RAPIER SWITCH USER GUIDE Software Release 2.6.
Rapier Switch User Guide for Software Release 2.6.1 Document Number C613-02025-00 REV C. Copyright © 2003 Allied Telesyn International, Corp. 960 Stewart Drive Suite B, Sunnyvale CA 94086, USA. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn. Allied Telesyn International, Corp. reserves the right to make changes in specifications and other information contained in this document without prior written notice.
Contents CHAPTER 1 Introduction Introducing the Rapier Series Switch ................................................................. 7 Why Read this User Guide? ............................................................................... 7 Where To Find More Information ...................................................................... 8 The Rapier Series Switch Documentation Set .............................................. 8 Online Technical Support ............................................
Rapier Switch User Guide The Diagnostics Menu .............................................................................. Changing the Password ............................................................................ Context Sensitive GUI Help ....................................................................... Saving Configuration Entered with the GUI .............................................. Combining GUI and CLI Configuration .....................................................
The Forwarding Process ............................................................................ 84 Layer 2 Filtering ........................................................................................ 85 The Egress Rules ....................................................................................... 87 Quality of Service ............................................................................................ 87 Spanning Tree Protocol (STP) ............................................
Chapter 1 Introduction Introducing the Rapier Series Switch Congratulations on purchasing the Rapier Series Layer 3 Fast Ethernet Switch, which combines wire speed Layer 2 and Layer 3 IP switching with a powerful multiprotocol routing software suite. This guide introduces the Rapier Series Switch and will guide you through the most common uses and applications of your new switch. Getting started will not take long—many applications are set up in just a few minutes.
Rapier Switch User Guide This user guide is organised into the following chapters: ■ Chapter 1, Introduction gives an overview of the switch features and of the documentation supplied with your switch. ■ Chapter 2, Getting Started with the Command Line Interface (CLI) describes how to gain access to the command line interface. ■ Chapter 3, Getting Started with the Graphical User Interface (GUI) describes how to access and use the graphical user interface, including troubleshooting the GUI.
Introduction 9 ■ Rapier Series Switch Documentation and Tools CD-ROM The Rapier Series Switch Documentation Set in Adobe Acrobat PDF format is bundled with every switch—the complete reference to installing, configuring and managing the switch, including detailed descriptions of all commands.
Rapier Switch User Guide Management Features The following features enhance management of the switch: ■ A sophisticated and configurable event logging facility for monitoring and alarm notification to single or multiple management centres. ■ Triggers for automatic and timed execution of commands in response to events. ■ Scripting for automated configuration and centralised management of configurations. ■ Dynamic Host Configuration Protocol (DHCP) for IP and IPv6.
Introduction 11 ■ IPv6 multicast routing support, including Multicast Listener Discovery (MLDv2) and Protocol Independent Multicast (PIM) Sparse and Dense Modes. ■ OSPF, RIP (IP and Novell®), SAP (Novell®), EGP and BGP routing protocols. ■ ARP, Proxy ARP and Inverse ARP address resolution protocols. ■ Sophisticated packet filtering. ■ Bridging. ■ Van Jacobson’s header compression, STAC LZS and Predictor compression, and hardware-based and DES encryption.
Rapier Switch User Guide ■ Demand IPX ■ IPX/SPX Spoofing ■ IPX Filtering (not between switch ports) ■ AppleTalk ■ Resource Reservation Protocol (RSVP) ■ BGP-4 ■ Load balancer Most software features that require a special feature licence are bundled into one of the following special feature licence packs: ■ Full Layer 3 Feature Licence ■ Advanced Layer 3 Feature Licence ■ Security Pack Feature Licence For more information about purchasing special feature licences, contact your Allied
Chapter 2 Getting Started with the Command Line Interface (CLI) This Chapter This chapter describes how to access the switch’s CLI, and provides basic information about configuring the switch, including how to: ■ Physically connect a terminal or PC to the switch (see “Connecting a Terminal or PC” on page 14 and the Quick Install Guide). ■ Set the Terminal Communication parameters to match the router’s settings (see “Terminal Communication Parameters” on page 14).
Rapier Switch User Guide Connecting a Terminal or PC The first thing to do after physically installing the switch is to start a terminal or terminal emulation session to access the switch. Then you can use the command line interface (CLI) to configure the switch. If you wish to configure the switch using the Graphical User Interface, you must first access the CLI and assign an IP address to at least one interface.
Getting Started with the Command Line Interface (CLI) 15 If a modem is connected, configure the switch to make and/or accept calls via the modem. To set the CDCONTROL parameter to “CONNECT” and the FLOW parameter to “HARDWARE”, enter the command: SET ASYN CDCONTROL=CONNECT FLOW=HARDWARE If the terminal or modem is used with communications settings other than the default settings, then configure the asynchronous port to match the terminal or modem settings using the SET ASYN command.
Rapier Switch User Guide If IP addresses on your LAN are assigned dynamically by DHCP, you can set the switch to request an IP address from the DHCP server, using the commands: ADD IP INTERFACE=vlan1 IPADDRESS=DHCP ENABLE IP REMOTEASSIGN You do not need to set the MASK parameter because the subnet mask received from the DHCP server is used.
Getting Started with the Command Line Interface (CLI) 17 To add a static route, enter the command: ADD IP ROUTE=ipadd INTERFACE=interface NEXTHOP=ipadd [CIRCUIT=miox-circuit] [DLCI=dlci] [MASK=ipadd][METRIC=1..16] [METRIC1=1..16] [METRIC2=1..65535][POLICY=0..7] [PREFERENCE=0..
Rapier Switch User Guide ■ Do not use your birth date, street number or telephone number. ■ Do not write down your password anywhere. Make sure you remember the new password created as you cannot retrieve a lost password. Recovery of access to the switch is complex. Once you have logged into the manager account you are able to enter commands from this guide and from the Rapier Series Switch Software Reference.
Getting Started with the Command Line Interface (CLI) 19 Aliases The command line interface supports aliases. An alias is a short name for an often-used longer character sequence. When the user presses [Enter] to execute the command line, the command processor first checks the command line for aliases and substitutes the replacement text. The command line is then parsed and processed normally. Alias substitution is not recursive—the command line is scanned only once for aliases.
Rapier Switch User Guide Enabling Special Feature Licences You must enable the special feature licence you have purchased before you can use the licenced features. You will need the password provided by your authorised distributor or reseller. The advanced upgrade licence and password are different from the standard software release licence and password. The licence cannot be transferred from one switch to another.
Chapter 3 Getting Started with the Graphical User Interface (GUI) This Chapter This chapter describes how to access the switch’s HTTP-based Graphical User Interface (GUI), and provides basic information about using the GUI, including: ■ What is the GUI? • ■ ■ an introduction to the Graphical User Interface Accessing the switch via the GUI: • browser and PC setup, including interaction with HTTP proxy servers • establishing a connection to your switch, including an example of configuring SSL for se
Rapier Switch User Guide What is the GUI? The GUI (Graphical User Interface) is a web-based device management tool, designed to make it easier to configure and monitor the switch. The GUI provides an alternative to the CLI (Command Line Interface). Its purpose is to make complicated tasks simpler and regularly performed tasks quicker. The GUI relies on an HTTP server that runs on the switch, and a web browser on the host PC.
Getting Started with the Graphical User Interface (GUI) 23 To enable JavaScript in Netscape 6.2.x: 1. From the Edit menu, select Preference 2. Select the Advanced menu option. 3. Ensure that the “Enable JavaScript for Navigator” checkbox is checked. The minimum screen resolution on the PC is 800x600. HTTP Proxy Servers An HTTP proxy server provides a security barrier between a private network’s PCs and the Internet.
Rapier Switch User Guide Establishing a Connection to the Switch Before you start, consider how the switch fits into your network. If you are installing a new switch, consider whether you want to configure it before deploying it into the LAN, or want to configure it in situ. If you want to access a switch that has already been configured, consider the relative positions of the PC and the switch.
Getting Started with the Graphical User Interface (GUI) 25 Option 1: Configuring the Switch before Installation Use this procedure if: ■ You want to configure the switch before installing it in your LAN. ■ You will be installing the switch at a remote office or a customer site and want to configure it first. ■ You want a dedicated management PC permanently connected to the switch. 1.
Rapier Switch User Guide 9. At the login prompt, enter the user name and password The default username is manager: User Name: manager Password: friend The System Status or System Hardware Details page is displayed (Figure 6 on page 31). Select options from the sidebar menu to configure and manage the switch. Option 2: Installing the Switch into the LAN Use this procedure if: ■ You want to install the switch into the LAN before you configure it. 1.
Getting Started with the Graphical User Interface (GUI) 27 You can browse to the switch through any VLAN, as long as you give that VLAN an IP address (see below). These instructions assume you will use vlan1. The switch ports all belong to vlan1 by default. 3. Access the switch’s command line interface Access the CLI from the PC, as described in “Connecting a Terminal or PC” on page 14. 4. Enable IP ENABLE IP 5.
Rapier Switch User Guide 10. Point your web browser at the LAN interface’s IP address For normal access, point your web browser to http://ip-address For secure access, point your web browser to https://ip-address where ip-address is the interface’s IP address. 11. At the login prompt, enter the user name and password The default username is manager: User Name: manager Password: friend The System Status or System Hardware Details page is displayed (Figure 6 on page 31).
Getting Started with the Graphical User Interface (GUI) 4. 29 Browse to the switch For normal access, point your web browser to http://ip-address where ip-address is the interface’s IP address. To access the switch securely if SSL (Secure Sockets Layer) has been configured on the interface, point your web browser to https://ip-address For more information about secure access, see “Secure Access” on page 29. 5.
Rapier Switch User Guide 3. Enable system security To enable system security, use the command: ENABLE SYSTEM SECURITY 4. Create an RSA key pair for this switch. To create an RSA key pair, use the command: CREATE ENCO KEY=0 TYPE=RSA LENGTH=1024 5. Set the switch’s distinguished name. To set the switch’s distinguished name to "cn=switch1,o=my_company,c=us", use the command: SET SYSTEM DISTINGUISHEDNAME="cn=switch1, o=my_company,c=us" 6. Set the UTC offset.
Getting Started with the Graphical User Interface (GUI) 31 10. Configure an IP interface to run SSL over To configure an IP interface that SSL will be run over, first enable IP using the command: ENABLE IP To make VLAN1 the IP interface, and 172.30.1.105 the interface’s IP address, use the command: ADD IP INTERFACE=vlan1 IP=172.30.1.105 To add an IP route on this interface with a next hop of 172.30.1.254, use the command: ADD IP ROUTE=0.0.0.0 INTERFACE=vlan1 NEXT=172.30.1.
Rapier Switch User Guide Using the GUI: Navigation and Features The GUI consists of a large number of pages, which you navigate between using the menu on the left of the browser window. This section describes how to use the GUI, and gives an overview of its functionality.
Getting Started with the Graphical User Interface (GUI) 33 To delete or destroy an item, select it by clicking on the option button at the beginning of its entry in the selection table. Then click the Remove button. Only one person can configure a particular switch with the GUI at a time, to avoid clashes between configurations. Monitoring and diagnostics pages can be viewed by more than one user at a time.
Rapier Switch User Guide Figure 8: An example of a popup “add” page Text field Select list Checkbox Apply and Cancel buttons Figure 9: An example of a popup “modify” page Non-editable field Editable Fields GUI pages allow you to enter values or select options through a range of field types. These include: • text fields, to enter character strings or numbers, especially for fields where there are few limits on the entries (such as names).
Getting Started with the Graphical User Interface (GUI) 35 • radio button lists, to choose one of a set of mutually-exclusive options • checkboxes, to enable or disable features. Ports Graphic Pages on which you can select switch ports use a Ports graphic - a visual representation of the switch ports.To toggle through the selection options, click on the icon representing the port you want to select or deselect.
Rapier Switch User Guide The Management Menu You can use the GUI to manage the switch itself, including: • creating user accounts and enabling system security • creating and editing files • backing files up to the switch’s Flash memory or to a PC or TFTP server • restoring the switch’s configuration from backup • specifying which software and configuration files the switch uses on bootup, and displaying the currently-used files • enabling software release and feature licences • upgrading t
Getting Started with the Graphical User Interface (GUI) • displaying the contents of the switch’s file system and how much memory is used and available. You can also delete files • an interface to the switch’s command line interface, allowing you to enter CLI commands. 37 Changing the Password As a security precaution, change the password as soon as possible. To change the password of the default Manager account, select Management > Users from the sidebar menu.
Rapier Switch User Guide Combining GUI and CLI Configuration You can alternate between the GUI and the CLI without difficulty. Note that GUI pages will not automatically refresh to reflect changes in the CLI configuration; you must reload the relevant page (for example, by clicking the Refresh button on your browser). Configuring Multiple Devices If you are configuring a number of switches with similar requirements, you may wish to: 1. Configure one device, using either the CLI or the GUI 2.
Getting Started with the Graphical User Interface (GUI) 39 If you have multiple valid resource files and releases stored on the switch, use the SET INSTALL command to change the release and resource file the switch uses (see below). 2. Load the new file onto the switch Download the GUI resource file for your model of switch from the website to your TFTP server. Do not rename the file. Resource files use a fixed naming convention, which includes a product code, a language code and a version code.
Rapier Switch User Guide Troubleshooting The GUI resource file has an 8-digit name, with the file extension rsc (for example, d_r48e03.rsc).
Getting Started with the Graphical User Interface (GUI) 41 • The IP address of the switch’s interface may be incorrect. To correct this, access the CLI and use the IPADDRESS parameter of command SET IP INTERFACE • The IP address of the switch’s default gateway may be incorrect, so that the switch does not have a route back to your PC’s gateway. To correct this, access the CLI and use the NEXTHOP parameter of the command ADD IP ROUTE or SET IP ROUTE.
Rapier Switch User Guide ■ Check that the switch is passing the correct DNS information to hosts on the LAN, if the switch is a DHCP server. If the switch acting as a DHCP client as well, and therefore is passing on DNS information from another DHCP server, check that this DHCP server is providing the switch with the correct information. IP Addresses and DHCP Problem The switch is enabled as a DHCP server, but cannot assign an IP address to a host. Solution ■ Reboot the host machine.
Getting Started with the Graphical User Interface (GUI) 43 Problem The switch’s time is incorrect, even though it assigns the correct time to devices on the LAN. Solution The UTC offset is probably incorrect, or needs to be adjusted for the beginning or end of summer time. To correct this, select Configuration > System > Time and enter the correct offset.
Chapter 4 Operating the switch This Chapter This chapter introduces basic operations on the switch, including: ■ “User Accounts and Privileges” on page 45 ■ “Normal Mode and Security Mode” on page 47 ■ “Remote Management” on page 50 ■ “Storing Files in FLASH Memory” on page 51 ■ “Using Scripts” on page 52 ■ “Loading and Uploading Files” on page 53 ■ “Upgrading Switch Software” on page 57 ■ “Using the Built-in Editor” on page 61 ■ “SNMP and MIBs” on page 62 User Accounts and Privileges Th
Rapier Switch User Guide In normal mode, a user with manager privilege can create and delete accounts for users with any of these privilege levels. Users and passwords are managed by the User Authentication Facility. Users and passwords are authenticated using an internal database called the User Authentication Database, or by interrogation of external RADIUS (Remote Authentication Dial In User Service) or TACACS (Terminal Access Controller Access System) servers.
Operating the switch 47 See the Operations chapter in the Rapier Series Switch Software Reference for: ■ More information about managing and using accounts with user, manager and security officer privileges ■ A full list of commands that require security officer privilege when the switch is in secure mode ■ Information about enabling a remote security officer. Normal Mode and Security Mode The switch operates in one of two modes, either normal mode or security mode.
Rapier Switch User Guide When the switch is in security mode, a user with security officer privilege is the only person who can execute commands which affect switch security. Table 5 on page 48 lists commands that only a security officer can execute when the switch is in security mode. A complete list of commands limited by security mode are listed in the Operation chapter in the Rapier Series Switch Software Reference.
Operating the switch 49 Table 5: Commands requiring SECURITY OFFICER privilege when the switch is operating in security mode (Continued).
Rapier Switch User Guide Table 5: Commands requiring SECURITY OFFICER privilege when the switch is operating in security mode (Continued). Command Specific Parameters SET PPP TEMPLATE SET SA SET SCR SET SNMP COMMUNITY SET SSH SET STAR SET USER SHOW CONFIG SHOW ENCO KEY SHOW FEATURE SHOW FILE SHOW NVS SHOW PPP CONFIG SHOW STAR [=id], MKTTRANSFER, NETKEY UPLOAD Remote Management You can manage remote switches as easily as you manage the local switch a terminal is connected to.
Operating the switch 51 Storing Files in FLASH Memory When you purchase the switch, the switch software release, the online help files, and a default configuration file are stored in FLASH memory, where they are saved even if the switch is powered down. You will use the FLASH memory to store updated software releases or patches, and files that record the router’s configuration. FLASH memory is like a flat file system, with no subdirectories. The switch also has Random Access Memory (RAM).
Rapier Switch User Guide Using Scripts When you start or restart the switch, or when it automatically restarts, it executes the configuration commands in the boot script. A boot script is a text file containing a sequence of standard commands that the switch executes at startup. The default boot script is called boot.cfg. Commands run from a boot script are limited to 128 characters.
Operating the switch 53 Storing Multiple Scripts You can store multiple configuration scripts on the switch. This allows you to test new configuration scripts once, before setting them as the default configuration. For example, to test the new configuration script test.cfg, enter the command: RESTART SWITCH CONFIG=test.cfg Storing multiple scripts also allows you to keep a backup switch with configuration scripts stored on it for every switch in the network to speed up network recovery time.
Rapier Switch User Guide Table 6: File extensions and file types (Continued). Extension File type/function INS Stores install information created by using the SET INSTALL command. JPG (Joint Photographic Experts Group) graphic image file. KEY Public portion of an RSA key. LIC Licence information. LOG Log file. MDS Modem script. PAT Patch. PAZ Compressed patch. REL Software release. REZ Compressed release. SCP Script.
Operating the switch 55 To load a file onto the switch using the HTTP protocol, enter the command: LOAD [METHOD={HTTP|WEB|WWW}] [DELAY=delay] [DESTFILE=destfilename] [DESTINATION=BOOTBLOCK|FLASH}] [HTTPPROXY={hostname|ipadd} [PASSWORD=password] [PROXYPORT=1..65535]] [SERVER={hostname|ipadd}] [SERVPORT={1..65535|DEFAULT}] [SRCFILE|FILE=filename] [USERNAME=username] The switch can only load one file at a time. Wait for the current transfer to complete before initiating another transfer.
Rapier Switch User Guide To load a patch file 1. Configure the LOADER. Set the LOADER module with defaults to make the process of downloading files in future simpler. SET LOADER METHOD=HTTP SERVER=192.168.1.1 DESTINATION=FLASH 2. Download the patch file. Download the patch file onto the switch, using the defaults set above. LOAD FILE=86251-01.paz When the download has completed, check that the file is in FLASH. SHOW FILE This shows the file 86251-01.paz is present.
Operating the switch 57 2. Upload the configuration file. Upload the configuration file from the switch into the TFTP directory of the TFTP server on the network, using the defaults set above. UPLOAD FILE=filename.cfg Monitor the load progress. SHOW LOAD When the upload is complete, check that the file is in the TFTP directory on the network host.
Rapier Switch User Guide When the switch reboots, it checks the install information in a strict order: • Firstly, the switch checks the temporary install. If a temporary install is specified, the switch loads it into RAM and runs it. At the same time, it deletes the temporary install information so it will not load a second time. This information is deleted even if the temporary install triggers a fatal condition causing the switch to reboot immediately.
Operating the switch 59 Example: Upgrade to a New Software Release Using TFTP This example assumes the switch is correctly configured to allow TFTP to function. This means that IP is configured and the switch is able to communicate with the designated TFTP server. The TFTP server is assumed to function correctly and the release and patch files are assumed present in the server’s TFTP directory. The switch has no patch files, and is running the Software Release 2.6.1. The IP address of the server is 172.
Rapier Switch User Guide compatible, so your current configuration should run with little or no modifications on the later release. CREATE CONFIG=myconfig.cfg SET CONFIG=myconfig.cfg The SET CONFIG information survives the release update. Reboot the switch. RESTART REBOOT The switch reboots, loading the new release file and the specified configuration. Display the install history, and check that the temporary release was loaded. SHOW INSTALL 5. Make the release the default (permanent) release.
Operating the switch 61 The switch reboots, loading the new patch file and the specified configuration. Check that the switch operates correctly with the new patch file. 3. Make the patch part of the default (permanent) release. If the switch operates correctly with the new patch, make the release permanent. SET INSTALL=PREFERRED RELEASE=86s-261.rez PATCH=86261-01.paz Every time the switch reboots from now on, it loads the new release and patch from FLASH.
Rapier Switch User Guide SNMP and MIBs You can remotely monitor some features of the switch using Simple Network Management Protocol (SNMP). For information about the MIBs supported by the switch, see Appendix C: SNMP MIBs in the Rapier Series Switch Software Reference. The SNMP agent is disabled by default.
Operating the switch 63 ■ How to use LDAP to load PKI certificates and CRLs onto your switch. ■ Switch Startup Operations ■ How to use FLASH compaction to regain storage space on the switch. Read “Warning about FLASH memory” on page 12 before you attempt to do this. ■ How to set aliases to represent common command strings. ■ How to define a remote security officer, so you can manage the security features remotely via Telnet.
Layer 2 Switching 65 Chapter 5 Layer 2 Switching This section describes the Layer 2 switching features on the Rapier Series Switch, and how to configure them. Switch Ports Each Ethernet switch port is uniquely identified by a port number. The switch supports a number of features at the physical level that allow it to be connected in a variety of physical networks. This physical layer (layer 1) versatility includes: ■ Enabling and disabling of Ethernet ports.
Rapier Switch User Guide Resetting Ethernet ports at the hardware level discards all frames queued for reception or transmission on the port, and restarts autonegotiation of port speed and duplex mode. Ports are reset using the command: RESET SWITCH PORT={port-list|ALL} [COUNTER] To display information about switch ports, use the command: SHOW SWITCH PORT[={port-list|ALL}] Figure 12: Example output from the SHOW SWITCH PORT command.
Layer 2 Switching 67 Table 7: Parameters in the output of the SHOW SWITCH PORT command Parameter Meaning Actual speed/duplex The port speed and duplex mode that this port is actually running at. A combination of a speed (one of “10 Mbps”, “100 Mbps” or “1000 Mbps”) and a duplex mode (one of “half duplex” or “full duplex”). Configured master/slave mode The master/slave mode configured for this port; one of “Autonegotiate’, “Master”, “Slave” or “Not applicable”.
Rapier Switch User Guide Autonegotiation of Port Speed and Duplex Mode Each of the switch ports can operate at either 10 Mbps or 100 Mbps, in either full duplex or half duplex mode. In full duplex mode a port can transmit and receive data simultaneously, while in half duplex mode the port can either transmit or receive, but not at the same time. This versatility makes it possible to connect devices with different speeds and duplex modes to different ports on the switch.
Layer 2 Switching 69 Table 8: Port speed and duplex settings for Ethernet Ports .
Rapier Switch User Guide All the ports in a trunk group must belong to the same VLAN. Ports in a trunk group can be added to other VLANs, either as individual ports or as an entire group. A port in a trunk group cannot be deleted from any of the VLAN(s) to which the whole trunk group belongs, unless it is first removed from the trunk group.
Layer 2 Switching 71 Packet Storm Protection The packet storm protection feature allows the user to set limits on the reception rate of broadcast, multicast and destination lookup failure packets. The software allows separate limits to be set for each port, beyond which each of the different packet types are discarded. The software also allows separate limits to be set for each of the packet types. Which of these options can be implemented depends on the model of switch hardware.
Rapier Switch User Guide the BCLIMIT parameter description for important information about packet rate limiting. The default value for this parameter is NONE. If packet storm protection limits are set on the switch, the PORT parameter must specify complete processing blocks. The ability of the switch to limit packet reception rates for different classes of packets is dependent on the particular switch hardware.
Layer 2 Switching 73 To send packets that match particular criteria to the mirror port, first create a classifier or classifiers using the command: CREATE CLASSIFIER Then create a hardware filter with the ACTION parameter set to SENDMIRROR, using the command: ADD SWITCH HWFILTER CLASSIFIER=classifier-list ACTION=SENDMIRROR By default mirroring is disabled, no mirror port is set, and no source ports are set to be mirrored.
Rapier Switch User Guide Figure 13: Example output from the SHOW SWITCH PORT INTRUSION command.
Layer 2 Switching 75 Devices that are members of the same VLAN only exchange data with each other through the switch’s switching capabilities. To exchange data between devices in separate VLANs, the switch’s routing capabilities are used. The switch passes VLAN status information, indicating whether a VLAN is up or down, to the Internet Protocol (IP) module. IP uses this information to determine route availability. The switch has a maximum of 255 VLANs, ranging from a VLAN identifier (VID) of 1 to 4094.
Rapier Switch User Guide Figure 14: Format of user priority and VLAN data in an Ethernet frame. Destination Address 64 bits 48 bits TPID 16 bits Source Type/ Address Length Frame Data 48 bits 16 bits User Priority CFI 3 bits 1 bit Preamble 368-12000 CRC 32 bits VID 12 bits 0x81-00 SWITCH6 Table 10: Reserved VID values . VID value (hexadecimal) Meaning and use of reserved VID values 0 The null VLAN ID.
Layer 2 Switching 77 Every frame admitted by the switch has a VID associated with it. If a frame arrives on a tagged port, the associated VID is determined from the VLAN tag the frame had when it arrived. If a frame arrives on an untagged port, it is associated with the VID of the VLAN for which the incoming port is untagged. When the switch forwards a frame over a tagged port, it adds a VLAN tag to the frame.
Rapier Switch User Guide Figure 15: VLANs with tagged ports. Training VLAN VID=3 Port 3 Port 22 Port 26 Switch A Port 21 Switch B Port 25 Port 1 Port 4 Port 2 Port 23 Admin VLAN VID=2 Marketing VLAN VID=4 411 VLAN-aware server SWITCH3 Table 11: VLAN membership of example of a network using tagged ports.
Layer 2 Switching 79 If the network includes VLANs that do not need to share network resources or span several switches, VLAN membership can usefully be based on untagged ports. Otherwise, VLAN membership should be determined by tagging (see “VLAN Tagging” on page 75). Figure 16 on page 79 shows two port-based VLANs with untagged ports belonging to them. Ports 1-3 belong to the marketing VLAN, and ports 14-16 belong to the training VLAN.
Rapier Switch User Guide To add tagged ports to a VLAN, use the command: ADD VLAN={vlan-name|1..4094} PORT={port-list|ALL} FRAME=TAGGED A port can be tagged for any number of VLANs. To add untagged ports to a VLAN, use the command: ADD VLAN={vlan-name|1..4094} PORT={port-list|ALL} [FRAME=UNTAGGED] A port can be untagged for zero or one VLAN. A port can only be added to the default VLAN as an untagged port if it is not untagged for another VLAN.
Layer 2 Switching 81 Summary of VLAN tagging rules When designing a VLAN and adding ports to VLANs, the following rules apply. 1. Each port, except for the mirror port, must belong to at least one static VLAN. By default, a port is an untagged member of the default VLAN. 2. A port can be untagged for zero or one VLAN. A port that is untagged for a VLAN transmits frames destined for that VLAN without a VLAN tag in the Ethernet frame. 3. A port can be tagged for zero or more VLANs.
Rapier Switch User Guide Generic VLAN Registration Protocol (GVRP) The GARP application GVRP allows switches in a network to dynamically share VLAN membership information, to reduce the need for statically configuring all VLAN membership changes on all switches in a network. See the Generic Attribute Registration Protocol (GARP) chapter in the Rapier Switch Software Reference. Layer 2 Switching Process The Layer 2 switching process comprises related but separate processes.
Layer 2 Switching 83 The default settings for the Ingress Rules are to Admit All Frames, and for Ingress Filtering to be OFF. This means that if no VLAN configuration has been done, all incoming frames pass on to the Learning Process, regardless of whether or not they are VLAN tagged. The parameters for each port’s Ingress Rules can be configured using the command: SET SWITCH PORT={port-list|ALL} [ACCEPTABLE={VLAN|ALL}] [INFILTERING={ON|OFF}] [other-parameters...
Rapier Switch User Guide If the frame’s source address is not already in the Forwarding Database for the VLAN, the address is added and an ageing timer for that entry is started. If the frame’s source address is already in the Forwarding Database, the ageing timer for that entry is restarted.
Layer 2 Switching 85 the switch floods the frame on all ports in the VLAN except the port on which the frame was received. If the destination address is found, the switch discards the frame if the port is not in the STP ‘Forwarding’ state, if the destination address is on the same port as the source address, or if there is a static filter entry for the destination address set to DISCARD (“Layer 2 Filtering” on page 85). Otherwise, the frame is forwarded on the indicated port.
Rapier Switch User Guide Figure 17: Example output from the SHOW SWITCH FILTER command.
Layer 2 Switching 87 The Egress Rules Once the Forwarding Process has determined which ports and transmission queues to forward a frame from, the Egress Rules for each port determine whether or not the outgoing frame is VLAN-tagged with its numerical VLAN Identifier (VID). (See “Virtual Local Area Networks (VLANs)” on page 74). When a port is added to a VLAN, it is configured to transmit either untagged or VLAN tagged packets, using the command: ADD VLAN={vlanname|1..
Rapier Switch User Guide To display the mapping of user priority to QOS egress queues, use the command: SHOW SWITCH QOS Figure 18: Example output from the SHOW SWITCH QOS command Priority Level QOS egress queue ------------------------------------0 ................... 1 1 ................... 0 2 ................... 0 3 ................... 1 4 ................... 2 5 ................... 2 6 ................... 3 7 ...................
Layer 2 Switching 89 Table 15: The different QoS-type controls available on the switch. Command set Use for Do not use for Hardware packet filters Priority queueing of classified traffic flows. Replacing TOS or DSCP byte of IP header. Bandwidth limiting. Configuring most DiffServ domains. Replacing User Priority in VLAN tag header. Forwarding a flow that is marked to be dropped (for example, because bandwidth allocation is exceeded).
Rapier Switch User Guide A spanning tree running in standard mode can take up to one minute to rebuild after a topology or configuration change. The Rapid Spanning Tree algorithm provides for a more rapid recovery of connectivity following the failure of a bridge, bridge port, or a LAN. For information about RSTP see the Rapid Mode Spanning Tree Types section, Switch chapter in the Rapier Switch Software Reference.
Layer 2 Switching 91 To specify whether the STP will operate in STANDARD mode or RAPID mode, use the command: SET STP={stp-name|ALL} [MODE={STANDARD|RAPID}] [other parameters] The default is STANDARD. If the mode is changed while the algorithm is running then the STP is re-initialised.
Rapier Switch User Guide Configuring STP By default, the switch has one default STP which cannot be destroyed. In most situations this default STP will suffice. By default, all VLANs, and therefore all ports, belong to the default STP. To add or delete a VLAN and all the ports belonging to it from any other STP, use the commands: ADD STP=stpname VLAN={vlan-name|2..4094} DELETE STP=stpname VLAN={vlan-name|2..
Layer 2 Switching 93 switches. The Bridge Identifier parameter is used in all configuration Spanning Tree Protocol packets transmitted by the switch. The first two octets, specified by the PRIORITY parameter, determine the switch’s priority for becoming the root bridge or a designated bridge in the network, with a lower number indicating a higher priority.
Rapier Switch User Guide Figure 20: Example output from the SHOW STP command. STP Information -----------------------------------------------------------Name .................. grey Mode .................. Rapid RSTP Type ............. Normal VLAN members .......... vlan4 (4) Status ................ ON Number of Ports ....... 2 Number Enabled ...... 2 Number Disabled ..... 0 Bridge Identifier ..... 32768 : 00-00-cd-05-19-28 Bridge Priority ....... 32768 Root Bridge ...........
Layer 2 Switching 95 Table 18: Parameters in the output of the SHOW STP command . Software Release 2.6.1 C613-02025-00 REV C Parameter Meaning STP Name The name of the Spanning Tree Protocol entity. Mode Whether STP is running in standard, or rapid mode. RSTP Type Whether RSTP is operating normally, or as STP compatible. In STP compatible mode, the rapid transitions to forwarding do not occur. VLAN members A list of the VLANs that are members of the STP. VLAN Identifiers are shown in brackets.
Rapier Switch User Guide Table 18: Parameters in the output of the SHOW STP command (Continued). Parameter Meaning Switch Max Age The value of the Max Age parameter when this switch is the Root or is attempting to become the Root. This parameter is set by the MAXAGE parameter in the SET STP command. Switch Hello Time The value of the Hello Time parameter when this switch is the Root or is attempting to become the Root. This parameter is set by the HELLOTIME parameter in the SET STP command.
Layer 2 Switching 97 Each port also has a path cost, which is used if the port is the root port for the STP on the switch. The path cost is added to the root path cost field in configuration messages received on the port to determine the total cost of the path to the root bridge.
Rapier Switch User Guide Figure 21: Example output from the SHOW STP PORT command. STP Port Information -----------------------------------------------------------STP ..................... grey STP Status ............ ON Port .................. 3 RSTP Port Role ...... Disabled State ............... Discarding Point To Point ...... No (Auto) Port Priority ....... 128 Port Identifier ..... 8003 Pathcost ............ 200000 Designated Root ..... 32768 : 00-00-cd-05-19-28 Designated Cost .....
Layer 2 Switching 99 Table 19: Parameters displayed in the output of the SHOW STP PORT command . Parameter Meaning STP The name of the STP that the port is a member of. STP Status Whether this STP is enabled or disabled; one of ON or OFF. Port The number of the port. RSTP Port Role The role of the port; one of Disabled, Alternate, Backup, Designated, or Root. (Rapid Mode only).
Rapier Switch User Guide Figure 22: Example output from the SHOW STP COUNTER command STP Counters -----------------------------------------------------------STP Name: default Receive: Transmit: Total STP Packets 0 Total STP Packets 1677 Configuration BPDU 0 Configuration BPDU 0 TCN BPDU 0 TCN BPDU 0 RST BPDU 0 RSTP BPDU 1677 Invalid BPDU 0 Discarded: Port Disabled 0 Invalid Protocol 0 Invalid Type 0 Invalid Message Age 0 Config BPDU length 0 TCN BPDU length 0 RST BPDU length 0 ------------------------
Layer 2 Switching 101 Table 20: Parameters in the output of the SHOW STP COUNTER command Parameter Meaning Config BPDU length The number of Configuration BPDUs that had an incorrect length. TCN BPDU length The number of Topology Change Notification BPDUs that had an incorrect length. RST BPDU length The number of Rapid Spanning Tree BPDUs that had an incorrect length (RAPID mode only).
Rapier Switch User Guide out all ports. IGMP snooping is independent of the IGMP and Layer 3 configuration, so an IP interface does not have to be attached to the VLAN, and IGMP does not have to be enabled or configured. IGMP snooping is enabled by default. To disable it, use the command: DISABLE IGMPSNOOPING Disabling IGMP snooping may be useful if filters are used extensively, because IGMP snooping uses a Layer 3 filter. When IGMP snooping is disabled, this filter becomes available.
Layer 2 Switching 103 Figure 23: Example output from the SHOW IP IGMP command. IGMP Protocol ---------------------------------------------------------------------------------Status ........................... Enabled Default Query Interval ........... 125 secs Default Timeout Interval ......... 270 secs Last Member Query Interval ....... Last Member Query Count .......... Robustness Variable .............. Query Response Interval .......... 10 (1/10secs) 2 2 100 (1/10secs) Interface Name ..........
Rapier Switch User Guide Triggers The Trigger Facility can be used to automatically run specified command scripts when particular triggers are activated. When a trigger is activated by an event, global parameters and parameters specific to the event are passed to the script that is run. For a full description of the Trigger Facility, see the Trigger Facility chapter in the Rapier Switch Software Reference.
Chapter 6 Layer 3 The Rapier Series Switch routes IP and IP multicasting traffic at wire speed between VLANs, and supports a number of other Layer 3 protocols. Once a VLAN has been created (see “Virtual Local Area Networks (VLANs)” on page 74), the VLAN name can be used wherever a logical interface is required in commands for configuring routing protocols. VLAN names are of the form: VLAN-vlanname or VLANn where vlanname is the manager-assigned name of the VLAN, and n is the VLAN identifier (VID).
Rapier Switch User Guide Internet Protocol (IP) The switch performs IP routing at wire speed between VLANs that have been configured as IP interfaces. For example, to add the admin VLAN as an IP interface, giving it an IP address of 192.168.163.39 in the subnet 192.168.163.0, first enable IP using the command: ENABLE IP Then use either of the following commands: ADD IP INTERFACE=vlan-admin IPADDRESS=192.168.163.39 MASK=255.255.255.0 ADD IP INTERFACE=vlan11 IPADDRESS=192.168.163.39 MASK=255.255.255.
Layer 3 107 Routing Information Protocol (RIP) Routing protocols such as RIPv1 and RIPv2 can be enabled on a VLAN. For example, to enable RIPv2 on the admin VLAN, use the command: ADD IP RIP INTERFACE=vlan11 SEND=RIP2 RECEIVE=BOTH To display information about RIP (Figure 25 on page 107), use the command: SHOW IP RIP Figure 25: Example output from the SHOW IP RIP command.
Rapier Switch User Guide Figure 26: Example output from the SHOW IPX CIRCUIT command. IPX CIRCUIT information Name ......................... Status ....................... Interface .................... Network number ............... Station number ............... Link state ................... Cost in Novell ticks ......... Type20 packets allowed ....... On demand .................... Circuit 1 enabled vlan11 (802.3) c0e7230f 0000cd000d26 up 1 no no Spoofing information Keep alive spoofing ........
Layer 3 109 Figure 27: Example output from the SHOW APPLE PORT command. Appletalk Port Details -----------------------------------Port Number .............. 1 Interface ................ vlan11 ifIndex .................. 1 Node ID .................. 217 Network Number ........... 22 Network Range Start ...... 22 Network Range End ........ 22 State .................... ACTIVE Seed ..................... NO Seed Network Start ....... 0 Seed Network End ......... 0 Hint ..................... YES Hint Node ID .
Chapter 7 Maintenance and Troubleshooting This Chapter If you are familiar with networking and switch operations, you may be able to diagnose and solve some problems yourself. This chapter gives tips on how to: ■ start your switch (see “How the Switch Starts Up” on page 112). ■ avoid problems (see “How to Avoid Problems” on page 113). ■ reconfigure your switch if you accidentally clear the FLASH memory (see “What to Do if You Clear FLASH Memory Completely” on page 115).
Rapier Switch User Guide How the Switch Starts Up The sequence of operations that the switch performs when it boots are: 1. Perform startup self tests. 2. Perform the install override option. 3. Load the EPROM release as the INSTALL boot. 4. Inspect and check INSTALL information. 5. Load the required release as the main boot. 6. Start the switch. 7. Execute the boot script, if one has been configured.
Maintenance and Troubleshooting 113 Table 22: Switch startup sequence keystrokes. Pressing key... Forces the switch to... Y Load the EPROM release, with no patch, and skip straight to step 6. S Start with the default configuration. Any boot script or NVS configuration is ignored. N Configure from NVS, ignoring any boot script. [Ctrl/D] Enter diagnostics mode. When you start the switch the EPROM release is always loaded first.
Rapier Switch User Guide Backup switch If your network has many switches, you may wish to keep a backup switch ready to replace any switch that malfunctions. When you upgrade the software release or patch on the other switches in the network, upgrade the backup too. Store on it one current config script for each switch in your network, so that when it is needed, you need only set the configuration file with which it boots to match the switch it replaces.
Maintenance and Troubleshooting 115 What to Do if You Clear FLASH Memory Completely DO NOT clear the FLASH memory completely. The software release files are stored in FLASH, and clearing it would leave no software to run the switch. If you accidentally do this, you will need to: 1. Boot with default configuration. Reboot the switch from a terminal connected the asynchronous terminal port (not Telnet). Use the install override to run the default configuration (see “How the Switch Starts Up” on page 112).
Rapier Switch User Guide What To Do if ISDN Fails to Connect Make sure the system territory is set to the country or region in which your switch is located. This is important because different countries use variations on the ISDN protocols, and the system territory setting on the switch ensures that the switch behaviour is compatible with the ISDN network.
Maintenance and Troubleshooting 117 You can reset passwords for accounts with MANAGER privilege with the same command, provided the manager can login to at least one account with MANAGER privilege. If you require further assistance contact your authorised distributor or reseller. Getting the Most Out of Technical Support For online support for your switch, see our on-line support page at http://www.alliedtelesyn.co.nz/support/rapier.
Rapier Switch User Guide Resetting Switch Defaults To restart the switch at any time with no configuration, enter the command: RESTART SWITCH CONFIG=NONE If boot.cfg has changed, to set it back to the default configuration by saving the default dynamic configuration to the boot.cfg file, enter the command: CREATE CONFIG=boot.cfg To set the switch to restart with the boot configuration file, enter the command: SET CONFIG=boot.cfg DO NOT clear the FLASH memory completely.
Maintenance and Troubleshooting 119 If PING to the end destination fails, PING intermediate network addresses. If you can successfully PING some network addresses, and not others, you can deduce which link in the network is down. Note that if Network Address Translation (NAT) is configured on the remote switch, PINGing devices connected to it may give misleading information. For more information about using PING, see the Internet Protocol (IP) chapter in the Rapier Series Switch Software Reference.
Rapier Switch User Guide 5. Contact your authorised distributor or reseller for assistance If the route still does not appear, contact your authorised distributor or reseller for assistance. Telnet Fails 1. If Telnet to switch fails Check that the IP address you used matches the one assigned to the switch. To check that RIP is configured correctly, enter the command: SHOW IP RIP To check that the IP Telnet server is enabled on each switch, enter the command.
Maintenance and Troubleshooting 121 In Microsoft® Windows™ 2000, click Settings → Control Panel → Network and Dial-up Connections → Local Area Connection → Properties. Select Internet connection (TCP/IP) and click Properties. Click Obtain an IP address automatically. 3. Check that the DHCP server has a large enough range of addresses. To assign a range, enter the command: CREATE DHCP RANGE Troubleshooting IPX Configurations No Routes are Visible to the Remote Router 1.
Rapier Switch User Guide configuration of the workstation or file server. Check with your Novell network administrator. 2. Check NET.CFG file Take care with the workstation NET.CFG file. Always specify the encapsulation (frame) as different LAN card drivers use different default encapsulations. 3.
Maintenance and Troubleshooting 123 Using Trace Route for IP Traffic You can use trace route to discover the route that packets pass between two systems running the IP protocol. Trace route sends an initial UDP packets with the Time To Live (TTL) field in the IP header set starting at 1. The TTL field is increased by one for every subsequent packet sent until the destination is reached. Each hop along the path between two systems responds with a TTL exceeded packet and from this the path is determined.
