0200300a.qxd 13/10/00 13:26 Page 1 RAPIER SWITCH USER GUIDE www.alliedtelesyn.
Rapier Switch User Guide Document Number C613-02013-00 REV A. Copyright © 2000-2001 Allied Telesyn International, Corp. 960 Stewart Drive Suite B, Sunnyvale CA 94086, USA. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn. Allied Telesyn International, Corp. reserves the right to make changes in specifications and other information contained in this document without prior written notice.
Contents CHAPTER 1 Introduction Why Read This User Guide? .............................................................................. 5 Where To Find More Information ...................................................................... 6 Technical support .............................................................................................. 6 What Can the Rapier Switch Do? ...................................................................... 7 Switching Features .............................
Rapier Switch User Guide Port security ............................................................................................. Virtual LANs .................................................................................................... Static and dynamic VLANs ........................................................................ Creating VLANs Without VLAN Tags ......................................................... VLAN Tagging ...........................................................
Introduction 5 Chapter 1 Introduction Welcome to the Rapier Series Layer 3 Gigabit switch, combining wire speed Layer 2 and Layer 3 IP switching, with a powerful multiprotocol routing software suite. Why Read This User Guide? This User Guide describes how to get started accessing the switch’s Command Line Interface (CLI) and its Graphical User Interface (GUI), and how to configure the Layer 2 switching features.
Rapier Switch User Guide Where To Find More Information Before installing the switch and any expansion options, read the important safety information in the Safety and Statutory Information booklet. Follow the Quick Install Guides step-by-step instructions for physically installing the switch and its expansion options. The Hardware References give detailed information about the equipment hardware.
Introduction 7 What Can the Rapier Switch Do? The Rapier switch software support for the Rapier Series switches and their expansion options provides wirespeed Layer 2 switching, including support for Virtual LANs, wirespeed Layer 3 IP switching, and Layer 3 multiprotocol routing. Switching Features The main Layer 2 features of the switch are: Rapier Switch Software Release 2.2.1 C613-02013-00 Rev A ■ High performance, non-blocking, wire-speed Layer 2 switching (“Layer 2 Switching Process” on page 43).
Rapier Switch User Guide Routing Features In addition to Layer 2 and Layer 3 switching, the Rapier switch provides a wide array of multiprotocol routing, security and network management features. IP routing is performed at wire-speed. Other Layer 3 routing is performed by the CPU, and increasing the routing load on the CPU decrease its performance.
Introduction 9 ■ Telnet client and server. ■ A sophisticated and configurable event logging facility for monitoring and alarm notification to single or multiple management centres. ■ Triggers for automatic and timed execution of commands in response to events. ■ Scripting for automated configuration and centralised management of configurations.
Rapier Switch User Guide Optional Features Some additional features in the switch software may require special feature licences and passwords. ■ SecureShell Remote Management ■ Nemesis stateful inspection firewall ■ Firewall SMTP Application Gateway ■ Triple DES encryption ■ Support for Public Key Infrastructure. Passwords must be ordered from your local distributor or reseller.
Getting Started 11 Chapter 2 Getting Started The Rapier switch is supplied with default settings which allow it to operate immediately as a switch, without any configuration. Even if this is all you want to use the switch for, you should still gain access to the switch configuration, if only to change the manager password to prevent unauthorised access. To take advantage of the full range of advanced Layer 2 switching features, the switch configuration must be changed.
Rapier Switch User Guide Table 1: Parameters for terminal communication Parameter Value Baud rate 9600 Data bits 8 Parity None Stop bits 1 Flow control Hardware Logging In A user accessing the switch from a terminal or PC connected to the front panel RS-232 terminal port (asyn0), or via a Telnet connection, must enter a login name and password to gain access to the command prompt. When the switch is supplied, it has a manager account with an initial password friend.
Getting Started 13 Table 2: Command line editing functions and keystrokes Function VT100-compatible Keystroke Move cursor within command line ←, → Delete character to left of cursor [Delete] or [Backspace] Toggle between insert/overstrike [Ctrl/O] Clear command line [Ctrl/U] Recall previous command ↑ or [Ctrl/B] Recall next command ↓ or [Ctrl/F] Display command history [Ctrl/C] or SHOW ASYN HISTORY Clear command history RESET ASYN HISTORY Recall matching command [Tab] or [Ctrl/I] Enabl
Rapier Switch User Guide Passwords must be ordered from your local distributor or reseller. You must specify the special features to be licenced and the serial number(s) of the switch(s) on which the special feature licences are to be enabled. Graphical User Interface The switch includes a built-in web browser based GUI for configuring and monitoring the switch. Before you can access the GUI, it must be enabled using the CLI (“Command Line Interface” on page 11).
Getting Started 15 Figure 2: Rapier 24 Welcome page ■ Save this page as a bookmark in your web browser, so that you can easily find it again. Navigating While using the Rapier GUI, use the buttons on the pages to navigate, not the browser’s Back and Forward buttons, to ensure that configuration information is stored correctly. The GUI is made up of Configuration pages, Monitoring pages and a Troubleshooting page.
Rapier Switch User Guide Monitoring In the Monitoring page, select the kind of monitoring you want to display. A pop-up display page locks the base page from which it was opened. Click OK to close the pop-up window and return to its base window. Troubleshooting Web pages can sometimes become frozen if they are not navigated correctly. They can be unlocked by restarting the web browser. In the Troubleshooting page you can enter any command from the Rapier Switch Software Reference.
Operating the Switch 17 Chapter 3 Operating the Switch This chapter introduces general operation, management and support features, including user authentication, loading and installing support files, and SNMP MIBs. For more information see Chapter 1, Operation in the Rapier Switch Software Reference.
Rapier Switch User Guide Figure 3: Example output from the SHOW FILE command. Filename Device Size Created Locks -----------------------------------------------------------------------1mac.scp flash 527 08-Nov-2000 12:46:00 0 86s-210.rez flash 1690736 14-Sep-2000 14:11:56 0 config.scp flash 64 10-Nov-2000 23:26:31 0 hdroute.scp flash 374 08-Nov-2000 12:46:00 0 loadup.scp flash 173 20-Nov-2000 07:03:30 0 loadup1.scp flash 224 14-Nov-2000 14:11:56 0 quick.scp flash 2036 08-Nov-2000 12:46:00 0 release.
Operating the Switch 19 Figure 4: Example of output from the SHOW SYSTEM command Switch System Status Time 14:29:17 Date 12-Sep-2000.
Rapier Switch User Guide Saving Configuration Entered with the CLI Subsequent commands entered from the command line or executed from a script affect only the dynamic configuration in memory, which is not retained over a power cycle. Changes are not automatically stored in nonvolatile memory. When the switch is restarted the configuration will be restored to that defined by the boot script, or if the switch was restarted using the RESTART command, any script specified in the RESTART command.
Operating the Switch 21 Install Information The INSTALL module is responsible for maintaining install information and loading the correct install at boot. A release is a binary file containing the code executed by the switches CPU. There may also be a patch file, and additional binary file that modifies the original release file. An install is a record identifying a release and an optional patch. Three installs are maintained by the INSTALL module, temporary, preferred and default.
Rapier Switch User Guide The default install is the install of last resort. The release for the default install can not be changed by the manager and is always the EPROM release. The patch for the default install may be set by the manager. The temporary and preferred installs are completely configurable. Both the release and an associated patch may be set. The release may be EPROM or a release stored in FFS. The RELEASE parameter specifies the release file for this install.
Operating the Switch 23 Releases and Patches into the Switch The LOADER module is responsible for loading and storing releases, patches and other files into FLASH. The LOADER module uses the Trivial File Transfer Protocol (TFTP), Hypertext Transfer Protocol (HTTP) or ZMODEM over an asynchronous port, to retrieve files from a network host. The FFS module is used to create, write and destroy release and patch files.
Rapier Switch User Guide set to the factory default, which has no value set for HTTPPROXY, clearing any value previously set as default. The METHOD parameter specifies the method to use when downloading the file. If HTTP is specified, HTTP is used to download the file. The options WEB and WWW are synonyms for HTTP. If TFTP is specified, TFTP is used to download the file. If ZMODEM is specified, the ZMODEM protocol is used to download the file.
Operating the Switch 25 where proxy-address is the fully qualified domain name (e.g. proxy.mycompany.com) or IP address (e.g. 192.168.1.1) of the proxy server, and proxy-port is the port number of the proxy port on the proxy server. If access from the switch to the world wide web is not via a proxy server, the HTTPPROXY and PROXYPORT parameters should be omitted. The process of downloading a release file can take some time, even if the switch and the HTTP server are connected by high speed links.
Rapier Switch User Guide Authentication failure traps and link state traps can be enabled using the commands: ENABLE SNMP AUTHENTICATE_TRAP ENABLE INTERFACE=interface LINKTRAP where interface is the name of an interface, such as vlan11. The command: SHOW SNMP displays the current state and configuration of the SNMP agent (Figure 7 on page 26). Figure 7: Example output from the SHOW SNMP command. SNMP configuration: Status .......................... Authentication failure traps .... Community ........
Layer 2 Switching 27 Chapter 4 Layer 2 Switching This section describes the Layer 2 switching features on the Rapier switch, and how to configure them. Switch Ports Each Ethernet switch port is uniquely identified by a port number. The switch supports a number of features at the physical level that allow it to be connected in a variety of physical networks. This physical layer (layer 1) versatility includes: ■ Enabling and disabling of Ethernet ports.
Rapier Switch User Guide Resetting Ethernet ports at the hardware level discards all frames queued for reception or transmission on the port, and restarts autonegotiation of port speed and duplex mode. Ports are reset using the command: RESET SWITCH PORT={port-list|ALL} [COUNTER] To display information about switch ports, use the command: SHOW SWITCH PORT[={port-list|ALL}] Figure 8: Example output from the SHOW SWITCH PORT command.
Layer 2 Switching 29 Table 3: Parameters in the output of the SHOW SWITCH PORT command Parameter Meaning Actual speed/duplex The port speed and duplex mode that this port is actually running at. A combination of a speed (one of “10 Mbps”, “100 Mbps” or “1000 Mbps”) and a duplex mode (one of “half duplex” or “full duplex”). Acceptable Frames Types The value of the Acceptable Frames Type parameter, one of: “Admit All Frames” or “Admit Only VLAN-tagged Frames”.
Rapier Switch User Guide which speed and mode to use. Autonegotiation allows the ports to adjust their speed and duplex mode to accommodate the devices connected to them. Each switch port can be either configured with a fixed speed and duplex mode, or configured to autonegotiate speed and duplex mode with a device connected to it to determine a speed and mode that will allow successful transmission. An autonegotiating port will adopt the speed and duplex mode required by devices connected to it.
Layer 2 Switching 31 DESTROY SWITCH TRUNK=trunk Port trunk groups can only be destroyed on the switch if no ports belong to them. All the ports in a trunk group must belong to the same VLAN. Ports in a trunk group can be added to other VLANs, either as individual ports or as an entire group. A port in a trunk group cannot be deleted from any of the VLAN(s) to which the whole trunk group belongs, unless it is first removed from the trunk group.
Rapier Switch User Guide Packet Storm Protection The packet storm protection feature allows the user to set limits on the reception rate of broadcast, multicast and destination lookup failure packets. The software allows separate limits to be set for each port, beyond which each of the different packet types are discarded. The software also allows separate limits to be set for each of the packet types. Which of these options can be implemented depends on the model of switch hardware.
Layer 2 Switching 33 If the value NONE or 0 is specified, then packet rate limiting for multicast packets is turned off. If any other value is specified, the reception of multicast packets will be limited to that number of packets per second. See the note after the BCLIMIT parameter description for important information about packet rate limiting. The default value for this parameter is NONE.
Rapier Switch User Guide Mirroring four or more ports may significantly reduce switch performance. The MIRROR parameter specifies the role of these port(s) as a source of mirror traffic. If NONE is specified, no traffic received or sent on these port(s) will be mirrored. If RX is specified, all traffic received on these port(s) will be mirrored. If TX is specified, all traffic transmitted on these port(s) will be mirrored. If BOTH is specified, all traffic received and transmitted will be mirrored.
Layer 2 Switching 35 discarded. If TRAP is specified, packets received from MAC addresses not on the port’s learn list will be discarded and an SNMP trap will be generated. If DISABLE is specified, the first time a packet is received from a MAC address not on the port’s learn list, it will be discarded, an SNMP trap will be generated and the port(s) will be disabled. To re-enable the port, disable the Port Security function on the port. The default value for this parameter is DISCARD.
Rapier Switch User Guide indicating whether a VLAN is up or down, is passed to the Internet Protocol (IP) module. IP uses this information to determine route availability. By default the switch is configured to include all ports as untagged members of a single default VLAN, with no VLAN tagging required on incoming frames, or added to outgoing frames. This default VLAN cannot be deleted from the switch.
Layer 2 Switching 37 Static and dynamic VLANs All VLANs created by the user on the command line are static VLANs. The default VLAN is also a static VLAN. Dynamic VLANs are created by GVRP, a GARP application whose purpose is to propagate VLAN information between VLAN aware switches. These dynamic VLANs are entitled gvrpxxx, where xxx is the VLAN’s VLAN identifier. Dynamic VLANs will only be created if GVRP is enabled on the switch. GVRP is disabled by default.
Rapier Switch User Guide A VLAN untagged frame received on a port will be associated with the VLAN to which the port belongs as an untagged member. VLANs are destroyed using the command: DESTROY VLAN={vlanname|2..4094|ALL} An untagged port deleted from a VLAN is returned to the default VLAN if the port does not transmit VLAN tagged frames for another static VLAN. Untagged ports are removed from VLANs using the command: DELETE VLAN={vlanname|1..
Layer 2 Switching 39 Figure 10: Example output from the SHOW VLAN command. VLAN Information -------------------------------------------------------------------------Name ............... default Identifier ......... 1 Status ............. static Untagged ports ..... 1,3-23 Tagged ports ....... None Spanning Tree ...... default Trunk ports ........ None Mirror port ........
Rapier Switch User Guide Table 5: Parameters displayed in the output of the SHOW VLAN command Parameter Meaning Protocol The name of the protocol, which is determined from the format and identification number. Format The encapsulation format specified by the module. Discrim The discriminator specified by the module to identify which packets of the given format should be received. MAC Address The Media Access Control source address for which the module wishes to receive packets.
Layer 2 Switching 41 VLANs to be used with VLAN tags are created and destroyed in the same way as VLANs with only untagged ports, by using the commands: CREATE VLAN=vlanname VID=2..4094 DESTROY VLAN={vlanname|2..4094|ALL} A VLAN may have VLAN-aware devices connected to some ports that require VLAN tagging, and legacy devices connected to other ports that cannot accept VLAN tags.
Rapier Switch User Guide Figure 11: Tagged VLANs Training VLAN VID=3 Port 3 Port 21 Port 22 Port 26 Switch A Switch B Port 25 Port 1 Port 2 Admin VLAN VID=2 Port 4 Port 23 Marketing VLAN VID=4 411 VLAN-aware server VLAN-FG2 To display the VLANs configured on the switch, use the command: SHOW VLAN[={vlanname|1..4094|ALL}] Summary of VLAN Tagging Rules When designing a VLAN and adding ports to VLANs, the following rules apply. 1.
Layer 2 Switching 43 Generic VLAN Registration Protocol (GVRP) The GARP application GVRP allows routers in a network to dynamically share VLAN membership information, to reduce the need for statically configuring all VLAN membership changes on all switches in a network. See the Generic Attribute Registration Protocol (GARP) chapter in the Rapier Switch Software Reference. Layer 2 Switching Process The Layer 2 switching process comprises related but separate processes.
Rapier Switch User Guide whether or not they are VLAN tagged. The parameters for each port’s Ingress Rules can be configured using the command: SET SWITCH PORT={port-list|ALL} [ACCEPTABLE={VLAN|ALL}] [INFILTERING={ON|OFF}] [other-parameters...] The ACCEPTABLE parameter sets the Acceptable Frame Types parameter, in the Ingress Rules, which controls reception of VLAN-tagged and VLANuntagged frames on the port. If ALL is specified, then the Acceptable Frame Types parameter is set to Admit All Frames.
Layer 2 Switching 45 ENABLE SWITCH LEARNING If the ageing timer for an entry in the Forwarding Database expires before another frame with the same source address is received, the entry is removed from the Forwarding Database. This prevents the Forwarding Database from being filled up with information about stations that are inactive or have been disconnected from the network, while ensuring that entries for active stations are kept alive in the Forwarding Database.
Rapier Switch User Guide This whole process can further be modified by the action of static switch filters. These are configurable filters which allow switched frames to be checked against a number of entries. The Forwarding Process provides storage for queued frames to be transmitted over a particular port or ports. More than one transmission queue may be provided for a given port.
Layer 2 Switching 47 Table 6: Parameters in the output of the SHOW SWITCH FILTER command Parameter Meaning Entry The number identifying the filter entry. Destination Address The destination MAC address for the entry. VLAN The VLAN name and identifier for the entry. Port The outbound port to match for the filter entry to be applied. Action The action specified by the filter entry; one of “Forward” or “Discard”.
Rapier Switch User Guide Quality of Service The switch hardware has a number of Quality of Service (QOS) egress queues that can be used to give priority to the transmission of some frames over other frames on the basis of their user priority tagging. The user priority field in an incoming frame (with value 0 to 7) determines which of the eight priority levels the frame is allocated.
Layer 2 Switching 49 Table 8: Parameters in the output of the SHOW SWITCH QOS command Parameter Meaning Priority level The priority level of the frame. QOS egress queue The Quality Of Service egress queue that frames with this priority level join. Spanning Tree Protocol (STP) The Spanning Tree Protocol (STP) makes it possible to automatically disable redundant paths in a network to avoid loops, and enable them when a fault in the network means they are needed to keep traffic flowing.
Rapier Switch User Guide To display the STP state of the switch ports (Figure 15 on page 54), use the command: SHOW STP PORT=port-list A Rapier switch in default LAN configuration has a default Spanning Tree enabled, spanning only a single default VLAN, to which all ports belong. The switches in the LAN run a distributed Spanning Tree Algorithm to create a single Spanning Tree. In a network of Rapier switches with VLANs configured, all VLANs belong by default to a default Spanning Tree called default.
Layer 2 Switching 51 The MAXAGE parameter sets the maximum age, in seconds, of Spanning Tree Protocol information learned over the network on any port before it is discarded. The default value is 20 seconds. The FORWARDDELAY, MAXAGE and HELLOTIME parameters should be set according to the following formulae, as specified in IEEE Standard 802.1D: 2 x (FORWARDDELAY - 1.0 seconds) >= MAXAGE MAXAGE >= 2 x (HELLOTIME + 1.
Rapier Switch User Guide Figure 14: Example output from the SHOW STP command. STP Information -----------------------------------------------------------Name .................. default VLAN members .......... default (1) marketing (3) Status ................ ON Number of Ports ....... 21 Number Enabled ...... 0 Number Disabled ..... 21 Bridge Identifier ..... 32768 : 00-00-cd-00-a9-a5 Designated Root ....... 32768 : 00-00-cd-00-a9-a5 Root Port ............. (n/a) Root Path Cost ........ 0 Max Age .....
Layer 2 Switching 53 Table 10: Parameters in the output of the SHOW STP command Parameter Meaning Forward Delay The time ports spend in the Listening state and Learning state before moving to the Learning or Forwarding state respectively. Also the value used for the ageing timer for the dynamic entries in the Forwarding Database while received Configuration Messages indicate a topology change.
Rapier Switch User Guide To restore default port pathcost and priority, use the command: SET STP PORT={port-list|ALL} DEFAULT When an STP is enabled in a looped or meshed network, it disables and enables particular ports belonging to it dynamically, to eliminate redundant links. All ports in a VLAN belong to the same STP, and their participation in STP configuration, and hence the possibility of them being elected to the STP’s active topology is enabled by default.
Layer 2 Switching 55 Table 11: Parameters displayed in the output of the SHOW STP PORT command Parameter Meaning Designated Port The Port Identifier of the Designated Bridge through which the Designated Bridge transmits Configuration BPDU information stored by this port.
Rapier Switch User Guide Table 12: Parameters in the output of the SHOW STP COUNTER command Parameter Meaning Port Disabled The number of BPDUs discarded because the port that the BPDU was received on was disabled. Invalid Protocol The number of STP packets that had an invalid Protocol Identifier field or invalid Protocol Version Identifier field. Invalid Type The number of STP packets that had an invalid Type field.
Layer 2 Switching 57 IGMP is used in conjunction with limited static multicast settings, or with DVMRP or PIM Sparse Mode for full multicast support (IP Multicasting chapter in the Rapier Switch Software Reference).
Rapier Switch User Guide Table 13: Parameters in the output of the SHOW IP IGMP command. Parameter Meaning Status The status of IGMP; one of “Enabled” or “Disabled”. Default Query Interval The default interval at which Host Membership Queries are sent. Default Timeout Interval The default interval after which entries will be removed from the group database, if no Host Membership Report is received. Group List A list of multicast group memberships for this interface.
Layer 2 Switching 59 Script Parameters Event The trigger passes the following parameter(s) to the script: Argument Description %1 The port number of the port which has just gone down. LINKUP Description The port link specified by the PORT parameter has just come up. Parameters The following command parameter(s) must be specified in the CREATE/SET TRIGGER commands: Script Parameters Rapier Switch Software Release 2.2.
Layer 3 Switching 61 Chapter 5 Layer 3 Switching The Rapier switch provides Layer 3 switching and routing over VLANs. Once a VLAN has been created (see “Virtual LANs” on page 35), the VLAN name can be used wherever a logical interface is required in commands for configuring routing protocols. VLAN names are of the form: VLAN-vlanname or VLANn where vlanname is the manager-assigned name of the VLAN, and n is the VLAN identifier (VID).
Rapier Switch User Guide Figure 18: Example output from the SHOW IP INTERFACE command. Interface Type IP Address Bc Fr PArp Filt RIP Met. SAMode IPSc Pri. Filt Pol.Filt Network Mask MTU VJC GRE OSPF Met. DBcast Mul. -------------------------------------------------------------------------------LOCAL Not Set - n --- --------- --vlan11 Static 192.168.163.39 1 y On --- 01 Pass -----255.255.255.0 1500 --- 0000000001 No On ppp1 Dynamic 0.0.0.0 1 y --- 01 Pass -----255.255.255.
Layer 3 Switching 63 Novell IPX The advanced feature licence AT-RPFL3Upgrade is required for this feature. The switch’s implementation of the Novell IPX protocol uses the term circuit to refer to a logical connection over an interface, similar to an X.25 permanent virtual circuit (PVC) or a Frame Relay Data Link Connection (DLC). The term interface is used to refer to the underlying physical interface, such as VLAN, Ethernet, Point-to-Point (PPP) and Frame Relay.
Rapier Switch User Guide AppleTalk The advanced feature licence AT-RPFL3Upgrade is required for this feature. To create an AppleTalk port (interface) associated with the admin VLAN, use the command: ADD APPLE PORT INTERFACE=vlan11 The command: SHOW APPLE PORT displays information about the ports configured for AppleTalk (Figure 21 on page 64). Figure 21: Example output from the SHOW APPLE PORT command. Appletalk Port Details -----------------------------------Port Number .............. 1 Interface ...
Layer 3 Switching 65 The command: SHOW RSVP INTERFACE displays information about the interfaces enabled for RSVP (Figure 22). Figure 22: Example output from the SHOW RSVP INTERFACE command. RSVP Interfaces Maximum Reserved No.
