: device-name(config-router)#refresh timer 45 Configuring SPF Timers The timers spf command, in Router OSPF Configuration mode, configures three SPF (Shortest Path First) timers: spf-delay, spf-init-holdtime,and spf-max-holdtime.
Page 888: Configuring Ospf Area Parameters
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Enabling the L2-mode of SPF Calculation The spf l2-convergence command, in Router OSPF Configuration mode, enables the L2 mode of SPF calculation. SPF L2 mode of calculation is a standard defined SPF algorithm with improved response.
Page 889 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Command Description area stub Defines the specified area to be a stub area. area range Defines an address range within the specified area for which a single route will be advertised.
Page 890 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Command Syntax device-name(config-router)#area {<area-id> | A.B.C.D} default-cost <cost- value> device-name(config-router)#no area {<area-id> | A.B.C.D} default-cost <cost-value> Argument Description area-id OSPF area ID as a decimal value in the range <0-4294967295>.
Page 891 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description area-id OSPF area ID as a decimal value in the range <0-4294967295>. A.B.C.D OSPF area ID in IP address format. import-list ACL-NAME Routing access list name for filtering.
Page 892 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Command Syntax device-name(config-router)#area {<area-id> | A.B.C.D} stub [no-summary] device-name(config-router)#no area {<area-id> | A.B.C.D} stub [no-summary] Argument Description area-id OSPF area ID as a decimal value in the range <0-4294967295>.
Page 893 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) device-name(config-router)#area 0 range 192.42.110.0/24 Configuring the Shortcutting Area The area shortcut command, in Router OSPF Configuration mode, configures and manages the area shortcutting mode. The no form of this command disables the area shortcutting.
Page 894 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) device-name(config-router)#no area {<area-id> | A1.B1.C1.D1} virtual-link A2.B2.C2.D2 Argument Description area-id OSPF area ID as a decimal value in the range <0-4294967295>. A1.B1.C1.D1 OSPF area ID in IP address format.
Page 895 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Table 7: IP Interface Parameters Commands Command Description ip ospf Assigns the specified password key to be used by neighboring authentication-key OSPF routers on a network segment that is using OSPF simple password authentication.
Page 896 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Setting the Password Authentication Key The ip ospf authentication-key command and the ospf authentication-key command, in IP Interface Configuration mode, assign the specified password key to be used by neighboring OSPF routers on a network segment that is using OSPF simple password authentication.
Page 897 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) device-name(config-if swN)#no ospf cost Argument Description cost-value Assigned cost value, in the range <1-65535>. Example The following example sets the IP interface cost value to 65:...
Page 898 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) device-name(config-if swN)#ospf network {broadcast | non-broadcast | point-to-multipoint | point-to-point} device-name(config-if swN)#no ospf network Argument Description broadcast Networks supporting multiple attached routers, and able to address a single physical message to all of the attached routers.
Page 899 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) neighbor OSPF router down because it has not received a hello packet. The no form of the commands sets the dead-interval to the default value of 40 seconds.
Page 900 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) OSPF expects to receive an acknowledgement for each advertisement it sends to an adjacent router. If no acknowledgment is received, the router retransmits the advertisement to that neighbor. The retransmit-interval timer determines the interval between retransmissions.
Page 901 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) calculate paths in the network that satisfy the administrative constraints. MPLS can then set up LSPs along these paths. Table 8 lists the commands used to confugure the OSPF -TE parameters.
Page 902 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description A.B.C.D Specifies Link State IP address. adv-router (Optional). Displays all the link-state advertisements (LSAs) of the specified router. self-originate (Optional).Displays only self-originated LSAs. Link (Optional).
Page 903: Displaying Ospf Information
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Table 9: OSPF Clear Command Command Description clear ip ospf neighbor Clears the OSPF-related information on neighbors as specified by the IP address. Clearing the OSPF Neighbors The clear ip ospf neighbor, in Privileged (Enable) mode, clears the OSPF-related information on neighbors as specified by the IP address.
Page 904 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Example The following is sample output produced by the show ip ospf command: device-name#show ip ospf ospf routing process, router id: 192.168.30.100 supports only single tos (tos0) routes...
Page 905 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) network Network link states. nssa-external Displays NSSA database content per area. router Router link states. self-originate (Optional). Self-originated link states. summary Network summary link states. adv-router (Optional).
Page 906 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) metric: 10 asbr-summary link states (area 0.0.0.1) ls age: 1765 options: 2 ls type: summary-lsa link state id: 192.168.0.2 (as boundary router address) advertising router: 192.168.30.107...
Page 907 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) router link states (area 0.0.0.0) link id adv router seq# cksum link count192.168.0.2 192.168.0.2 1263 0x80000013 0x4117 1 192.168.0.50 192.168.0.50 1181 0x8000003e 0x8a12 1 192.168.1.10 192.168.1.10 1362 0x80000005 0x2d20 1 192.168.30.100...
Page 908 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Example 6 In the following example, the show ip ospf database command displays the database summary link states. device-name#show ip ospf database summary ospf router with id (192.168.30.100) summary link states (area 0.0.0.0)
Page 909 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Parameter Description forward address Forwarding address. Data traffic for the advertised destination will be forwarded to this address. If the forwarding address is set to 0.0.0.0, data traffic will be forwarded instead to the advertisement originator.
Page 910 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description IFNAME Name of IP interface. A.B.C.D Neighbor IP address. (Optional). Information includes neighbors that are in “down” state (neighbors not in FULL or 2-way state).
Page 911: Debugging Ospf
Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Parameter Description rxmtl Link State Retransmission List. The list of link state advertisements that have been flooded but not acknowledged on this adjacency. These will be retransmitted at intervals until they are acknowledged, or until the adjacency is destroyed.
Page 912 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Table 13: OSPF Debugging Commands Command Description debug ospf Displays the information related to processing the Open Shortest Path First (OSPF) protocol. debug ospf ism Displays the information related to the OSPF IP Interface State Machine.
Page 913 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Command Syntax device-name#debug ospf ism [events | status | timers] device-name#no debug ospf ism [events | status | timers] Argument Description events (Optional). Sets debug for OSPF ISA/NSM Event Information (depends on the type of OSPF debug).
Page 914 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description flooding (Optional). Sets debug for OSPF LSA Flooding information. generate (Optional). Sets debug for OSPF LSA Generation information. Enabling OSPF Packets Debug Information The debug ospf packet command, in Privileged (Enable) mode, displays the information related to the OSPF packets.
Page 915 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Example device-name#show debug ospf OSPF debugging status: OSPF event debugging is on OSPF ISM event debugging is on OSPF NSM event debugging is on OSPF packet Hello debugging is on...
Page 916 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) RSW1(config-router)#network 192.168.1.0/24 area 1 RSW2 Configuration: 1. Enable OSPF and enter into Router OSFP Configuration mode: RSW2#configure terminal RSW2(config)#router ospf 2. Set the OSPF Router ID: RSW2(config-router)#router-id 192.168.1.2...
Page 917 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) 3. Enable OSPF for the network 192.168.0.0/24 and assign the area 3 for the network: RSW4(config-router)#network 192.168.0.0/24 area 3 4. Enable OSPF for the network 30.0.0.0/8 and assign the area 2.2.2.2 for the network: RSW4(config-router)#network 30.0.0.0/8 area 2.2.2.2...
Page 918 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) network: RSW6(config-router)#network 192.168.0.0/24 area 3 4. Set area 3 as stub area: RSW6(config-router)#area 3 stub Displaying RSW4 Configuration: RSW4#show ip ospf neighbor Neighbor ID State Dead Time...
Page 919 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) RSW4#show ip ospf interface lo0 is up, line protocol is up OSPF not enabled on this interface sw0 is up, line protocol is up OSPF not enabled on this interface sw1 is up, line protocol is up Internet Address 10.0.0.1/8, Area (0.0.0.0)
Page 920 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Link ID ADV Router Seq# CkSum Route 20.0.0.0 192.168.0.1 519 0x80000002 0x1bae 20.0.0.0/8 20.0.0.0 192.168.1.3 1855 0x80000001 0xa52c 20.0.0.0/8 30.0.0.0 192.168.0.1 1836 0x80000001 0x3694 30.0.0.0/8 30.0.0.0 192.168.1.3...
Page 921 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) 100.0.0.0 192.168.0.1 100 0x80000001 0x806f E2 100.0.0.0/8 [0x0] RSW4#show ip ospf route ============ OSPF network routing table ============ 10.0.0.0/8 [10] area: (0.0.0.0) directly attached to sw1 20.0.0.0/8...
Page 922 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Bidirectional Forwarding Detection (BFD) Overview Bidirectional Forwarding Detection (BFD) feature validates the operation of the LSP or the IP routing neighbor. IP is used as infrastructure in many Service Provider networks, including those using IP infrastructure for MPLS.
Page 923 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Required Min RX Interval is the minimum interval between received BFD Control packets that this system is capable of supporting. BFD Default Configuration Table 14 shows the BFD default configuration.
Page 924 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Setting Minimum Receive Interval The bfd minimum-receive-interval command, in IP Interface Configuration mode, specifies the minimum time interval at which the device requests to receive BFD packets from BFD peers.
Page 925 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Argument Description 2-100 Specifies the multiplier value. Example device-name(config-if sw10)# bfd multiplier 6 Enabling BFD for OSPF Table 16 lists the BFD Router configuration command. Table 16: BFD Router Configuration Command in Router OSPF Configuration mode...
Page 926 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) The no form of the command disables the debugging output. Command Syntax device-name#debug bfd {A.B.C.D | states | packets | all} device-name#no debug bfd Argument Description A.B.C.D...
Page 927 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Min receive interval 300 Interval multiplier 5 Displaying BFD Interface Information The show bfd interface command, in Privileged (Enable) mode, displays information about the interface on which the BFD session is active.
Page 928 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Displaying BFD Level Debugging The show debug bfd command, in Privileged (Enable) mode, displays the BFD operation debug messages. Command Syntax device-name#show debug bfd Example device-name#show debug bfd...
Page 929 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Interface lo0 has BFD disabled Interface sw0 has BFD disabled Interface sw10 Send interval 200 Min receive interval 200 Interval multiplier 5 8. Set BFD multiplier value to 6 on interface sw10, when BFD is enabled on interface sw10.
Page 930 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Interface sw0 has BFD disabled Interface sw10 Send interval 200 Min receive interval 200 Interval multiplier 6 14. Disable debugging for BFD. device-name#no debug bfd 15. Display the debug level.
Page 931 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Figure 6: Example for Configuring two Devices Configuring Device1: 1. Create nterface sw20, attach an ip address and then enable bfd on this interface: Device1#configure terminal Device1(config)#interface sw20 Device1(config-if sw20)#ip address 20.0.0.1/24...
Page 932 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Device1(config-vlan vl20)#rif sw20 Device1(config-vlan vl20)#exit Device1(config-vlan)#exit 6. Add a network and enable BFD for OSPF: Device1(config)#router ospf Device1(config-router)#network 20.0.0.0/24 area 20 Device1(config-router)#bfd Device1(config-router)#end Configuring Device2: 1. Create nterface sw20, attach an ip address and then enable bfd on this...
Page 933 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Send interval 100 Min receive interval 300 Interval multiplier 5 8. Display BFD Configuration per Protocol and Filters Interface Configuration by the Specified Interface: Device1#show interface sw20...
Page 934 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Acronyms The following table provides a list of acronyms that are used in this document. Table 19: Acronymns Acronym Meaning Bidirectional Forwarding Detection Fast ReRoute Label Distribution Protocol...
Page 935 Foundry NetIron M2404C and M2404F Metro Access Switches Configuring Advanced Routing Information (Rev. 03) Supported Platform Feature NetIron M2404F NetIron M2404C Open Shortest Path First (OSPF) Bidirectional Forwarding Detection (BFD) Supported Standards, MIBs and RFCs Feature Standards MIBs RFCs Open Shortest Path...
Page 936 Foundry Networks Network Administration Tools Operations, Administration and Maintenance (OAM) implementation refers to the tools and utilities for installing, monitoring and troubleshooting the network. It strongly relies on the OAM standards for Ethernet network equipment. This chapter includes the following sections: TABLES OF FIGURES..........................
Page 937 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) ..............................135 VERVIEW SAA............................135 ETTING SAA D ....................... 136 EFAULT ONFIGURATION SAA........................... 136 ONFIGURING MEF OAM SAA T .................. 142 ONFIGURING THE FOR THE SAA P .............
Page 938 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Tables of Figures Figure 1: MEF OAM ‘Hello’ Broadcasting ................4 Figure 2: MEF OAM Periodic Service Assurance Test for Specific MAC ......4 Figure 3: MEF OAM CLI Test....................4 Figure 4: MEF OAM Configuration Flow ................11...
Page 939 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) MEF OAM Metro Ethernet Forum (MEF) Operations, Administration and Maintenance (OAM) standard is generally described as implementing bridged-Ethernet per-VLAN network-wide Ping and Hello packets for estimating service assurance metrics and specific connectivity tests. Furthermore, traceroute is available for finding and displaying an Ethernet-level path from the current device to a specified device in the network.
Page 940 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Figure 1: MEF OAM ‘Hello’ Broadcasting • The network administrator will define specific thresholds between pairs of specific nodes (two-way frame-loss, delay and jitter). Each specific threshold measurement between two MAC nodes will be called Monitoring process.
Page 941 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) NOTE Each MEF OAM PDU can be VLAN tagged. An untagged MEF OAM PDU is assumed to pertain to the default VLAN assigned to the port that received the PDU.
Page 942 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Two-way Connectivity, Jitter, Frame-Loss, Latency In the default configuration, the device will not issue two-way service assurance tests. All two-way tests must be configured as specific tests with the following parameters: •...
Page 943 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) a proprietary flag. If a MEF OAM domain is enabled on the device that receives such a packet, it responds to the sender and then forwards the packet to the destination device. If no MEF OAM domain is enabled on the device that receives the OAM traceroute PDU, the device only forwards the PDU to the destination device without responding to the sender.
Page 944: Security Issues
Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) • If this is an OAM multicast packet but not a Connectivity response, extract the VLAN number from the OAM PDU and forward it to all ports defined by the OAM process in that device in that specific VLAN (of course using STP/RSTP/MSTP considerations of multicast).
Page 945 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Warning: No reply from MAC HH:HH:HH:HH:HH:HH on OAM Domain <domain> on VLAN <vlan-id> during <period> [MS]" The following informational log is sent when untriggered two way frame-loss / latency / jitter threshold is triggered for a specific MEF OAM monitoring process: Informational: Untriggered <number>...
Page 946 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) The following warning is sent when untriggered two-way threshold error and warning triggers for a specific MEF OAM process: jitter, frame-loss or latency two-way monitoring: Informational: Untriggered <test-name> alarm. Alarm was disabled for MAC HH:HH:HH:HH:HH:HH on OAM Domain <domain>...
Page 947 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) MEF OAM Configuration Flow Figure 4 displays the process to configure MEF OAM parameters. Start Create MEF OAM Domain Add ports to the MEF OAM domain Add VLANs to the MEF OAM domain...
Page 948 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) MEF OAM Default Configuration Table 1 shows the MEF OAM default configuration. Table 1: MEF OAM Default Configuration Parameter Default Value MEF OAM Disabled Number of times to repeat a connectivity test...
Page 949 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Parameter Default Value Frame-loss Warning monitoring Enabled Frame-loss Warning value Latency Error monitoring Enabled Latency Error value 2000ms Latency Error period 90 seconds Latency Warning monitoring Enabled...
Page 950 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) 6. Set the maximum rate for receiving MEF OAM in frames per second. See Setting the OAM PDU Limit. 7. The user can disable the jitter monitoring or change different jitter threshold values in milliseconds.
Page 951 By default, the Ethertype value is 0x889C. NOTE The OAM Ethertype located in the OAM packet header was not set in the MEF standard. Foundry Networks determined that the OAM Ethertype will be 0x889C. MEF OAM © 2008 Foundry Networks, Inc.
Page 952 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) The purpose of the oam ethertype command is the ability to change the Ethertype according to what the standard will define without software changes. Changing the OAM Ethertype to an Ethertype value that is used for another protocol (e.g.
Page 953 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) % Save the configuration and RESTART the device for this setting to take effect. device-name(config)#no oam multicast-address % Save the configuration and RESTART the device for this setting to take effect.
Page 954 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Example 1 device-name#oam ping 00:02:B3:06:4D:9B Reply: 00:02:B3:06:4D:9B VID 1 OAM 255 Port 1/1/4 Delay 10ms Reply: 00:02:B3:06:4D:9B VID 1 OAM 254 Port 1/1/4 Delay 5ms Example 2...
Page 955 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Resetting Calculations The clear oam connectivity command, in Privileged (Enable) mode, resets the calculations that were accumulated up to the present time for a specific MEF OAM domain/MAC address.
Page 956 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Description oam pdu-limit Sets the maximum rate for receiving MEF OAM in frames per second. oam jitter Enables jitter monitoring and optionally sets the jitter threshold values in milliseconds.
Page 957 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) When the MEF OAM domain is configured to be a TLS VPN domain, it will operate using the TLS encapsulation over the configured TLS services. By default, the created OAM TLS domain will operate on all S-VLANs and SDP ports. The user can explicitly configure specific S-VLAN(s) or SDP(s) for a given OAM domain and process.
Page 958 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) NOTE This command is not supported for VPLS domain. Command Syntax device-name(config-oam LEVEL)#add ports PORT-LIST Argument Description PORT-LIST The list of ports to be added (could be also range of ports).
Page 959 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name(config-oam LEVEL)#add vlans VLAN-LIST Argument Description VLAN-LIST List of VLAN IDs, separated by commas or range. Example device-name(config-oam 16)#add vlans 5 device-name(config-oam 16)#add vlans 20-50...
Page 960 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Argument Description VC-ID VPLS ID number in the range <0-4294967295>. If VC-ID is not defined or is not active on the device an error is returned. Example...
Page 961 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Enabling the Hello Packets Monitoring and Setting the OAM Connectivity Timeout The oam connectivity-timeout command, in MEF OAM Configuration mode, enables the received Hello packets monitoring according to the timeout threshold interval and optionally sets the maximum timeout threshold in seconds.
Page 962 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Argument Description hello-rate Transmission rate of the Hello packets. The range is <1-3> packets to send in each transmission (the transmission frequency is defined by the Hello-interval, each time 1-3 packets are sent).
Page 963 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) NOTE The OAM PDU Limit is used as a security setting to prevent DoS attacks that exploit the MEF OAM. Command Syntax device-name(config-oam LEVEL)#oam pdu-limit <maximum-rate> device-name(config-oam LEVEL)#no oam pdu-limit...
Page 964 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) OAM Specific Process Configuration Commands Table 4 lists the MEF OAM specific process configuration commands. NOTE These commands are not supported for VPLS domain. Table 4: MEF OAM Specific Process Configuration Commands...
Page 965 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name(config-oam LEVEL)#oam create-process HH:HH:HH:HH:HH:HH [NAME] [repeat minutes <minutes> [seconds <seconds>]] Argument Description HH:HH:HH:HH:HH:HH Destination MAC Address for two-way connectivity test. NAME (Optional). Name of the monitoring process (text). The length of the name is limited to 19 characters (only the first 19 characters will be accepted).
Page 966 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Enabling Jitter Error Monitoring and Setting Threshold Value The oam jitter-error command, in OAM Process Configuration mode, enables round-trip jitter error monitoring and optionally sets the jitter error threshold and the time period during which jitter errors should be monitored.
Page 967 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) period <jitter- (Optional). The period in seconds during which the jitter warnings warning-time> should be monitored. The range is <1-3600>. Enabling Frame-Loss Error Monitoring and Setting Threshold...
Page 968 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Argument Description frame-loss-warning- (Optional). The round-trip frame-loss warning threshold value in percent percent. The range is <0-99>. frame-loss-warning- (Optional). The round-trip frame-loss warning threshold value in tenth-percent 1/10 percent, additive to frame-loss-warning -percent.
Page 969 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Argument Description latency-warning (Optional). The round-trip latency warning-error threshold value, in milliseconds. The range is <1-10000>. period <latency- (Optional). The period over which the average latency value should warning-time>...
Page 970 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name(config-oam LEVEL-NAME)#oam results-bucket-size <results- bucket-size> device-name(config-oam LEVEL-NAME)#no oam results-bucket-size Argument Description results-bucket-size Number of the results to collect for frame-loss calculation. Range is <2-1000> results.
Page 971 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Displaying the MEF OAM Configuration The show oam command, in Privileged (Enable) mode, displays the MEF OAM configuration. describes the parameters displayed by the show oam command.
Page 972 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) oam priority 6 oam frame-size 64 oam results-bucket-size 30 oam frame-loss-error 10 0 oam frame-loss-warning 8 0 oam latency-error 2000 period 90 oam latency-warning 1600 period 180...
Page 973 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Parameter Description oam jitter Jitter threshold value. oam pdu-limit Maximum rate for receiving MEF OAM frames. oam vlan VLAN ID used for the specified two-way monitoring process.
Page 974: Oam Configuration
Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name# show oam connectivity counters [vlan <vlan-id>] [mac HH:HH:HH:HH:HH:HH] Argument Description vlan <vlan-id> (Optional). VLAN number in the range <1-4093>. mac HH:HH:HH:HH:HH:HH (Optional). Specifies MAC address for which the results are shown.
Page 975 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Parameter Description Two-way jitter has defined two reference points a sender and a receiver 2W Jitter reference points, but the receiver point acts only as a responder sending the packets back to the sender, and not keeping any statistics about the packets.
Page 976 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name#show oam connectivity details [vlan <vlan-id>] [mac HH:HH:HH:HH:HH:HH] Argument Description vlan <vlan-id> (Optional). VLAN number in the range <1-4093>. mac HH:HH:HH:HH:HH:HH (Optional). Specifies MAC address to limit the results.
Page 977 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) MAC: 00:12:F2:11:02:22 VLAN: OAM Domain: 255 Last Seen on Port: 1/1/4 Before: 0 days, 0 hours, 0 minutes & 2 seconds 53542 PDUs received since last MEF OAM reset...
Page 978 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Parameter Description Broadcast Connectivity Connectivity timeout for hello packets, in seconds. It is Timeout configured in the range of <1-3600> using command "oam connectivity-timeout”. Directed Connectivity Indicates if an “OAM process connectivity timeout” event Trigger Status occurred.
Page 979 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Parameter Description Configured Threshold for Indicates the threshold jitter measurement error indication. Jitter Displaying General Connectivity Information The show oam connectivity command, in Privileged (Enable) mode, displays general connectivity information related to connectivity between the MEF OAM devices.
Page 980 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name#show oam new-only [vlan <vlan-id>] [mac HH:HH:HH:HH:HH:HH] Argument Description vlan <vlan-id> (Optional). VLAN number in the range <1-4093>. mac HH:HH:HH:HH:HH:HH (Optional). Specifies MAC address to limit the results.
Page 981 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Configuration Examples Configuring Three Switches for Automated Connectivity Monitoring The following example is based on Figure 5. The example shows how to configure an Ethernet network using a MEF OAM protocol.
Page 982 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) sent Hello packet for 45 seconds on any VLAN (already discovered by MEF OAM): Device1(config-oam 255)#oam connectivity-timeout 45 5. Restrict reception and transmission of MEF OAM domain multicasts to...
Page 983 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) 7. Exit from the MEF OAM Configuration mode: Device2(config-oam 255)#exit % MEF OAM system is being updated, please wait... Device2(config)# Configuring Device3: 1. Define switch membership in MEF OAM domain 255:...
Page 984 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Device1#show oam connectivity ===================================================================== |VLAN|Domain|1WJitter| Port|MS Since PDU Processed -----------------+----+------+--------+-----+----------------------- 00:12:F2:00:DE:02| 255 | 2.4|1/1/2| 12310 00:12:F2:00:DE:02| 255 | 2.2|1/1/2| 12315 00:12:F2:00:DE:03| 255 | 0.0|1/1/1| 14670 Configuring CE-to-CE Layer 2 VPN Specific SLA Monitoring...
Page 985 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) ce1(config-oam 255)#add ports 1/1/9 3. Disable one-way jitter value monitoring, and one-way connectivity monitoring: ce1(config-oam 255)#no oam connectivity-timeout ce1(config-oam 255)#no oam jitter 4. Create a monitoring process from CE1 to CE2:...
Page 986 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) ce2(config-oam 255-process 255-SLA1)#oam vlan 1 5. Define thresholds for the frame-loss monitoring: ce2(config-oam-process 255-SLA1)#oam results-bucket-size 100 ce2(config-oam-process 255-SLA1)#oam frame-loss-error 5 0 ce2(config-oam-process 255-SLA1)#oam frame-loss-warning 4 0 6. Define thresholds for the timeout, 2-way jitter and 2-way latency...
Page 987 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Figure 7: Example for Configuring MEF OAM over VPLS Configuring Device1: 1. Create a specific MEF OAM per VPLS domain: Device1#configure terminal Device1(config)#oam bridge vpls 1 2. Add a virtual circuit to MEF OAM domain: Device1(config-oam 1)#add vpls 1 3.
Page 988 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) ! Tunnel Configuration: ! Static LSP configuration: Configuring Device2: 1. Create a specific MEF OAM per VPLS domain: Device2#configure terminal Device2(config)#oam bridge vpls 1 2. Add a virtual circuit to MEF OAM domain: Device2(config-oam 1)#add vpls 1 3.
Page 989 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Device1#show vpls Virtual Private LAN Service Configuration Number of VPLSs 1 Operation mode: Unqualified Improved RING mode: disabled VPLS name: 1 VC ID: 1, Type: 5 (Ethernet)
Page 990 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Intermediate 802.3ah EFM OAM Overview The IEEE 802.3ah Ethernet in the First Mile (EFM) standard specifies the protocols and Ethernet interfaces for using Ethernet over access links as a first-mile technology and transforming it into a highly reliable technology.
Page 991: Installation Configurations
Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Potential Applications The data-link layer OAM is targeted at last-mile applications and service providers can use it for demarcation point OAM services. Ethernet Last Mile applications require robust infrastructure that is both passive and active.
Page 992 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Figure 10: Managing Customer Switches (passive) using the EFM 802.3ah Standard The next configuration illustrates management and monitoring (testing) of a virtual link and virtual pseudo-wire between two CE devices: Figure 11: Using 802.3ah over Virtual Ethernet Links...
Page 993 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Discovery This is the first phase of the EFM-OAM. At this phase, EFM-OAM identifies network devices along with their OAM capabilities. The Discovery process relies on the Information OAMPDUs (discussed below).
Page 994 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Process Overview • The discovery process allows a local Data Terminating Entity (DTE) to detect OAM on a remote DTE. Once OAM support is detected, both ends of the link exchange state and configuration information (such as mode, PDU size, loopback support, etc.).
Page 995: Remote Loopback
Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) • Errored Frame (errored frames per second): the number of frame errors detected during a specified period exceeded a threshold • Errored Frame Period (errored frames per N frames): the number of frame errors within the last N frames has exceeded a threshold •...
Page 996 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) maintain the OAM session. The loopback command is acknowledged by responding with an Information OAMPDU with the loopback state indicated in the state field. This allows to estimate if a network segment can satisfy an SLA.
Page 997 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Start Enable protocol Configure protocol parameters priority, hello-interval, keepalive-interval, multiple-pdu-count, propagate-events. Configure EFM-OAM per port Built-in test tools Non-intrusive Intrusive Set network monitoring Configure EFM-OAM monitoring and...
Page 998 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Parameter Default Value Hello Interval 1000 milliseconds Port state Enabled/active Remote loopback Disabled EFM-OAM Is using enhanced mode Bit-errors threshold Disabled Frame-errors threshold monitoring Enabled and it is defined as “256 errors during 20 seconds”...
Page 999 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Command Syntax device-name(cfg protocol)#efm-oam {enable | disable} Argument Description enable Enables the EFM-OAM protocol. disable Disables the EFM-OAM protocol. Example device-name(cfg protocol)#efm-oam enable Specifying the Number of OAMPDUs...
Page 1000 Foundry NetIron M2404C and M2404F Metro Access Switches Network Administration Tools (Rev. 03) Enabling/Disabling Sending of Event Notifications to Local Syslog Daemon The efm-oam log-events command, in Protocol Configuration mode, enables/disables sending of event notification OAMPDUs to the local Syslog daemon. Thus, the logging of the local activity is disabled.

This manual is also suitable for:

Netiron m2404f

Foundry Networks NetIron M2404C User Manual

Foundry Networks Using the Command Line Interface

Overview

Getting Started with the Cli

Acronyms

Foundry Networks Switch Setup and Maintenance

Setup

Accessing the Switch Using Telnet

Vty (Virtual Telnet Type) Commands

Creating a Banner

Saving and Displaying the Configuration

How to Reload the Switch

Acronyms

Supported Platforms

Foundry Networks Switch Administration

Table of Figures

Managing the Mac Address Table

Managing the Arp Table

Script Files System

File System

Downloading and Uploading the Software Image and Reload Commands

Rebooting of the Switch

Boot Loader

Protecting Access to Switch

Managing the System Time and Date

Domain Name System (Dns) Resolver

Cpu Resource Control

Control Plane Priority Per Protocol

Acronyms

Supported Platforms

Features

Overview

User Privilege Levels with Cli

User Privileges Configuration

Secure Shell Server (Ssh)

Ssh Configuration

Remote Authentication Dial in User Service (Radius)

Terminal Access Controller Access Control System Plus (Tacacs +)

802.1X Port-Based Authentication

Acronyms

Supported Platforms

Foundry Networks Configuring Interfaces

Fast Ethernet and Giga Ethernet Port

Table of Figures

Configuring and Displaying Layer 3 Interfaces

Link Aggregation Groups (Lag)

Network Wide Resilience

Acronyms

Supported Platforms

Foundry Networks Configuring Vlans

Tables of Figures

Virtual Lans

Port Security

Super Vlans

Garp Vlan Registration Protocol (Gvrp)

Acronyms

Supported Platforms

Quick Links

User Guide

Chapters

Related Manuals for Foundry Networks NetIron M2404C

Summary of Contents for Foundry Networks NetIron M2404C