Gigabit Switches AT-9108 AT-8518 AT-8525 AT-8550 ◆ User’s Guide Version 4.
Copyright 1999 Allied Telesyn International, Corp. 960 Sewart Drive Suite B, Sunnyvale CA 94086 USA All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn International, Corp. CentreCom is a registered trademark of Allied Telesyn International, Corp. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn International, Corp.
Table of Contents Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Preface-i Audience Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Preface-ii Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents Using Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Connecting to Another Host Using Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Configuring Switch IP Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Chapter 5 Forwarding Database (FDB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 Overview of the FDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 FDB Contents. . . . . . . . . . . . . . . . .
Table of Contents Chapter 8 IP Unicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-1 Overview of IP Unicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8-1 Router Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Chapter 10 IP Multicast Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10-2 DVMRP Overview . . . . . .
Table of Contents RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11 About RMON . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-11 RMON Features of the Switch . . . . . . . . . . . . . . . . . . . . . . . .
Preface This guide describes the use and configuration of the following Allied Telesyn Gigabit Ethernet switches running software version 4.x.
Audience Description Audience Description This guide provides the required information to configure the software running on the Gigabit Ethernet switches. This guide is intended for use by network administrators who are responsible for installing and setting up network equipment.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Document Conventions This guide uses the following conventions: Note A note provides additional information. Caution A caution indicates that performing or omitting a specific action may result in equipment damage or loss of data. Warning A warning indicates that performing or omitting a specific action may result in bodily injury.
Organization Organization This guide is divided into xx chapters and xx appendices, as follows: Section Title Description Chapter 1, Overview A description of the Gigabit switch’s software features and software factory default settings Chapter 2, Accessing the Switch The basics of managing the Gigabit switches Chapter 3, Configuring Switch Ports The procedures to configure the switch ports Chapter 4, Virtual LANs (VLANs) A description of VLAN concepts and the procedures to implement VLANs on the G
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Related Publications Allied Telesyn wants our customers to be well informed by providing the most up-to-date and most easily accessible way to find our guides and other technical information. Visit our website at: www.alliedtelesyn/techhome.htm.
Chapter 1 Overview This chapter describes the following: ❑ Gigabit Ethernet switch software features ❑ How to use the Gigabit Ethernet switch in your network configuration ❑ Software factory default settings Summary of Features The software features include the following: ❑ Virtual local area networks (VLANs) including support for IEEE 802.1Q and IEEE 802.1p ❑ Spanning Tree Protocol (STP) (IEEE 802.
Summary of Features ❑ Distance Vector Multicast Routing Protocol (DVMRP) ❑ Protocol Independent Multicast-Dense Mode (PIM-DM) ❑ IPX, IPX/RIP, and IPX/SAP support ❑ Load sharing on multiple ports ❑ Console command-line interface (CLI) connection ❑ Telnet CLI connection ❑ Simple Network Management Protocol (SNMP) support ❑ Remote Monitoring (RMON) ❑ Traffic mirroring for all ports Note For more information on the Gigabit switch components, refer to the switch installation guides.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Spanning Tree Protocol (STP) The switches support the IEEE 802.1D Spanning Tree Protocol (STP), which is a bridge-based mechanism for providing fault tolerance on networks. STP enables you to implement parallel paths for network traffic, and ensure the following: ❑ Redundant paths are disabled when the main paths are operational. ❑ Redundant paths are enabled if the main traffic paths fail. The switch supports up to 64 Spanning Tree Domains (STPDs).
Summary of Features IP Multicast Routing The switches can use IP multicasting to allow a single IP host to transmit a packet to a group of IP hosts. The switch softwre supports multicast routes that are learned by way of the Distance Vector Multicast Routing Protocol (DVMRP) or Protocol Independent Multicast-Dense Mode (PIM-DM). Note For more information on IP multicast routing, refer to Chapter 10.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Memory Requirements Your Gigabit switch must have 32MB of DRAM in order to support the features in switch software version 4.0 and above. This is not an issue for the AT-8525 and the AT-8550 models, and all currently shipping switches contain 32MB. Earlier models of the switches shipped with 16MB, and must be upgraded to support the switch software version 4.0 and above.
Network Configuration Example Network Configuration Example Using Allied Telesyn’s Gigabit Ethernet switches, you can build a complete end-to-end LAN switching infrastructure that consistently delivers the same functionality, features, and management interface throughout. Functionality includes non-blocking switch fabric, wirespeed routing, and Policy-Based QoS.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide A high-speed core switch is used to aggregate Gigabit Ethernet links from several Allied Telesyn Gigabit Ethernet switches and fast Ethernet links from access routers. In this diagram, the Gigabit switches are used for enterprise desktop connectivity, segment switching, and server switching.
Software Factory Defaults Software Factory Defaults Table 1-1 shows factory defaults for global software features.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 1-1 Gigabit Switches Global Factory Defaults (Continued) Item Default Setting PIM-DM Disabled IPX routing Disabled NTP Disabled DNS Disabled Port mirroring Disabled Note For default settings of individual software features, refer to individual chapters in this guide.
Chapter 2 Accessing the Switch This chapter provides the following required information to begin managing the Gigabit switch: ❑ Understanding the command syntax ❑ Line-editing commands ❑ Command history substitution ❑ Configuring the switch for management ❑ Switch management methods ❑ Configuring SNMP ❑ Checking basic connectivity ❑ Using the Simple Network Time Protocol (SNTP) Note For configuration changes to be retained through a power cycle or reboot, you must issue a SAVE command after you have made
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Understanding the Command Syntax This section describes the steps to take when entering a command. Refer to the sections that follow for detailed information on using the command-line interface. To use the command-line interface (CLI), follow these steps: 1. When entering a command at the prompt, ensure that you have the appropriate privilege level. Most configuration commands require you to have the administrator privilege level. 2.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Abbreviated Syntax Abbreviated syntax is the shortest, most unambiguous, allowable abbreviation of a command or parameter. Typically, this is the first three letters of the command. Note When using abbreviated syntax, you must enter enough characters to make the command unambiguous and distinguishable to the switch. Command Shortcuts All named components of the switch configuration must have a unique name.
Understanding the Command Syntax Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 2-1 summarizes command syntax symbols. Table 2-1 Command Syntax Symbols Symbol Description angle brackets < > Enclose a variable or value. You must specify the variable or value.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Line-Editing Keys Table 2-2 describes the line-editing keys available using the CLI. Table 2-2 Line-Editing Ke y Key(s) Description Backspace Deletes character to the left of cursor and shifts the remainder of line to left. Delete or [Ctrl] + D Deletes character under cursor and shifts the remainder of line to left. [Ctrl] + K Deletes characters from under cursor to the end of the line. Insert Toggles on and off.
Command History Command History The switch software “remembers” the last 49 commands you enter.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Common Commands Table 2-3 describes common commands used to manage the switch. Commands specific to a particular feature are described in the other chapters of this guide. Table 2-3 Common Commands Command Description create account [admin | user] {encrypted} {} Creates a user account.
Common Commands Table 2-3 Common Commands (Continued) Command Description config timezone {autodst | noautodst} Configures the time zone information to the configured offset from GMT time. The format of gmt_offset is +/- minutes from GMT time. Specify: ❑ autodst — Enables automatic Daylight Savings Time change ❑ nosautodst — Disables automatic Daylight Savings Time change. The default setting is autodst.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 2-3 Common Commands (Continued) Command Description unconfig switch {all} Resets all switch parameters (with the exception of defined user accounts, and date and time information) to the factory defaults. If you specify the keyword all, the user account information is reset as well. show banner Displays the user-configured banner.
Configuring Management Access Configuring Management Access The switch software supports the following two level levels of management: ❑ User ❑ Administrator A user-level account has viewing access to all manageable parameters, with the exception of the following: ❑ User account database ❑ SNMP community strings A user-level account can use the ping command to test device reachability, and change the password assigned to the account name.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Default Accounts By default, the switch is configured with two accounts, as shown in Table 2-4. Table 2-4 Default Accounts Account Name Access Level admin This user can access and change all manageable parameters. The admin account cannot be deleted. user This user can view (but not change) all manageable parameters, with the following exceptions: ❑ This user cannot view the user account database. ❑ This user cannot view the SNMP community strings.
Configuring Management Access Note If you forget your password while logged out of the command-line interface, contact your local technical support representative, who will advise on your next course of action. Creating a Management Account The switch can have a total of 16 management accounts. You can use the default names (admin and user), or you can create new names and passwords for the accounts. Passwords must have a minimum of 4 characters and can have a maximum of 12 characters.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Methods of Managing the Switch You can manage the switch using the following methods: ❑ Access the CLI by connecting a terminal (or workstation with terminal-emulation software) to the console port. ❑ Access the CLI over a TCP/IP network using a Telnet connection. ❑ Use an SNMP Network Manager over a network running the IP protocol.
Using Telnet Using Telnet Any workstation with a Telnet facility should be able to communicate with the switch over a TCP/IP network. Up to eight active Telnet sessions can access the switch concurrently. If idle timeouts are enabled, the Telnet connection will time out after 20 minutes of inactivity. If a connection to a Telnet session is lost inadvertently, the switch terminates the session within two hours.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide You can enable BootP on a per-VLAN basis by using the following command: enable bootp vlan [ | all] By default, BootP is enabled on the default VLAN. If you configure the switch to use BootP, the switch IP address is not retained through a power cycle, even if the configuration has been saved. To retain the IP address through a power cycle, you must configure the IP address of the VLAN using the command-line interface, Telnet, or Web interface.
Using Telnet To configure the IP settings manually, perform the following steps: 1. Connect a terminal or workstation running terminal-emulation software to the console port. 2. At your terminal, press [Return] one or more times until you see the login prompt. 3. At the login prompt, enter your user name and password. Note that they are both case-sensitive. Ensure that you have entered a user name and password with administrator privileges.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Note As a general rule, when configuring any IP addresses for the switch, you can express a subnet mask by using dotted decimal notation, or by using classless inter-domain routing notation (CIDR). CIDR uses a forward slash plus the number of bits in the subnet mask. Using CIDR notation, the command identical to the one above would be: config vlan default ipaddress 123.45.67.8 / 24 6.
Using Telnet Disabling Telnet Access By default, Telnet services are enabled on the switch. You can choose to disable Telnet by entering disable telnet To re-enable Telnet on the switch, at the console port enter enable telnet You must be logged in as an administrator to enable or disable Telnet.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IP Host Configuration Commands Table 2-5 describes the commands that are used to configure IP settings on the switch. Table 2-5 IP Host Configuration Commands Command Description config iparp add Adds a permanent entry to the Address Resolution Protocol (ARP) table. Specify the IP address and MAC address of the entry. config iparp delete Deletes an entry from the ARP table. Specify the IP address of the entry.
Domain Name Service Client Services Domain Name Service Client Services The Domain Name Service (DNS) client in ExtremeWare augments the following commands to allow them to accept either IP addresses or host names: ❑ telnet ❑ download [image | configuration | bootrom] ❑ upload configuration ❑ ping ❑ traceroute In addition, the nslookup utility can be used to return the IP address of a hostname. Table 2-6 describes the commands used to configure DNS.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Using the Simple Network Time Protocol The switch software supports the client portion of the Simple Network Time Protocol (SNTP) Version 3 based on RFC1769. SNTP can be used by the switch to update and synchronize its internal clock from a Network Time Protocol (NTP) server. When enabled, the switch sends out a periodic query to the indicated NTP server, or the switch listens to broadcast NTP updates.
Using the Simple Network Time Protocol Table 2-7 Greenwich Mean Time Offsets (Continued) GMT Offset in Hours GMT Offset in Minutes Common Time Zone References -5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru; New York, NY, Trevor City, MI USA -6:00 -360 CST - Central Standard Mexico City, Mexico Saskatchewan, Canada -7:00 -420 MST - Mountain Standard -8:00 -480 PST - Pacific Standard -9:00 -540 YST - Yukon Standard -10:00 -600 AHST - Alaska-Hawaii Standard CAT - Central
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 2-7 Greenwich Mean Time Offsets (Continued) GMT Offset in Hours GMT Offset in Minutes +8:00 +480 CCT - China Coast, Russia Zone 7 +9:00 +540 JST - Japan Standard, Russia Zone 8 +10:00 +600 EAST - East Australian Standard GST - Guam Standard Russia Zone 9 +11:00 +660 +12:00 +720 Common Time Zone References Cities IDLE - International Date Line Wellington, New Zealand; Fiji, East Marshall Islands NZST - New Zealand Standard NZT - New
Using the Simple Network Time Protocol NTP queries are first sent to the primary server. If the primary server does not respond within 1 second, or if it is not synchronized, the switch queries the secondary server (if one is configured). If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the sntpclient update interval before querying again. 5.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide SNTP Configuration Commands Table 2-8 describes SNTP configuration commands. Table 2-8 SNTP Configuration Commands Command Description enable sntp-client Enables Simple Network Time Protocol (SNTP) client functions. disable sntp-client Disables SNTP client functions. config sntp-client [primary | secondary] server [ | ] Configures an NTP server for the switch to obtain time information.
Using SNMP Using SNMP Any Network Manager running the Simple Network Management Protocol (SNMP) can manage the switch, provided the Management Information Base (MIB) is installed correctly on the management station. Each Network Manager provides its own user interface to the management facilities. The following sections describe how to get started if you want to use an SNMP manager. It assumes you are already familiar with SNMP management.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide ❑ Community strings — The community strings allow a simple method of authentication between the switch and the remote Network Manager. There are two types of community strings on the switch. Read community strings provide read-only access to the switch. The default read-only community string is public. Read-write community strings provide read and write access to the switch. The default read-write community string is private.
Using SNMP Table 2-9 SNMP Configuration Commands (Continued) Command Description config snmp delete [ {} | all] Deletes the IP address of a specified SNMP management station or all SNMP management stations. If you delete all addresses, any machine can have SNMP management access to the switch. config snmp delete trapreceiver [ community | all] Deletes the IP address of a specified trap receiver or all authorized trap receivers.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Resetting and Disabling SNMP To reset and disable SNMP settings, use the commands in Table 2-10. Table 2-10 SNMP Reset and Disable Commands Command Description disable snmp access Disables SNMP on the switch. Disabling SNMP access does not affect the SNMP configuration (for example, community strings). disable snmp traps Prevents SNMP traps from being sent from the switch. Does not clear the SNMP trap receivers that have been configured.
Checking Basic Connectivity Checking Basic Connectivity The switch offers the following commands for checking basic connectivity: ❑ ping ❑ traceroute Ping The ping command enables you to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The ping command is available for both the user and administrator privilege level. The ping command syntax is ping {continuous} {size } [ | ] Options for the ping command are described in Table 2-11.
Chapter 3 Configuring Switch Ports This chapter describes how to configure ports on the switch. . Ports on the switch can be configured in the following ways: ❑ Enabling and disabling individual ports ❑ Configuring the port speed (Fast Ethernet ports only) ❑ Configuring half- or full-duplex mode ❑ Creating load-sharing groups on multiple ports ❑ Changing the Quality or Service (QoS) setting for individual ports Note For more information on QoS, refer to Chapter 7.
Enabling and Disabling Ports Enabling and Disabling Ports By default, all ports are enabled. To enable or disable one or more ports, use the following command: [enable | disable] port For example, to disable ports 3, 5, and 12 through 15 , enter the following: disable port 3,5,12-15 Even though a port is disabled, the link remains enabled for diagnostic purposes.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Configuring Port Speed and Duplex Setting By default, the switch is configured to use autonegotiation to determine the port speed and duplex setting for each port. You can select to manually configure the duplex setting and the speed of 10/100 Mbps ports, and you can manually configure the duplex setting on Gigabit Ethernet ports. Fast Ethernet ports can connect to either 10Base-T or 100Base-T networks. By default, the ports autonegotiate port speed.
Port Commands Port Commands Table 3-1 describes the switch port commands. Table 3-1 Port Commands Command Description enable learning port Enables MAC address learning on one or more ports. The default setting is enabled. enable port Enables a port. enable sharing grouping Defines a load-sharing group of ports. The ports specified in are grouped to the master port.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 3-1 Port Commands (Continued) Command Description disable port Disables a port. Even when disabled, the link is available for diagnostic purposes. disable sharing Disables a load-sharing group of ports. disable smartredundancy Disables the smart redundancy feature. If the feature is disabled, the switch changes the active link only when the current active link becomes inoperable.
Load Sharing on the Switch Load Sharing on the Switch Load sharing with switches allows you to increase bandwidth and resilience between switches by using a group of ports to carry traffic in parallel between switches. The sharing algorithm allows the switch to use multiple ports as a single logical port. For example, VLANs see the load-sharing group as a single logical port. The algorithm also guarantees packet sequencing between clients.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 3-2, Table 3-3, Table 3-4 and Table 3-5 show the possible loadsharing port group combinations for the AT-9108, AT-8518, AT-8525, and AT-8550, respectively.
Load Sharing on the Switch Table 3-5 Port Combinations for the AT-8550 Load-Sharing Group 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 4-port groups x x x x x x x x x x x x x x x x x x x x x x x x 2-port groups x x x x x x x x x x x x x x x x x x x x x x x x Load-Sharing Group 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 4 4 4 4 4 4 4 4 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 4-port groups x x x x x x x x x x x x x x x x x x x x x x x x 2-port groups x x x x x x x x x x
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Note Do not disable a port that is part of a load-sharing group. Disabling the port prevents it from forwarding traffic, but still allows the link to initialize. As a result, a partner switch does receive a valid indication that the port is not in a forwarding state, and the partner switch will continue to forward packets.
Port Mirroring Port Mirroring Port-mirroring configures the switch to copy all traffic associated with one or more ports to a monitor port on the switch. The monitor port can be connected to a network analyzer or RMON probe for packet analysis. The switch uses a traffic filter that copies a group of traffic to the monitor port.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Port Mirroring Commands Port mirroring commands are described in Table 3-6. Table 3-6 Port Mirroring Configuration Command Command Description enable mirroring to Dedicates a port to be the mirror output port. config mirroring add [mac | vlan | port | vlan port ] Adds a single mirroring filter definition. Up to eight mirroring definitions can be added.
Chapter 4 Virtual LANs (VLANs) Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations. This chapter describes the concept of VLANs and explains how to implement VLANs on the switch. Overview of Virtual LANs The term “VLAN” is used to refer to a collection of devices that communicate as if they were on the same physical LAN.
Overview of Virtual LANs ❑ VLANs provide extra security. Devices within each VLAN can only communicate with member devices in the same VLAN. If a device in VLAN Marketing must communicate with devices in VLAN Sales, the traffic must cross a routing device. ❑ VLANs ease the change and movement of devices. With traditional networks, network administrators spend much of their time dealing with moves and changes.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Types of VLANs The switch supports a maximum of 256 VLANs. VLANs can be created according to the following criteria: ❑ Physical port ❑ 802.1Q tag ❑ Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol type ❑ A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch. A port can be a member of only one portbased VLAN.
Types of VLANs Even though they are physically connected to the same switch, for the members of the different VLANs to communicate, the traffic must go through the IP routing functionality provided in the switch. This means that each VLAN must be configured as a router interface with a unique IP address. Spanning Switches with Port-Based VLANs. To create a port-based VLAN that spans two switches, you must do two things: ❑ Assign the port on each switch to the VLAN.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide To create multiple VLANs that span two switches in a port-based VLAN, a port on Switch 1 must be cabled to a port on Switch 2 for each VLAN you want to have span across the switches. At least one port on each switch must be a member of the corresponding VLANs, as well. Figure 4-3 illustrates two VLANs spanning two switches. On Switch 1, ports 1-4 are part of VLAN Accounting; ports 5 - 8 are part of VLAN Engineering.
Types of VLANs Uses of Tagged VLANs. Tagging is most commonly used to create VLANs that span switches. The switch-to-switch connections are typically called trunks. Using tags, multiple VLANs can span multiple switches using one or more trunks. In a port-based VLAN, each VLAN requires its own pair of trunk ports, as shown in Figure 4-3. Using tags, multiple VLANs can span two switches with a single trunk. Another benefit of tagged VLANs is the ability to have a port be a member of multiple VLANs.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide CentreCOM MS M S M MS Switch 1 M = Marketing S = Sales 802.1Q Tagged server = Tagged port CentreCOM MS M S M S Switch 2 Figure 4-4 Physical Diagram of Tagged and Untagged Traffic Figure 4-5 shows a logical diagram of the same network.
Types of VLANs As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged. The traffic that comes from and goes to the other stations on this network is not tagged. Mixing Port-based and Tagged VLANs. You can configure the switch using a combination of port-based and tagged VLANs.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide In Figure 4-6, Switch A is a member of VLAN Red. VLAN Red has the VLANid 10. Port 1 and port 2 on Switch A are added to the VLAN as untagged. The configuration for Switch A is as follows: create config config enable vlan red vlan red tag 10 vlan red add port 1-2 untagged gvrp Switch B does not need to be configured with VLAN or tagging information.
Types of VLANs GVRP Commands. Table 4-1 describes GVRP commands. Table 4-1 GVRP Commands Command Description enable gvrp Enables the Generic VLAN Registration Protocol (GVRP). The default setting is disabled. config gvrp {listen | send | both | none} {port } Configures the sending and receiving GVRP information one or all a ports. Options include the following: ❑ listen — Receive GVRP packets. ❑ send — Send GVRP packets. ❑ both — Send and receive GVRP packets.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide 192.207.35.1 192.207.36.1 My Company 192.207.35.0 Finance 1 192.207.36.0 Personnel 2 3 4 = IP traffic = All other traffic Figure 4-7 Protocol-Based VLANs Predefined Protocol Filters. The following protocol filters are predefined on the switch: ❑ IP ❑ IPX ❑ NetBIOS ❑ DECNet ❑ IPX_8022 ❑ IPX_SNAP ❑ AppleTalk Defining Protocol Filters.
Types of VLANs To define a protocol filter, do the following: 1. Create a protocol using the following command: create protocol For example: create protocol fred The protocol name can have a maximum of 31 characters. 2. Configure the protocol using the following command: config protocol add Supported protocol types include: ❑ etype — EtherType The values for etype are four-digit hexadecimal numbers taken from a list maintained by the IEEE.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Note For more information on SNAP for Ethernet protocol types, see TR 11802-5:1997 (ISO/IEC) [ANSI/IEEE std. 802.1H, 1997 Edition]. Deleting a Protocol Filter. If a protocol filter is deleted from a VLAN, the VLAN is assigned a protocol filter of none. You can continue to configure the VLAN. However, no traffic is forwarded to the VLAN until a protocol is assigned to it.
VLAN Names VLAN Names The switch supports up to 256 different VLANs. Each VLAN is given a name that can be up to 32 characters. VLAN names can use standard alphanumeric characters. The following characters are not permitted in a VLAN name: ❑ Space ❑ Comma ❑ Quotation mark VLAN names must begin with an alphabetical letter. Quotation marks can be used to enclose a VLAN name that does not begin with an alphabetical character, or that contains a space, comma, or other special character.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Configuring VLANs on the Switch This section describes the commands associated with setting up VLANs on the switch. To configuring a VLAN: 1. Create and name the VLAN. 2. Assign an IP address and mask (if applicable) to the VLAN, if needed. Note Each IP address and mask assigned to a VLAN must represent a unique IP subnet. You cannot configure the same IP subnet on different VLANs. 3. Assign a VLANid, if any ports in this VLAN will use a tag. 4.
Configuring VLANs on the Switch Table 4-2 VLAN Configuration Commands (Continued) Command Description config protocol [add | delete] { } ... Configures a protocol filter.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide VLAN Configuration Examples The following example creates a tag-based VLAN named video. It assigns the VLANid 1000. Ports 4 through 8 are added as tagged ports to the VLAN. create vlan video config video tag 1000 config video add port 4-8 tagged The following example creates a VLAN named sales, with the VLANid 120. The VLAN uses both tagged and untagged ports. Ports 1 through 3 are tagged, and ports 4 and 7 are untagged.
Displaying VLAN Settings Displaying VLAN Settings To display VLAN settings, use the following command: show vlan { | all} The show command displays summary information about each VLAN, and includes the following: ❑ Name ❑ VLANid ❑ How the VLAN was created (manually or by GVRP) ❑ IP address ❑ STPD information ❑ Protocol information ❑ QoS profile information ❑ Ports assigned ❑ Tagged/untagged status for each port ❑ How the ports were added to the VLAN (manually or by GVRP) To display protocol informati
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Deleting VLANs To delete a VLAN, or to return VLAN settings to their defaults, use the commands listed in Table 4-3. Table 4-3 VLAN Delete and Reset Commands Command Description disable ignore-stp vlan Allows a VLAN to use STP port information. unconfig vlan ipaddress Resets the IP address of the VLAN. delete vlan Removes a VLAN. delete protocol Removes a protocol.
Chapter 5 Forwarding Database (FDB) This chapter describes the contents of the forwarding database (FDB), how the FDB works, and how to configure the FDB. Overview of the FDB The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered. FDB Contents FDB Entry Types The database holds up to a maximum of 128K entries.
Overview of the FDB ❑ Non-aging entries — If the aging time is set to zero, all aging entries in the database are defined as static, non-aging entries. This means that they do not age, but they are still deleted if the switch is reset. ❑ Permanent entries — Permanent entries are retained in the database if the switch is reset or a power off/on cycle occurs. The system administrator must make entries permanent. A permanent entry can either be a unicast or multicast MAC address.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Associating a QoS Profile with an FDB Entry You can associate a QoS profile with a MAC address (and VLAN) of a device that will be dynamically learned. The FDB treats the entry like a dynamic entry (it is learned, it can be aged out of the database, and so on). The switch applies the QoS profile as soon as the FDB entry is learned. Note For more information on QoS, refer to Chapter 7.
Configuring FDB Entries Configuring FDB Entries To configure entries in the FDB, use the commands listed in Table 5-1. Table 5-1 FDB Configuration Commands Command Description create fdbentry vlan [blackhole | | dynamic] {qosprofile } Creates an FDB entry. Specify the following: ❑ mac_address — Device MAC address, using colon separated bytes. ❑ name — VLAN associated with MAC address. ❑ blackhole — Configures the MAC address as a blackhole entry.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide FDB Configuration Examples The following example adds a permanent entry to the FDB: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4 The permanent entry has the following characteristics: ❑ MAC address is 00E02B123456. ❑ VLAN name is marketing. ❑ Slot number for this device is 3. ❑ Port number for this device is 4.
Displaying FDB Entries Displaying FDB Entries To display FDB entries, use the command show fdb { | vlan | | permanent | qos} where the following is true: ❑ mac_address — Displays the entry for a particular MAC address. ❑ vlan — Displays the entries for a VLAN. ❑ portlist — Displays the entries for a slot and port combination. ❑ permanent — Displays all permanent entries. ❑ qos — Displays all entries that are associated with a QoS profile.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Removing FDB Entries You can remove one or more specific entries from the FDB, or you can clear the entire FDB of all entries by using the commands listed in Table 5-2. Table 5-2 Removing FDB Entry Commands Command Description delete fdbentry vlan Deletes a permanent FDB entry. clear fdb { | vlan | } Clears dynamic FDB entries that match the filter.
Chapter 6 Spanning Tree Protocol (STP) Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more fault tolerant. The following sections explain more about STP and the STP features supported by the switch software. Note STP is a part of the 802.1D bridge specification defined by the IEEE Computer Society. To explain STP in terms used by the 802.1D specification, the Gigabit switch will be referred to as a bridge.
Spanning Tree Protocol Domains Spanning Tree Protocol Domains The switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent Spanning Tree instance. Each Spanning Tree instance is called a Spanning Tree Domain (STPD). Each STPD has its own Root Bridge and active path. Once the STPD is created, one or more VLANs can be assigned to it. A port can belong to only one STPD. If a port is a member of multiple VLANs, then all those VLANs must belong to the same STPD.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide STPD Status for GVRP-Added Ports If a port is added to a VLAN by GVRP, the newly added port reflects the SPTD membership and status of the VLAN to which it is added. For example, if VLAN Red is a member of STPD s0, and s0 is enabled, then all ports added to VLAN Red by GVRP have s0 enabled on those ports, as well. The command for disabling STP on a port basis has no permanent affect on ports controlled by GVRP.
STP Configurations STP Configurations When you assign VLANs to an STPD, pay careful attention to the STP configuration and its effect on the forwarding of VLAN traffic. Figure 6-1 illustrates a network that uses VLAN tagging for trunk connections. The following four VLANs have been defined: ❑ Sales is defined on Switch A, Switch B, and Switch M. ❑ Personnel is defined on Switch A, Switch B, and Switch M. ❑ Manufacturing is defined on Switch Y, Switch Z, and Switch M.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide When the switches in this configuration start up, STP configures each STPD such that there are no active loops in the topology. STP could configure the topology in a number of ways to make it loop-free. In Figure 6-1, the connection between Switch A and Switch B is put into blocking state, and the connection between Switch Y and Switch Z is put into blocking state. After STP converges, all the VLANs can communicate, and all bridging loops are prevented.
STP Configurations STP may block traffic between Switch 1 and Switch 3 by disabling the trunk ports for that connection on each switch. Switch 2 has no ports assigned to VLAN marketing. Therefore, if the trunk for VLAN marketing on Switches 1 and 3 is blocked, the traffic for VLAN marketing will not be able to traverse the switches.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Configuring STP on the Switch STP configuration involves the following actions: ❑ Create one or more STP domains using the following command: create stpd Note STPD, VLAN, and QoS profile names must all be unique. For example, a name used to identify a VLAN cannot be used when you create an STPD or a QoS profile.
Configuring STP on the Switch The following parameters can be configured on each port: ❑ Path cost ❑ Port priority Note The device supports the RFC 1493 Bridge MIB. Parameters of only the s0 default STPD are accessible through this MIB. Table 6-1 shows the commands used to configure STP. Table 6-1 STP Configuration Commands Command Description create stpd Creates an STPD.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 6-1 STP Configuration Commands (Continued) Command Description config stpd maxage Specifies the maximum age of a BPDU in this STPD. The range is 6 through 40. The default setting is 20 seconds. Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 * (Forward Delay –1). config stpd priority Specifies the priority of the STPD.
Displaying STP Settings Displaying STP Settings To display STP settings, use the following command: show stpd {} This command displays the following information: ❑ STPD name ❑ Bridge ID ❑ STPD configuration information To display the STP state of a port, use the following command: show stpd port This command displays the following: ❑ STPD port configuration ❑ STPD state (Root Bridge, and so on) ❑ STPD port state (forwarding, blocking, and so on) 6-10
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Disabling and Resetting STP To disable STP or return STP settings to their defaults, use the commands listed in Table 6-2. Table 6-2 STP Disable and Reset Commands Command Description delete stpd Removes an STPD. An STPD can only be removed if all VLANs have been deleted from it. The default STPD, s0, cannot be deleted. disable stpd [ | all] Disables the STP mechanism on a particular STPD, or for all STPDs.
Chapter 7 Quality of Service (QoS) This chapter describes the concept of Quality of Service (QoS) and explains how to configure QoS on the switch. Overview of Quality of Service QoS is a feature of Gigabit switch that allows you to specify different service levels for traffic traversing the switch. QoS is an effective control mechanism for networks that have heterogeneous traffic patterns. Using QoS, you can specify the service that a traffic type receives.
Building Blocks Building Blocks The service that a particular type of traffic receives is determined by assigning a QoS profile to a traffic grouping or classification. The building blocks are defined as follows: ❑ QoS profile — Defines bandwidth and prioritization parameters. ❑ Traffic grouping — A method of classifying or grouping traffic that has one or more attributes in common. ❑ QoS policy — The combination that results from assigning a QoS profile to a traffic grouping.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide QoS Mode There are two modes of QoS: ingress and egress. The default mode is ingress mode. Ingress mode can use the widest variety of traffic groupings, but limits the number of QoS profiles that can be used to four. These four QoS profiles are predefined on the switch. You can modify the bandwidth and priority parameters of the four provided default QoS profiles. Typically, it is not necessary to modify the QoS mode from the default.
QoS Profiles QoS Profiles Four default QoS profiles are provided that cannot be deleted. The default QoS profile names are as follows: ❑ qp1 ❑ qp2 ❑ qp3 ❑ qp4 The default QoS profiles exist in either ingress or egress mode. In ingress mode, only the default QoS profiles are used. In egress mode, up to 28 additional custom profiles may be defined, for a total of 32. You cannot create custom profiles in ingress mode.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Modifying a QoS Profile You can modify the default profiles as desired. To modify the parameters of an existing QoS profile, use the following command: config qosprofile {minbw } {maxbw } {priority } Creating and Deleting a QoS Profile In egress mode, up to 28 additional custom QoS profiles can be created on the switch.
QoS Profiles and QoS Mode Details QoS Profiles and QoS Mode Details As indicated previously, changing the default QoS mode from ingress to egress is typically not necessary. In ingress mode, the QoS profiles qp1 through qp4 are mapped directly to the four hardware queues on every switch port. Any changes to parameters of the four pre-defined QoS profiles have the corresponding effect on the ports. The direct mapping is straight-forward to understand and configure.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide The Blackhole QoS Profile In the description of various options for configuring Policy-Based QoS, there is an option to specify blackhole in place of a named QoS profile. As its name implies, a traffic grouping assigned to the “blackhole” goes nowhere, and is not forwarded by the switch. There are noted exceptions.
Traffic Groupings and Creating a QoS Policy Traffic Groupings and Creating a QoS Policy Once a QoS profile is modified to the desired settings for bandwidth and priority, you can assign the profile to a particular traffic grouping. A traffic grouping is a classification of traffic that has one or more attributes in common.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 7-2 Traffic Groupings by QoS Mode (Continued) Packet priority groupings Packet priority groupings ❑ 802.1p prioritization bits ❑ N/A ❑ PACE ❑ N/A Physical/logical groupings Physical/logical groupings ❑ Source port ❑ N/A ❑ VLAN ❑ VLAN IPQoS Traffic Groupings You can apply a set of destination IP addresses to an IPQoS traffic grouping by specifying a network address and subnet mask.
Traffic Groupings and Creating a QoS Policy Table 7-3 describes the options for the long form syntax. Table 7-3 Config IPQoS Command Options Command Option Description [add | delete] Adds or deletes an IPQoS traffic grouping. [tcp | udp | other | all] The protocol selection for the traffic grouping. Specify one of the following: ❑ tcp — The TCP protocol is used for this traffic grouping. ❑ udp — The User Datagram Protocol (UDP) is used for this traffic grouping.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IPQoS Implementation Rules When using the config ipqos command, the following rules apply: ❑ The short form of the command only accepts a unicast . ❑ An IP addr of 0.0.0.0 /0 can be used as a wildcard unicast destination. ❑ Unless the IntraSubnet QoS (ISQ) feature is enabled, the traffic groupings defined within IPQoS apply to traffic being routed (not layer 2 switched) to the destination IPQoS traffic grouping within the switch.
Traffic Groupings and Creating a QoS Policy IPQoS Precedence As previously mentioned, there are two types of IPQoS command formats, a short form and a long form (also called a flow). A long form multicast and unicast entry (flow) has higher precedence over a matching short form multicast and unicast entry (non-flow). Also, as indicated in Table 7-2, all forms of IPQoS have higher precedence than destination MAC-based groupings.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IPQoS Examples This section contains several examples of IPQoS, and illustrates some of the many configuration options available for IPQoS. The section begins with an example that uses the short form of the config ipqos command. The section then provides an additional example (that builds on the first examples), which details using the long form of the command.
Traffic Groupings and Creating a QoS Policy The following example illustrates basic precedence within IPQoS. It configures the following two IPQoS groupings: config ipqos add 10.1.2.3/32 qp4 config ipqos add 10.1.2.0/24 qp3 All traffic containing 10.1.2 as the first 24 bits of the destination IP address are assigned to the QoS profile qp3, except traffic that is destined for the station 10.1.2.3, which is assigned to the profile qp4.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Verifying IPQoS settings. To verify settings made for IPQoS traffic groupings, use the command: show ipqos Intra-Subnet QoS Intra-Subnet QoS™ (ISQ) allows the application of any IPQoS commands to be effective within a subnet (VLAN) instead of only applying the QoS when traversing a routed subnet. The command syntax for all IPQoS commands remains the same; ISQ is simply enabled on a per VLAN basis.
Traffic Groupings and Creating a QoS Policy Permanent MAC addresses. Permanent MAC addresses can be assigned a QoS profile whenever traffic is destined to the MAC address. This can be done when you create a permanent FDB entry. For example: create fdbentry 00:11:22:33:44:55 vlan default port 1 qosprofile qp2 Dynamic MAC Addresses. Dynamic MAC addresses can be assigned a QoS profile whenever traffic is destined to the MAC address.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Verifying MAC-Based QoS Settings. To verify any of the MAC-based QoS settings, use either the command show fdb perm or the command show qosprofile Packet Groupings This category of traffic groupings consists of the following: ❑ Prioritization bits used in IEEE 802.1p packets ❑ PACE packets 802.1p Packets. When traffic that contains 802.1p prioritization bits is seen, the traffic is mapped to the four default QoS profiles.
Traffic Groupings and Creating a QoS Policy Physical and Logical Groupings Two traffic groupings exist in this category: ❑ Source port ❑ VLAN Source Port. A source port traffic grouping implies that any traffic sourced from this physical port uses the indicated QoS profile when the traffic is transmitted out any other port. To configure a source port traffic grouping, use the following command: config ports qosprofile VLAN.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Verifying Configuration and Performance The following information is used to verify the QoS configuration and monitor the use of the QoS policies that are in place.
Verifying Configuration and Performance QoS Monitor The QOS monitor is a utility that monitors the hardware queues associated with any port(s). The QOS monitor keeps track of the number of frames and the frames per second that a specific queue is responsible for transmitting on a physical port. Two options are available: a real-time display, and a separate option for retrieving information in the background and writing it to the log.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Modifying a QoS Policy If you make a change to the parameters of a QoS profile after a QoS policy has already been formed (by applying a QoS profile to a traffic grouping), the timing of the configuration change depends on the traffic grouping involved. To have a change in QoS profile effect a change in the QoS policy, the following rules apply: ❑ For IPQoS groupings, clear the IP FDB using the command clear ipfdb.
Configuring QoS Configuring QoS Table 7-6 describes the commands used to configure QoS. Table 7-6 QoS Configuration Commands Command Description enable pace Enables recognition of the PACE bit. Available only in ingress mode. enable isq vlan Enables ISQ on a per-VLAN basis. If the FDB aging timer is shorter than 3,000 seconds, this command automatically changes the FDB aging timer to 3,000 seconds. create qosprofile Creates a QoS profile.
Chapter 8 IP Unicast Routing This chapter describes how to configure IP routing on the switch. It assumes that you are already familiar with IP unicast routing. If not, refer to the following publications for additional information: ❑ RFC 125 6 —ICMP Router Discovery Messages ❑ RFC 181 2 —Requirements for IP Version 4 Routers Note For more information on routing protocols, refer to Chapter 9. Overview of IP Unicast Routing The switch provides full layer 3, IP unicast routing.
Overview of IP Unicast Routing Router Interfaces The routing software and hardware routes IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route between the VLANs. Both the VLAN switching and IP routing function occur within the switch. Note Each IP address and mask assigned to a VLAN must represent a unique IP subnet.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Populating the Routing Table The switch maintains an IP routing table for both network routes and host routes.
Overview of IP Unicast Routing A static route must be associated with a valid IP subnet. An IP subnet is associated with a single VLAN by its IP address and subnet mask. If the VLAN is subsequently deleted, the static route entries using that subnet must be deleted manually. Multiple Routes. When there are multiple, conflicting choices of a route to a particular destination, the router picks the route with the longest matching network mask.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Proxy ARP Proxy Address Resolution Protocol (ARP) was first invented so that ARP-capable devices could respond to ARP Request packets on behalf of ARP-incapable devices. Proxy ARP can also be used to achieve router redundancy and simplify IP client configuration. The switch supports proxy ARP for this type of network configuration. Up to 64 proxy ARP entries can be configured. The section describes some example of how to use proxy ARP with the switch.
Proxy ARP Proxy ARP Between Subnets In some networks, it is desirable to configure the IP host with a wider subnet than the actual subnet mask of the segment. Proxy ARP can be used so that the router answers ARP Requests for devices outside of the subnet. As a result, the host communicates as if all devices are local. In reality, communication with devices outside of the subnet are proxied by the router. For example, an IP host is configured with a class B address of 100.101.102.103 and a mask of 255.255.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Relative Route Priorities Table 8-1 lists the relative priorities assigned to routes depending upon the learned source of the route. Note Although these priorities can be changed, do not attempt any manipulation unless you are expertly familiar with the possible consequences.
IP Multinetting IP Multinetting IP multinetting is used in many legacy IP networks when there is a need to overlap multiple subnets into one physical segment. On the switch, you can only assign a single IP address to a router interface (one IP address per VLAN). To support IP multinetting, you must assign multiple VLANs to the same physical port. The switch routes IP traffic from one subnet to another, all within the same physical port.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IP Multinetting Operation To use IP multinetting: 1. Select a port on which IP multinetting is to run. For example, select port 2. 2. Remove the default VLAN from the selected port, using the following command: config default delete port 2 3. Create a dummy protocol, by using the following command: create protocol mnet 4. Create the multinetted subnets, by using the following commands: create vlan net21 create vlan net22 5.
IP Multinetting 10. Enable IP multinetting, by using the following command: enable multinetting 11. If you are using RIP, disable RIP on the dummy VLANs, by using the following command: config rip delete net22 Note Multinetted VLAN groups must contain identical port assignments. IP Multinetting Examples The following example configures the switch to have one multinetted segment (port 5) that contains three subnets (192.67.34.0, 192.67.35.0, and 192.67.37.0).
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Configuring IP Unicast Routing This section describes the commands associated with configuring IP unicast routing on the switch. To configure routing: 1. Create and configure two or more VLANs. Although it is possible to enable IP forwarding and an IP routing protocol (such as RIP) with only one VLAN defined, the switch does not create or respond appropriately to ICMP messages unless at least two VLANs are created and configured.
Configuring IP Unicast Routing Verifying the IP Unicast Routing Configuration Use the show iproute command to display the current configuration of IP unicast routing for the switch, and for each VLAN. The show iproute command displays the currently configured routes, and includes how each route was learned. Additional verification commands include the following: ❑ show iparp — Displays the IP ARP table of the system.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Configuring DHCP/BootP Relay Once IP unicast routing is configured, you can configure the switch to forward Dynamic Host Configuration Protocol (DHCP) or BootP requests coming from clients on subnets being service by the switch and going to hosts on different subnets. This feature can be used in various applications, including DHCP services between Windows NT servers and clients running Windows 95. To configure the relay function, do the following: 1.
UDP-Forwarding UDP-Forwarding UDP-forwarding is a flexible and generalized routing utility for handling the directed forwarding of broadcast UDP packets. UDPforwarding allows applications, such as multiple DHCP relay services from differing sets of VLANs, to be directed to different DHCP servers. The following rules apply to UDP broadcast packets handled by this feature: ❑ If the UDP profile includes BootP or DHCP, it is handled according to guidelines in RFC 1542.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide UPD-Forwarding Example In this example, the VLAN Marketing and the VLAN Operations are pointed toward a specific backbone DHCP server (with IP address 10.1.1.1) and a backup server (with IP address 10.1.1.2). Additionally, the VLAN LabUser is configured to use any responding DHCP server on a separate VLAN called LabSvrs.
UDP-Forwarding UDP-Forwarding Commands Table 8-2 describes the commands used to configure UDPforwarding. Table 8-2 UDP-Forwarding Commands Command Description create udp-profile Creates a UDP-forwarding profile. You must use a unique name for the UDP-forwarding profile. config udp-profile add [vlan | ipaddress ] Adds a forwarding entry to the specified UDPforwarding profile name.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IP Commands Table 8-3 describes the commands used to configure basic IP settings. Table 8-3 Basic IP Commands Command Description enable bootp vlan [ | all] Enables the generation and processing of BootP packets on a VLAN to obtain an IP address for the VLAN from a BootP server. The default setting is enabled for all VLANs. enable bootprelay Enables the forwarding of BootP and Dynamic Host Configuration Protocol (DHCP) requests.
IP Commands Table 8-3 Basic IP Commands (Continued) Command Description config iparp add proxy {} {} {always} Configures proxy ARP entries. Up to 64 proxy ARP entries can be configured. When mask is not specified, an address with the mask 255.255.255.255 is assumed. When mac_address is not specified, the MAC address of the switch is used in the ARP Response.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 8-4 describes the commands used to configure the IP route table. Table 8-4 Route Table Configuration Commands Command Description enable iproute sharing Enables load sharing if multiple routes to the same destination are available. Only paths with the same lowest cost are shared. The default setting is enabled. config ipqos add qosprofile Adds a QoS profile to an IP destination address.
IP Commands Table 8-5 describes the commands used to configure the ICMP protocol. Table 8-5 ICMP Configuration Commands Command Description enable icmp redirects {vlan } Enables generation of ICMP redirect messages on one or all VLANs. The default setting is enabled. enable icmp unreachables {vlan } Enables the generation of ICMP unreachable messages on one or all VLANs. The default setting is enabled.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 8-5 ICMP Configuration Commands (Continued) Command Description disable icmp unreachables {vlan } Disables the generation of ICMP unreachable messages on one or all VLANs. disable icmp useredirects Disables the changing of routing table information when an ICMP redirect message is received. disable irdp {vlan } Disables the generation of router advertisement messages on one or all VLANs.
Routing Configuration Example Routing Configuration Example Figure 8-2 illustrates a switch that has three VLANs defined as follows: ❑ Finance — Protocol-sensitive VLAN using the IP protocol — Ports 1 and 3 have been assigned — IP address 192.207.35.1 ❑ Personnel — Protocol-sensitive VLAN using the IP protocol — Ports 2 and 4 have been assigned — IP address 192.207.36.1 ❑ MyCompany — Port-based VLAN — All ports have been assigned 192.207.35.1 192.207.36.1 My Company 192.207.35.0 Finance 192.207.36.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide The stations connected to the switch generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocolsensitive VLANs. All other traffic is directed to the VLAN MyCompany. In this configuration, all IP traffic from stations connected to ports 1 and 3 have access to the router by way of the VLAN Finance. Ports 2 and 4 reach the router by way of the VLAN Personnel. All other traffic (NetBIOS) is part of the VLAN MyCompany.
Displaying Router Settings Displaying Router Settings To display settings for various IP routing components, use the commands listed in Table 8-6. Table 8-6 Router Show Command Command Description show iparp proxy { {}} Displays the proxy ARP table. show ipconfig {vlan } Displays configuration information for one or all VLANs. show ipqos { } Displays the IP QoS table. show ipstats {vlan } Displays IP statistics for the CPU of the system.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Resetting and Disabling Router Settings To return router settings to their defaults and disable routing functions, use the commands listed in Table 8-7. Table 8-7 Router Reset and Disable Command Command Description clear iparp { | vlan } Removes dynamic entries in the IP ARP table. Permanent IP ARP entries are not affected. clear ipfdb { | vlan ] Removes the dynamic entries in the IP forwarding database.
Chapter 9 RIP and OSPF This chapter describes the IP unicast routing protocols available on the switch. It assumes that you are already familiar with IP unicast routing.
Overview RIP Versus OSPF The distinction between RIP and OSPF lies in the fundamental differences between distance-vector protocols and link-state protocols. Using a distance-vector protocol, each router creates a unique routing table from summarized information obtained from neighboring routers. Using a link-state protocol, every router maintains an identical routing table created from information obtained from all routers in the autonomous system.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Overview of RIP RIP is an Interior Gateway Protocol (IGP) first used in computer routing in the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended for use in homogeneous networks of moderate size. To determine the best path to a distant network, a router using RIP always selects the path that has the least number of hops. Each router that data must traverse is considered to be one hop.
Overview of RIP Route Advertisement of VLANs VLANs that are configured with an IP address, but are configured to not route IP or are not configured to run RIP, do not have their subnets advertised by RIP. Only those VLANs that are configured with an IP address and are configured to route IP and run RIP have their subnets advertised.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Overview of OSPF OSPF is a link-state protocol that distributes routing information between routers belonging to a single IP domain, also known as an autonomous system (AS). In a link-state routing protocol, each router maintains a database describing the topology of the autonomous system. Each participating router has an identical database maintained from the perspective of that router.
Overview of OSPF Areas OSPF allows parts of a networks to be grouped together into areas. The topology within an area is hidden from the rest of the autonomous system. Hiding this information enables a significant reduction in LSA traffic, and reduces the computations needed to maintain the LSDB. Routing within the area is determined only by the topology of the area.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Not-So-Stubby-Areas (NSSA). NSSAs are similar to the existing OSPF stub area configuration option, but have the following two additional capabilities: ❑ External routes originating from an ASBR connected to the NSSA can be advertised within the NSSA. ❑ External routes originating from the NSSA can be propagated to other areas, including the backbone area.
Overview of OSPF Area 2 GIGABIT ETHERNET SWITCH 1000BASE-X NETWORK PORTS 1 2 3 4 8 ACTIVITY 1 2 3 2 3 4 5 6 7 8 4 5 6 7 8 5 6 7 POWER DIAG 1 LINK LINK DISABLED ABR Area 1 GIGABIT ETHERNET SWITCH 1000BASE-X NETWORK PORTS 1 2 3 4 8 ACTIVITY 1 2 3 2 3 4 5 6 7 8 4 5 6 7 8 5 6 Area 0 7 POWER DIAG 1 LINK LINK DISABLED ABR Virtual link Figure 9-1 Virtual Link for Stub Area Virtual links are also used to repair a discontiguous backbone area.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Route Redistribution Both RIP and OSPF can be enabled simultaneously on the switch. Route re-distribution allows the switch to exchange routes, including static routes, between the two routing protocols. Figure 9-3 shows an example of route re-distribution between an OSPF autonomous system and a RIP autonomous system. OSPF AS Backbone Area 0.0.0.
Route Redistribution Configuring Route Redistribution Exporting routes from OSPF to RIP, and from RIP to OSPF, are discreet configuration functions. To run OSPF and RIP simultaneously, you must first configure both protocols and then verify the independent operation of each. Then you can configure the routes to export from OSPF to RIP and the routes to export from RIP to OSPF. Redistributing Routes into OSPF.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Redistributing Routes into RIP. Enable or disable the exporting of static and OSPF-learned routes into the RIP domain, using the following commands: enable rip export [static | ospf | ospf-intra | ospf-inter | ospf-extern1 | ospf-extern2] cost {} tag {} disable rip export [ospf | ospf-intra | ospfinter | ospf-extern1 | ospf-extern2] These commands enable or disable the exporting of static and OSPFlearned routes into the RIP domain.
Configuring RIP Configuring RIP Table 9-2 describes the commands used to configure RIP. Table 9-2 RIP Configuration Commands Command Description enable rip Enables RIP. The default setting is disabled. enable rip export static Enables the advertisement of static routes using RIP. The default setting is disabled.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 9-2 RIP Configuration Commands (Continued) Command Description config rip add vlan [ | all] Configures RIP on an IP interface. If no VLAN is specified, then all is assumed. When an IP interface is created, per-interface RIP configuration is disabled by default. config rip delete vlan [ | all] Disables RIP on an IP interface. When RIP is disabled on the interface, the parameters are not reset to their defaults.
RIP Configuration Example RIP Configuration Example Figure 9-4 illustrates a switch that has three VLANs defined as follows: ❑ Finance — Protocol-sensitive VLAN using the IP protocol — Ports 1 and 3 have been assigned — IP address 192.207.35.1 ❑ Personnel — Protocol-sensitive VLAN using the IP protocol — Ports 2 and 4 have been assigned — IP address 192.207.36.1 ❑ MyCompany — Port-based VLAN — All ports have been assigned 192.207.35.1 192.207.36.1 My Company 192.207.35.0 Finance 192.207.36.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide The stations connected to ports 1 through 4 generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-sensitive VLANs. All other traffic is directed to the VLAN MyCompany. In this configuration, all IP traffic from stations connected to ports 1 and 3 have access to the router by way of the VLAN Finance. Ports 2 and 4 reach the router by way of the VLAN Personnel.
Displaying RIP Settings Displaying RIP Settings To display settings for RIP, use the commands listed in Table 9-3. Table 9-3 RIP Show Commands Command Description show rip {vlan } Displays RIP configuration and statistics for one or all VLANs. show rip stat {vlan } Displays RIP-specific statistics for one or all VLANs.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Resetting and Disabling RIP To return RIP settings to their defaults, or to disable RIP, use the commands listed in Table 9-4. Table 9-4 RIP Reset and Disable Commands Command Description config rip delete [vlan | all] Disables RIP on an IP interface. When RIP is disabled on the interface, the parameters are not reset to their defaults. disable rip Disables RIP.
Configuring OSPF Configuring OSPF Each switch that is configured to run OSPF must have a unique router ID. It is recommended that you manually set the router ID of the switches participating in OSPF, instead of having the switch automatically choose its router ID based on the highest interface IP address. Not performing this configuration in larger, dynamic environments could result in an older link state database remaining in use. Note Do not set the router ID to 0.0.0.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 9-5 OSPF Configuration Commands (Continued) Command Description config ospf [area | vlan [ | all]] priority Configures the priority used in the designated router-election algorithm for one or all IP interface(s) of for all the interfaces within the area. The range is 0 through 255, and the default setting is 1.
Configuring OSPF Table 9-5 OSPF Configuration Commands (Continued) Command Description config ospf [vlan | area | virtual-link ] timer Configures the timers for one interface or all interfaces in the same OSPF area.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide OSPF Configuration Example Figure 9-5 shows an example of an autonomous system using OSPF routers. The details of this network follow. Area 0 IR 1 IR 2 2 3 8 ACTIVITY 4 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 5 6 10.0.1.2 10.0.1.
OSPF Configuration Example Area 5 is connected to the backbone area by way of ABR1 and ABR2. It is located in Chicago and has the following characteristics: ❑ Network number 160.26.x.x ❑ 1 identified VLAN (Chi_160_26_26) ❑ 2 internal routers ❑ A virtual link from ABR1 to ABR2 that traverses both internal routers. In the event that the link between either ABR and the backbone fails, the virtual link provides a connection for all routers that become discontiguous from the backbone.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide enable ipforwarding config ospf area 0.0.0.6 stub nosummary stubdefault-cost 10 config ospf vlan LA_161_48_2 area 0.0.0.6 config ospf vlan Chi_160_26_2 area 0.0.0.5 config ospf add virtual-link 160.26.25.1 0.0.0.5 config ospf add vlan all enable ospf Configuration for IR1 The following is the configuration for the router labeled IR1: config vlan HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 config vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.
Displaying OSPF Settings Displaying OSPF Settings To display settings for OSPF, use the commands listed in Table 9-6. Table 9-6 OSPF Show Command Command Description show ospf Displays global OSPF information. show ospf area {} Displays information about a particular OSPF area, or all OSPF areas. show ospf interfaces {vlan | area } Displays information about one or all OSPF interfaces. If no argument is specified, all OSPF interfaces are displayed.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Resetting and Disabling OSPF Settings To return OSPF settings to their defaults, use the commands listed in Table 9-7. Table 9-7 OSPF Reset and Disable Commands Command Description unconfig ospf {vlan | area } Resets one or all OSPF interfaces to the default settings. delete ospf area [ | all] Deletes and OSPF area. Once an OSPF area is removed, the associated OSPF area and OSPF interface information is removed.
Chapter 10 IP Multicast Routing This chapter describes the components of IP multicast routing, and how to configure IP multicast routing on the switch.
Overview Overview IP multicast routing is a function that allows a single IP host to send a packet to a group of IP hosts. This group of hosts can include devices that reside on the local network, within a private network, or outside of the local network. IP multicast routing consists of the following functions: ❑ A router that can forward IP multicast packets. ❑ A router-to-router multicast protocol (for example, Distance Vector Multicast Routing Protocol (DVMRP) or Protocol Independent Multicast (PIM)).
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IGMP Overview IGMP is a protocol used by an IP host to register its IP multicast group membership with a router. Periodically, the router queries the multicast group to see if the group is still in use. If the group is still active, a single IP host responds to the query, and group registration is maintained. IGMP is enabled by default on the switch. However, the switch can be configured to disable the generation of period IGMP query packets.
Configuring IP Multicasting Routing Configuring IP Multicasting Routing To configure IP multicast routing: 1. Configure the system for IP unicast routing. Note For more information on configuring IP unicast routing, refer to Chapter 8 and Chapter 9. 2. Enable multicast routing on the interface, using the following command: enable ipmcforwarding {vlan } 3.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 10-1 describes the commands used to configure IP multicast routing. Table 10-1 IP Multicast Routing Configuration Commands Command Description enable dvmrp Enables DVMRP on the system. The default setting is disabled. enable ipmcforwarding {
Configuring IP Multicasting Routing Table 10-1 IP Multicast Routing Configuration Commands (Continued) Command Description config dvmrp timer Configures the global DVMRP timers. Specify the following: ❑ route_report_interval — The amount of time the system waits between transmitting periodic route report packets. The range is 1 to 2,147,483,647 seconds (68 years). The default setting is 60 seconds.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 10-2 describes the commands used to configure the Internet Gateway Message Protocol (IGMP). Table 10-2 IGMP Configuration Commands Command Description enable igmp {vlan } Enables IGMP on a router interface. If no VLAN is specified, IGMP is enabled on all router interfaces. The default setting is enabled. enable igmp snooping {forwardmcrouter-only} Enables IGMP snooping on the switch.
Configuration Example Configuration Example Figure 1 0-1is used in Chapter 9 to describe the OSPF configuration on a switch. Refer to Chapter 9 for more information about configuring OSPF. In this example, the system labeled IR1 is configured for IP multicast routing. Area 0 IR 1 IR 2 1 10.0.1.2 10.0.1.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Configuration for IR1 The following is the configuration for the router labeled IR1: config vlan HQ_10_0_1 ipaddress 10.0.1.2 255.255.255.0 config vlan HQ_10_0_2 ipaddress 10.0.2.2 255.255.255.
Displaying IP Multicast Routing Settings Displaying IP Multicast Routing Settings To display settings for IP multicast routing components, use the commands listed in Table 10-3. Table 10-3 IP Multicast Routing Show Commands Command Description show dvmrp {vlan | route}} {detail} Displays the DVMRP configuration and statistics, or the unicast route table. The default setting is all.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Deleting and Resetting IP Multicast Settings To return IP multicast routing settings to their defaults and disable IP multicast routing functions, use the commands listed in Table 10-4. Table 10-4 IP Multicast Routing Reset and Disable Commands Command Description disable dvmrp Disables DVMRP on the system. disable ipmcforwarding {vlan } Disables IP multicast forwarding.
Chapter 11 IPX Routing This chapter describes how to configure IPX, IPX/RIP, and IPX/SAP on the switch. It assumes that you are already familiar with IPX. If not, refer to your Novell™ documentation. Note For more information on RIP, refer to Chapter 9. Overview of IPX The switch provides support for the IPX, IPX/RIP, and IPX/SAP protocols. The switch dynamically builds and maintains an IPX routing table and an IPX service table.
Overview of IPX Figure 11-1 shows the same switch discussed earlier in Figure9-1 . In Figure 11-1, IPX routing has been added to the switch, and two additional VLANs have been defined; Exec, and Support. Both VLANs have been configured as protocol-specific VLANs, using IPX. Figure 11-1 IPX VLAN Configuration Note For more information on protocol-specific VLANs, refer to Chapter 4. Exec has been assigned the IPX NetID 2516. Support has been assigned the IPX NetID A2B5.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide IPX Encapsulation Types Novell NetWare™ supports four types of frame encapsulation. The ExtremeWare term for each type is described in Table 11-1. Table 11-1 IPX Encapsulation Types Name Description ENET_II The frame uses the standard Ethernet 2 header. ENET_8023 The frame includes the IEEE 802.3 length field, but does not include the IEEE 802.2 Logical Link Control (LLC) header. This encapsulation is used by NetWare version 2.x and the original 3.
IPX/RIP Routing IPX/RIP Routing The switch supports the use of IPX/RIP for unicast routing. IPX/RIP is different from IP/RIP. However, many of the concepts are the same. ExtremeWare supports the following IPX/RIP features: ❑ Split horizon ❑ Poison reverse ❑ Triggered Updates Note For more information on RIP concepts, refer to Chapter 9.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Routing SAP Advertisements The switch contains an IPX Service Table, and propagates SAP advertisements to other IPX routers on the network.
Configuring IPX Configuring IPX This section describes the commands associated with configuring IPX, IPX/RIP, and IPX/SAP on the switch. To configure IPX routing: 1. Create at least two VLANs. 2. If you are combining an IPX VLAN with another VLAN on the same port(s), you must use a protocol filter on one of the VLANs, or use 802.1Q tagging. 3.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide ❑ show ipxsap — This command displays the enable status of IPX/SAP for the VLAN, and its operational and administrative status (including the GNS reply service). It also lists any identified IPX/SAP neighbors, SAP packet statistics, and several other timer settings. ❑ show ipxrip — This command displays the enable status of IPX/RIP for the VLAN, including operational and administrative status.
IPX Commands IPX Commands Table 11-3 describes the commands used to configure basic IPX settings. Table 11-3 Basic IPX Commands Command Description enable type20 forwarding {vlan } Enables the forwarding of IPX type 20 (NetBIOS inside IPX) packets from one or more ingress VLANs. The default setting is disabled. config ipxmaxhops Configures the IPX maximum hop count when forwarding IPX packets. The default setting is 16.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 11-3 Basic IPX Commands (Continued) Command Description config ipxservice add Adds a static entry to the IPX service table. Specify: ❑ service_type — The service type. ❑ service_name — The service name. ❑ netid — The IPX network identifier of the server. ❑ mac_address — The MAC address of the server. ❑ socket — The IPX port number on the server.
IPX Commands Table 11-4 describes the commands used to configure the IPX route table. Table 11-4 IPX/RIP Configuration Commands Command Description enable ipxrip Enables IPX/RIP on the router. config ipxrip add vlan [ | all} Configures one or all IPX VLANs to run IPX/RIP. IPX/RIP is enabled by default when you configure the IPX VLAN. config ipxrip delete vlan [ | all] Disables IPX/RIP on one or all interfaces.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Table 11-5 describes the commands used to configure IPX/SAP. Table 11-5 IPX/SAP Configuration Commands Command Description enable ipxsap Enables IPX/SAP on the router. enable ipxsap gns-reply {vlan } Enables GNS reply on one or all IPX interfaces. If no VLAN is specified, GNS reply is enabled on all IPX interfaces. The default setting is enabled.
IPX Configuration Example IPX Configuration Example Figure 11-2 builds on the example showing the IP/RIP configuration that was used in Figure 9 - 4.Now, in addition to having IP VLANs configured, this example illustrates a switch that has the following IPX VLANs defined: ❑ Exec — Protocol-sensitive VLAN using the IPX protocol with the filter IPX_8022 — Ports 4 and 5 have been assigned to Exec — Exec is configured for IPX NetID 2516 and IPX encapsulation type 802.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide The stations connected to the system generate a combination of IP traffic and IPX traffic. The IP traffic is filtered by the IP VLANs. IPX traffic is filtered by the IPX VLANs. In this configuration, all IP traffic from stations connected to ports 1 and 3 have access to the IP router by way of the VLAN Finance. IP traffic on ports 2 and 4 reach the IP router by way of the VLAN Personnel.
Displaying IPX Settings Displaying IPX Settings To display settings for various IPX components, use the commands listed in Table 11-6. Table 11-6 IPX Show Commands Command Description show ipxconfig {vlan } Displays IPX configuration information for one or all VLANs. show ipxroute {vlan | xnetid | origin [static | rip | local]} Displays the IPX routes in the route table. show ipxstats {vlan } Displays IPX packet statistics for the IPX router, and one or all VLANs.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Resetting and Disabling IPX To return IPX settings to their defaults and disable IPX functions, use the commands listed in Table 11-7. Table 11-7 IPX Reset and Disable Commands Command Description disable type20 forwarding {vlan } Disables the forwarding of IPX type 20 packets. disable ipxrip Disables IPX/RIP on the router. disable ipxsap Disables IPX/SAP on the router.
Chapter 12 Access Policies This chapter describes access policies, and how they are created and implemented on the switch. Overview of Access Policies Access policies are a generalized category of features that are applied to route forwarding decisions. Access policies are used primarily for security purposes, and, less often, for bandwidth management. Access policies are formed by combining an “access profile” (for example, a list of IP routes) with an “access method” (for example, RIP).
Using Access Policies Using Access Policies To use access policies: 1. Create an access profile. 2. Configure the access profile to be of type permit or deny. 3. Apply the access profile. Creating an Access Profile The first thing to do when using access policies is create an access profile. An access profile is a named list of IP addresses and associated subnet masks. You must give the access profile a unique name (in the same manner as naming a protocol filter or Spanning Tree Domain).
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Access Policies for RIP If the RIP protocol is being used, the switch can be configured to use an access profile to determine any of the following: ❑ Trusted Neighbor — Use an access profile to determine trusted RIP router neighbors for the VLAN on the switch running RIP.
Using Access Policies Internet Internet 10/100BASE-T ETHERNET SWITCH WITH GIGABIT ETHERNET 1000BASE-X 10/100BASE-TX MDI-X ACTIVITY 1 LINK ON 2 3 4 5 6 7 8 9 10 11 12 DISABLED 1 25 25R 3 4 5 6 7 8 9 10 11 12 A 25 25R 13 14 2 15 16 17 18 L 25 25R 19 20 21 22 23 24 POWER 13 14 15 16 17 18 19 20 21 22 23 24 MGMT. 10.0.0.10/24 Backbone/RIP Switch being configured Sales 10.0.0.12/24 10.0.0.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide This configuration results in the switch having no route back to the VLAN Sales. Access Policies for OSPF Because OSPF is a link-state protocol, the access policies associated with OSPF are different in nature than those associated with RIP. Access policies for OSPF are intended to extend the existing filtering and security capabilities of OSPF (for example, link authentication and the use of IP address ranges).
Using Access Policies Example. Figure 1 2-2illustrates an OSPF network that is similar to the network used previously in the RIP example. In this example, access to the Internet is accomplished by the use the ASBR function on the switch labeled “Internet.” As a result, all routes to the Internet will be done through external routes. Suppose the network administrator wishes to only allow access only to certain internet addresses falling within the range 192.1.1.0/24 to the internal backbone.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Access Policies for DVMRP The access policy capabilities for DVMRP are very similar to those for RIP. If the DVMRP protocol is used for routing IP multicast traffic, the switch can be configured to use an access profile to determine any of the following: ❑ Trusted Neighbor — Use an access profile to determine trusted DVMRP router neighbors for the VLAN on the switch running DVMRP.
Using Access Policies In addition, suppose the administrator wants to preclude users on the VLAN Engsvrs from seeing any multicast streams that are generated by the VLAN Sales across the backbone. The additional configuration of the switch labeled “Engsvrs” is as follows: create access-profile nosales ipaddress config access-profile nosales mode deny config access-profile nosales add 10.2.1.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Making Changes to an Access Profile You can make a change to an access profile, after the change has been applied, to form an access policy. However, the propagation of the change depends on the protocol and policy involved. Propagation of changes applied to RIP, DVMRP, and PIM access policies depend on the respective protocol timers to age-out entries.
Removing an Access Policy Removing an Access Policy To remove an access policy, you must remove the access profile from the protocol or VLAN. All the commands that apply an access profile to form an access policy also have the option of choosing none as the access profile. Using the none option removes any access profile of that particular type from the protocol or VLAN, and, therefore, removes the access policy.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Access Policy Commands Table 12-1 shows the commands used to configure access policy. Table 12-1 Access Policy Configuration Commands Command Description create access-profile type [vlan | ipaddress] Creates an access profile.
Access Policy Commands Table 12-1 Access Policy Configuration Commands (Continued) Command Description config dvmrp vlan [ | all] importfilter [ | none] Configures DVMRP to filter certain routes received from its neighbor. config dvmrp vlan [ | all] trustedgateway [ | none] Configures DVMRP to use the access policy to determine which DVMRP neighbor is trusted and to receive routes from.
Chapter 13 Status Monitoring and Statistics This chapter describes how to view the current operating status of the switch, how to display information in the log, and how to take advantage of available Remote Monitoring (RMON) capabilities. Viewing statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you will see trends emerging and notice problems arising before they cause major network faults.
Status Monitoring Table 13-1 describes show commands that are used to monitor the status of the switch. Table 13-1 Status Monitoring Commands Command Description show diag Displays software diagnostics. show log {} Displays the current snapshot of the log. Options include: ❑ priority — Filters the log to display message with the selected priority or higher (more critical). Priorities include critical, emergency, alert, error, warning, notice, info, and debug.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Port Statistics The switch software provides a facility for viewing port statistic information. The summary information lists values for the current counter against each port on each operational module in the system, and it is refreshed approximately every 2 seconds. Values are displayed to nine digits of accuracy.
Port Errors Port Errors The switch keeps track of errors for each port. To view port transmit errors: Use the following command: show ports txerrors The following port transmit error information is collected by the system: ❑ Link Status — The current status of the link.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide To view port receive errors: Use the following command: show ports rxerrors The following port receive error information is collected by the switch: ❑ Receive Bad CRC Frames (RX CRC) — The total number of frames received by the port that were of the correct length, but contained a bad FCS value.
Port Monitoring Display Keys Port Monitoring Display Keys Table 13-2 describes the keys used to control the displays that appear when you issue any of the show port commands. Table 13-2 Port Monitoring Display Keys 13-6 Key(s) Description U Displays the previous page of ports. D Displays the next page of ports. [Esc] or [Return] Exits from the screen. 0 Clears all counters.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Logging The switch log tracks all configuration and fault information pertaining to the device. Each entry in the log contains the following information: ❑ Timestamp — The timestamp records the month and day of the event, along with the time (hours, minutes, and seconds) in the form HH:MM:SS. If the event was caused by a user, the user name is also provided.
Logging Table 13-4 Fault Log Subsystems (Continued) Subsystem Description Brdg Bridge-related functionality. Examples include low table space and queue overflow. SNMP SNMP information. Examples include community string violations. Telnet Information related to Telnet login and configuration performed by way of a Telnet session. VLAN VLAN-related configuration information. Port Port management-related configuration. Examples include port statistics and errors.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide If you enable the log display on a terminal connected to the console port, your settings will remain in effect even after your console session is ended (unless you explicitly disable the log display). When using a Telnet connection, if your Telnet session is disconnected (because of the inactivity timer, or for other reasons), the log display is automatically halted. You must restart the log display by using the enable log display command.
Logging Logging Commands The commands described in Table 13-5 allow you to configure logging options, reset logging options, display the log, and clear the log. Table 13-5 Logging Command Command Description enable log display Enables the log display. enable syslog Enables logging to a remote syslog host. config log display {} Configures the real-time log display. Options include: ❑ priority — Filters the log to display messages with the selected priority or higher (more critical).
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide RMON Using the Remote Monitoring (RMON) capabilities of the switch allows network administrators to improve system efficiency and reduce the load on the network. The following sections explain more about the RMON concept and the RMON features supported by the switch. Note You can only use the RMON features of the system if you have an RMON management application, and have enabled RMON on the switch.
RMON RMON Features of the Switch The IETF defines nine groups of Ethernet RMON statistics. The switch supports the following four of these groups: ❑ Statistics ❑ History ❑ Alarms ❑ Events This section describes these groups, and discusses how they can be used. Statistics. The RMON Ethernet Statistics group provides traffic and error statistics showing packets, bytes, broadcasts, multicasts, and errors on a LAN segment or VLAN.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Effective use of the Events group saves you time. Rather than having to watch real-time graphs for important occurrences, you can depend on the Event group for notification. Through the SNMP traps, events can trigger other actions, providing a mechanism for an automated response to certain occurrences. Configuring RMON RMON requires one probe per LAN segment, and standalone RMON probes have traditionally been expensive.
Chapter 14 Software Upgrade and Boot Options This chapter describes the procedure for upgrading the switch software image. This chapter also discusses how to save and load a primary and secondary image and configuration file on the switch. Downloading a New Image The image file contains the executable code that runs on the switch. It comes preinstalled from the factory. As new versions of the image are released, you should upgrade the software running on your system.
Downloading a New Image hostname — Is the hostname of the TFTP server. (You must enable DNS to use this option.) filename — Is the filename of the new image. primary — Indicates the primary image. secondary — Indicates the secondary image. The switch can store up to two images; a primary and a secondary. When you download a new image, you must select into which image space (primary or secondary) you want the new image to be placed.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Saving Configuration Changes The configuration is the customized set of parameters that you have selected to run on the switch. As you make configuration changes, the new settings are stored in run-time memory. Settings that are stored in run-time memory are not retained by the switch when the switch is rebooted. To retain the settings, and have them load when you reboot the switch, you must save the configuration to nonvolatile storage.
Using TFTP to Upload the Configuration Using TFTP to Upload the Configuration You can upload the current configuration to a TFTP server on your network. The uploaded ASCII file retains the command-line interface (CLI) format. This allows you to do the following: ❑ Modify the configuration using a text editor, and later download a copy of the file to the same switch, or to one or more different switches.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Using TFTP to Download the Configuration You can download a previously saved configuration from a TFTP server. To download a configuration, use the following command: download configuration [ | ] After the ASCII configuration file is downloaded by way of TFTP, you are prompted to reboot the switch. The downloaded configuration file is stored in an area of switch memory, and is not retained if the switch has a power failure.
Upgrading and Accessing BootROM Upgrading and Accessing BootROM The BootROM of the switch initializes certain important switch variables during the boot process. If necessary, BootROM can be upgraded, after the switch has booted, using TFTP. In the event the switch does not boot properly, some boot option functions can be accessed through a special BootROM menu. Upgrading BootROM Upgrading BootROM is done using TFTP (from the CLI), after the switch has booted.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide To perform a serial download, you can optionally change the baud rate to 38.4K using the b command, and then pressing the s key to prepare the switch for an image to be sent from your terminal using the XMODEM protocol. After this has completed, select the g command, to boot the image that is currently in RAM. The switch restores the console port to 9600 bps, and begins the boot process.
Boot Option Commands Table 14-1 Boot Option Commands (Continued) Command Description save {configuration} {primary | secondary} Saves the current configuration to nonvolatile storage. You can specify the primary or secondary configuration area. If not specified, the configuration is saved to the primary configuration area. upload config [ | ] {every
Appendix A Supported Standards The following is a list of software standards supported by the Gigabit Ethernet switches from Allied Telesyn. SNMP MIB-II (RFC 1213) IP Forwarding MIB (RFC 1354) Bridge MIB (RFC 1493) Evolution of Interfaces MIB (RFC 1573) RIP2 MIB (RFC 1724) RMON MIB (RFC 1757) RMON II Probe Configuration MIB (2021) 802.3 MAU MIB (RFC 2239) 802.
Appendix B Troubleshooting If you encounter problems when using the switch, this appendix may be helpful. If you have a problem not listed here or in the “Release Notes,” contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet. On powering-up, the MGMT LED lights yellow: The device has failed its Power On Self Test (POST) and you should contact your supplier for advice.
LEDs Both sides if the Gigabit link must be enabled or disabled. It the two are different, typically the side with autonegotiation disabled will have the link LED list, and the side with autonegotiation enabled will not list. The default configuration for a Gigabit port is autonegotiation enabled. This can be verified by entering the following command: show port config Switch does not power up: All products manufactured by Allied Telesyn use digital power supplies with surge protection.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Using the Command-Line Interface The initial welcome prompt does not display: Check that your terminal or terminal emulator is correctly configured. For console port access, you may need to press [Return] several times before the welcome prompt appears. Check the settings on your terminal or terminal emulator. The settings are 9600 baud, 8 data bits, 1 stop bit, no parity, XON/OFF flow control enabled.
Using the Command-Line Interface The SNMP Network Manager or Telnet workstation can no longer access the device: Check that Telnet access or SNMP access is enabled. Check that the port through which you are trying to access the device has not been disabled. If it is enabled, check the connections and network cabling at the port. Check that the port through which you are trying to access the device is in a correctly configured VLAN. Try accessing the device through a different port.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide Port Configuration No link light on 10/100 Base port: If patching from a hub or switch to another hub or switch, ensure that you are using a CAT5 cross-over cable. This is a CAT5 cable that has pins 1&2 on one end connected to pins 3&6 on the other end.
Using the Command-Line Interface VLANs You cannot add a port to a VLAN: If you attempt to add a port to a VLAN and get an error message similar to localhost:7 # config vlan marketing add port 1:1,1:2 ERROR: Protocol conflict on port 1:5 you already have a VLAN using untagged traffic on a port. Only one VLAN using untagged traffic can be configured on a single physical port.
AT-9108, AT-8518, AT-8525, and AT-8550 User’s Guide 802.1Q links do not work correctly: Remember that VLAN names are only locally significant through the command-line interface. For two switches to communicate across a 802.1Q link, the VLAN ID for the VLAN on one switch should have a corresponding VLAN ID for the VLAN on the other switch. If you are connecting to a third-party device and have checked that the VLAN IDs are the same, the Ethertype field used to identify packets as 802.
Debug Tracing Debug Tracing The switch software includes a debug-tracing facility for the switch. The show debug-tracing command can be applied to one or all VLANs, as follows: show debug-tracing {vlan } The debug commands should only be used under the guidance of Allied Telesyn technical personnel.
Index A access levels 2-10 access policies access profile applying 12-2 changing 12-9 configuring 12-2 creating 12-2 types 12-2 configuration commands (table) 12-11 deny 12-2 description 12-1 DVMRP 12-7 examples DVMRP 12-7 OSPF 12-6 PIM-DM 12-8 RIP 12-3 OSPF 12-5 permit 12-2 PIM-DM 12-8 removing 12-10 RIP 12-3 using 12-2 accounts, creating 2-12 admin account 2-11 aging entries, FDB 5-1 aging timer, FDB and ISQ 7-15 alarm actions 13-13 Alarms, RMON 13-12 area 0, OSPF 9-6 areas, OSPF 9-6 B backbone area, OS
Index configuration primary and secondary 14-3 saving changes 14-3 uploading to file 14-4 configuration example 1-6 D default passwords 2-11 settings 1-8 users 2-11 default STP domain 6-3 default VLAN 4-14 deleting a session 2-17 DHCP and UDP-Forwarding 8-14 DHCP relay, configuring 8-13 disabling a switch port 3-2 disabling route advertising (RIP) 9-4 disabling Telnet 2-18 disconnecting a Telnet session 2-17 Distance Vector Multicast Routing Protocol.
AT-9108, AT-8518, AT-8525 and AT-8550 User’s Guide IP multicast routing configuration commands (table) 10-5 configuring 10-4 description 1-4, 10-2 disabling 10-11 DVMRP configuring 10-5 description 10-2 example 10-8 IGMP configuration commands (table) 10-7 description 10-3 snooping 10-3 PIM-DM configuring 10-5 description 10-2 reset and disable commands (table) 10-11 resetting 10-11 settings, displaying 10-10 show commands (table) 10-10 IP multinetting configuration rules 8-8 description 8-8 example 8-10 I
Index K keys line-editing 2-5 port monitoring 13-6 L line-editing keys 2-5 link-state database 9-5 link-state protocol, description 9-2 load sharing description 3-6 group combinations (table) 3-7 load-sharing group, description 3-6 master port 3-6 verifying the configuration 3-9 local logging 13-8 log display 13-8 logging and Telnet 13-9 commands (table) 13-10 description 13-7 fault level 13-7 local 13-8 message 13-8 QoS monitor 7-20 real-time display 13-8 remote 13-9 subsystem 13-7 timestamp 13-7 logging
AT-9108, AT-8518, AT-8525 and AT-8550 User’s Guide STP state, displaying 6-10 STPD membership 6-2 Switch commands (table) 3-4 transmit errors 13-4 port-based VLANs 4-3 port-mirroring description 3-10 example 3-11 switch configuration commands (table) 311 virtual por 3-10 primary image 14-2 profiles, QoS 7-4 protocol filters 4-11 protocol filters, IPX 11-7 Protocol Independent Multicast - Dense Mode.
Index Statistics group 13-12 router interfaces 8-2, 11-1 router types, OSPF 9-6 Routing Information Protocol. See RIP routing table, populating 8-3 routing table, populating IPX 11-3 routing. See IP unicast routing S saving configuration changes 14-3 secondary image 14-2 sessions, deleting 2-17 shortcuts, command 2-3 Simple Network Management Protocol. See SNMP Simple Network Time Protocol.
AT-9108, AT-8518, AT-8525 and AT-8550 User’s Guide triggered updates 9-3 trunks 4-6 U UDP-Forwarding and BootP 8-14 and DHCP 8-14 configuration commands (table) 8-16 configuring 8-14 description 8-14 example 8-15 profiles 8-14 VLANs 8-14 upgrading the image 14-1 uploading the configuration 14-4 users access levels 2-10 creating 2-12 default 2-11 viewing 2-12 tagged 4-5 trunks 4-6 types 4-3 UDP-Forwarding 8-14 X xmodem 14-1 V viewing accounts 2-12 Virtual LANs.
