53-1002600-01 28 September 2012 Brocade ICX 6650 Administration Guide Supporting FastIron Software Release 07.5.
Copyright © 2006-2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, MLX, NetIron, SAN Health, ServerIron, TurboIron, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Contents About This Document Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Brocade ICX 6650 slot and port numbering . . . . . . . . . . . . . . . . . . . xiii Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring the device as an SNTP server . . . . . . . . . . . . . . . . . . . . 23 Displaying SNTP server information . . . . . . . . . . . . . . . . . . . . . . 25 Enabling broadcast mode for an SNTP client . . . . . . . . . . . . . . 25 Setting the system clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Limiting broadcast, multicast, and unknown unicast traffic. . . 28 CLI banner configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Loading and saving configuration files with IPv6 . . . . . . . . . . . . . . . 62 Using the IPv6 copy command . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Copying a file from an IPv6 TFTP server. . . . . . . . . . . . . . . . . . . 63 IPv6 ncopy command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 IPv6 TFTP server file upload . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Using SNMP to save and load configuration information . . . . .
Chapter 5 IPv6 Configuration on Brocade ICX 6650 Switch Full Layer 3 IPv6 feature support. . . . . . . . . . . . . . . . . . . . . . . . . . .101 IPv6 addressing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .101 IPv6 address types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102 IPv6 stateless auto-configuration . . . . . . . . . . . . . . . . . . . . . . .104 IPv6 CLI command support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
IPv6 ICMP feature configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .128 Configuring ICMP rate limiting . . . . . . . . . . . . . . . . . . . . . . . . .128 Enabling IPv6 ICMP redirect messages . . . . . . . . . . . . . . . . . .129 IPv6 neighbor discovery configuration . . . . . . . . . . . . . . . . . . . . . .129 IPv6 neighbor discovery configuration notes . . . . . . . . . . . . . .130 Neighbor solicitation and advertisement messages . . . . . . . .
User-based security model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 Configuring your NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 Configuring SNMP version 3 on Brocade ICX 6650 devices. .159 Defining the engine id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 Defining an SNMP group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160 Defining an SNMP user account. . . . . . . . . . . . . . . . . . . . . . . .
General LLDP operating principles . . . . . . . . . . . . . . . . . . . . . . . . .186 LLDP operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186 LLDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187 TLV support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188 MIB support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191 Syslog messages. . . . . . . . . . . . . . . .
Displaying Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232 Enabling real-time display of Syslog messages . . . . . . . . . . . .233 Enabling real-time display for a Telnet or SSH session . . . . . .233 Displaying real-time Syslog messages . . . . . . . . . . . . . . . . . . .234 Syslog service configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234 Displaying the Syslog configuration . . . . . . . . . . . . . . . . . . . . .
Appendix A Syslog messages Appendix B NIAP-CCEVS Certification NIAP-CCEVS certified Brocade equipment and Ironware releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299 Local user password changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xii Brocade ICX 6650 Administration Guide 53-1002600-01
About This Document The Brocade ICX 6650 is a ToR (Top of Rack) Ethernet switch for campus LAN and classic Ethernet data center environments. Audience This document is designed for system administrators with a working knowledge of Layer 2 and Layer 3 switching and routing. If you are using a Brocade Layer 3 Switch, you should be familiar with the following protocols if applicable to your network: IP, RIP, OSPF, BGP, ISIS, PIM, and VRRP.
Brocade ICX 6650 slot and port numbering • Slot 2 is located on the back of the ICX 6650 device and contains ports 1 through 3 on the top row and port 4 on the bottom row. These ports are 2x40 GbE QSFP+. Refer to the following figure. Slot 2 Slot 2 Slot 3 • Slot 3 is located on the back of the ICX 6650 device and contains ports 1 through 8. These ports are 4 x 10 GbE breakout ports and require the use of a breakout cable. Refer to the previous figure.
Brocade ICX 6650 slot and port numbering [] Optional elements appear in brackets. variable Variables are printed in italics. In the help pages, values are underlined or enclosed in angled brackets < >. ... Repeat the previous element, for example “member[;member...]” value Fixed values following arguments are printed in plain font. For example, --show WWN | Boolean. Elements are exclusive.
Brocade ICX 6650 slot and port numbering Corporation Referenced Trademarks and Products Sun Microsystems, Inc. Sun, Solaris Red Hat, Inc.
Brocade ICX 6650 slot and port numbering Other industry resources For additional resource information, visit the Technical Committee T11 website. This website provides interface standards for high-performance and mass storage applications for Fibre Channel, storage management, and other applications: http://www.t11.org For information about the Fibre Channel industry, visit the Fibre Channel Industry Association website: http://www.fibrechannel.
Brocade ICX 6650 slot and port numbering Brocade ICX 6650 Administration Guide 53-1002600-01
1 Management Applications In this chapter • Management port overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 • Logging on through the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 • Using slot number, and port number with CLI commands . . . . . . . . . . . . . . . 5 Table 1 lists the Brocade ICX 6650 switch and the management application features the switch supports.
1 Management port overview • Creating a management VLAN disables the management port on the device. For switches, any in-band port may be used for management purposes. A router sends Layer 3 packets using the MAC address of the port as the source MAC address. CLI Commands for use with the management port The following CLI commands can be used with a management port. To display the current configuration, use the show running-config interface management command. Brocade(config-if-mgmt)#ip addr 10.44.9.
1 Logging on through the CLI To display management port statistics, enter the show statistics management command. Brocade(config)#show statistics management 1 Port Link State Dupl Speed Trunk Tag mgmt1 Up None Full 1G None No Pri 0 MAC 748e.f80c.
1 Logging on through the CLI • CONFIG – Lets you make configuration changes to the device. To save the changes across reboots, you need to save them to the system-config file. The CONFIG level contains sub-levels for individual ports, for VLANs, for routing protocols, and other configuration areas. NOTE By default, any user who can open a serial or Telnet connection to the Brocade device can access all these CLI levels.
Using slot number, and port number with CLI commands 1 • Press the Return or Enter key to display the next line (one line at a time). • Press Ctrl+C or Ctrl+Q to cancel the display. Line editing commands The CLI supports the following line editing commands. To enter a line-editing command, use the CTRL+key combination for the command by pressing and holding the CTRL key, then pressing the letter associated with the command.
1 Using slot number, and port number with CLI commands CLI nomenclature on Brocade ICX 6650 models When you enter CLI commands that include the port number as part of the syntax, you must use the stack unit/slot number/port number format. The unit number is 1.
Using slot number, and port number with CLI commands 1 Brocade#show who | exclude closed Console connections: established you are connecting to this session 2 seconds in idle Telnet connections (inbound): 1 established, client ip address 192.168.9.
1 Using slot number, and port number with CLI commands To display lines containing only a specified search string (similar to the include option for show commands) press the plus sign key ( + ) at the --More-- prompt and then enter the search string. --More--, next page: Space, next line: Return key, quit: Control-c +telnet The filtered results are displayed. filtering...
Using slot number, and port number with CLI commands TABLE 3 1 Special characters for regular expressions (Continued) Character Operation + The plus sign matches on one or more sequential instances of a pattern. For example, the following regular expression matches output that contains "de", followed by a sequence of “g”s, such as “deg”, “degg”, “deggg”, and so on: deg+ ? The question mark matches on zero occurrences or one occurrence of a pattern.
1 Using slot number, and port number with CLI commands If you want to filter for a special character instead of using the special character as described in the table above, enter “\” (backslash) in front of the character. For example, to filter on output containing an asterisk, enter the asterisk portion of the regular expression as “\*”. Brocade#show ip route bgp | include \* Creating an alias for a CLI command You can create aliases for CLI commands.
Using slot number, and port number with CLI commands 1 • If configured on the Brocade device, authentication, authorization, and accounting is performed on the actual command, not on the alias for the command. • To save an alias definition to the startup-config file, use the write memory command.
1 12 Using slot number, and port number with CLI commands Brocade ICX 6650 Administration Guide 53-1002600-01
Chapter 2 Basic Software Features In this chapter • Basic system parameter configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Specifying an SNTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Configuring the device as an SNTP server. . . . . . . . . . . . . . . . . . . . . . . . . . . • Basic port parameter configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2 Basic system parameter configuration TABLE 4 Supported basic software features Feature Brocade ICX 6650 Duplex mode Yes Port status (enable or disable) Yes Flow control: • Responds to flow control packets, but does not generate them Yes Symmetric flow control • Can transmit and receive 802.
Basic system parameter configuration 2 Entering system administration information You can configure a system name, contact, and location for a Brocade device and save the information locally in the configuration file for future reference. This information is not required for system operation but is suggested. When you configure a system name, the name replaces the default system name in the CLI command prompt. The name, contact, and location each can be up to 255 alphanumeric characters.
2 Basic system parameter configuration When you add a trap receiver, the software automatically encrypts the community string you associate with the receiver when the string is displayed by the CLI. If you want the software to show the community string in the clear, you must explicitly specify this when you add a trap receiver. In either case, the software does not encrypt the string in the SNMP traps sent to the receiver.
Basic system parameter configuration 2 Setting the SNMP trap holddown time When a Brocade device starts up, the software waits for Layer 2 convergence (STP) and Layer 3 convergence (OSPF) before beginning to send SNMP traps to external SNMP servers. Until convergence occurs, the device might not be able to reach the servers, in which case the messages are lost. By default, a Brocade device uses a one-minute holddown time to wait for the convergence to occur before starting to send SNMP traps.
2 Basic system parameter configuration • • • • • • • • • • • • Power supply failure Fan failure Cold start Link up Link down Bridge new root Bridge topology change Locked address violation BGP4 OSPF VRRP VRRP-E To stop link down occurrences from being reported, enter the following.
Basic system parameter configuration 2 NOTE The Privileged EXEC level is sometimes called the “Enable” level, because the command for accessing this level is enable. The feature is enabled by default.
2 Specifying an SNTP server Brocade(config)# no logging enable user-login Brocade(config)# write memory Brocade(config)# end Brocade# reload Syntax: [no] logging enable user-login Cancelling an outbound Telnet session If you want to cancel a Telnet session from the console to a remote Telnet server (for example, if the connection is frozen), you can terminate the Telnet session by doing the following. 1. At the console, press Ctrl+^ (Ctrl+Shift-6). 2. Press the X key to terminate the Telnet session.
Specifying an SNTP server 2 The authentication-key option allows you to configure an authentication key for communication with the SNTP server. When the authentication key is configured for an SNTP client, it is used only for an SNTP unicast client. You must assign a unique server and pre-share . The and pre-share are used together to create the MD5 checksum. The MD5 checksum is used for authentication for request and reply messages with the SNTP server.
2 Specifying an SNTP server To display detailed information about SNTP associations, enter the show sntp associations details command. Brocade# show sntp associations details 10.99.8.95 configured,insane, unsynched,invalid, stratum 16 ref ID 0.0.0.0,time 0.0 (Jan 1 00:00:00) our mode client, peer mode unspec, our poll intvl 15, peer poll intvl 0 root delay 0.0 msec, root disp 0.0 delay 0 msec, offset 0 msec precision 2**0, version 0 org time 0.0 (Jan 1 00:00:00) rcv time 0.0 (Jan 1 00:00:00) xmt time 0.
Configuring the device as an SNTP server 2 Field Description precision The precision of the system clock in Hz. version The NTP version of the peer. The version can be from 1 - 4. org time The original timestamp of the system clock. The original timestamp is what the client has sent to the server. rcv time The receive timestamp of the system clock. xmt time The transmit timestamp of the system clock. To display information about SNTP status, enter the show sntp status command.
2 Configuring the device as an SNTP server To use the device as a an SNTP server, enter a command such as the following at the Privileged EXEC level. Brocade(config)# sntp server-mode use-local-clock authentication-key abc123 Brocade(config)# write memory The above example configures the device to operate as an SNTP server with the local clock as a reference backup and an authentication key of “abc123” and writes the configuration changes to memory.
Configuring the device as an SNTP server 2 Displaying SNTP server information Use the show sntp server-mode command to display the status of the SNTP server and its configuration. Brocade# show sntp server-mode Status : up Stratum : 1 Authentication : md5 Clock source : local-clock Last 5 unique downstream client responses generated : Client Address Reference Time 10.20.79.91 15:57:48 Pacific Tue Aug 07 2012 10.20.79.63 15:56:26 Pacific Tue Aug 07 2012 10.20.79.
2 Configuring the device as an SNTP server network until the last message is received from the system clock. To update the system clock with the last message received, you can enable the SNTP client to either listen to all NTP broadcast servers on any interface, or enable the SNTP client to listen to only one specific NTP broadcast server. To enable an SNTP client in a broadcast mode to listen to all NTP servers on any interface, enter the sntp broadcast client command.
Configuring the device as an SNTP server 2 Syntax: sntp sync By default, Brocade switches and routers do not change the system time for daylight saving time. To enable daylight saving time, enter the clock summer-time command. Brocade(config)# clock summer-time Syntax: [no] clock summer-time Although SNTP servers typically deliver the time and date in Greenwich Mean Time (GMT), you can configure the Brocade device to adjust the time for any one-hour offset from GMT or for one of the following U.S.
2 Configuring the device as an SNTP server The DST feature is automatic, but to trigger the device to the correct time, the device must be configured to the US time zone, not the GMT offset. To configure your device to use the US time zone, enter the clock timezone us pacific command. Brocade(config)# clock timezone us pacific Syntax: [no] clock timezone us Enter pacific, eastern, central, or mountain for .
Configuring the device as an SNTP server 2 NOTE The banner command is equivalent to the banner motd command. NOTE If you are using a Web client to view the message of the day, and your banners are very wide, with large borders, you may need to set your PC display resolution to a number greater than the width of your banner.
2 Configuring the device as an SNTP server Setting a privileged EXEC CLI level banner You can configure the Brocade device to display a message when a user enters the Privileged EXEC CLI level. Example Brocade(config)# banner exec_mode # (Press Return) Enter TEXT message, End with the character '#'.
Basic port parameter configuration 2 You can configure the Brocade device to use a different MAC address for Layer 2 management traffic than for switched traffic. When you issue the use-local-management-mac, the Brocade device changes a local bit in the first port MAC address and uses this MAC address for management traffic. The second bit of the first port MAC address is changed to 2. For example, if the MAC address is 748e.f80c.5f40 after the feature is enabled, the switch uses 728e.f80c.
2 Basic port parameter configuration Port speed and duplex mode modification The Gigabit Ethernet copper ports are designed to auto-sense and auto-negotiate the speed and duplex mode of the connected device. If the attached device does not support this operation, you can manually enter the port speed to operate at either 10, 100, or 1000 Mbps. The default and recommended setting is 10/100/1000 auto-sense. NOTE You can modify the port speed of copper ports only; this feature does not apply to fiber ports.
Basic port parameter configuration 2 Downgrading the Brocade ICX 6650 front panel ports from 10 GbE to 1 GbE port speed Ports 1/1/1 through 1/1/56 port speed can be downgraded from 10 GbE to 1 GbE port speed. NOTE Ports 1/1/33 through 1/1/56 can only be downgraded to 1 GbE port speed if you have downloaded the ICX6650-10G-LIC-POD license onto the device.
2 Basic port parameter configuration The port speed down-shift and maximum port speed advertisement features operate dynamically at the physical link layer, independent of logical trunk group configurations. Although Brocade recommends that you use the same cable types and auto-negotiation configuration on all members of a trunk group, you could utilize the auto-negotiation features conducive to your cabling environment.
Basic port parameter configuration 2 Disabling or re-enabling a port A port can be made inactive (disable) or active (enable) by selecting the appropriate status option. The default value for a port is enabled. To disable port 1/1/1 of a Brocade device, enter the following. Brocade(config)# interface ethernet 1/1/1 Brocade(config-if-e10000-1/1/1)# disable You also can disable or re-enable a virtual interface. To do so, enter commands such as the following.
2 Basic port parameter configuration To disable flow control, enter the no flow-control command. Brocade(config)# no flow-control To turn the feature back on, enter the flow-control command. Brocade(config)# flow-control Syntax: [no] flow-control NOTE For optimal link operation, link ports on devices that do not support 803.3u must be configured with like parameters, such as speed (10,100,1000), duplex (half, full), MDI/MDIX, and Flow Control.
Basic port parameter configuration 2 Displaying flow-control status The show interface // command displays configuration, operation, and negotiation status where applicable. For example, issuing the command for 10/100/1000M port 1/1/36 displays the following output. Brocade# show interfaces ethernet 1/1/36 10GigabitEthernet1/1/36 is up, line protocol is up Hardware is 10GigabitEthernet, address is 748e.f80c.5f40 (bia 748e.f80c.
2 Basic port parameter configuration About XON and XOFF thresholds An 802.3x PAUSE frame is generated when the buffer limit at the ingress port reaches or exceeds the port’s upper watermark threshold (XOFF limit). The PAUSE frame requests that the sender stop transmitting traffic for a period of time. The time allotted enables the egress and ingress queues to be cleared. When the ingress queue falls below the port’s lower watermark threshold (XON limit), an 802.
Basic port parameter configuration 2 Enabling and disabling symmetric flow control By default, symmetric flow control is disabled and tail drop mode is enabled. However, because flow control is enabled by default on all full-duplex ports, these ports will always honor received 802.3x Pause frames, whether or not symmetric flow control is enabled. To enable symmetric flow control globally on all full-duplex data ports of a standalone unit, enter the symmetric-flow-control enable command.
2 Basic port parameter configuration • Negotiate-full-auto – The port first tries to perform a handshake with the other port to exchange capability information. If the other port does not respond to the handshake attempt, the port uses the manually configured configuration information (or the defaults if an administrator has not set the information). This is the default. • Auto-Gbps – The port tries to perform a handshake with the other port to exchange capability information.
Basic port parameter configuration 2 Configuring port flap dampening on an interface This feature is configured at the interface level. Brocade(config)# interface ethernet 1/1/1 Brocade(config-if-e10000-1/1/1)# link-error-disable 10 3 10 Syntax: [no] link-error-disable The is the number of times a port link state goes from up to down and down to up before the wait period is activated. Enter a value from 1 - 50.
2 Basic port parameter configuration Brocade# show link-error-disable all Port -----------------Config--------------# Threshold Sampling-Time Shutoff-Time --------------- ------------- -----------1/1/3 1 14 3 1/1/32 2 20 Indefinite 1/1/56 1 10 Indefinite 1/2/1 10 3 10 1/3/4 4 10 2 1/3/8 1 10 Indefinite ------Oper---State Counter ----- ------Idle N/A Idle N/A Down N/A Idle N/A Idle N/A Idle N/A Table 10 defines the port flap dampening statistics displayed by the show link-error-disable all command.
Basic port parameter configuration 2 Port loop detection This feature allows the Brocade device to disable a port that is on the receiving end of a loop by sending test packets. You can configure the time period during which test packets are sent. Types of loop detection There are two types of loop detection; Strict Mode and Loose Mode. In Strict Mode, a port is disabled only if a packet is looped back to that same port.
2 Basic port parameter configuration loops because STP cannot prevent loops across different VLANs. In these instances, the ports are not blocked and loop detection is able to send out probe packets in one VLAN and receive packets in another VLAN. In this way, loop detection running in Loose Mode disables both ingress and egress ports. Enabling loop detection Use the loop-detection command to enable loop detection on a physical port (Strict Mode) or a VLAN (Loose Mode).
Basic port parameter configuration 2 Brocade(config)# errdisable recovery cause loop-detection The above command will cause the Brocade ICX 6650 device to automatically re-enable ports that were disabled because of a loop detection. By default, the device will wait 300 seconds before re-enabling the ports. You can optionally change this interval to a value from 10 to 65535 seconds. Refer to “Specifying the recovery time interval” on page 45.
2 Basic port parameter configuration The following command displays the current disabled ports, including the cause and the time.
Basic port parameter configuration TABLE 11 2 Field definitions for the show loop-detection resource command (Continued) Field Description size The size init The number of requests initiated Displaying loop detection configuration status on an interface Use the show interface command to display the status of loop detection configuration on a particular interface.
2 48 Basic port parameter configuration Brocade ICX 6650 Administration Guide 53-1002600-01
Chapter 3 Operations, Administration, and Maintenance In this chapter • OAM Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Software versions installed and running on a device . . . . . . . . . . . . . . . . . . • Image file types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Software upgrades . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3 OAM Overview OAM Overview For easy software image management, all Brocade ICX 6650 devices support the download and upload of software images between the flash modules on the devices and a Trivial File Transfer Protocol (TFTP) server on the network. Brocade devices have two flash memory modules: • Primary flash – The default local storage device for image files and configuration files. • Secondary flash – A second flash storage device.
Software versions installed and running on a device 3 UNIT 1: SL 1: ICX6650-64 56-port Management Module Serial #: CEN2525H006 License: BASE_SOFT_PACKAGE (LID: egpHKHKjFFL) P-ENGINE 0: type EC02, rev 01 ========================================================================== UNIT 1: SL 2: ICX6650-64 4-port 160G Module ========================================================================== UNIT 1: SL 3: ICX6650-64 8-port 80G Module ======================================================================
3 Software versions installed and running on a device • The “Compressed Sec Code size” line lists the flash code version installed in the secondary flash area. • The “Boot Monitor Image size” line lists the boot code version installed in flash memory. The device does not have separate primary and secondary flash areas for the boot image. The flash memory module contains only one boot image.
Image file types 3 In the previous example, the codes did not match, and verification failed. If verification succeeds, the output will look like this. Brocade#verify md5 secondary 01c410d6d153189a4a5d36c955653861 Brocade#.........................Done Size = 2044830, MD5 01c410d6d153189a4a5d36c955653861 Verification SUCEEDED. The following examples show this process for SHA-1 and CRC32 algorithms. Brocade#verify sha secondary 49d12d26552072337f7f5fcaef4cf4b742a9f525 Brocade#.........................
3 Using SNMP to upgrade software Brocade#show dir 12703628 [4e58] primary 12706082 [4e58] secondary 668 [0000] $$$license 463 [0000] startup-config.backup 512 [0000] meta_data.bin 432 [0000] startup-config 25411785 bytes 6 File(s) 21843968 bytes free Syntax: show dir To display the contents of a flash configuration file, enter a command such as the following from the User EXEC or Privileged EXEC mode of the CLI: Brocade#copy flash console startup-config.backup ver 07.5.
Using SNMP to upgrade software 3 NOTE The syntax shown in this section assumes that you have installed HP OpenView in the “/usr” directory. NOTE Brocade recommends that you make a backup copy of the startup-config file before you upgrade the software. If you need to run an older release, you will need to use the backup copy of the startup-config file. 1. Configure a read-write community string on the Brocade device, if one is not already configured.
3 Software reboot Software reboot You can use boot commands to immediately initiate software boots from a software image stored in primary or secondary flash on a Brocade device or from a BootP or TFTP server. You can test new versions of code on a Brocade device or choose the preferred boot source from the console boot prompt without requiring a system reset. NOTE It is very important that you verify a successful TFTP transfer of the boot code before you reset the system.
Loading and saving configuration files 3 Syntax: show boot-preference The results of the show run command for the configured example above appear as follows. Brocade#show run Current configuration: ! ver 07.5.
3 Loading and saving configuration files • Running configuration file – This file contains the configuration active in the system RAM but not yet saved to flash. These changes could represent a short-term requirement or general configuration change. To display this file, enter the show running-config or write terminal command at any CLI prompt. Each device can have one startup configuration file and one running configuration file. The startup configuration file is shared by both flash modules.
Loading and saving configuration files 3 Copying a configuration file to or from a TFTP server To copy the startup-config or running-config file to or from a TFTP server, use one of the following methods. NOTE For details about the copy and ncopy commands used with IPv6, refer to “Using the IPv6 copy command” on page 62 and “IPv6 ncopy command” on page 64. NOTE You can name the configuration file when you copy it to a TFTP server.
3 Loading and saving configuration files • The configuration file is a script containing CLI configuration commands. The CLI reacts to each command entered from the file in the same way the CLI reacts to the command if you enter it. For example, if the command results in an error message or a change to the CLI configuration level, the software responds by displaying the message or changing the CLI level.
Loading and saving configuration files 3 The configuration file contains these commands. interface ethernet 1/1/7 ip address 10.10.10.69/24 The running-config already has a command to add an address to port 11, so the CLI responds like this. Brocade(config)#interface ethernet 1/1/7 Brocade(config-if-e10000-1/1/7)#ip add 10.10.10.69/24 Error: can only assign one primary ip address per subnet Brocade(config-if-e10000-1/1/7)# To successfully replace the address, enter commands into the file as follows.
3 Loading and saving configuration files with IPv6 • Commands to copy the running-config to a TFTP server: • copy running-config tftp • ncopy running-config tftp • Commands to copy the startup-config file to a TFTP server: • copy startup-config tftp • ncopy startup-config tftp Loading and saving configuration files with IPv6 This section describes the IPv6 copy and ncopy commands.
Loading and saving configuration files with IPv6 3 Brocade#copy running-config tftp 2001:DB8:e0ff:7837::3 newrun.cfg This command copies the running configuration to a TFTP server with the IPv6 address of 2001:DB8:e0ff:7837::3 and names the file on the TFTP server newrun.cfg. Syntax: copy running-config | startup-config tftp Specify the running-config keyword to copy the running configuration file to the specified IPv6 TFTP server.
3 Loading and saving configuration files with IPv6 NOTE To activate this configuration, you must reload (reset) the device. Syntax: copy tftp running-config | startup-config [overwrite] Specify the running-config keyword to copy the running configuration from the specified IPv6 TFTP server. The parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
Loading and saving configuration files with IPv6 3 This command copies a device running configuration to a TFTP server with the IPv6 address of 2001:DB8:e0ff:7837::3 and names the destination file bakrun.cfg. Syntax: ncopy running-config | startup-config tftp Specify the running-config keyword to copy the device running configuration or the startup-config keyword to copy the device startup configuration.
3 Loading and saving configuration files with IPv6 The tftp parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. The parameter specifies the name of the file you want to copy from the TFTP server. Specify the running-config keyword to upload the specified file from the IPv6 TFTP server to the device.
System reload scheduling 3 20 – Upload the startup-config file from the flash memory of the Brocade device to the TFTP server. 21 – Download a startup-config file from a TFTP server to the flash memory of the Brocade device. 22 – Upload the running-config from the flash memory of the Brocade device to the TFTP server. 23 – Download a configuration file from a TFTP server into the running-config of the Brocade device.
3 Diagnostic error codes and remedies for TFTP transfers is the month, day, and year. primary | secondary specifies whether the reload is to occur from the primary code flash module or the secondary code flash module. The default is primary. Reloading after a specific amount of time To schedule a system reload to occur after a specific amount of time has passed on the system clock, use reload after command.
Network connectivity testing 3 Error code Message Explanation and action 6 TFTP out of buffer space. The file is larger than the amount of room on the device or TFTP server. If you are copying an image file to flash, first copy the other image to your TFTP server, then delete it from flash. (Use the erase flash... CLI command at the Privileged EXEC level to erase the image in the flash.) If you are copying a configuration file to flash, edit the file to remove unnecessary information, then try again.
3 Network connectivity testing Syntax: ping | [source ] [count ] [timeout ] [ttl ] [size ] [quiet] [numeric] [no-fragment] [verify] [data <1-to-4 byte hex>] [brief [max-print-per-sec ] ] NOTE If the device is a Brocade Layer 2 Switch or Layer 3 Switch, you can use the host name only if you have already enabled the Domain Name Server (DNS) resolver feature on the device from which you are sending the ping.
Network connectivity testing 3 NOTE The number of ! characters displayed may not correspond to the number of successful replies by the ping command. Similarly, the number of . characters displayed may not correspond to the number of server timeouts that occurred while waiting for a reply. The "success" or "timeout" results are shown in the display as “Success rate is XX percent (X/Y)".
3 72 Network connectivity testing Brocade ICX 6650 Administration Guide 53-1002600-01
Chapter 4 Ports on Demand Licensing In this chapter • Ports on Demand terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • PoD licensing rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • PoD licensing configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Viewing PoD licensing information from the Brocade software portal . . . . • Transferring a PoD license . . . . . . . . . . . . . . . . . .
4 Ports on Demand terminology Ports on Demand terminology Ports on Demand licensing uses the following terms: • Entitlement certificate – The proof-of-purchase certificate (paper-pack) issued by Brocade when a license is purchased. The certificate contains a unique transaction key that is used in conjunction with the License ID of the Brocade device to generate and download a PoD license from the Brocade software portal.
PoD licensing configuration tasks TABLE 15 4 Configuration tasks for Ports on Demand licensing Configuration task Reference 1 Order the desired license. For a list of available licenses and associated license SKU numbers, refer to Table 17 on page 84. 2 When you receive the transaction key, retrieve the LID of the Brocade device. If you received the transaction key by way of paper-pack, record the LID on the entitlement certificate in the space provided.
4 PoD licensing configuration tasks Figure 1 shows the Software Portal Login window.
PoD licensing configuration tasks 4 From the License Management menu, select Brocade IP/ADP > License Generation with Transaction key. The IP/ADP License Generation window displays.
4 PoD licensing configuration tasks Figure 3 shows the IP/ADP License Generation window for generating a license using a transaction key and LID. FIGURE 3 IP/ADP License Generation window Enter the required information. • For a description of the field, move the pointer over the field. • An asterisk next to a field indicates that the information is required.
PoD licensing configuration tasks 4 NOTE You can generate more than one license at a time. For each license request, enter the Unit's Unique License ID and Transaction Key, and click Add. When you have finished entering the required information, read the Brocade End User License Agreement, and select the I have read and accept the Brocade End User License Agreement check box. Click the Generate button to generate the license.
4 Viewing PoD licensing information from the Brocade software portal 5. Upload the license file to the Brocade device. 6. Use the show license command to verify that the license is correctly installed on the device. Viewing PoD licensing information from the Brocade software portal This section describes other PoD licensing tasks supported from the Brocade software portal. You can use the License Query option to view PoD license information for a particular unit, transaction key, or both.
Viewing PoD licensing information from the Brocade software portal 4 NOTE The transaction search will not return any results if the transaction key has not been activated. Figure 6 shows an example of the license query results. FIGURE 6 License Query Results window In this example, the line items for Level 1 display hardware-related information and the line items for Level 2 display software-related information.
4 Transferring a PoD license Transferring a PoD license A license can be transferred between Brocade devices if both the following conditions are true: • The device is under an active support contract. • The license is being transferred between two similar models (for example, from a 24-port model to another 24-port model or from a 48-port model to another 48-port model).
Ports on Demand Licensing FIGURE 7 4 Brocade ICX 6650 front panel Base (32x10 GbE) 8x10 GbE 8x10 GbE 8x10 GbE Blocks of 8 1/10 GbE SFP+ ports Sequential only 33-40, 41-48, 49-56 Rear panel Flexible Ports on Demand The rear panel has 6 QSFP+ ports: • 2 pairs of 40 ports that are error-disabled by default. For a detailed description of the port states (up, down, or error-disabled), refer to “Configuration considerations when configuring PoD for Brocade ICX 6650 devices” on page 96.
4 Ports on Demand Licensing TABLE 17 PoD licenses License SKU License Name Function ICX6650-8P10G-POD ICX6650-10G-LIC-POD Enables ports 1/1/33- 1/1/56 in blocks of eight in sequential order. You need three ICX6650-8P10G-POD licenses to enable all front panel ports. When you purchase a license, a new transaction key is generated as you upgrade to a higher port capacity. Purchase the following: • 8 port capacity = 1 ICX6650-8P10G-POD license. Enables ports 1/1/33 1/1/40.
Ports on Demand Licensing 4 1. Download the ICX6650-10G-LIC-POD license from the Brocade software portal onto the Brocade device. 2. Place the license file on a TFTP or SCP server to which the Brocade device has access to. 3. Use TFTP or SCP to copy the file to the license database of the Brocade device. To use TFTP to copy the file to the license database of the Brocade device, enter the following command. Brocade# copy tftp license 10.120.54.185 lic.
4 Ports on Demand Licensing Deleting a ICX6650-10G-LIC-POD license When downgrading to a lower port capacity license using the ICX6650-10G-LIC-POD license, you must first delete the higher port capacity license and then re-install the lower port capacity license in your system. A reload is required for the license to take effect. 1. Delete the 16-port ICX6650-10G-LIC-POD license file from the device. Brocade#license delete unit 1 index 1 2.
Ports on Demand Licensing Brocade#show pod Unit-Id: 1 PoD 10G license capacity: 8 PoD 10G license capacity used: PoD 40G license capacity: 6 PoD 40G license capacity used: PoD-ports 1/1/33 1/1/34 1/1/35 1/1/36 1/1/37 1/1/38 1/1/39 1/1/40 1/1/41 1/1/42 1/1/43 1/1/44 1/1/45 1/1/46 1/1/47 1/1/48 1/1/49 1/1/50 1/1/51 1/1/52 1/1/53 1/1/54 1/1/55 1/1/56 Lic-Available Yes Yes Yes Yes Yes Yes Yes Yes No No No No No No No No No No No No No No No No 4 8 6 Lic-Used Yes Yes Yes Yes Yes Yes Yes Yes No No No No No N
4 Ports on Demand Licensing The ipv6_address variable is the address of the IPv6 TFTP server. The license_filename_on_host variable is the file name of the license file. The unit unit_id variable specifies a unit for which you want to add a software license file. The unit_id variable is 1. If you attempt to download the same license twice on the device, the following error message is displayed on the console.
Ports on Demand Licensing 4 Disabling the FPoD ports on the rear panel Enter the following command to disable the ports in group 1. Brocade(config)# no fpod-40g-enable group 1 Ports 1/2/1 and 1/2/2 in group 1 are disabled. With a 2-port capacity license, you can choose to enable any one group out of the three groups (group 1, group 2, or group 3). For example, if you want to disable the ports in group 1 and enable the ports in group 2, perform the following steps. 1. Disable ports for group 1.
4 Ports on Demand Licensing Brocade(config)#show pod Unit-Id: 1 PoD 10G license capacity: 24 PoD 10G license capacity used: PoD 40G license capacity: 4 PoD 40G license capacity used: PoD-ports 1/1/33 1/1/34 1/1/35 1/1/36 1/1/37 1/1/38 1/1/39 1/1/40 1/1/41 1/1/42 1/1/43 1/1/44 1/1/45 1/1/46 1/1/47 1/1/48 1/1/49 1/1/50 1/1/51 1/1/52 1/1/53 1/1/54 1/1/55 1/1/56 1/2/1 1/2/2 1/2/3 1/2/4 1/3/1 1/3/2 1/3/3 1/3/4 1/3/5 1/3/6 1/3/7 1/3/8 Lic-Available Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Ye
Viewing information about PoD licenses 4 To delete a specific license file from a unit, enter the following command at the privileged EXEC level of the CLI. Brocade# license delete unit 1 index 1 Syntax: license delete unit unit_id [all | index license_index] The unit_id variable specifies the unit ID number. The unit ID number is 1. The all option allows you to delete all license files for a specific unit.
4 Viewing information about PoD licenses Brocade#show version Copyright (c) 1996-2012 Brocade Communications Systems, Inc. All rights reserved. UNIT 1: compiled on Jul 16 2012 at 20:00:20 labeled as ICXLR07500B1 (12849087 bytes) from Primary ICXLR07500B1.bin SW: Version 07.5.00B1T323 Boot-Monitor Image size = 524288, Version:07.5.
Viewing information about PoD licenses 4 To display PoD license information for unit 1 on a Brocade ICX 6650 device, enter the show license unit unit_id command. In the following example, the 10 GbE and 40 GbE Brocade ICX 6650 PoD licenses are installed on unit 1.
4 Viewing information about PoD licenses Table 19 describes the information displayed by the show license unit unit_id [index index_number] command. TABLE 19 Output from the show license unit_id [index index_number] command Field Description +license name The name of the license installed on the unit. +lid The license ID. This number is embedded in the Brocade device. +license type Indicates the license is normal (permanent).
Viewing information about PoD licenses Brocade(config)#show pod Unit-Id: 1 PoD 10G license capacity: 16 PoD 10G license capacity used: PoD 40G license capacity: 6 PoD 40G license capacity used: PoD-ports 1/1/33 1/1/34 1/1/35 1/1/36 1/1/37 1/1/38 1/1/39 1/1/40 1/1/41 1/1/42 1/1/43 1/1/44 1/1/45 1/1/46 1/1/47 1/1/48 1/1/49 1/1/50 1/1/51 1/1/52 1/1/53 1/1/54 1/1/55 1/1/56 1/2/1 1/2/2 1/2/3 1/2/4 1/3/1 1/3/2 1/3/3 1/3/4 1/3/5 1/3/6 1/3/7 1/3/8 Lic-Available Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
4 Viewing information about PoD licenses TABLE 20 Output from the show pod command Field Description Unit-Id The unit ID number of the PoD. PoD license capacity The port capacity of the PoD license (10 GbE or 40 GbE license) that is purchased. The PoD 10 GbE license consists of an 8-, 16-, or 24-port capacity license. The PoD 40 GbE license consists of a 2-, 4-, or 6-port capacity license.
Viewing information about PoD licenses 4 Brocade# show interface ethernet 1/1/33 10GigabitEthernet1/1/33 is ERR-DISABLED (invalid license), line protocol is down Hardware is 10GigabitEthernet, address is 748e.f80c.5f40(bia 748e.f80c.
4 98 Viewing information about PoD licenses Brocade ICX 6650 Administration Guide 53-1002600-01
Chapter 5 IPv6 Configuration on Brocade ICX 6650 Switch In this chapter • Full Layer 3 IPv6 feature support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IPv6 addressing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IPv6 CLI command support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • IPv6 host address on a Layer 2 switch . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5 IPv6 Configuration on Brocade ICX 6650 Switch TABLE 21 Supported IPv6 features on Brocade ICX 6650 devices Feature Brocade ICX 6650 IPv6 ping Yes IPv6 traceroute Yes DNS server name resolution Yes Logging (Syslog) Yes RADIUS Yes 1 SCP Yes SSH Yes SNMP Yes SNMP traps Yes SNTP Yes Telnet Yes TFTP Yes 1 Router advertisement and solicitation Yes IPv6 static routes Yes IPv6 over IPv4 tunnels Yes ECMP load sharing Yes IPv6 ICMP Yes IPv6 routing protocols1 Yes ICMP red
Full Layer 3 IPv6 feature support 5 • IPV6 routing protocols – Various chapters Full Layer 3 IPv6 feature support The following IPv6 Layer 3 features are supported: • • • • • • • • IPv6 unicast routing (multicast routing is not supported) OSPF V3 RIPng IPv6 ICMP redirect messages IPv6 route redistribution IPv6 static routes IPv6 over IPv4 tunnels in hardware IPv6 Layer 3 forwarding IPv6 addressing overview IPv6 was designed to replace IPv4, the Internet protocol that is most commonly used currently th
5 IPv6 addressing overview • The hexadecimal letters in IPv6 addresses are not case-sensitive As shown in Figure 9, the IPv6 network prefix is composed of the left-most bits of the address. As with an IPv4 address, you can specify the IPv6 prefix using the / format, where the following applies. The parameter is specified as 16-bit hexadecimal values separated by a colon.
IPv6 addressing overview TABLE 22 5 IPv6 address types . Address type Description Address structure Unicast An address for a single interface. A packet sent to a unicast address is delivered to the interface identified by the address. Depends on the type of the unicast address: • Aggregatable global address—An address equivalent to a global or public IPv4 address.
5 IPv6 CLI command support IPv6 stateless auto-configuration Brocade routers use the IPv6 stateless autoconfiguration feature to enable a host on a local link to automatically configure its interfaces with new and globally unique IPv6 addresses associated with its location. The automatic configuration of a host interface is performed without the use of a server, such as a Dynamic Host Configuration Protocol (DHCP) server, or manual configuration.
5 IPv6 CLI command support TABLE 23 IPv6 CLI command support (Continued) IPv6 command Description clear ipv6 tunnel Clears statistics for IPv6 tunnels copy tftp Downloads a copy of a Brocade software image from a TFTP server into the system flash using IPv6. X X debug ipv6 Displays IPv6 debug information. X X ipv6 access-class Configures access control for IPv6 management traffic. X X ipv6 access-list Configures an IPv6 access control list for IPv6 access control.
5 IPv6 host address on a Layer 2 switch TABLE 23 IPv6 CLI command support (Continued) IPv6 command Description Switch code Router code show ipv6 interface Displays IPv6 information for an interface. show ipv6 mld-snooping Displays information about MLD snooping. X X show ipv6 neighbor Displays the IPv6 neighbor table. X X show ipv6 ospf Displays information about OSPF V3. X show ipv6 prefix-lists Displays the configured IPv6 prefix lists.
IPv6 host address on a Layer 2 switch 5 NOTE When configuring an Ipv6 host address on a Layer 2 switch that has multiple VLANs, make sure the configuration includes a designated management VLAN that identifies the VLAN to which the global IP address belongs. Refer to the Brocade ICX 6650 Switch Security Configuration Guide.
5 Configuring the management port for an IPv6 automatic address configuration Configuring the management port for an IPv6 automatic address configuration You can have the management port configured to automatically obtain an IPv6 address.
Configuring basic IPv6 connectivity on a Layer 3 switch 5 • Configuring a global or site-local address with a manually configured or automatically computed interface ID for an interface. • Automatically or manually configuring a link-local address for an interface.
5 Configuring basic IPv6 connectivity on a Layer 3 switch Type IPv6 Prefix C 2001:DB8/122 Next Hop Router :: Interface ve 11 Dis/Metric 0/0 Configuring a global IPv6 address with an automatically computed EUI-64 interface ID To configure a global IPv6 address with an automatically computed EUI-64 interface ID in the low-order 64-bits, enter commands such as the following.
Configuring basic IPv6 connectivity on a Layer 3 switch 5 You must specify the parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. The link-local keyword indicates that the router interface should use the manually configured link-local address instead of the automatically computed link-local address. Configuring an IPv6 anycast address on an interface In IPv6, an anycast address is an address for a set of interfaces belonging to different nodes.
5 IPv6 management on Brocade ICX 6650 devices (IPv6 host support) The secondary keyword specifies that the configured address is a secondary IPv4 address. To remove the IPv4 address from the interface, enter the no form of this command. Syntax: ipv6 address / [eui-64] This syntax specifies a global or site-local IPv6 address. For information about configuring a link-local IPv6 address, refer to “Configuring a link-local IPv6 address on an interface” on page 110.
IPv6 management on Brocade ICX 6650 devices (IPv6 host support) 5 Restricting SNMP access to an IPv6 node You can restrict SNMP access to the device to the IPv6 host whose IP address you specify. To do so, enter a command such as the following. Brocade(config)#snmp-client ipv6 2001:DB8:89::23 Syntax: snmp-client ipv6 The you specify must be in hexadecimal format using 16-bit values between colons as documented in RFC 2373.
5 IPv6 management on Brocade ICX 6650 devices (IPv6 host support) To open an SSH session between an IPv6 host running an SSH client program and the Brocade device, open the SSH client program and specify the IPv6 address of the device. For more information about configuring SSH on the Brocade device, refer to the Brocade ICX 6650 Switch Security Configuration Guide.
IPv6 management on Brocade ICX 6650 devices (IPv6 host support) 5 The CLI displays trace route information for each hop as soon as the information is received. Traceroute requests display all responses to a minimum TTL of 1 second and a maximum TTL of 30 seconds. In addition, if there are multiple equal-cost routes to the destination, the Brocade device displays up to three responses.
5 IPv6 management on Brocade ICX 6650 devices (IPv6 host support) As an example, in a configuration where ftp6.companyA.com is a server with an IPv6 protocol stack, when a user pings ftp6.companyA.com, the Brocade device attempts to resolve the AAAA DNS record. In addition, if the DNS server does not have an IPv6 address, as long as it is able to resolve AAAA records, it can still respond to DNS queries. Pinging an IPv6 address NOTE This section describes the IPv6 ping command.
IPv6 management on Brocade ICX 6650 devices (IPv6 host support) 5 • The data <1 - 4 byte hex> parameter lets you specify a specific data pattern for the payload instead of the default data pattern, "abcd", in the packet's data payload. The pattern repeats itself throughout the ICMP message (payload) portion of the packet. NOTE For parameters that require a numeric value, the CLI does not check that the value you enter is within the allowed range.
5 Static IPv6 route configuration vsrp: Enable Total Trap-Receiver Entries: 4 Trap-Receiver IP-Address Port-Number Community 1 192.147.201.100 162 ..... 2 2001:DB8::200 162 ..... 3 192.147.202.100 162 ..... 4 2001:DB8::200 162 ..... Disabling router advertisement and solicitation messages Router advertisement and solicitation messages enable a node on a link to discover the routers on the same link. By default, router advertisement and solicitation messages are permitted on the device.
Static IPv6 route configuration 5 Before configuring a static IPv6 route, you must enable the forwarding of IPv6 traffic on the Layer 3 switch using the ipv6 unicast-routing command and enable IPv6 on at least one interface by configuring an IPv6 address or explicitly enabling IPv6 on that interface. For more information on performing these configuration tasks, refer to “Configuring IPv4 and IPv6 protocol stacks” on page 111.
5 Static IPv6 route configuration TABLE 24 Static IPv6 route parameters Parameter Configuration details Status The IPv6 prefix and prefix length of the route’s destination network. You must specify the parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. You must specify the parameter as a decimal value. A slash mark (/) must follow the parameter and precede the parameter.
IPv6 over IPv4 tunnels 5 IPv6 over IPv4 tunnels NOTE This feature is supported only with the IPv6 Layer 3 PROM and the full Layer 3 image. To enable communication between isolated IPv6 domains using the IPv4 infrastructure, you can manually configure IPv6 over IPv4 tunnels that provide static point-point connectivity. As shown in Figure 10, these tunnels encapsulate an IPv6 packet within an IPv4 packet.
5 IPv6 over IPv4 tunnels Brocade(config)#interface tunnel 1 Brocade(config-tnif-1)#tunnel source ethernet 1/1/1 Brocade(config-tnif-1)#tunnel destination 192.162.100.1 Brocade(config-tnif-1)#tunnel mode ipv6ip Brocade(config-tnif-1)#ipv6 enable This example creates tunnel interface 1 and assigns a link local IPv6 address with an automatically computed EUI-64 interface ID to it. The IPv4 address assigned to Ethernet interface 1/1/1 is used as the tunnel source, while the IPv4 address 192.168.100.
IPv6 over IPv4 tunnels 5 For example, to clear statistics for tunnel 1, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI. Brocade#clear ipv6 tunnel 1 To clear statistics for all IPv6 tunnels, enter the following command. Brocade#clear ipv6 tunnel Syntax: clear ipv6 tunnel [] The parameter specifies the tunnel number.
5 IPv6 over IPv4 tunnels Brocade#show interfaces tunnel 1 Tunnel1 is up, line protocol is up Hardware is Tunnel Tunnel source ve 30 Tunnel destination is 2.2.2.10 Tunnel mode ipv6ip No port name MTU 1480 bytes, encapsulation IPV4 Syntax: show interfaces tunnel The parameter indicates the tunnel interface number for which you want to display information. This display shows the following information.
IPv6 over IPv4 tunnels 5 Brocade#show ipv6 interface tunnel 1 Interface Tunnel 1 is up, line protocol is up IPv6 is enabled, link-local address is 2001:DB8::3:4:2 [Preferred] Global unicast address(es): 2001:DB8::1 [Preferred], subnet is 2001:DB8::/64 2001:DB8::1[Preferred], subnet is 2001:DB8::/64 Joined group address(es): 2001:DB8::1:ff04:2 2001:DB8::5 2001:DB8::1:ff00:1 2001:DB8::2 2001:DB8::1 MTU is 1480 bytes ICMP redirects are enabled No Inbound Access List Set No Outbound Access List Set OSPF enabl
5 ECMP load sharing for IPv6 ECMP load sharing for IPv6 The IPv6 route table selects the best route to a given destination from among the routes in the tables maintained by the configured routing protocols (BGP4, OSPF, static, and so on). The IPv6 route table can contain more than one path to a given destination. When this occurs, the Brocade device selects the path with the lowest cost for insertion into the routing table.
ECMP load sharing for IPv6 5 Disabling or re-enabling ECMP load sharing for IPv6 ECMP load sharing for IPv6 is enabled by default. To disable the feature, enter the following command. Brocade(config)#no ipv6 load-sharing If you want to re-enable the feature after disabling it, you must specify the number of load-sharing paths. The maximum number of paths the device supports is a value from 2 – 8. By entering a command such as the following, IPv6 load-sharing will be re-enabled.
5 IPv6 ICMP feature configuration IPv6 ICMP feature configuration As with the Internet Control Message Protocol (ICMP) for IPv4, ICMP for IPv6 provides error and informational messages. Implementation of the stateless auto configuration, neighbor discovery, and path MTU discovery features use ICMP messages.
IPv6 neighbor discovery configuration 5 Enabling IPv6 ICMP redirect messages NOTE This feature is supported only with the IPv6 Layer 3 PROM and the full Layer 3 image. You can enable a Layer 3 switch to send an IPv6 ICMP redirect message to a neighboring host to inform it of a better first-hop router on a path to a destination. By default, the sending of IPv6 ICMP redirect messages by a Layer 3 switch is disabled.
5 IPv6 neighbor discovery configuration • Interval between router advertisement messages. • Value that indicates a router is advertised as a default router (for use by all nodes on a given link). • Prefixes advertised in router advertisement messages. • Flags for host stateful autoconfiguration. • Amount of time during which an IPv6 node considers a remote node reachable (for use by all nodes on a given link).
IPv6 neighbor discovery configuration 5 Router advertisement and solicitation messages Router advertisement and solicitation messages enable a node on a link to discover the routers on the same link. Each configured router interface on a link sends out a router advertisement message, which has a value of 134 in the Type field of the ICMP packet header, periodically to the all-nodes link-local multicast address (2001:DB8::1).
5 IPv6 neighbor discovery configuration NOTE Duplicate Address Detection (DAD) is not currently supported with IPv6 tunnels. Make sure tunnel endpoints do not have duplicate IP addresses. You can configure the following neighbor solicitation message parameters that affect duplicate address detection while it verifies that a tentative unicast IPv6 address is unique: • The number of consecutive neighbor solicitation messages that duplicate address detection sends on an interface.
IPv6 neighbor discovery configuration 5 When adjusting these parameter settings, Brocade recommends that the interval between router advertisement transmission be less than or equal to the router lifetime value if the router is advertised as a default router. For example, to adjust the interval of router advertisements to 300 seconds and the router lifetime value to 1900 seconds on Ethernet interface 1/1/1, enter the following commands.
5 IPv6 neighbor discovery configuration Prefixes advertised in IPv6 router advertisement messages By default, router advertisement messages include prefixes configured as addresses on router interfaces using the ipv6 address command. You can use the ipv6 nd prefix-advertisement command to control exactly which prefixes are included in router advertisement messages.
IPv6 neighbor discovery configuration 5 Setting flags in IPv6 router advertisement messages An IPv6 router advertisement message can include the following flags: • Managed Address Configuration—This flag indicates to hosts on a local link if they should use the stateful autoconfiguration feature to get IPv6 addresses for their interfaces. If the flag is set, the hosts use stateful autoconfiguration to get addresses as well as non-IPv6-address information.
5 IPv6 MTU Configuring reachable time for remote IPv6 nodes You can configure the duration (in seconds) that a router considers a remote IPv6 node reachable. By default, a router interface uses the value of 30 seconds. The router advertisement messages sent by a router interface include the amount of time specified by the ipv6 nd reachable-time command so that nodes on a link use the same reachable time duration. By default, the messages include a default value of 0.
Static neighbor entries configuration 5 • For a virtual routing interface, the maximum value of the MTU is the maximum frame size configured for the VLAN to which it is associated, minus 18 (Layer 2 MAC header + CRC). If a maximum frame size for a VLAN is not configured, then configure the MTU based on the smallest maximum frame size of all the ports of the VLAN that corresponds to the virtual routing interface, minus 18 (Layer 2 MAC header + CRC).
5 Limiting the number of hops an IPv6 packet can traverse If you attempt to add an entry that already exists in the neighbor discovery cache, the software changes the already existing entry to a static entry. To remove a static IPv6 entry from the IPv6 neighbor discovery cache, use the no form of this command. Limiting the number of hops an IPv6 packet can traverse By default, the maximum number of hops an IPv6 packet can traverse is 64. You can change this value to between 0 – 255 hops.
Clearing global IPv6 information 5 Clearing the IPv6 cache You can remove all entries from the IPv6 cache or specify an entry based on the following: • IPv6 prefix. • IPv6 address. • Interface type. For example, to remove entries for IPv6 address 2001:DB8::1, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
5 Displaying global IPv6 information Clearing IPv6 routes from the IPv6 route table You can clear all IPv6 routes or only those routes associated with a particular IPv6 prefix from the IPv6 route table and reset the routes. For example, to clear IPv6 routes associated with the prefix 2001:DB8::/32, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
Displaying global IPv6 information Brocade#show ipv6 cache Total number of cache entries: 10 Total number of cache entries: 10 IPv6 Address 1 2001:DB8::2 2 2001:DB8::106 3 2001:DB8::110 4 2001:DB8:46a::1 5 2001:DB8::2e0:52ff:fe99:9737 6 2001:DB8::fff:ffff:feff:ffff 7 2001:DB8::c0a8:46a 8 2001:DB8::c0a8:46a 9 2001:DB8::1 10 2001:DB8::2e0:52ff:fe99:9700 Next Hop LOCAL LOCAL DIRECT LOCAL LOCAL LOCAL LOCAL LOCAL LOCAL LOCAL 5 Port tunnel 2 ethe 1/1/1 ethe 1/1/2 ethe 1/1/3 ethe 1/1/4 loopback 2 tunnel 2 tunn
5 Displaying global IPv6 information Brocade#show ipv6 interface Routing Protocols : R - RIP O - OSPF Interface Status Routing Global Unicast Address Ethernet 1/1/1 down/down R Ethernet 1/1/2 down/down Ethernet 1/1/3 up/up 2001:DB8::c017:101/64 Ethernet 1/1/4 up/up 2001:DB8::c019:101/64 VE 4 down/down VE 14 up/up 2001:DB8::c060:101/64 Loopback 1 up/up 2001:DB8::1/128 Loopback 2 up/up 2001:DB8::303:303/128 Loopback 3 up/up Syntax: show ipv6 interface [ [// |]] Th
Displaying global IPv6 information 5 Brocade#show ipv6 interface ethernet 1/1/1 Interface Ethernet 1/1/1 is up, line protocol is up IPv6 is enabled, link-local address is 2001:DB8::2e0:52ff:fe99:97 Global unicast address(es): Joined group address(es): 2001:DB8::9 2001:DB8::1:ff99:9700 2001:DB8::2 2001:DB8::1 MTU is 1500 bytes ICMP redirects are enabled ND DAD is enabled, number of DAD attempts: 3 ND reachable time is 30 seconds ND advertised reachable time is 0 seconds ND retransmit interval is 1 seconds
5 Displaying global IPv6 information Displaying IPv6 neighbor information You can display the IPv6 neighbor table, which contains an entry for each IPv6 neighbor with which the router exchanges IPv6 packets. To display the IPv6 neighbor table, enter the following command at any CLI level. Brocade(config)#show ipv6 neighbor Total number of Neighbor entries: 42 IPv6 Address LinkLayer-Addr State Age Port vlan IsR 2001:DB8:8::25 6400.0dbb.b541 STALE 163 e 1/1/41 5 0 2001:DB8::b200:dff:fe99:4ff5 b000.0d99.
Displaying global IPv6 information TABLE 31 5 IPv6 neighbor information fields (Continued) Field Description Age The number of seconds the entry has remained unused. If this value remains unused for the number of seconds specified by the ipv6 nd reachable-time command (the default is 30 seconds), the entry is removed from the table. Port The physical port on which the entry was learned. vlan The VLAN on which the entry was learned.
5 Displaying global IPv6 information The static keyword restricts the display to entries for static IPv6 routes. The summary keyword displays a summary of the prefixes and different route types. The following table lists the information displayed by the show ipv6 route command. TABLE 32 IPv6 route table fields Field Description Number of entries The number of entries in the IPv6 route table.
Displaying global IPv6 information 5 Brocade#show ipv6 router Router 2001:DB8::2e0:80ff:fe46:3431 on Ethernet 50, last update 0 min Hops 64, Lifetime 1800 sec Reachable time 0 msec, Retransmit time 0 msec Syntax: show ipv6 router If you configure your Brocade device to function as an IPv6 router (you configure IPv6 addresses on its interfaces and enable IPv6 routing using the ipv6 unicast-routing command) and you enter the show ipv6 router command, you will receive the following output.
5 Displaying global IPv6 information Brocade#show ipv6 tcp connections Local IP address:port <-> Remote IP address:port 192.168.182.110:23 <-> 192.168.8.186:4933 192.168.182.110:8218 <-> 192.168.182.106:179 192.168.182.110:8039 <-> 192.168.2.119:179 192.168.182.110:8159 <-> 192.168.2.
Displaying global IPv6 information TABLE 35 5 General IPv6 TCP connection fields (Continued) Field Description FREE TCP QUEUE BUFFER = The percentage of free TCP queue buffer space. FREE TCP SEND BUFFER = The percentage of free TCP send buffer space. FREE TCP RECEIVE BUFFER = The percentage of free TCP receive buffer space. FREE TCP OUT OF SEQUENCE BUFFER = The percentage of free TCP out of sequence buffer space.
5 Displaying global IPv6 information This display shows the following information. TABLE 36 150 Specific IPv6 TCP connection fields Field Description TCP = The location of the TCP. This field provides a general summary of the following: • The local IPv4 or IPv6 address and port number. • The remote IPv4 or IPv6 address and port number. • The state of the TCP connection.
Displaying global IPv6 information 5 Displaying IPv6 traffic statistics To display IPv6 traffic statistics, enter the following command at any CLI level.
5 Displaying global IPv6 information Field Description (Continued) bad vers The number of IPv6 packets dropped by the router because the version number is not 6. bad scope The number of IPv6 packets dropped by the router because of a bad address scope. bad options The number of IPv6 packets dropped by the router because of bad options. too many hdr The number of IPv6 packets dropped by the router because the packets had too many headers.
Displaying global IPv6 information 5 Field Description (Continued) mem red The number of Membership Reduction messages sent or received by the router. router soli The number of Router Solicitation messages sent or received by the router. router adv The number of Router Advertisement messages sent or received by the router. nei soli The number of Neighbor Solicitation messages sent or received by the router. nei adv The number of Router Advertisement messages sent or received by the router.
5 Displaying global IPv6 information Field Description (Continued) input errors This information is used by Brocade Technical Support. TCP statistics 154 active opens The number of TCP connections opened by the router by sending a TCP SYN to another device. passive opens The number of TCP connections opened by the router in response to connection requests (TCP SYNs) received from other devices. failed attempts This information is used by Brocade Technical Support.
Chapter 6 SNMP Access In this chapter • SNMP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SNMP community strings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • User-based security model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Defining SNMP views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • SNMP version 3 traps . . . . . . . . . . . . .
6 SNMP community strings • “SNMP version 3 traps” • “Displaying SNMP Information” • “SNMP v3 configuration examples” Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of defense when the packet arrives at a Brocade device. The next level uses one of the following methods: • Community string match In SNMP versions 1 and 2 • User-based model in SNMP version 3 SNMP views are incorporated in community strings and the user-based model.
SNMP community strings 6 NOTE If you issue a no snmp-server community public ro command and then enter a write memory command to save that configuration, the “public” community name is removed and will have no SNMP access. If for some reason the device is brought down and then brought up, the “no snmp-server community public ro” command is restored in the system and the “public” community string has no SNMP access.
6 SNMP community strings The command in this example associates the view “sysview” to the community string named “myread”. The community string has read-only access to “sysview”. For information on how to create views, refer to “SNMP v3 configuration examples” on page 169. The | parameter is optional. It allows you to specify which ACL group will be used to filter incoming SNMP packets. You can enter either the ACL name or its ID. Here are some examples.
User-based security model 6 User-based security model SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for authentication and privacy services. SNMP version 1 and version 2 use community strings to authenticate SNMP access to management modules. This method can still be used for authentication.
6 User-based security model See the section “Displaying the Engine ID” on page 167 for details. The default engine ID guarantees the uniqueness of the engine ID for SNMP version 3. If you want to change the default engine ID, enter the snmp-server engineid local command.
User-based security model 6 NOTE This command is not used for SNMP version 1 and SNMP version 2. In these versions, groups and group views are created internally using community strings. (refer to “SNMP community strings” on page 156.) When a community string is created, two groups are created, based on the community string name. One group is for SNMP version 1 packets, while the other is for SNMP version 2 packets. The group parameter defines the name of the SNMP group to be created.
6 User-based security model The CLI for creating SNMP version 3 users has been updated as follows. Syntax: [no] snmp-server user v3 [[access ] [[encrypted] [auth md5 | sha ] [priv [encrypted] des | aes ]]] The parameter defines the SNMP user name or security name used to access the management module. The parameter identifies the SNMP group to which this user is associated or mapped.
Defining SNMP views 6 • If AES is the privacy protocol to be used, enter aes followed by the AES password key. For a small password key, enter 12 characters. For a big password key, enter 16 characters. If you include the encrypted keyword, enter a password string containing 32 hexadecimal characters. Defining SNMP views SNMP views are named groups of MIB objects that can be associated with user accounts to allow limited access for viewing and modification of SNMP statistics and system configuration.
6 SNMP version 3 traps Brocade(config)#snmp-server view admin 1.3.6.1.4.1.1991 included You can exclude portions of the MIB within an inclusion scope. For example, if you want to exclude the snAgentSys objects, which begin with 1.3.6.1.4.1.1991.1.1.2 object identifier from the admin view, enter a second command such as the following. Brocade(config)#snmp-server view admin 1.3.6.1.4.1.1991.1.1.2 excluded NOTE Note that the exclusion is within the scope of the inclusion.
SNMP version 3 traps 6 The variable is the name of the view to which the SNMP group members have access. If no view is specified, then the group has no access to the MIB. Defining the UDP port for SNMP v3 traps The SNMP host command enhancements allow configuration of notifications in SMIv2 format, with or without encryption, in addition to the previously supported SMIv1 trap format. You can define a port that receives the SNMP v3 traps by entering a command such as the following.
6 SNMP version 3 traps Backward compatibility with SMIv1 trap format The Brocade device will continue to support creation of traps in SMIv1 format, as before. To allow the device to send notifications in SMIv2 format, configure the device as described above. The default mode is still the original SMIv1 format.
Displaying SNMP Information 6 Viewing IPv6 SNMP server addresses Many of the existing show commands display IPv6 addresses for IPv6 SNMP servers. The following example shows output for the show snmp server command. Brocade#show snmp server Contact: Location: Community(ro): .....
6 Displaying SNMP Information Displaying SNMP groups To display the definition of an SNMP group, enter a command such as the following. Brocade#show snmp group groupname = exceptifgrp security model = v3 security level = authNoPriv ACL id = 2 readview = exceptif writeview = Syntax: show snmp group The value for security level can be one of the following. Security level Authentication If the security model shows v1 or v2, then security level is blank.
SNMP v3 configuration examples 6 Varbind object Identifier Description 1. 3. 6. 1. 6. 3. 11. 2. 1. 3. 0 Unknown packet data unit. 1. 3. 6. 1. 6. 3. 12. 1. 5. 0 The value of the varbind shows the engine ID that needs to be used in the snmp-server engineid command 1. 3. 6. 1. 6. 3. 15. 1. 1. 1. 0 Unsupported security level. 1. 3. 6. 1. 6. 3. 15. 1. 1. 2. 0 Not in time packet. 1. 3. 6. 1. 6. 3. 15. 1. 1. 3. 0 Unknown user name.
6 170 SNMP v3 configuration examples Brocade ICX 6650 Administration Guide 53-1002600-01
Chapter Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets 7 In this chapter • FDP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 • CDP packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Table 38 lists the Brocade ICX 6650 switch and the discovery protocols the switch supports.
7 FDP Overview FDP configuration The following sections describe how to enable Foundry Discovery Protocol (FDP) and how to change the FDP update and hold timers. Enabling FDP globally To enable a Brocade ICX 6650 device to globally send FDP packets, enter the following command at the global CONFIG level of the CLI. Brocade(config)# fdp run Syntax: [no] fdp run The feature is disabled by default.
FDP Overview 7 To change the FDP update timer, enter a command such as the following at the global CONFIG level of the CLI. Brocade(config)# fdp timer 120 Syntax: [no] fdp timer The parameter specifies the number of seconds between updates and can be from 5 – 900 seconds. The default is 60 seconds. Changing the FDP hold time By default, a Brocade ICX 6650 device that receives an FDP update holds the information until one of the following events occurs: • The device receives a new update.
7 FDP Overview Brocade#show fdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater (*) indicates a CDP device Device ID Local Interface -------------- ---------------ICX6650-64 Rou ethernet1/1/1 ICX6650-64 Rou ethernet1/1/2 ICX6650-64 Rou ethernet1/1/3 ICX6650-64 Rou ethernet1/1/4 (*)CISCO3750 ethernet1/1/5 GigabitEthernet1/0/5 ICX6650-64 Rou ethernet1/1/9 ICX6650-64 Rou ethernet1/1/10 ICX6650-64 Rou ethernet1/1/25 ICX6650-64 Rou
FDP Overview 7 The show fdp neighbor detail command displays the following information. TABLE 40 Detailed FDP and CDP neighbor information Parameter Definition Device ID The hostname of the neighbor. In addition, this line lists the VLAN memberships and other VLAN information for the neighbor port that sent the update to this device. Entry address(es) The Layer 3 protocol addresses configured on the neighbor port that sent the update to this device.
7 FDP Overview Displaying FDP information for an interface To display FDP information for an interface, enter a command such as the following. BrocadeA# show fdp interface ethernet 1/1/1 FastEthernet2/3 is up, line protocol is up Encapsulation ethernet Sending FDP packets every 5 seconds Holdtime is 180 seconds This example shows information for Ethernet port 1/1/1. The port sends FDP updates every 5 seconds. Neighbors that receive the updates can hold them for up to 180 seconds before discarding them.
CDP packets 7 Clearing FDP and CDP statistics To clear FDP and CDP statistics, enter the following command. Brocade# clear fdp counters Syntax: clear fdp counters CDP packets Cisco Discovery Protocol (CDP) packets are used by Cisco devices to advertise themselves to other Cisco devices. By default, Brocade devices forward these packets without examining their contents. You can configure a Brocade device to intercept and display the contents of CDP packets.
7 CDP packets Displaying CDP information You can display the following CDP information: • Cisco neighbors • CDP entries for all Cisco neighbors or a specific neighbor • CDP packet statistics Displaying neighbors To display the Cisco neighbors the Brocade device has learned from CDP packets, enter the show fdp neighbors command.
CDP packets 7 Brocade# show fdp neighbors ethernet 1/1/1 Device ID: Router Entry address(es): IP address: 192.95.6.143 Platform: cisco RSP4, Capabilities: Router Interface: Eth 1/1/1, Port ID (outgoing port): FastEthernet5/0/0 Holdtime : 127 seconds Version : Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-JSV-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc.
7 CDP packets Displaying CDP statistics To display CDP packet statistics, enter the show fdp traffic command. Brocade# show fdp traffic CDP counters: Total packets output: 0, Input: 3 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Syntax: show fdp traffic Clearing CDP information You can clear the following CDP information: • Cisco Neighbor information • CDP statistics To clear the Cisco neighbor information, enter the clear fdp table command.
Chapter 8 LLDP and LLDP-MED In this chapter • LLDP terms used in this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • LLDP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • LLDP-MED overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • General LLDP operating principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • MIB support . . . . . . . . . . . . . . . . .
8 LLDP terms used in this chapter TABLE 41 Supported LLDP features Feature Brocade ICX 6650 LLDP-MED network policy Yes LLDP statistics and configuration details Yes This chapter describes how to configure the following protocols: Link layer discovery protocol (LLDP) – The Layer 2 network discovery protocol described in the IEEE 802.1AB standard, Station and Media Access Control Connectivity Discovery.
LLDP overview 8 Network connectivity device – A forwarding 802 LAN device, such as a router, switch, or wireless access point. Station – A node in a network. TLV (Type-Length-Value) – An information element in an LLDPDU that describes the type of information being sent, the length of the information string, and the value (actual information) that will be transmitted.
8 LLDP-MED overview Benefits of LLDP LLDP provides the following benefits: • Network Management: • Simplifies the use of and enhances the ability of network management tools in multi-vendor environments • Enables discovery of accurate physical network topologies such as which devices are neighbors and through which ports they connect • Enables discovery of stations in multi-vendor environments • Network Inventory Data: • Supports optional system name, system description, system capabilities and managem
LLDP-MED overview FIGURE 12 8 LLDP-MED connectivity LLDP-MED Network Connectivity Devices (e.g., L2/L3 switch, bridge, etc.) provide IEEE 802 network access to LLDP-MED endpoints LLDP-MED Generic Endpoints (Class I) act as basic participants in LLDP-MED. Example Class I device: Communications controller IP Network Infrastructure (IEEE 802 LAN) LLDP-MED Media Endpoints (Class II) support IP media streams.
8 General LLDP operating principles LLDP-MED class An LLDP-MED class specifies an Endpoint type and its capabilities. An Endpoint can belong to one of three LLDP-MED class types: • Class 1 (Generic endpoint) – A Class 1 Endpoint requires basic LLDP discovery services, but does not support IP media nor does it act as an end-user communication appliance. A Class 1 Endpoint can be an IP communications controller, other communication-related server, or other device requiring basic LLDP discovery services.
General LLDP operating principles 8 An LLDP agent initiates the transmission of LLDP packets whenever the transmit countdown timing counter expires, or whenever LLDP information has changed. When a transmit cycle is initiated, the LLDP manager extracts the MIB objects and formats this information into TLVs. The TLVs are inserted into an LLDPDU, addressing parameters are prepended to the LLDPDU, and the information is sent out LLDP-enabled ports to adjacent LLDP-enabled devices.
8 General LLDP operating principles TLV support This section lists the LLDP and LLDP-MED TLV support. LLDP TLVs There are two types of LLDP TLVs, as specified in the IEEE 802.3AB standard: • Basic management TLVs consist of both optional general system information TLVs as well as mandatory TLVs. Mandatory TLVs cannot be manually configured. They are always the first three TLVs in the LLDPDU, and are part of the packet header.
General LLDP operating principles 8 LLDP-MED TLVs Brocade devices honor and send the following LLDP-MED TLVs, as defined in the TIA-1057 standard: • • • • LLDP-MED capabilities Network policy Location identification Extended power-via-MDI Mandatory TLVs When an LLDP agent transmits LLDP packets to other agents in the same 802 LAN segments, the following mandatory TLVs are always included: • Chassis ID • Port ID • Time to Live (TTL) This section describes the above TLVs in detail.
8 General LLDP operating principles There are several ways in which a port may be identified, as shown in Figure 43. A port ID subtype, included in the TLV, indicates how the port is being referenced in the Port ID field.
MIB support 8 The TTL TLV format is shown below. FIGURE 15 TTL TLV packet format TLV Type = 3 7 bits TLV Information String Length = 2 9 bits Time to Live (TTL) 2 octets MIB support Brocade ICX 6650 devices support the following standard management information base (MIB) modules: • • • • LLDP-MIB LLDP-EXT-DOT1-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB Syslog messages Syslog messages for LLDP provide management applications with information related to MIB data consistency and general status.
8 LLDP configuration LLDP configuration This section describes how to enable and configure LLDP. Table 44 lists the LLDP global-level tasks and the default behavior/value for each task.
LLDP configuration 8 Enabling and disabling LLDP LLDP is enabled by default on individual ports. However, to run LLDP, you must first enable it on a global basis (on the entire device). To enable LLDP globally, enter the following command at the global CONFIG level of the CLI. Brocade(config)#lldp run Syntax: [no] lldp run Enabling support for tagged LLDP packets By default, Brocade devices do not accept tagged LLDP packets from other vendors’ devices.
8 LLDP configuration Brocade(config)#lldp enable ports e 1/2/1 Syntax: [no] lldp enable ports ethernet //| all Use the [no] form of the command to disable the receipt and transmission of LLDP packets on a port. Specify the ethernet port in the // format. Stack-unit is 1. You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both.
LLDP configuration 8 Brocade(config)#no lldp enable receive ports e 1/1/1 e 1/1/2 e 1/1/3 The above command changes the LLDP operating mode on ports 1/1/1 , 1/1/2, and 1/1/3 from transmit and receive mode to transmit only mode. Any incoming LLDP packets will be dropped in software. To change a port LLDP operating mode from receive only to transmit only, first disable the receive only mode, then enable the transmit only mode.
8 LLDP configuration Use the show lldp command to view the configuration. Specifying the maximum number of LLDP neighbors per port You can change the maximum number of LLDP neighbors for which LLDP data will be retained for each port. By default, the maximum number is four and you can change this to a value between one and 64. For example, to change the maximum number of LLDP neighbors to six, enter the following command.
LLDP configuration 8 Specifying the minimum time between SNMP traps and Syslog messages When SNMP notifications and Syslog messages for LLDP are enabled, the device will send no more than one SNMP notification and corresponding Syslog message within a five second period. If desired, you can throttle the amount of time between transmission of SNMP traps (lldpRemTablesChange) and Syslog messages from five seconds up to a value equal to one hour (3600 seconds).
8 LLDP configuration Changing the interval between regular LLDP transmissions The LLDP transmit interval specifies the number of seconds between regular LLDP packet transmissions. When you enable LLDP, by default, the device will wait 30 seconds between regular LLDP packet transmissions. If desired, you can change the default behavior from 30 seconds to a value between 5 and 32768 seconds.
LLDP configuration 8 Changing the minimum time between port reinitializations The LLDP re-initialization delay timer specifies the minimum number of seconds the device will wait from when LLDP is disabled on a port, until it will honor a request to re-enable LLDP on that port. When you enable LLDP, the system sets the re-initialization delay timer to two seconds. If desired, you can change the default behavior from two seconds to a value between one and ten seconds.
8 LLDP configuration • • • • • Management address Port description System capabilities System description (not automatically advertised) System name Management Address A management address is normally an IPv4 or IPv6 address that can be used to manage the device. Management address advertising has two modes: default, or explicitly configured. The default mode is used when no addresses are configured to be advertised for a given port.
LLDP configuration 8 The or or both variables are the addresses that may be used to reach higher layer entities to assist discovery by network management. In addition to management addresses, the advertisement will include the system interface number associated with the management address. Specify the ethernet port in the // format. Stack-unit is 1.
8 LLDP configuration System capabilities for Brocade devices are based on the type of software image in use (e.g., Layer 2 switch or Layer 3 router). The enabled capabilities will be the same as the available capabilities, except that when using a router image (base or full Layer 3), if the global route-only feature is turned on, the bridge capability will not be included, since no bridging takes place.
LLDP configuration 8 You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both. To apply the configuration to all ports on the device, use the keyword all instead of listing the ports individually. Note that using the keyword all may cause undesirable effects on some ports.
8 LLDP configuration Syntax: [no] lldp advertise vlan-name vlan ports ethernet //| all For , enter the VLAN ID to advertise. Specify the ethernet port in the // format. Stack-unit is 1. You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both. To apply the configuration to all ports on the device, use the keyword all instead of listing the ports individually.
LLDP configuration 8 • Whether the link is currently aggregated • The primary trunk port Brocade devices advertise link aggregation information about standard link aggregation (LACP) as well as static trunk configuration. By default, link-aggregation information is automatically advertised when LLDP is enabled on a global basis. To disable this advertisement, enter a command such as the following.
8 LLDP-MED configuration + 802.3 MAC/PHY : auto-negotiation enabled Advertised capabilities: 10baseT-HD, 10baseT-FD, 100baseTX-HD, 100baseTX-FD, fdxSPause, fdxBPause, 1000baseT-HD, 1000baseT-FD Operational MAU type: 100BaseTX-FD Syntax: [no] lldp advertise mac-phy-config-status ports ethernet //| all Specify the ethernet port in the // format. Stack-unit is 1.
LLDP-MED configuration 8 Table 45 lists the global and interface-level tasks and the default behavior/value for each task.
8 LLDP-MED configuration Brocade(config)#lldp enable snmp med-topo-change-notifications ports e 1/1/1 to 1/1/5 Syntax: no lldp enable snmp med-topo-change-notifications ports ethernet //| all Specify the ethernet port in the // format. Stack-unit is 1. You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both.
LLDP-MED configuration 8 Defining a location id The LLDP-MED Location Identification extension enables the Brocade ICX 6650 device to set the physical location that an attached Class III Endpoint will use for location-based applications. This feature is important for applications such as IP telephony, for example, where emergency responders need to quickly determine the physical location of a user in North America that has just dialed 911.
8 LLDP-MED configuration altitude floors is the vertical elevation of a building above the ground, where 0 represents the floor level associated with the ground level at the main entrance and larger values represent floors that are above (higher in altitude) floors with lower values. For example, 2 for the 2nd floor. Sub-floors can be represented by non-integer values. For example, a mezzanine between floor 1 and floor 2 could be represented as 1.1.
LLDP-MED configuration 8 + MED Location ID Data Format: Coordinate-based Latitude Resolution : 20 bits Latitude Value : -78.303 degrees Longitude Resolution : 18 bits Longitude Value : 34.27 degrees Altitude Resolution : 16 bits Altitude Value : 50. meters Datum : WGS 84 Configuring civic address location When you configure a media Endpoint location using the address-based location, you specify the location the entry refers to, the country code, and the elements that describe the civic or postal address.
8 LLDP-MED configuration TABLE 46 212 Elements used with civic address Civic Address (CA) type Description Acceptable values / examples 0 Language The ISO 639 language code used for presenting the address information.
LLDP-MED configuration TABLE 46 8 Elements used with civic address (Continued) Civic Address (CA) type Description Acceptable values / examples 20 House number suffix A modifier to the house number. It does not include parts of the house number. Example: A, 1/2 21 Landmark or vanity address A string name for a location. It conveys a common local designation of a structure, a group of buildings, or a place that helps to locate the place.
8 LLDP-MED configuration TABLE 46 Elements used with civic address (Continued) Civic Address (CA) type Description Acceptable values / examples 128 Script The script (from ISO 15924 [14]) used to present the address information.
LLDP-MED configuration 8 Specify the ethernet port in the // format. Stack-unit is 1. You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both. To apply the configuration to all ports on the device, use the keyword all instead of listing the ports individually.
8 LLDP-MED configuration For tagged traffic Syntax: [no] lldp med network-policy application tagged vlan priority <0 – 7> dscp <0 – 63> ports ethernet //| all For untagged traffic Syntax: [no] lldp med network-policy application untagged dscp <0 – 63> ports ethernet //| all For priority-tagged traffic Syntax: [no] lldp med network-policy application priority-tagged priority <0 – 7> dscp <0 –
LLDP-MED attributes advertised by the Brocade device 8 • priority <0 –7> indicates the Layer 2 priority value to be used for the specified application type. Enter 0 to use the default priority. • dscp <0 – 63> specifies the Layer 3 Differentiated Service codepoint priority value to be used for the specified application type. Enter 0 to use the default priority. Specify the ethernet port in the // format. Stack-unit is 1.
8 LLDP-MED attributes advertised by the Brocade device Brocade(config)#lldp advertise med-capabilities ports e 1/1/1 to 1/1/5 The LLDP-MED capabilities advertisement will appear similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info).
LLDP-MED attributes advertised by the Brocade device 8 Syntax: show lldp The following table describes the information displayed by the show lldp statistics command. Field Description LLDP transmit interval The number of seconds between regular LLDP packet transmissions. LLDP transmit hold multiplier The multiplier used to compute the actual time-to-live (TTL) value of an LLDP advertisement. The TTL value is the transmit interval multiplied by the transmit hold multiplier.
8 LLDP-MED attributes advertised by the Brocade device Brocade#show lldp statistics Last neighbor change time: 23 hours 50 minutes 40 seconds ago Neighbor Neighbor Neighbor Neighbor entries added entries deleted entries aged out advertisements dropped Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Tx Pkts Total 60963 0 60963 60963 0 0 0 0 0 60974 0 0 0 0 Rx Pkts Total 75179 0 60963 121925 0 0 0 0 0 0 0 0 0 0 : : : : 14 5 4 0 Rx Pkts Rx Pkts Rx TLVs Rx TLVs Neighbors w/Errors Discarded Unrecognz Discarded Ag
LLDP-MED attributes advertised by the Brocade device 8 Field Description Rx Pkts Total The number of LLDP packets the port received. Rx Pkts w/Errors The number of LLDP packets the port received that have one or more detectable errors. Rx Pkts Discarded The number of LLDP packets the port received then discarded. Rx TLVs Unrecognz The number of TLVs the port received that were not recognized by the LLDP local agent.
8 LLDP-MED attributes advertised by the Brocade device Displaying LLDP neighbors detail The show lldp neighbors detail command displays the LLDP advertisements received from LLDP neighbors. The following shows an example show lldp neighbors detail ports ethernet 1/1/1 report. NOTE The show lldp neighbors detail output will vary depending on the data received. Also, values that are not recognized or do not have a recognizable format, may be displayed in hexadecimal binary form.
Resetting LLDP statistics 8 NOTE The show lldp local-info output will vary based on LLDP configuration settings. The following shows an example report. Brocade#show lldp local-info ports ethernet 1/1/1 Local port: 1/1/1 + Chassis ID (MAC address): 748e.f80c.5f40 + Port ID (MAC address): 748e.f80c.5f40 + Time to live: 120 seconds + System name : "ICX6650-64 Router" + Port description : "10GigabitEthernet1/1/1" + System capabilities : bridge, router Enabled capabilities: bridge, router + 802.
8 Clearing cached LLDP neighbor information You can list all of the ports individually, use the keyword to to specify ranges of ports, or a combination of both. To apply the configuration to all ports on the device, use the keyword all instead of listing the ports individually. Clearing cached LLDP neighbor information The Brocade device clears cached LLDP neighbor information after a port becomes disabled and the LLDP neighbor information ages out.
Chapter Hardware Component Monitoring 9 In this chapter • Digital optical monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Table 47 lists the Brocade ICX 6650 switch and the hardware monitoring features the switch supports. These features are supported in full Layer 3 software images.
9 Digital optical monitoring Setting the alarm interval You can optionally change the interval between which alarms and warning messages are sent. The default interval is three minutes. To change the interval, use the following command. Brocade(config)#interface ethernet 1/1/1 to 1/1/2 Brocade(config-mif-1/1/1-1/1/2)#optical-monitor 10 Syntax: [no] optical-monitor [] For , enter a value between 1 and 65535. Enter 0 to disable alarms and warning messages.
Digital optical monitoring Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port Port 1/1/30: 1/1/31: 1/1/32: 1/1/33: 1/1/34: 1/1/35: 1/1/36: 1/1/37: 1/1/38: 1/1/39: 1/1/40: 1/1/41: 1/1/42: 1/1/43: 1/1/44: 1/1/45: 1/1/46: 1/1/47: 1/1/48: 1/1/49: 1/1/50: 1/1/51: 1/1/52: 1/1/53: 1/1/54: 1/1/55: 1/1/56: 1/2/1: 1/2/2: 1/2/3: 1/2/4: 1/3/1: 1/3/2: 1/3/3: 1/3/4: 1/3/5: 1/3/6: 1/
9 Digital optical monitoring Vendor: BROCADE Version: Part# : 57-0000075-01 Serial#: Port 1/1/10: Type : 10GE LR 10km (SFP +) Vendor: BROCADE Version: Part# : 57-0000076-01 Serial#: Port 1/1/11: Type : 1G M-SX(SFP) Vendor : Brocade Version: Part# : AFBR-5715PZ-FD Serial#: Port 1/1/12: Type : 1G M-SX(SFP) Vendor : Brocade Version: Part# : AFBR-5710PZ-FD Serial#: A AAF209450000A9K A ADF209100000D4P AA0910S4YAF AM0850SCTHH Use the show media ethernet command to obtain information about the media device i
Digital optical monitoring 9 NOTE The show optic function takes advantage of information stored and supplied by the manufacturer of the SFP, SFP+, and QSFP+ transceiver. This information is an optional feature of the Multi-Source Agreement standard defining the optical interface. Not all component suppliers have implemented this feature set.
9 Digital optical monitoring Brocade#show optic thresholds 1/1/4 Port 1/1/4 optical monitor thresholds: Temperature High alarm 5a00 Temperature Low alarm fb00 Temperature High warning 5500 Temperature Low warning 0000 TX Bias High alarm 1482 TX Bias Low alarm 04e2 TX Bias High warning 1482 TX Bias Low warning 04e2 TX Power High alarm 4e20 TX Power Low alarm 04ec TX Power High warning 1edc TX Power Low warning 0c62 RX Power High alarm 4e20 RX Power Low alarm 013b RX Power High warning 1edc RX Power Low war
Chapter 10 Syslog In this chapter • About Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 • Displaying Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 • Syslog service configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Table 50 lists the Brocade ICX 6650 switch and the Syslog features the switch supports.
10 About Syslog messages About Syslog messages Brocade software can write syslog messages to provide information at the following severity levels: • • • • • • • • Emergencies Alerts Critical Errors Warnings Notifications Informational Debugging The device writes the messages to a local buffer. You also can specify the IP address or host name of up to six Syslog servers. When you specify a Syslog server, the Brocade ICX 6650 device writes the messages both to the system log and to the Syslog server.
Displaying Syslog messages 10 Dynamic Log Buffer (50 entries): Dec 15 18:46:17:I:Interface ethernet 4, state up Dec 15 18:45:21:I:Bridge topology change, vlan 4095, interface 4, changed state to forwarding Dec 15 18:45:15:I:Warm start For information about the Syslog configuration information, time stamps, and dynamic and static buffers, refer to “Displaying the Syslog configuration” on page 234.
10 Syslog service configuration Displaying real-time Syslog messages Any terminal logged on to a Brocade switch can receive real-time Syslog messages when the terminal monitor command is issued. Syslog service configuration The procedures in this section describe how to perform the following Syslog configuration tasks: • Specify a Syslog server. You can configure the Brocade device to use up to six Syslog servers. (Use of a Syslog server is optional.
Syslog service configuration TABLE 51 10 CLI display of Syslog buffer configuration Field Definition Syslog logging The state (enabled or disabled) of the Syslog buffer. messages dropped The number of Syslog messages dropped due to user-configured filters. By default, the software logs messages for all Syslog levels. You can disable individual Syslog levels, in which case the software filters out messages at those levels. Refer to “Disabling logging of a message level” on page 239.
10 Syslog service configuration Brocade#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 3 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: Dec 15 19:04:14:A:Fan 1, fan on right connector, failed Dec 15 19:00:14:A:Fan 2, fan on left connector, failed Dynamic Log Buffer (50 entries): Dec 15 18:46:17:I:Interface ethernet 4, state up Dec 15 18:45:21:I:Bridg
Syslog service configuration 10 • If you have not set the time and date on the onboard system clock, the time stamp shows the amount of time that has passed since the device was booted, in the following format. dhms where • • • • d – day h – hours m – minutes s – seconds For example, “188d1h01m00s” means the device had been running for 188 days, 11 hours, one minute, and zero seconds when the Syslog entry with this time stamp was generated.
10 Syslog service configuration Brocade#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 16 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: 0d00h00m17s:I:System: Stack unit 1 Power supply 2 is up 0d00h00m14s:A:System: Stack unit 1 Temperature 53.0 C degrees, warning level 0.0 C degrees, shutdown level 85.
Syslog service configuration 10 Specifying an additional Syslog server To specify an additional Syslog server, enter the logging host command again. You can specify up to six Syslog servers. Brocade(config)#logging host 10.0.0.99 Syntax: logging host | Disabling logging of a message level To change the message level, disable logging of specific message levels. You must disable the message levels on an individual basis.
10 Syslog service configuration For Layer 2 switches, you can set the Syslog buffer limit from 1 – 100 entries. For Layer 3 switches, you can set the Syslog buffer limit from 1 – 1000 entries. Local buffer configuration notes • You must save the configuration and reload the software to place the change into effect. • If you decrease the size of the buffer, the software clears the buffer before placing the change into effect.
Syslog service configuration • • • • • 10 local3 – reserved for local use local4 – reserved for local use local5 – reserved for local use local6 – reserved for local use local7 – reserved for local use Displaying interface names in Syslog messages By default, an interface slot number (if applicable) and port number are displayed when you display Syslog messages.
10 Syslog service configuration Brocade(config)#ip show-service-number-in-log Syntax: [no] ip show-service-number-in-log Retaining Syslog messages after a soft reboot You can configure the device to save the System log (Syslog) after a soft reboot (reload command).
Chapter 11 Network Monitoring In this chapter • Basic system management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • RMON support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • sFlow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Utilization list for an uplink port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
11 Basic system management Brocade#show version Copyright (c) 1996-2012 Brocade Communications Systems, Inc. All rights reserved. UNIT 1: compiled on Jul 31 2012 at 21:55:03 labeled as ICXLS07500 (11358772 bytes) from Secondary ICXLS07500.bin SW: Version 07.5.00T321 Boot-Monitor Image size = 524288, Version:07.5.
Basic system management 11 Brocade#show ? Syntax: show
11 Basic system management TABLE 53 Port statistics (Continued) Parameter Description State The STP state. Dupl The mode (full-duplex or half-duplex). Speed The port speed (10M, 100M, or 1000M). Trunk The trunk group number, if the port is a member of a trunk group. Tag Whether the port is a tagged member of a VLAN. Priori The QoS forwarding priority of the port (level0 – level7). MAC The MAC address of the port. Name The name of the port, if you assigned a name.
Basic system management 11 TABLE 53 Port statistics (Continued) Parameter Description LateCollisions The total number of packets received in which a Collision event was detected, but for which a receive error (Rx Error) event was not detected. InGiantPkts The total number of packets for which all of the following was true: • The data length was longer than the maximum allowable frame size. • No Rx Error was detected.
11 Basic system management Clearing statistics You can clear statistics for many parameters using the clear command. To determine the available clear commands for the system, enter the clear command at the Privileged EXEC level of the CLI. Brocade#clear ? Syntax: clear
Basic system management 11 Viewing egress queue counters The show interface command displays the number of packets on a port that were queued for each QoS priority (traffic class) and dropped because of congestion. NOTE These counters do not include traffic on management ports or for a stack member unit that is down. The egress queue counters display at the end of the show interface command output as shown in the following example.
11 RMON support TABLE 54 Egress queue statistics Parameter Description Queue counters The QoS traffic class. Queued packets The number of packets queued on the port for the given traffic class. Dropped packets The number of packets for the given traffic class that were dropped because of congestion. Clearing the egress queue counters You can clear egress queue statistics (reset them to zero), using the clear statistics and clear statistics ethernet command.
11 RMON support Statistics (RMON group 1) Count information on multicast and broadcast packets, total packets sent, undersized and oversized packets, CRC alignment errors, jabbers, collision, fragments and dropped events is collected for each port on a Brocade Layer 2 Switch or Layer 3 Switch. The statistics group collects statistics on promiscuous traffic across an interface. The interface group collects statistics on total traffic into and out of the agent interface.
11 RMON support TABLE 55 Export configuration and statistics (Continued) Parameter Definition CRC alignment errors The total number of packets received that were from 64 – 1518 octets long, but had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). The packet length does not include framing bits but does include FCS octets.
RMON support 11 History (RMON group 2) All active ports by default will generate two history control data entries per active Brocade Layer 2 Switch port or Layer 3 Switch interface. An active port is defined as one with a link up. If the link goes down the two entries are automatically deleted.
11 sFlow The event control table defines the action to be taken when an alarm is reported. Defined events can be found by entering the CLI command, show event. The Event Log Table collects and stores reported events for retrieval by an RMON application. A sample entry and syntax of the event control table is shown below.
sFlow 11 sFlow version 5 is backward-compatible with sFlow version 2. By default, the sFlow agent exports sFlow version 5 flow samples by default, but you can configure the device to export the data in sFlow version 2 format. You can switch between sFlow version 2 and sFlow version 5 formats. The sFlow collector automatically parses each incoming sample and decodes it based on the version number.
11 sFlow IPv6 packet sampling IPv6 sampling is performed by the packet processor. The system uses the sampling rate setting to selectively mark the monitoring bit in the header of an incoming packet. Marked packets tell the CPU that the packets are subject to sFlow sampling. sFlow configuration considerations This section lists the sFlow configuration considerations on Brocade ICX 6650 devices. You can use QoS queue 1 for priority traffic, even when sFlow is enabled on the port.
sFlow 11 NOTE The device uses the router ID only if the device also has an IP interface with the same address. Router ID is not supported on IPv6 devices. NOTE If an IP address is not already configured when you enable sFlow, the feature uses the source address 0.0.0.0. To display the agent_address, enable sFlow, then enter the show sflow command. Refer to “Enabling sFlow forwarding” on page 263 and “Displaying sFlow information” on page 267.
11 sFlow NOTE If you change the router ID or other IP address value that sFlow uses for its agent_address, you need to disable and then re-enable sFlow to cause the feature to use the new source address. Specifying the collector sFlow exports traffic statistics to an external collector. You can specify up to four collectors. You can specify more than one collector with the same IP address if the UDP port numbers are unique.
sFlow 11 Specifying an sFlow collector on IPv6 devices To specify an sFlow collector on an IPv6 device, enter a command such as the following. Brocade(config)#sflow destination ipv6 2001:DB8:0::0b:02a This command specifies a collector with IPv6 address 2001:DB8:0::0b:02a, listening for sFlow data on UDP port 6343. Syntax: [no] sflow destination ipv6 [] The parameter specifies the IP address of the collector.
11 sFlow Configuration considerations The sampling rate is a fraction in the form 1/N, meaning that, on average, one out of every N packets will be sampled. The sflow sample command at the global level or port level specifies N, the denominator of the fraction. Thus a higher number for the denominator means a lower sampling rate since fewer packets are sampled. Likewise, a lower number for the denominator means a higher sampling rate because more packets are sampled.
sFlow 11 When you enable sFlow on a port, the port's sampling rate is set to the global default sampling rate. This also applies to ports on which you disable and then re-enable sFlow. The port does not retain the sampling rate it had when you disabled sFlow on the port, even if you had explicitly set the sampling rate on the port. Changing the default sampling rate To change the default (global) sampling rate, enter a command such as the following at the global CONFIG level of the CLI.
11 sFlow To change the sampling rate on an individual port, enter a command such as the following at the configuration level for the port. Brocade(config-if-1/1)#sflow sample 8192 Syntax: [no] sflow sample The parameter specifies the average number of packets from which each sample will be taken. The software rounds the value you enter up to the next odd power of 2. The actual sampling rate becomes one of the values listed in “Changing the default sampling rate”.
sFlow 11 Changing the sFlow source port By default, sFlow sends data to the collector using UDP source port 8888, but you can change the source UDP port to any port number in the range 1025-65535. To change the source UDP port, enter a command such as the following: Brocade(config)#sflow source-port 8000 Syntax: [no] sflow source-port The parameter specifies the sFlow source port. Enabling sFlow forwarding sFlow exports data only for the interfaces on which you enable sFlow forwarding.
11 sFlow Brocade(config)#sflow enable Brocade(config)#interface ethernet 1/1/1 to 1/1/4 Brocade(config-mif-1/1/1-1/1/4)#sflow forwarding These commands globally enable sFlow, then enable sFlow forwarding on Ethernet ports 1/1/1 – 1/1/4. You must use both the sflow enable and sflow forwarding commands to enable the feature. Syntax: [no] sflow enable Syntax: [no] sflow forwarding Enabling sFlow forwarding on individual trunk ports This feature is supported on individual ports of a static trunk group.
sFlow 11 Egress interface ID for sampled broadcast and multicast packets For broadcast and multicast traffic, the egress interface ID for sampled traffic is always 0x80000000. When broadcast and multicast packets are sampled, they are usually forwarded to more than one port. However, the output port field in an sFlow datagram supports the display of one egress interface ID only.
11 sFlow Syntax: [no] sflow version 2 | 5 The default is 5. Specifying the maximum flow sample size With sFlow version 5, you can specify the maximum size of the flow sample sent to the sFlow collector. If a packet is larger than the specified maximum size, then only the contents of the packet up to the specified maximum number of bytes is exported. If the size of the packet is smaller than the specified maximum, then the entire packet is exported.
sFlow 11 Exporting CPU-directed data (management traffic) to the sFlow collector You can select which and how often data destined to the CPU (for example, Telnet sessions) is sent to the sFlow collector.
11 sFlow Brocade#show sflow Flow version: 5 sFlow services are enabled. sFlow agent IPv6 address: 2001:DB8:2 2 collector destinations configured: Collector IPv6 2001:DB8:1, UDP 6343 Collector IP 10.37.224.233, UDP 6343 Configured UDP source port: 2000 Polling interval is 20 seconds. Configured default sampling rate: 1 per 100 packets. Actual default sampling rate: 1 per 100 packets. The maximum sFlow sample size: 1300. exporting cpu-traffic is enabled. exporting cpu-traffic sample rate: 10.
sFlow 11 TABLE 56 sFlow information (Continued) Parameter Definition The maximum sFlow sample size The maximum size of a flow sample sent to the sFlow collector. exporting cpu-traffic Indicates whether or not the sFlow agent is configured to export data destined to the CPU (e.g.
11 Utilization list for an uplink port Utilization list for an uplink port You can configure uplink utilization lists that display the percentage of a given uplink port bandwidth that is used by a specific list of downlink ports. The percentages are based on 30-second intervals of RMON packet statistics for the ports. Both transmit and receive traffic is counted in each percentage.
Utilization list for an uplink port 11 Displaying utilization percentages for an uplink After you configure an uplink utilization list, you can display the list to observe the percentage of the uplink bandwidth that each of the downlink ports used during the most recent 30-second port statistics interval. The number of packets sent and received between the two ports is listed, as well as the ratio of each individual downlink port packets relative to the total number of packets on the uplink.
11 272 Utilization list for an uplink port Brocade ICX 6650 Administration Guide 53-1002600-01
Appendix A Syslog messages Table 57 lists all of the Syslog messages. Note that some of the messages apply only to Layer 3 Switches. NOTE This chapter does not list Syslog messages that can be displayed when a debug option is enabled.
A Syslog messages TABLE 57 274 Brocade Syslog messages (Continued) Message level Message Explanation Alert MAC Authentication failed for on (No VLAN Info received from RADIUS server) RADIUS authentication was successful for the specified on the specified ; however, dynamic VLAN assignment was enabled for the port, but the RADIUS Access-Accept message did not include VLAN information. This is treated as an authentication failure.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Alert Power supply , , failed A power supply has failed. The is the power supply number. The describes where the failed power supply is in the chassis. Alert System: Module in slot encountered PCI config read error: Bus , Dev , Reg Offset .
A Syslog messages TABLE 57 276 Brocade Syslog messages (Continued) Message level Message Explanation Alert Temperature C degrees, warning level C degrees, shutdown level C degrees Indicates an over temperature condition on the active module. The value indicates the temperature of the module. The value is the warning threshold temperature configured for the module.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Informational Security: Password has been changed for user from Password of the specified user has been changed during the specified session ID or type. can be console, telnet, ssh, web, or snmp. Informational : Logical link on interface ethernet is down.
A Syslog messages TABLE 57 278 Brocade Syslog messages (Continued) Message level Message Explanation Informational Bridge topology change, vlan , interface , changed state to A Spanning Tree Protocol (STP) topology change has occurred on a port. The is the ID of the VLAN in which the STP topology change occurred. The is the port number.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Informational DOT1X : port - mac This device doesn't support ACL with MAC Filtering on the same port The RADIUS server returned a MAC address filter while an IP ACL was applied to the port, or returned an IP ACL while a MAC address filter was applied to the port.
A Syslog messages TABLE 57 280 Brocade Syslog messages (Continued) Message level Message Explanation Informational Interface , state down A port has gone down. The is the port number. Informational Interface , state up A port has come up. The is the port number.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Informational SNMP Auth. failure, intruder IP: A user has tried to open a management session with the device using an invalid SNMP community string. The is the IP address of the host that sent the invalid community string.
A Syslog messages TABLE 57 282 Brocade Syslog messages (Continued) Message level Message Explanation Informational System: Static Mac entry with Mac Address is added from the // to // on VLANs to A MAC address is added to a range of interfaces, which are members of the specified VLAN range.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Informational Warm start The system software (flash code) has been reloaded. Informational vlan Bridge is RootBridge (MgmtPriChg) 802.1W changed the current bridge to be the root bridge of the given topology due to administrative change in bridge priority.
A Syslog messages TABLE 57 284 Brocade Syslog messages (Continued) Message level Message Explanation Notification ACL system fragment packet inspect rate exceeded The fragment rate allowed on the device has been exceeded. The indicates the maximum rate allowed. This message can occur if fragment thottling is enabled. Notification Authentication Disabled on The multi-device port authentication feature was disabled on the on the specified .
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Notification Local TCP exceeds burst packets, stopping for seconds!! The number of TCP SYN packets exceeds the threshold set by the ip tcp burst command. The Product Name device may be the victim of a TCP SYN DoS attack. All TCP SYN packets will be dropped for the number of seconds specified by the value.
A Syslog messages TABLE 57 286 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf authen failure, rid , intf addr , pkt src addr , error type , pkt type Indicates that an OSPF interface authentication failure has occurred. The is the router ID of the Product Name device. The is the IP address of the interface on the Product Name device.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf config error, rid , intf addr , pkt src addr , error type , pkt type Indicates that an OSPF interface configuration error has occurred. The is the router ID of the Product Name device. The is the IP address of the interface on the Product Name device.
A Syslog messages TABLE 57 288 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf rcvd bad pkt: Bad Checksum, rid , intf addr , pkt size , checksum , pkt src addr , pkt type The device received an OSPF packet that had an invalid checksum. The rid is the Brocade router ID. The intf addr is the IP address of the Brocade interface that received the packet.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf retransmit, rid , intf addr , nbr rid , pkt type is , LSA type , LSA id , LSA rid An OSPF interface on the Product Name device has retransmitted a Link State Advertisement (LSA). The is the router ID of the Product Name device.
A Syslog messages TABLE 57 290 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF nbr state changed, rid , nbr addr , nbr rid , state Indicates that the state of an OSPF neighbor has changed. The is the router ID of the Product Name device. The is the IP address of the neighbor. The is the router ID of the neighbor.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual intf authen failure, rid , intf addr , pkt src addr , error type , pkt type Indicates that an OSPF virtual routing interface authentication failure has occurred. The is the router ID of the Product Name device. The is the IP address of the interface on the Product Name device.
A Syslog messages TABLE 57 292 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual intf config error, rid , intf addr , pkt src addr , error type , pkt type Indicates that an OSPF virtual routing interface configuration error has occurred. The is the router ID of the Product Name device. The is the IP address of the interface on the Product Name device.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual intf retransmit, rid , intf addr , nbr rid , pkt type is , LSA type , LSA id , LSA rid An OSPF interface on the Product Name device has retransmitted a Link State Advertisement (LSA). The is the router ID of the Product Name device.
A Syslog messages TABLE 57 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual nbr state changed, rid , nbr addr , nbr rid , state Indicates that the state of an OSPF virtual neighbor has changed. The is the router ID of the Product Name device. The is the IP address of the neighbor. The is the router ID of the neighbor.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Notification VRRP intf state changed, intf , vrid , state A state change has occurred in a Virtual Router Redundancy Protocol (VRRP) or VRRP-E IPv4 or IPv6 interface. The is the port or interface where VRRP or VRRP-E is configured. The is the virtual router ID (VRID) configured on the interface.
A Syslog messages TABLE 57 296 Brocade Syslog messages (Continued) Message level Message Explanation Warning list denied () (Ethernet ) -> (), 1 event(s) Indicates that an Access Control List (ACL) denied (dropped) packets. The indicates the ACL number. Numbers 1 – 99 indicate standard ACLs. Numbers 100 – 199 indicate extended ACLs.
Syslog messages TABLE 57 A Brocade Syslog messages (Continued) Message level Message Explanation Warning No global IP! cannot send IGMP msg. The device is configured for ip multicast active but there is no configured IP address and the device cannot send out IGMP queries. Warning No of prefixes received from BGP peer exceeds warning limit The Layer 3 Switch has received more than the allowed percentage of prefixes from the neighbor.
A 298 Syslog messages Brocade ICX 6650 Administration Guide 53-1002600-01
Appendix B NIAP-CCEVS Certification Some Brocade devices have passed the Common Criteria (CC) certification testing. This testing is sponsored by the National Information Assurance Partnership (NIAP) - Common Criteria Evaluation and Validation Scheme (CCEVS). For more information regarding the NIAP-CCEVS certification process refer to the following link: http://www.niap-ccevs.org/.
B 300 Local user password changes Brocade ICX 6650 Administration Guide 53-1002600-01
Index A alarm interval, setting, 226 alarm status values, 229 B banner configuration, 28 banner, setting a privileged EXEC CLI level, 30 boot preference, displaying, 56 broadcast, multicast, and unknown traffic limiting, 28 C CDP clearing information, 176, 180 clearing statistics, 177 displaying entries, 179 displaying information, 178 displaying neighbors, 178 displaying packet statistics, 176 displaying statistics, 180 enabling interception of packets globally, 177 enabling interception of packets on a
command alias, 10 banner exec_mode, 30 banner incoming, 30 banner motd, 28 clear, 248 clear fdp counters, 177, 180 clear fdp table, 176, 180 clear ipv6 cache, 139 clear ipv6 neighbor, 139 clear ipv6 route, 140 clear ipv6 traffic, 140 clear ipv6 tunnel, 122 clear lldp neighbors, 224 clear LLDP statistics, 220 clear lldp statistics, 223 clear logging, 236, 242 clear statistics, 250, 269 clock set, 26 clock summer-time, 27 clock timezone gmt, 27 clock timezone us, 28 copy flash console, 53, 54 copy flash tftp,
ethernet, 196 lldp enable transmit ports, 194 lldp enable transmit ports ethernet, 195 lldp max-neighbors-per-port, 196 lldp max-total-neighbors, 195 lldp med location-id civic-address, 211 lldp med location-id coordinate-based, 209 lldp med location-id ecs-elin, 214 lldp med network-policy application, 216 lldp snmp-notification-interval, 197 lldp transmit-delay, 197 lldp transmit-hold, 198 lldp transmit-interval, 197, 198 logging buffered, 239 logging console, 233 logging enable config-changed, 58 logging
command output egress queue statistics, 250 IPv6 tunnel interface information, 124 sFlow information, 268 show fdp neighbor, 174 show ipv6 cache, 141 show ipv6 interface, 142 show ipv6 neighbor, 144 show ipv6 route command, 146 show ipv6 router, 147 show ipv6 tcp connections, 148 show ipv6 tcp status, 150 show ipv6 traffic, 151 show link-error-disable, 42 show lldp neighbors, 221 show lldp statistics, 219, 220 show loop-detection resource, 46 show optic, 229 show sflow, 268 show sntp associations, 21 show s
Maintenance (OAM), 49 SNMP access, 155 software-based licensing, 73 Syslog, 231 flash image CLI commands, 52 determining version running on device, 50 file types, 53 verification, 51, 52 flash memory copying a file to, 63 flow control configuration, 35 configuration notes, 35, 38 disabling or re-enabling, 35 displaying status, 37 enabling and disabling, 39 negotiation and advertisement, 36 symmetric and asymmetric, 37 Foundry Discovery Protocol (FDP) overview, 171 I ICMP configuring rate limiting, 128 enab
switch, 108 configuring ICMP rate limiting, 128 configuring IPv6 management ACLs, 112 configuring on each router interface, 108 configuring reachable time for remote nodes, 136 configuring SNMP V3, 113 configuring SNTP, 113 configuring the management port, 108 defining a DNS entry, 115 disabling on a Layer 2 switch, 118 disabling router advertisement and solication messages, 118 disabling router advertisement and solicitation messages, 118 displaying cache information, 140 displaying ECMP load-sharing infor
messages, 196 enabling support for tagged packets, 193 general operating prinicples, 186 general system information, 199 global configuration tasks, 192 MIB support, 191 organizationally-specific TLVs, 188 overview, 183 packets, 187 receive mode, 187 resetting statistics, 223 specifying the maximum number of LLDP neighbors per port, 196 specifying the maximum number of neighbors per device, 195 specifying the minimum time between SNMP traps and Syslog messages, 197 Syslog messages, 191 terms used in chapter
port loop detection, 43 port statistics parameters, 245 viewing, 245 R RMON alarm (group 3), 253 event (group 9), 253 export configuration and statistics, 251 history (group 2), 253 maximum number of entries allowed in control table, 250 statistics, 251 RMON support, 250 266 specifying the polling interval, 266 specifying the version used for exporting sFlow data, 266 support for IPv6 packets, 255 uplink utilization list configuration, 270 utilization list for an uplink port command syntax, 270 version 5,
show command ipv6 inter tunnel, 124 show boot-preference, 56 show clock, 28 show dir, 53 show fdp entry, 175, 179 show fdp neighbor, 173 show fdp neighbors, 178 show fdp traffic, 180 show flash, 51 show interface, 37, 249 show interfaces tunnel, 124 show ipv6, 127 show ipv6 cache, 140 show ipv6 interface, 141 show ipv6 neighbor, 144 show ipv6 route, 145 show ipv6 router, 146 show ipv6 tcp connections, 147 show ipv6 tcp status, 149 show ipv6 traffic, 151 show ipv6 tunnel, 123 show link-error-disable, 41 show
software licensing configuration tasks, 74 obtaining a license, 75 software reboot, 56 software upgrade, 54 special characters used in search string, 8 SSH using to install a software license, 85, 86, 88 startup configuration, 58 static IPv6 route configuration, 118 static IPv6 route parameters, 120 statistics clearing, 248 displaying virtual routing interface, 18 enabling SNMP VE, 18 STP statistics, viewing, 247 Syslog changing the log facility, 240 changing the number of entries the local buffer can hold,
X XON and XOFF thresholds, 38 Brocade ICX 6650 Administration Guide 53-1002600-01 311
312 Brocade ICX 6650 Administration Guide 53-1002600-01