53-1003075-02 30 July 2014 FastIron Ethernet Switch Administration Guide Supporting FastIron Software Release 08.0.
© 2014, Brocade Communications Systems, Inc. All Rights Reserved. Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron, HyperEdge, ICX, MLX, MyBrocade, NetIron, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and The Effortless Network and the On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and in other countries. Other brands and product names mentioned may be trademarks of others.
Contents Preface...................................................................................................................................11 Document conventions....................................................................................11 Text formatting conventions................................................................ 11 Command syntax conventions............................................................ 11 Notes, cautions, and warnings.........................................
NTP associations.............................................................................. 42 Synchronizing time............................................................................44 Authentication................................................................................... 44 VLAN and NTP..................................................................................44 Configuring NTP................................................................................
Copying a file from an IPv6 TFTP server.......................................... 103 IPv6 copy command..........................................................................104 IPv6 TFTP server file upload.............................................................105 Using SNMP to save and load configuration information..................106 Erasing image and configuration files............................................... 107 System reload scheduling..................................................
Displaying ECMP load-sharing information for IPv6....................... 135 SNMP Access..................................................................................................................... 137 Supported SNMP access features.............................................................. 137 SNMP overview...........................................................................................137 SNMP community strings..........................................................................
LLDP operating modes..................................................................... 168 LLDP packets....................................................................................169 TLV support.......................................................................................169 MIB support...................................................................................................173 Syslog messages.......................................................................................
Enabling real-time display of Syslog messages..............................219 Enabling real-time display for a Telnet or SSH session.................. 219 Displaying real-time Syslog messages .......................................... 219 Syslog service configuration....................................................................... 220 Displaying the Syslog configuration................................................ 220 Disabling or re-enabling Syslog.................................................
Supported powered devices..............................................................267 Installing PoE firmware .................................................................... 268 PoE and CPU utilization....................................................................272 Enabling and disabling Power over Ethernet................................................ 272 Disabling support for PoE legacy power-consuming devices.......................
show sysmon system sfm .............................................................. 318 Syslog messages................................................................................................................ 319 Brocade Syslog messages..........................................................................319 OpenSSL License................................................................................................................361 OpenSSL license.........................................
Preface ● Document conventions....................................................................................................11 ● Brocade resources.......................................................................................................... 13 ● Contacting Brocade Technical Support...........................................................................13 ● Document feedback........................................................................................................
Notes, cautions, and warnings Convention Description value In Fibre Channel products, a fixed value provided as input to a command option is printed in plain text, for example, --show WWN. [] Syntax components displayed within square brackets are optional. Default responses to system prompts are enclosed in square brackets. {x|y|z} A choice of required parameters is enclosed in curly brackets separated by vertical bars. You must select one of the options.
Brocade resources Brocade resources Visit the Brocade website to locate related documentation for your product and additional Brocade resources. You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.
Document feedback • Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM. • For questions regarding service levels and response times, contact your OEM/Solution Provider. Document feedback To send feedback and report errors in the documentation you can use the feedback form posted with the document or you can e-mail the documentation team.
About This Document ● Supported hardware and software.................................................................................. 15 ● What’s new in this document ......................................................................................... 15 ● How command information is presented in this guide.....................................................16 Supported hardware and software This guide supports the following product families for the FastIron 08.0.
How command information is presented in this guide TABLE 1 Summary of enhancements in FastIron release 08.0.10d Feature Description Described in Force mode configuration considerations. Describes the considerations applicable to force mode. Basic Software Features on page 29 How command information is presented in this guide For all new content, command syntax and parameters are documented in a separate command reference section at the end of the publication.
Management Applications ● Supported management application features................................................................. 17 ● Management port overview.............................................................................................17 ● Logging on through the CLI.............................................................................................19 ● Using stack-unit, slot number, and port numberwith CLI commands..............................
How the management port works For SX 800 and SX 1600 devices, the MAC address for the management port is derived as if the management port is the last port on the management module where it is located. For example, on a 2 X 10G management module, the MAC address of the management port is that of the third port on that module.
Logging on through the CLI No port name IPG MII 0 bits-time, IPG GMII 0 bits-time IP MTU 1500 bytes 300 second input rate: 83728 bits/sec, 130 packets/sec, 0.01% utilization 300 second output rate: 24 bits/sec, 0 packets/sec, 0.
Online help The commands in the CLI are organized into the following levels: • User EXEC - Lets you display information and perform basic tasks such as pings and traceroutes. • Privileged EXEC - Lets you use the same commands as those at the User EXEC level plus configuration commands that do not require saving the changes to the system-config file. • CONFIG - Lets you make configuration changes to the device. To save the changes across reboots, you need to save them to the system-config file.
Line editing commands The software provides the following scrolling options: • Press the Space bar to display the next page (one screen at a time). • Press the Return or Enter key to display the next line (one line at a time). • Press Ctrl+C or Ctrl+Q to cancel the display.
Using stack-unit, slot number, and port numberwith CLI commands Using stack-unit, slot number, and port numberwith CLI commands Many CLI commands require users to enter port numbers as part of the command syntax, and many show command outputs display port numbers. The port numbers are entered and displayed in one of the following formats: • port number only • slot number and port number • stack-unit, slot number, and port number The following sections show which format is supported on which devices.
Management Applications string is a regular expression consisting of a single character or string of characters. You can use special characters to construct complex regular expressions. Refer to Using special characters in regular expressions on page 24 for information on special characters used with regular expressions.
Searching and filtering output at the --More-- prompt Searching and filtering output at the --More-- prompt The --More-- prompt displays when output extends beyond a single page. From this prompt, you can press the Space bar to display the next page, the Return or Enter key to display the next line, or Ctrl +C or Q to cancel the display. In addition, you can search and filter output from this prompt. At the --More-- prompt, you can press the forward slash key ( / ) and then enter a search string.
Management Applications TABLE 3 Special characters for regular expressions Character Operation . The period matches on any single character, including a blank space. For example, the following regular expression matches "aaz", "abz", "acz", and so on, but not just "az": a.z * The asterisk matches on zero or more sequential instances of a pattern.
Creating an alias for a CLI command TABLE 3 Special characters for regular expressions (Continued) Character Operation [] Square brackets enclose a range of single-character patterns. For example, the following regular expression matches output that contains "1", "2", "3", "4", or "5": [1-5] You can use the following expression symbols within the brackets. These symbols are allowed only inside the brackets. • ^ - The caret matches on any characters except the ones in the brackets.
Configuration notes for creating a command alias To remove the wrsbc alias from the configuration, enter one of the following commands. device(config)#no alias wrsbc or device(config)#unalias wrsbc Syntax: unalias alias-name The specified alias-name must be the name of an alias already configured on the Brocade device. To display the aliases currently configured on the Brocade device, enter the following command at either the Privileged EXEC or CONFIG levels of the CLI.
Configuration notes for creating a command alias 28 FastIron Ethernet Switch Administration Guide 53-1003075-02
Basic Software Features ● Supported basic software features..................................................................................29 ● Basic system parameter configuration............................................................................ 30 ● Network Time Protocol Version 4 (NTPv4)..................................................................... 36 ● Basic port parameter configuration.................................................................................
Basic system parameter configuration Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 10/100/1000 port speed 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Auto-negotiation 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Auto-negotiation maximum port speed advertisement and down-shift 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Duplex mode 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.
Entering system administration information NOTE For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, refer to "IP Configuration" chapter in the FastIron Ethernet Switch Layer 3 Routing Configuration Guide NOTE For information about the Syslog buffer and messages, refer to Basic system parameter configuration. The procedures in this section describe how to configure the basic system parameters listed in Basic Software Features on page 29.
Specifying an SNMP trap receiver NOTE To add and modify "get" (read-only) and "set" (read-write) community strings, refer to "Security Access" chapter in the FastIron Ethernet Switch Security Configuration Guide . Specifying an SNMP trap receiver You can specify a trap receiver to ensure that all SNMP traps sent by the Brocade device go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network. When you specify the host, you also specify a community string.
Specifying a single trap source Specifying a single trap source You can specify a single trap source to ensure that all SNMP traps sent by the Layer 3 switch use the same source IP address. For configuration details, refer to "Specifying a single source interface for specified packet types" section in the FastIron Ethernet Switch Layer 3 Routing Configuration Guide.
SNMP ifIndex SNMP Layer 3 traps The following traps are generated on devices running Layer 3 software: • • • • • • • • • • • • • SNMP authentication key Power supply failure Fan failure Cold start Link up Link down Bridge new root Bridge topology change Locked address violation BGP4 OSPF VRRP VRRP-E To stop link down occurrences from being reported, enter the following.
Disabling Syslog messages and traps for CLI access Note that the above CLI command enables SNMP to display virtual interface statistics. It does not enable the CLI to display the statistics. Disabling Syslog messages and traps for CLI access Brocade devices send Syslog messages and SNMP traps when a user logs into or out of the User EXEC or Privileged EXEC level of the CLI.
Cancelling an outbound Telnet session The user remained in the Privileged EXEC mode until 5:59 PM and 22 seconds. (The user could have used the CONFIG modes as well. Once you access the Privileged EXEC level, no further authentication is required to access the CONFIG levels.) At 6:01 PM and 11 seconds, the user ended the CLI session. Disabling the Syslog messages and traps Logging of CLI access is enabled by default. If you want to disable the logging, enter the following commands.
Basic Software Features NTP uses the concept of associations to describe communication between two machines running NTP. NTP associations are statistically configured. On startup or on the arrival of NTP packets, associations are created. Multiple associations are created by the protocol to communicate with multiple servers. NTP maintains a set of statistics for each of the server or the client it is associated with.
Basic Software Features FIGURE 1 NTP Hierarchy • • • • • NTP implementation conforms to RFC 5905. NTP can be enabled in server and client mode simultaneously. The NTP uses UDP port 123 for communicating with NTP servers/peers. NTP server and client can communicate using IPv4 or IPv6 address NTP implementation supports below association modes. ‐ Client ‐ Server ‐ Symmetric active/passive ‐ Broadcast server ‐ Broadcast client • NTP supports maximum of 8 servers and 8 peers.
Limitations • NTP can operate in authenticate or non-authenticate mode. Only symmetric key authentication is supported. • By default, NTP operates in default VLAN and it can be changed. Limitations • FastIron devices cannot operate as primary time server (or stratum 1). It only serves as secondary time server (stratum 2 to 15). • NTP server and client cannot communicate using hostnames. • NTP is not supported on VRF enabled interface or ve. • Autokey public key authentication is not supported.
System as an Authoritative NTP Server System as an Authoritative NTP Server The NTP server can operate in master mode to serve time using the local clock, when it has lost synchronization. Serving local clock can be enabled using the master command. In this mode, the NTP server stratum number is set to the configured stratum number.
NTP peer The NTP client maintains the server and peer state information as association. The server and peer association is mobilized at the startup or whenever user configures. The statically configured server/ peer associations are not demobilized unless user removes the configuration. The symmetric passive association is mobilized upon arrival of NTP packet from peer which is not statically configured. The associations will be demobilized on error or time-out.
NTP broadcast client NTP packets periodically (every 64 sec) to subnet broadcast IP address of the configured interface.
NTP broadcast-based associations clients that are not required to provide any form of time synchronization to other local clients. Use the server and peer to individually specify the time server that you want the networking device to consider synchronizing with and to set your networking device to operate in the client mode. Symmetric active/passive mode is intended for configurations where group devices operate as mutual backups for each other.
Synchronizing time Synchronizing time After the system peer is chosen, the system time is synchronized based on the time difference with system peer: • If the time difference with the system peer is 128 msec and < 1000 sec, the system clock is stepped to the system peer reference time and the NTP state information is cleared. Authentication The time kept on a machine is a critical resource, so it is highly recommended to use the encrypted authentication mechanism.
Enabling NTP Enabling NTP NTP and SNTP implementations cannot operate simultaneously. By default, SNTP is enabled. To disable SNTP and enable NTP, use the ntp command in configuration mode. This command enables the NTP client and server mode if SNTP is disabled. Brocade(config)# ntp Brocade(config-ntp)# Syntax: [no] ntp Use the no form of the command to disable NTP and remove the NTP configuration.
Defining an authentication key Defining an authentication key To define an authentication key for Network Time Protocol (NTP), use the authentication-key command. To remove the authentication key for NTP, use the no form of this command. By default, authentication keys are not configured. Brocade(config-ntp)# authentication-key key-id 1 md5 moof Syntax: [no] authentication-key key-id md5 key-string The valid key-id parameter is 1 to 65535.
Configuring the NTP client The vlan-id parameter specifies the VLAN ID number. Configuring the NTP client To configure the device in client mode and specify the NTP servers to synchronize the system clock, use the server command. A maximum 8 NTP servers can be configured. To remove the NTP server configuration, use the no form of this command. By default, no servers are configured. Brocade(config-ntp)#server 1.2.3.
Configuring NTP on an interface NOTE If the peer is a member of symmetric passive association, then configuring the peer command will fail. Brocade(config-ntp)# peer 1.2.3.4 key 1234 Syntax: [no] peer { ipv4-address | ipv6-address } [ version num [ key key-id ] [ minpoll interval ] [ maxpoll interval ] [ burst ] The ipv4-address or ipv6-address parameter is the IP address of the peer providing the clock synchronization. The version num option defines the Network Time Protocol (NTP) version number.
Configuring the broadcast client The ve id parameter specifies the virtual port number. Configuring the broadcast client To configure a device to receive Network Time Protocol (NTP) broadcast messages on a specified interface, use the broadcast client command. NTP broadcast client can be enabled on maximum of 16 ethernet interfaces. If the interface is operationally down or NTP is disabled, then the NTP broadcast server packets are not received. To disable this capability, use the no form of this command.
Displaying NTP associations TABLE 4 NTP status command output descriptions Field Description synchronized Indicates the system clock is synchronized to NTP server or peer. stratum Indicates the stratum number that this system is operating. Range 2..15. reference IPv4 address or first 32 bits of the MD5 hash of the IPv6 address of the peer to which clock is synchronized. precision Precision of the clock of this system in Hz. reference time Reference time stamp.
Displaying NTP associations details TABLE 5 NTP associations command output descriptions Field Description * The peer has been declared the system peer and lends its variables to the system variables. # This peer is a survivor in the selection algorithm. + This peer is a candidate in the combine algorithm. - This peer is discarded as outlier in the clustering algorithm. x This peer is discarded as 'falseticker' in the selection algorithm. ~ The server or peer is statically configured.
Basic Software Features Use the show ntp associations detail command with the appropriate parameters to display the NTP servers and peers association information for a specific IP address. Brocade# show ntp association detail 1.99.40.1 1.99.40.1 configured server, candidate, stratum 3 ref ID 216.45.57.38, time d288de7d.690ca5c7 (10:33:33.1762436551 Pacific Tue Dec 06 2011) our mode client, peer mode server, our poll intvl 10, peer poll intvl 10, root delay 0.02618408 msec, root disp 0.
Configuration Examples TABLE 6 NTP associations detail command output descriptions (Continued) Field Description root delay The delay along path to root (the final stratum 1 time source). root disp Dispersion of path to root. reach peer The peer reachability (bit string in octal). Delay Round-trip delay to peer. offset Offset of a peer clock relative to this clock. Dispersion Dispersion of a peer clock. precision Precision of a peer clock. version Peer NTP version number.
NTP strict authentication configuration Brocade(config-ntp)# peer 10.100.12.83 Brocade(config-ntp)# disable serve NTP strict authentication configuration Sample CLI commands to configure the Brocade device in strict authentication mode. Brocade(config-ntp)# authenticate Brocade(config-ntp)# authentication-key key-id 1 md5 key123 Brocade(config-ntp)# server 10.1.2.4 key 1 NTP loose authentication configuration Sample CLI commands to configure the Brocade device in loose authentication mode.
Specifying a port address Specifying a port address You can specify a port address for an uplink (data) port, stacking port, or a management port. ICX 6430 and ICX 6450 Specifying a data port The port address format is is stack unit/slot/port, where: • stack unit --Specifies the stack unit ID. For the ICX 6430, range is from 1 to 4. For the ICX 6450, range is from 1 to 8. If the device is not part of a stack, the stack unit ID is 1. • slot --Specifies the slot number. Can be 1 or 2.
FCX Specifying a stacking port The port address format is is stack unit/slot/port, where: • stack unit --Specifies the stack unit ID. Range is from 1 to 8. • slot --Specifies the slot number. Stacking ports are in slot 2. • port --Specifies the port number in the slot. Dedicated stacking ports are 1, 2, 6, and 7. This example shows how to specify stacking port 2 in slot 2 of unit 3 in a stack: Brocade (config) # interface ethernet 3/2/2 Specifying a management port The management port number is always 1.
FSX FSX Specifying a data port The port address format is slot/port, where: • slot --Specifies the interface slot number. Range is from 1 to 8 (FSX 800) or 1 to 16 (FSX 1600). • port --Specifies the port number in the slot. Range is from 1 to 48 depending on the interface module. This example shows how to specify port 2 in slot 1: Brocade (config) # interface ethernet 1/2 Specifying a management port The management port number is always 1.
Displaying the port name for an interface You can also specify the individual ports, separated by space. To assign a name to multiple specific ports, enter commands such as the following: Brocade (config)# interface ethernet 1/1/1 ethernet 1/1/5 ethernet 1/1/7 Brocade (config-mif-1/1/1, 1/1/5, 1/1/7)# port-name connected-to-the nearest device Displaying the port name for an interface You can use the show interface brief command to display the name assigned to the port.
Port speed and duplex mode modification TABLE 7 Output parameters of the show interface brief wide command (Continued) Field Description Link Specifies the link state. Port-State Specifies the current port state. Speed Specifies the link speed. Tag Specifies if the port is tagged or not. Pvid Specifies the port VLAN ID. Pri Specifies the priority. MAC Specifies the MAC address. Name Specifies the port name.
Port speed and duplex mode configuration syntax Port speed and duplex mode configuration syntax The following commands change the port speed of copper interface 8 on a FastIron device from the default of 10/100/1000 auto-sense, to 100 Mbps operating in full-duplex mode.
Enabling auto-negotiation maximum port speed advertisement and down-shift mode changing, it is recommended that you first change to auto mode on one side, before switching to another force mode configuration. Enabling auto-negotiation maximum port speed advertisement and down-shift NOTE For optimal link operation, link ports on devices that do not support 802.3u must be configured with like parameters, such as speed (10,100,1000), duplex (half, full), MDI/MDIX, and Flow Control.
Configuring port speed down-shift and auto-negotiation for a range of ports To configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiation enabled, enter a command such as the following at the Global CONFIG level of the CLI. device(config) # link-config gig copper autoneg-control 10m ethernet 1 To configure a maximum port speed advertisement of 100 Mbps on a port that has auto-negotiation enabled, enter the following command at the Global CONFIG level of the CLI.
Enabling port speed down-shift ethernet 0/1/15 to 0/1/20 ! ! ip address 10.44.9.11 255.255.255.0 ip default-gateway 10.44.9.1 ! end To disable selective auto-negotiation of 100m-auto on ports 0/1/21 to 0/1/25 and 0/1/30, enter the following. Brocade(config)# no link-config gig copper autoneg-control 100m-auto ethernet 0/1/21 to 0/1/25 ethernet 0/1/30 Enabling port speed down-shift Enable port speed down-shift on a port that has auto-negotiation enabled. 1.
MDI and MDIX configuration notes MDI and MDIX configuration notes • This feature applies to copper ports only. • The mdi-mdix mdi and mdi-mdix mdix commands work independently of auto-negotiation. Thus, these commands work whether auto-negotiation is turned ON or OFF. MDI and MDIX configuration syntax The auto MDI/MDIX detection feature is enabled on all Gbps copper ports by default. For each port, you can disable auto MDI/MDIX, designate the port as an MDI port, or designate the port as an MDIX port.
Flow control configuration Flow control configuration Flow control (802.3x) is a QoS mechanism created to manage the flow of data between two full-duplex Ethernet devices. Specifically, a device that is oversubscribed (is receiving more traffic than it can handle) sends an 802.3x PAUSE frame to its link partner to temporarily reduce the amount of data the link partner is transmitting. Without flow control, buffers would overflow, packets would be dropped, and data retransmission would be required.
Displaying flow-control status To disable flow control capability on a port, enter the following commands. device(config) # interface ethernet 0/1/21 device(config-if-e1000-0/1/21)# no flow-control To enable flow control negotiation, enter the following commands.
Symmetric flow control on FCX and ICX devices NOTE The port up/down time is required only for physical ports and not for loopback/ ve/ tunnel ports. Issuing the show interface command with the appropriate parameters on a FSX device displays the following output: device# show interface ethernet 18/1 GigabitEthernet18/1 is up, line protocol is up Port up for 50 seconds Hardware is GigabitEthernet, address is 0000.0028.0600 (bia 0000.0028.
About XON and XOFF thresholds Symmetric flow control addresses the requirements of a lossless service class in an Internet Small Computer System Interface (iSCSI) environment. It is supported on FCX and ICX standalone units as well as on all FCX and ICX units in a traditional stack. About XON and XOFF thresholds An 802.3x PAUSE frame is generated when the buffer limit at the ingress port reaches or exceeds the port’s upper watermark threshold (XOFF limit).
Enabling and disabling symmetric flow control • Symmetric flow control is supported on FCX and ICX devices only. It is not supported on other FastIron models. • Symmetric flow control is supported on all 1G,10G, and 40G data ports on FCX and ICX devices. • Symmetric flow control is not supported on stacking ports or across units in a stack. • To use this feature, 802.3x flow control must be enabled globally and per interface on FCX and ICX devices. By default, 802.
Changing the total buffer limits To change the thresholds for all 10G ports, enter a command such as the following. device(config)# symmetric-flow-control set 2 xoff 91 xon 75 In the above configuration examples, when the XOFF limit of 91% is reached or exceeded, the Brocade device will send PAUSE frames to the sender telling it to stop transmitting data temporarily. When the XON limit of 75% is reached, the Brocade device will send PAUSE frames to the sender telling it to resume sending data.
PHY FIFO Rx and Tx depth configuration XOFF Limit XON Limit : 376(91%) : 312(75%) Syntax: show symmetric-flow-control PHY FIFO Rx and Tx depth configuration PHY devices on Brocade devices contain transmit and receive synchronizing FIFOs to adjust for frequency differences between clocks. The phy-fifo-depth command allows you to configure the depth of the transmit and receive FIFOs. There are 4 settings (0-3) with 0 as the default. A higher setting indicates a deeper FIFO.
Configuring IPG on a Gbps Ethernet port device(config-if-e1000-7/1)# ipg-gmii 120 IPG 120(112) has been successfully configured for ports 7/1 to 7/12 • When you enter a value for IPG, the device applies the closest valid IPG value for the port mode to the interface. For example, if you specify 120 for a 1 Gbps Ethernet port in 1 Gbps mode, the device assigns 112 as the closest valid IPG value to program into hardware.
IPG configuration notes IPG configuration notes • The CLI syntax for IPG differs on FastIron Stackabledevices compared to FastIron X Series devices. This section describes the configuration procedures for FastIron Stackabledevices. For FastIron X Series devices, refer to Interpacket Gap (IPG) on a FastIron X Series switch on page 71. • When an IPG is applied to a trunk group, it applies to all ports in the trunk group.
100BaseTX configuration notes After the link is up, it will be in 100M/full-duplex mode, as shown in the following example. device# show interface brief ethernet 11 Port Link State Dupl Speed Trunk Tag Priori MAC Name 11 Up Forward Full 100M None No level10 0000.0013.c74b The show media command will display the SFP transceiver as 1G M-TX . Syntax: [no] 100-tx To disable support, enter the no form of the command.
Changing the Gbps fiber negotiation mode NOTE Connect the 100BaseFX fiber transceiver after configuring both sides of the link. Otherwise, the link could become unstable, fluctuating between up and down states. To enable support for 100BaseFX on an FSX fiber port or on a Stackable switch, enter commands such as the following. device(config)# interface ethernet 1/6 device(config-if-1/6)# 100-fx The above commands enable 100BaseFX on port 6 in slot 1.
Port priority (QoS) modification Port priority (QoS) modification You can give preference to the inbound traffic on specific ports by changing the Quality of Service (QoS) level on those ports. For information and procedures, refer to "Quality of Service" chapter in the FastIron Ethernet Switch Traffic Management Guide .
Viewing voice VLAN configurations Syntax: [no] voice-vlan voice-vlan-num where voice-vlan-num is a valid VLAN ID between 1 - 4095. To remove a voice VLAN ID, use the no form of the command. Viewing voice VLAN configurations You can view the configuration of a voice VLAN for a particular port or for all ports. To view the voice VLAN configuration for a port, specify the port number with the show voice-vlan command. The following example shows the command output results.
Configuring port flap dampening on an interface Configuring port flap dampening on an interface This feature is configured at the interface level. device(config)# interface ethernet 2/1 device(config-if-e10000-2/1)# link-error-disable 10 3 10 Syntax: [no] link-error-disable toggle-threshold sampling-time-in-sec wait-time-in-sec The toggle-threshold is the number of times a port link state goes from up to down and down to up before the wait period is activated. Enter a value from 1 - 50.
Basic Software Features Port8/5 is configured for link-error-disable threshold:4, sampling_period:10, waiting_period:2 Port8/9 is configured for link-error-disable threshold:2, sampling_period:20, waiting_period:0 For FastIron X Series devices, the output of the command shows the following.
Syslog messages for port flap dampening The line "Link Error Dampening" displays "Enabled" if port flap dampening is enabled on the port or "Disabled" if the feature is disabled on the port. The feature is enabled on the ports in the two examples above. Also, the characters "ERR-DISABLED" is displayed for the "GbpsEthernet" line if the port is disabled because of link errors.
Recovering disabled ports Recovering disabled ports Once a loop is detected on a port, it is placed in Err-Disable state. The port will remain disabled until one of the following occurs: • You manually disable and enable the port at the Interface Level of the CLI. • You enter the command clear loop-detection . This command clears loop detection statistics and enables all Err-Disabled ports. • The device automatically re-enables the port.
Configuring a global loop detection interval By default, the port will send test packets every one second, or the number of seconds specified by the loop-detection-interval command. Refer to Configuring a global loop detection interval on page 82. Syntax: [no] loop-detection Use the [no] form of the command to disable loop detection. Configuring a global loop detection interval The loop detection interval specifies how often a test packet is sent on a port.
Clearing loop-detection The above command configures the device to wait 120 seconds (2 minutes) before re-enabling the ports. To revert back to the default recovery time interval of 300 seconds (5 minutes), enter one of the following commands. device(config)# errdisable recovery interval 300 OR device(config)# no errdisable recovery interval 120 Syntax: [no] errdisable recovery interval seconds where seconds is a number from 10 to 65535.
Displaying loop detection resource information configuration pool linklist pool alloc in-use 16 6 16 10 avail get-fail 10 0 6 0 limit 3712 3712 get-mem 6 10 size init 15 16 16 16 Displaying loop detection resource information Use the show loop-detection resource command to display the hardware and software resource information on loop detection.
Syslog message due to disabled port in loop detection Member of active trunk ports 2/1,2/2, primary port Member of configured trunk ports 2/1,2/2, primary port No port name IPG XGMII 96 bits-time MTU 1500 bytes, encapsulation ethernet ICL port for BH1 in cluster id 1 300 second input rate: 2064 bits/sec, 3 packets/sec, 0.00% utilization 300 second output rate: 768 bits/sec, 1 packets/sec, 0.
Syslog message due to disabled port in loop detection 86 FastIron Ethernet Switch Administration Guide 53-1003075-02
Operations, Administration, and Maintenance ● Supported OAM features................................................................................................ 87 ● OAM Overview................................................................................................................ 88 ● Software versions installed and running on a device...................................................... 89 ● Software Image file types............................................................................
OAM Overview Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 Hitless OS upgrade No No No No No 08.0.01 No Boot code synchronization for active and N/A redundant management modules N/A N/A N/A No 08.0.01 No Software reboot 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Show boot preference 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Loading and saving configuration files 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.
Software versions installed and running on a device Software versions installed and running on a device Use the following methods to display the software versions running on the device and the versions installed in flash memory. Determining the flash image version running on the device To determine the flash image version running on a device, enter the show version command at any level of the CLI. Some examples are shown below.
Displaying the boot image version running on the device Standby Management CPU [Slot-10]: SW: Version 07.4.00T3e3 Copyright (c) 1996-2012 Brocade Communications Systems, Inc. All rights reserved. Compiled on Mar 02 2012 at 11:54:29 labeled as SXR07400 BootROM: Version 07.2.
Displaying the image versions installed in flash memory Displaying the image versions installed in flash memory Enter the show flash command to display the boot and flash images installed on the device. An example of the command output is shown in Displaying the boot image version running on the device on page 90: • The "Compressed Pri Code size" line lists the flash code version installed in the primary flash area.
Software Image file types To generate a CRC32 hash value for the secondary image, enter the following command. device#verify crc32 secondary device#.........................Done Size = 2044830, CRC32 b31fcbc0 To verify the hash value of a secondary image with a known value, enter the following commands. device#verify md5 secondary 01c410d6d153189a4a5d36c955653861 device#.........................Done Size = 2044830, MD5 01c410d6d153189a4a5d36c955653862 Verification FAILED.
Software upgrades TABLE 11 Software image files Product Boot image Flash image ICX 6650 fxzxxxxx.bin ICXLRxxxxx.bin Software upgrades For instructions about upgrading the software, refer to FastIron Ethernet Switch Software Upgrade Guide . Boot code synchronization feature The Brocade device supports automatic synchronization of the boot image in the active and redundant management modules.
Viewing the contents of flash files Viewing the contents of flash files The copy flash console command can be used to display the contents of a configuration file, backup file, or renamed file stored in flash memory. The file contents are displayed on the console when the command is entered at the CLI. To display a list of files stored in flash memory, do one of the following: • For devices other than FCX and ICX, enter the dir command at the monitor mode.
Using SNMP to upgrade software vlan 30 by port untagged ethe 1/1/9 to 1/1/10 no spanning-tree pvlan type community ! ... some lines omitted for brevity... Syntax: copy flash console filename For filename, enter the name of a file stored in flash memory. Using SNMP to upgrade software You can use a third-party SNMP management application such as HP OpenView to upgrade software on a Brocade device. NOTE The syntax shown in this section assumes that you have installed HP OpenView in the "/usr" directory.
Software reboot Software reboot You can use boot commands to immediately initiate software boots from a software image stored in primary or secondary flash on a Brocade device or from a BootP or TFTP server. You can test new versions of code on a Brocade device or choose the preferred boot source from the console boot prompt without requiring a system reset. NOTE It is very important that you verify a successful TFTP transfer of the boot code before you reset the system.
Loading and saving configuration files The following example shows a user-configured boot sequence preference. Brocade#show boot-preference Boot system preference(Configured): Boot system tftp 10.1.1.1 FCXR08000.bin Boot system flash primary Boot system preference(Default): Boot system flash primary Boot system flash secondary Syntax: show boot-preference The results of the show run command for the configured example above appear as follows. Brocade#show run Current configuration: ! ver 08.0.
Replacing the startup configuration with the running configuration Replacing the startup configuration with the running configuration After you make configuration changes to the active system, you can save those changes by writing them to flash memory. When you write configuration changes to flash memory, you replace the startup configuration with the running configuration.
Dynamic configuration loading • copy startup-config tftp tftp-ip-addr filename - Use this command to upload a copy of the startup configuration file from the Layer 2 Switch or Layer 3 Switch to a TFTP server. • copy running-config tftp tftp-ip-addr filename - Use this command to upload a copy of the running configuration file from the Layer 2 Switch or Layer 3 Switch to a TFTP server.
Operations, Administration, and Maintenance NOTE You can enter text following " ! " as a comment. However, the " !" is not a comment marker. It returns the CLI to the global configuration level. NOTE If you copy-and-paste a configuration into a management session, the CLI ignores the " ! " instead of changing the CLI to the global CONFIG level. As a result, you might get different results if you copyand-paste a configuration instead of loading the configuration using TFTP.
Loading the configuration information into the running-config This time, the CLI accepts the command, and no error message is displayed. device(config)#interface ethernet 11 device(config-if-e1000-11)#no ip add 10.20.20.69/24 device(config-if-e1000-111)#ip add 10.10.10.69/24 device(config-if-e1000-11) • Always use the end command at the end of the file. The end command must appear on the last line of the file, by itself.
Loading and saving configuration files with IPv6 Loading and saving configuration files with IPv6 This section describes the IPv6 copy command.
Copying a file from an IPv6 TFTP server Specify the startup-config keyword to copy the startup configuration file to the specified IPv6 TFTP server. The tftp ipv6-address parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. The destination-file-name parameter specifies the name of the file that is copied to the IPv6 TFTP server.
IPv6 copy command The source-file-name parameter specifies the name of the file that is copied from the IPv6 TFTP server. The overwrite keyword specifies that the device should overwrite the current configuration file with the copied file. If you do not specify this parameter, the device copies the file into the current running or startup configuration but does not overwrite the current configuration.
IPv6 TFTP server file upload IPv6 TFTP server file upload You can upload the following files from an IPv6 TFTP server: • • • • Primary boot image. Secondary boot image. Running configuration. Startup configuration. Uploading a primary or secondary boot image from an IPv6 TFTP server For example, to upload a primary or secondary boot image from an IPv6 TFTP server to a device flash memory, enter a command such as the following. device#copy tftp 2001:DB8:e0ff:7837::3 primary.
Using SNMP to save and load configuration information Using SNMP to save and load configuration information You can use a third-party SNMP management application such as HP OpenView to save and load a configuration on a Brocade device. To save and load configuration information using HP OpenView, use the following procedure. NOTE The syntax shown in this section assumes that you have installed HP OpenView in the "/usr" directory. 1.
Erasing image and configuration files Erasing image and configuration files To erase software images or configuration files, use the commands described below. These commands are valid at the Privileged EXEC level of the CLI: • erase flash primary erases the image stored in primary flash of the system. • erase flash secondary erases the image stored in secondary flash of the system.
Displaying the amount of time remaining beforea scheduled reload Displaying the amount of time remaining beforea scheduled reload To display how much time is remaining before a scheduled system reload, enter the following command from any level of the CLI. device#show reload Canceling a scheduled reload To cancel a scheduled system reload using the CLI, enter the following command at the global CONFIG level of the CLI.
Operations, Administration, and Maintenance Error code Message Explanation and action 8 File type check failed. You accidentally attempted to copy the incorrect image code into the system. For example, you might have tried to copy a Chassis image into a Compact device. Retry the transfer using the correct image. 16 TFTP remote - general error. 17 TFTP remote - no such file. 18 TFTP remote - access violation. 19 TFTP remote - disk full. 20 TFTP remote - illegal operation.
Network connectivity testing Message Explanation and action Firmware type cannot be detected from the firmware content. Each PoE firmware file delivered by Brocade is meant to be used on the specific platform and the specific PoE controller on the specified module. If the file is used for a platform for which it is meant, but the PoE controller is not same then this error message will display. TFTP File not Valid for PoE Controller Type. Download the correct file, then retry the transfer.
Operations, Administration, and Maintenance The ttl num parameter specifies the maximum number of hops. You can specify a TTL from 1 - 255. The default is 64. The size byte parameter specifies the size of the ICMP data portion of the packet. This is the payload and does not include the header. You can specify from 0 - 10000. The default is 16. The no-fragment parameter turns on the "don’t fragment" bit in the IP header of the ping packet. This option is disabled by default.
Tracing an IPv4 route Tracing an IPv4 route NOTE This section describes the IPv4traceroute command. For details about IPv6traceroute , refer to the FastIron Ethernet Switch Layer 3 Routing Configuration Guide . Use the traceroute command to determine the path through which a Brocade device can reach another device. Enter the command at any level of the CLI. The CLI displays trace route information for each hop as soon as the information is received. Traceroute requests display all responses to a given TTL.
Benefits of hitless management Hitless Operating System (OS) Upgrade - An operating system upgrade and controlled switchover without any packet loss to the services and protocols that are supported by Hitless management. The services and protocols supported by Hitless management are listed in this section. Hitless failover and hitless switchover are disabled by default.
Operations, Administration, and Maintenance TABLE 12 Hitless-supported services and protocols - FSX 800 and FSX 1600 (Continued) Traffic type Supported protocols and services Impact • active management module becomes operational, new switched flows are learned and forwarded accordingly. The Layer 2 control protocol states are not interrupted during the switchover process. • • • • • • • • • • • • • • Layer 2 switching (VLAN and 802.
Operations, Administration, and Maintenance TABLE 12 Hitless-supported services and protocols - FSX 800 and FSX 1600 (Continued) Traffic type Supported protocols and services Impact Layer 3 IPv6 routed traffic • • Layer 3 routed traffic for supported protocols is not impacted during a Hitless management event. Traffic will converge to normalcy after the new active module becomes operational.
Hitless management configuration notes and feature limitations TABLE 12 Hitless-supported services and protocols - FSX 800 and FSX 1600 (Continued) Traffic type Supported protocols and services Impact Security • Supported security protocols and services are not impacted during a switchover or failover. • • • • • • • 802.
Hitless reload or switchover requirements and limitations Hitless reload or switchover requirements and limitations The section describes the design limitation on devices with the following configuration: • 0-port management modules • One or more third generation line cards For hitless reload or switch-over-active-role to succeed, the following requirements and limitations must be met: • Hitless reload is not allowed from Switch code when the primary image is in Router code and boot primary is a part of th
Real-time synchronization between management modules Real-time synchronization between management modules Hitless management requires that the active and standby management modules are fully synchronized at any given point in time. This is accomplished by baseline and dynamicsynchronization of the modules. When a standby management module is inserted and becomes operational in the FSX 800 or FSX 1600 chassis, the standby module sends a baseline synchronization request to the active management module.
How a Hitless switchover or failover impacts system functions NOTE Since both the standby and active management modules run the same code, a command that brings down the active management module will most likely bring down the standby management module. Because all configuration commands are synchronized from active to standby management module in real time, both management modules will reload at almost the same time.
Executing a hitless switchover on the FSX 800 and FSX 1600 Executing a hitless switchover on the FSX 800 and FSX 1600 Hitless failover must be enabled before a hitless switchover can be executed. To switch over to the standby module (and thus make it the active module), enter the following command. device# switch-over-active-role Once you enter this command, the system will prompt you as follows. Are you sure? (enter ’y’ or ’n’): y Running Config data has been changed.
Hitless OS upgrade considerations 6. The old active management module resets and reloads with the same software image running on the newly active management module. 7. The FastIron switch is now operating with the new software image. The management module that was initially configured as the standby management module is now the active management module and the management module that was initially configured as the active management module is now the standby.
Hitless OS upgrade configuration steps Hitless OS upgrade configuration steps The following is a summary of the configuration steps for a hitless OS software upgrade. 1. Copy the software image that supports hitless software upgrade from a TFTP server to the FastIron switch. Refer to Loading the software onto the switch on page 122. 2. Install the software image in flash memory on the active and standby management modules. 3. Enter the hitless-reload command on the active management module.
Displaying diagnostic information Displaying diagnostic information Use the following commands to display diagnostic information for a hitless switchover or failover.
Layer 3 hitless route purge Total number of Switchover/Failovers = 0 L3 slib baseline sync status: 0 [complete] Layer 3 hitless route purge Layer 3 traffic is forwarded seamlessly during a failover, switchover, or OS upgrade when hitless management is enabled. Some protocols support non-stop routing. On enabling non-stop routing, after switchover the management module quickly re-converge the protocol database.
Setting the IPv6 hitless purge timer on the defatult VRF Setting the IPv6 hitless purge timer on the defatult VRF To configure the purge timer, enter the ipv6 hitless-route-purge-timer command in global configuration mode.
ipv6 hitless-route-purge-timer IPv4 address family configuration Usage Guidelines Examples Under normal circumstances, you may not need to change the value of the route purge timer. If you anticipate delay in learning the routes after switchover, you can configure a larger value for the route purge timer.
IPv6 ● Supported IPv6 features............................................................................................... 127 ● Static IPv6 route configuration...................................................................................... 127 ● IPv6 over IPv4 tunnels.................................................................................................. 130 ● ECMP load sharing for IPv6..........................................................................................
Configuring a static IPv6 route Configuring a static IPv6 route To configure a static IPv6 route for a destination network with the prefix 2001:DB8::0/32, a next-hop gateway with the global address 2001:DB8:0:ee44::1, and an administrative distance of 110, enter the following command.
Configuring a static route in a non-default VRF or User VRF TABLE 13 Static IPv6 route parameters (Continued) Parameter Configuration details Status The route’s next-hop gateway, which can be one of the following: You can specify the next-hop gateway as one of the following types of IPv6 addresses: Mandatory for all static IPv6 routes. • • • A global address. The IPv6 address of a • A link-local address. next-hop gateway.
IPv6 over IPv4 tunnels Syntax: [no] ipv6 route vrf vrf-name dest-ipv6-prefix/prefix-length next-hop-ipv6-address The dest-ip-addr is the route’s destination. The dest-mask is the network mask for the route’s destination IPv6 address. The vrf-name is the name of the VRF that contains the next-hop router (gateway) for the route. The next-hop-ip-addr is the IPv6 address of the next-hop router (gateway) for the route. NOTE The vrf needs to be a valid VRF to be used in this command.
Configuring a manual IPv6 tunnel • Duplicate Address Detection (DAD) is not currently supported with IPv6 tunnels. Make sure tunnel endpoints do not have duplicate IP addresses. • Neighbor Discovery (ND) is not supported with IPv6 tunnels. • If a tunnel source port is a multi-homed IPv4 source, the tunnel will use the first IPv4 address only. For proper tunnel operation, use the ip address option.
Clearing IPv6 tunnel statistics with an EUI-64 interface ID in the low-order 64 bits. The interface ID is automatically constructed in IEEE EUI-64 format using the interface’s MAC address. Clearing IPv6 tunnel statistics You can clear statistics (reset all fields to zero) for all IPv6 tunnels or for a specific tunnel interface. For example, to clear statistics for tunnel 1, enter the following command at the Privileged EXEC level or any of the Config levels of the CLI.
Displaying tunnel interface information Displaying tunnel interface information To display status and configuration information for tunnel interface 1, enter the following command at any level of the CLI. device#show interfaces tunnel 1 Tunnel1 is up, line protocol is up Hardware is Tunnel Tunnel source ve 30 Tunnel destination is 10.2.2.
ECMP load sharing for IPv6 Global unicast address(es): 1001::1 [Preferred], subnet is 1001::/64 1011::1 [Preferred], subnet is 1011::/64 Joined group address(es): ff02::1:ff04:2 ff02::5 ff02::1:ff00:1 ff02::2 ff02::1 MTU is 1480 bytes ICMP redirects are enabled No Inbound Access List Set No Outbound Access List Set OSPF enabled The display command above reflects the following configuration.
Disabling or re-enabling ECMP load sharing for IPv6 If the path selected by the device becomes unavailable, the IPv6 neighbor should change state and trigger the update of the destination in the hardware. Brocade FastIron devices support network-based ECMP load-sharing methods for IPv6 traffic.
IPv6 unicast-routing enabled, hop-limit 64 No IPv6 Domain Name Set No IPv6 DNS Server Address set Prefix-based IPv6 Load-sharing is Enabled, Number of load share paths: 4 Syntax: show ipv6 136 FastIron Ethernet Switch Administration Guide 53-1003075-02
SNMP Access ● Supported SNMP access features................................................................................ 137 ● SNMP overview.............................................................................................................137 ● SNMP community strings..............................................................................................138 ● User-based security model...........................................................................................
SNMP community strings • Restricting SNMP access to a specific VLAN • Disabling SNMP access This section presents additional methods for securing SNMP access to Brocade devices. Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of defense when the packet arrives at a Brocade device.
SNMP Access The ro | rw parameter specifies whether the string is read-only (ro) or read-write (rw) . NOTE If you issue a no snmp-server community public ro command and then enter a write memory command to save that configuration, the "public" community name is removed and will have no SNMP access. If for some reason the device is brought down and then brought up, the "no snmp-server community public ro" command is restored in the system and the "public" community string has no SNMP access.
Displaying the SNMP community strings is granted. The view that you want must exist before you can associate it to a community string. Here is an example of how to use the view parameter in the community string command. device(config)#snmp-s community myread ro view sysview The command in this example associates the view "sysview" to the community string named "myread". The community string has read-only access to "sysview".
User-based security model User-based security model SNMP version 3 (RFC 2570 through 2575) introduces a User-Based Security model (RFC 2574) for authentication and privacy services. SNMP version 1 and version 2 use community strings to authenticate SNMP access to management modules. This method can still be used for authentication.
Defining an SNMP group The default engine ID guarantees the uniqueness of the engine ID for SNMP version 3. If you want to change the default engine ID, enter the snmp-server engineid local command. device(config)#snmp-server engineid local 800007c70300e05290ab60 Syntax: [no] snmp-server engineid local hex-string The local parameter indicates that engine ID to be entered is the ID of this device, representing an SNMP management entity.
Defining an SNMP user account page 138.) When a community string is created, two groups are created, based on the community string name. One group is for SNMP version 1 packets, while the other is for SNMP version 2 packets. The group groupname parameter defines the name of the SNMP group to be created. The v1 , v2 , or v3 parameter indicates which version of SNMP is used. In most cases, you will be using v3, since groups are automatically created in SNMP versions 1 and 2 from community strings.
SNMP Access The name parameter defines the SNMP user name or security name used to access the management module. The groupname parameter identifies the SNMP group to which this user is associated or mapped. All users must be mapped to an SNMP group. Groups are defined using the snmp-server group command. NOTE The SNMP group to which the user account will be mapped should be configured before creating the user accounts; otherwise, the group will be created without any views.
Defining SNMP views Defining SNMP views SNMP views are named groups of MIB objects that can be associated with user accounts to allow limited access for viewing and modification of SNMP statistics and system configuration. SNMP views can also be used with other commands that take SNMP views as an argument. SNMP views reference MIB objects using object names, numbers, wildcards, or a combination of the three. The numbers represent the hierarchical location of the object in the MIB tree.
SNMP version 3 traps You can exclude portions of the MIB within an inclusion scope. For example, if you want to exclude the snAgentSys objects, which begin with 1.3.6.1.4.1.1991.1.1.2 object identifier from the admin view, enter a second command such as the following. device(config)#snmp-server view admin 1.3.6.1.4.1.1991.1.1.2 excluded NOTE Note that the exclusion is within the scope of the inclusion. To delete a view, use the no parameter before the command.
Defining the UDP port for SNMP v3 traps Defining the UDP port for SNMP v3 traps The SNMP host command enhancements allow configuration of notifications in SMIv2 format, with or without encryption, in addition to the previously supported SMIv1 trap format. You can define a port that receives the SNMP v3 traps by entering a command such as the following. device(config)#snmp-server host 192.168.4.
Specifying an IPv6 host as an SNMP trap receiver Specifying an IPv6 host as an SNMP trap receiver You can specify an IPv6 host as a trap receiver to ensure that all SNMP traps sent by the device will go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network. To do so, enter a command such as the following.
Displaying SNMP Information Power supply failure: Enable Fan failure: Enable Temperature warning: Enable STP new root: Enable STP topology change: Enable vsrp: Enable Total Trap-Receiver Entries: 4 Trap-Receiver IP-Address 1 10.147.201.100 162 ..... 2 2001:DB8::200 162 3 10.147.202.100 162 ..... 4 2001:DB8::200 162 Port-Number Community ..... ..... Displaying SNMP Information This section lists the commands for viewing SNMP-related information.
Displaying user information Security level Authentication none If the security model shows v1 or v2, then security level is blank. User names are not used to authenticate users; community strings are used instead. noauthNoPriv Displays if the security model shows v3 and user authentication is by user name only. authNoPriv Displays if the security model shows v3 and user authentication is by user name and the MD5 or SHA algorithm.
SNMP v3 configuration examples Varbind object Identifier Description 1. 3. 6. 1. 6. 3. 15. 1. 1. 6. 0 Decryption error. SNMP v3 configuration examples The following sections present examples of how to configure SNMP v3.
Example 2 152 FastIron Ethernet Switch Administration Guide 53-1003075-02
Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets ● Supported discovery protocol features..........................................................................153 ● FDP Overview............................................................................................................... 153 ● CDP packets.................................................................................................................
FDP configuration NOTE If FDP is not enabled on a Brocade device that receives an FDP update or the device is running a software release that does not support FDP, the update passes through the device at Layer 2. FDP configuration The following sections describe how to enable Foundry Discovery Protocol (FDP) and how to change the FDP update and hold timers. Enabling FDP globally To enable a Brocade device to globally send FDP packets, enter the following command at the global CONFIG level of the CLI.
Changing the FDP update timer Changing the FDP update timer By default, a Brocade device enabled for FDP sends an FDP update every 60 seconds. You can change the update timer to a value from 5 - 900 seconds. To change the FDP update timer, enter a command such as the following at the global CONFIG level of the CLI. device(config)# fdp timer 120 Syntax: [no] fdp timer secs The secs parameter specifies the number of seconds between updates and can be from 5 - 900 seconds. The default is 60 seconds.
Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets -------------- ------------ ------ ---------- ----------- ------------FastIronB Eth 2/9 178 Router FastIron Rou Eth 2/9 Syntax: show fdp neighbor [ ethernet port ] [ detail ] The ethernet port parameter lists the information for updates received on the specified port. The detail parameter lists detailed information for each device. The show fdp neighbor command, without optional parameters, displays the following information.
Displaying FDP entries TABLE 18 Detailed FDP and CDP neighbor information (Continued) Parameter Definition Interface The interface on which this device received an FDP or CDP update for the neighbor. Port ID The interface through which the neighbor sent the update. Holdtime The maximum number of seconds this device can keep the information received in the update before discarding it. Version The software version running on the neighbor.
Clearing FDP and CDP information Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Internal errors: 0 Syntax: show fdp traffic Clearing FDP and CDP information You can clear the following FDP and CDP information: • Information received in FDP and CDP updates • FDP and CDP statistics The same commands clear information for both FDP and CDP.
Enabling interception of CDP packets globally NOTE When you enable interception of CDP packets, the Brocade device drops the packets. As a result, Cisco devices will no longer receive the packets. Enabling interception of CDP packets globally To enable the device to intercept and display CDP packets, enter the following command at the global CONFIG level of the CLI. device(config)# cdp run Syntax: [no] cdprun The feature is disabled by default.
Displaying CDP entries Platform: cisco RSP4, Capabilities: Router Interface: Eth 1/1, Port ID (outgoing port): FastEthernet5/0/0 Holdtime : 150 seconds Version : Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-JSV-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Thu 19-Aug-99 04:12 by cmong To display information about a neighbor attached to a specific port, enter a command such as the following.
Displaying CDP statistics Displaying CDP statistics To display CDP packet statistics, enter the show fdp traffic command. device# show fdp traffic CDP counters: Total packets output: 0, Input: 3 Hdr syntax: 0, Chksum error: 0, Encaps failed: 0 No memory: 0, Invalid packet: 0, Fragmented: 0 Syntax: show fdp traffic Clearing CDP information You can clear the following CDP information: • Cisco Neighbor information • CDP statistics To clear the Cisco neighbor information, enter the clear fdp table command.
Clearing CDP information 162 FastIron Ethernet Switch Administration Guide 53-1003075-02
LLDP and LLDP-MED ● Supported LLDP features..............................................................................................163 ● LLDP terms used in this chapter................................................................................... 164 ● LLDP overview.............................................................................................................. 165 ● LLDP-MED overview.....................................................................................................
LLDP terms used in this chapter Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 Configuring the minimum time between port reinitializations 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Fast start repeat count for LLDP-MED 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 Location ID for LLDP-MED 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10 LLDP-MED network policy 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.
LLDP overview The database is accessible by a Network Management Station (NMS) using a management protocol such as the Simple Network Management Protocol (SNMP). Network connectivity device - A forwarding 802 LAN device, such as a router, switch, or wireless access point. Station - A node in a network.
Benefits of LLDP FIGURE 3 LLDP connectivity Benefits of LLDP LLDP provides the following benefits: • Network Management: ‐ Simplifies the use of and enhances the ability of network management tools in multivendor environments ‐ Enables discovery of accurate physical network topologies such as which devices are neighbors and through which ports they connect ‐ Enables discovery of stations in multi-vendor environments • Network Inventory Data: ‐ Supports optional system name, system description, system ca
LLDP-MED overview LLDP-MED overview LLDP-MED is an extension to LLDP. This protocol enables advanced LLDP features in a Voice over IP (VoIP) network. Whereas LLDP enables network discovery between Network Connectivity devices, LLDP-MED enables network discovery between Network Connectivity devices and media Endpoints such as, IP telephones, softphones, VoIP gateways and conference bridges. The following diagram illustrates LLDP-MED connectivity.
LLDP-MED class LLDP-MED class An LLDP-MED class specifies an Endpoint type and its capabilities. An Endpoint can belong to one of three LLDP-MED class types: • Class 1 (Generic endpoint) - A Class 1 Endpoint requires basic LLDP discovery services, but does not support IP media nor does it act as an end-user communication appliance. A Class 1 Endpoint can be an IP communications controller, other communication-related server, or other device requiring basic LLDP discovery services.
LLDP receive mode LLDP receive mode An LLDP agent receives LLDP packets from adjacent LLDP-enabled devices. The LLDP packets contain information about the transmitting device and port. When an LLDP agent receives LLDP packets, it checks to ensure that the LLDPDUs contain the correct sequence of mandatory TLVs, then validates optional TLVs. If the LLDP agent detects any errors in the LLDPDUs and TLVs, it drops them in software.
LLDP-MED TLVs General system information TLVs are optional in LLDP implementations and are defined by the Network Administrator.
LLDP and LLDP-MED There are several ways in which a device may be identified. A chassis ID subtype, included in the TLV and shown in the following table, indicates how the device is being referenced in the Chassis ID field.
LLDP and LLDP-MED TABLE 20 Port ID subtypes (Continued) ID subtype Description 5 Interface name 6 Agent circuit ID 7 Locally assigned 8 - 255 Reserved Brocade devices use port ID subtype 3, the permanent MAC address associated with the port. Other third party devices may use a port ID subtype other than 3. The port ID appears similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info). Port ID (MAC address): 0000.0033.
MIB support FIGURE 7 TTL TLV packet format MIB support Brocade devices support the following standard management information base (MIB) modules: • • • • LLDP-MIB LLDP-EXT-DOT1-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB Syslog messages Syslog messages for LLDP provide management applications with information related to MIB data consistency and general status. These Syslog messages correspond to the lldpRemTablesChange SNMP notifications.
LLDP configuration notes and considerations TABLE 21 LLDP global configuration tasks and default behavior /value (Continued) Global task Default behavior / value when LLDP is enabled Specifying the maximum number of LLDP neighbors per port Automatically set to 4 neighbors per port Enabling SNMP notifications and Syslog messages Disabled Changing the minimum time between SNMP traps and Syslog messages Automatically set to 2 seconds when SNMP notifications and Syslog messages for LLDP are enabled Ena
Enabling support for tagged LLDP packets Syntax:[no] lldp run Enabling support for tagged LLDP packets By default, Brocade devices do not accept tagged LLDP packets from other vendors’ devices. To enable support, apply the command lldp tagged-packets process at the Global CONFIG level of the CLI.
LLDP and LLDP-MED Enabling and disabling receive only mode When LLDP is enabled on a global basis, by default, each port on the Brocade device will be capable of transmitting and receiving LLDP packets. To change the LLDP operating mode from receive and transmit mode to receive only mode, simply disable the transmit mode. Enter a command such as the following at the Global CONFIG level of the CLI.
Configuring LLDP processing on 802.1x blocked port Syntax: [no] lldp enabletransmit ports ethernet port-list | all Use the [no] form of the command to disable the transmit only mode. Configuring LLDP processing on 802.1x blocked port This feature adds support for reception and transmission of Link Layer Discovery Protocol (LLDP) packets over an 802.1x blocked port. The default behavior is to drop received LLDP packets and not to transmit LLDP packets over an 802.1x disabled port.
Specifying the maximum number of LLDP neighbors per port Use the [no] form of the command to remove the static configuration and revert to the default value of 392. where value is a number between 16 and 8192. The default number of LLDP neighbors per device is 392. Use the show lldp command to view the configuration. Specifying the maximum number of LLDP neighbors per port You can change the maximum number of LLDP neighbors for which LLDP data will be retained for each port.
Changing the minimum time between LLDP transmissions NOTE Because LLDP Syslog messages are rate limited, some LLDP information given by the system will not match the current LLDP statistics (as shown in the show lldp statistics command output). To change the minimum time interval between traps and Syslog messages, enter a command such as the following.
Changing the holdtime multiplier for transmit TTL To change the LLDP transmission interval, enter a command such as the following at the Global CONFIG level of the CLI. device(config)#lldp transmit-interval 40 The above command causes the LLDP agent to transmit LLDP frames every 40 seconds. Syntax:[no] lldp transmit-interval seconds where seconds is a value from 5 to 32768. The default is 30 seconds.
LLDP TLVs advertised by the Brocade device Syntax: [no] lldp reinit-delay seconds where seconds is a value from 1 - 10. The default is two seconds. LLDP TLVs advertised by the Brocade device When LLDP is enabled on a global basis, the Brocade device will automatically advertise the following information, except for the features noted: General system information: • • • • • Management address Port description System capabilities System description (not automatically advertised) System name 802.
LLDP and LLDP-MED If no management address is explicitly configured to be advertised, the Brocade device will use the first available IPv4 address and the first available IPv6 address (so it may advertise IPv4, IPv6 or both).
LLDP and LLDP-MED System capabilities The system capabilities TLV identifies the primary functions of the device and indicates whether these primary functions are enabled.
802.1 capabilities System name The system name is the system administratively assigned name, taken from the sysName MIB object in MIB-II. The sysName MIB object corresponds to the name defined with the CLI command hostname . By default, the system name is automatically advertised when LLDP is enabled on a global basis. To disable this advertisement, enter a command such as the following.
802.3 capabilities Syntax: [no] lldp advertise port-vlan-id ports ethernet port-list | all 802.3 capabilities Except for Power-via-MDI information, the Brocade device will advertise the following 802.
LLDP and LLDP-MED The MAC/PHY configuration advertisement will appear similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info ). + 802.
LLDP-MED configuration The power-via-MDI advertisement will appear similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info ). + 802.3 Power via MDI: PSE port, power enabled, class 0 Power Pair : A (not controllable) Syntax:[no] lldp advertise power-via-mdi ports ethernet port-list | all LLDP-MED configuration This section provides the details for configuring LLDP-MED.
Enabling SNMP notifications and Syslog messagesfor LLDP-MED topology changes Enabling SNMP notifications and Syslog messagesfor LLDP-MED topology changes SNMP notifications and Syslog messages for LLDP-MED provide management applications with information related to topology changes. For example, SNMP notifications can alert the system whenever a remote Endpoint device is connected to or removed from a local port.
Defining a location id Defining a location id The LLDP-MED Location Identification extension enables the Brocade device to set the physical location that an attached Class III Endpoint will use for location-based applications. This feature is important for applications such as IP telephony, for example, where emergency responders need to quickly determine the physical location of a user in North America that has just dialed 911.
Configuring civic address location resolution bits specifies the precision of the value given for altitude. A smaller value increases the area within which the device is located. For meters resolution, enter a value from 0 to 30. Datum is the map used as the basis for calculating the location.
LLDP and LLDP-MED CA elem 3 "Santa Clara" elem 6 "4980 Great America Pkwy" elem 24 95054 elem 27 5 elem 28 551 elem 29 office elem 23 "John Doe" Syntax: [no] lldp med location-id civic-address refers-to elem country country code elem CA type value [ elem CA type value ] [ elem CA type value ] .... refers-to elem describes the location that the entry refers to.
LLDP and LLDP-MED TABLE 23 Elements used with civic address (Continued) Civic Address Description (CA) type Acceptable values / examples 2 Examples: County, parish, gun (JP), or district (IN) Canada - County Germany - County Japan - City or rural area Korea - County United States - County 3 City, township, or shi (JP) Examples: Canada - City or town Germany - City Japan - Ward or village Korea - City or village United States - City or town 4 City division, borough, city district, ward, or chou (J
LLDP and LLDP-MED TABLE 23 Elements used with civic address (Continued) Civic Address Description (CA) type Acceptable values / examples 17 Trailing street suffix N (north), E (east), S (south), W (west), NE, NW, SE, SW 18 Street suffix Acceptable values for the United States are listed in the United States Postal Service Publication 28 [18], Appendix C. Example: Ave, Place 19 House number The house number (street address) Example: 1234 20 House number suffix A modifier to the house number.
LLDP and LLDP-MED TABLE 23 Elements used with civic address (Continued) Civic Address Description (CA) type Acceptable values / examples 29 The type of place described by the civic coordinates. For example, a home, office, street, or other public space. Placetype Example: Office 30 Postal community name When the postal community name is defined, the civic community name (typically CA type 3) is replaced by this value. Example: Alviso 31 Post office box (P.O. box) When a P.O.
Configuring emergency call service Configuring emergency call service The Emergency Call Service (ECS) location is used specifically for Emergency Call Services applications. When you configure a media Endpoint location using the emergency call services location, you specify the Emergency Location Identification Number (ELIN) from the North America Numbering Plan format, supplied to the Public Safety Answering Point (PSAP) for ECS purposes.
LLDP-MED network policy configuration syntax LLDP-MED network policy configuration syntax The CLI syntax for defining an LLDP-MED network policy differs for tagged, untagged, and priority tagged traffic. Refer to the appropriate syntax, below.
LLDP-MED attributes advertised by the Brocade device LLDP-MED attributes advertised by the Brocade device LLDP-MED attributes are only advertised on a port if LLDP-MED is enabled (which is done by enabling the LLDP-MED capabilities TLV), the port operating mode is receive and transmit (the default), and the port has received an LLDP-MED advertisement from an Endpoint.
LLDP and LLDP-MED enables an Endpoint to communicate a more precise required power level, thereby enabling the device to allocate less power to the Endpoint, while making more power available to other ports. The LLDP-MED Power-via-MDI TLV advertises an Endpoint IEEE 802.
Displaying LLDP statistics and configuration settings For a PSE (Network Connectivity device), the power level represents the amount of power that is available on the port at the time. If the PSE is operating in reduced power (i.e., it is using backup power), the reduced power capacity is advertised as long as the condition persists. By default, LLDP-MED power-via-MDI information is automatically advertised when LLDP-MED is enabled, the port is a POE port, and POE is enabled on the port.
Displaying LLDP statistics Field Description LLDP transmit interval The number of seconds between regular LLDP packet transmissions. LLDP transmit hold multiplier The multiplier used to compute the actual time-to-live (TTL) value of an LLDP advertisement. The TTL value is the transmit interval multiplied by the transmit hold multiplier. LLDP transmit delay The number of seconds the LLDP agent will wait after transmitting an LLDP frame and before transmitting another LLDP frame.
LLDP and LLDP-MED NOTE You can reset LLDP statistics using the CLI command clear LLDP statistics . Refer to Resetting LLDP statistics on page 205. The following table describes the information displayed by the show lldp statistics command. Field Description Last neighbor change time The elapsed time (in hours, minutes, and seconds) since a neighbor last advertised information. For example, the elapsed time since a neighbor was last added, deleted, or its advertised information changed.
Displaying LLDP neighbors Displaying LLDP neighbors The show lldp neighbors command displays a list of the current LLDP neighbors per port. The following shows an example report. device#show lldp neighbors Lcl Port Chassis ID Port ID 1 0000.0034.0fc0 0000.0034.0fc0 1 0000.0001.4000 0000.0001.4000 3 0000.0011.0200 0000.0011.0203 4 0000.0011.0200 0000.0011.0202 4 0000.0011.0200 0000.0011.0210 15 0000.0011.0200 0000.0011.020f 16 0000.0011.0200 0000.0011.020e 17 0000.0011.0200 0000.0011.0211 18 0000.0011.
Displaying LLDP configuration details NOTE The show lldp neighbors detail output will vary depending on the data received. Also, values that are not recognized or do not have a recognizable format, may be displayed in hexadecimal binary form. device#show lldp neighbors detail ports e 1/9 Local port: 1/9 Neighbor: 0000.0018.cc03, TTL 101 seconds + Chassis ID (network address): 10.43.39.151 + Port ID (MAC address): 0000.0018.
LLDP and LLDP-MED NOTE The show lldp local-info output will vary based on LLDP configuration settings. The following shows an example report. device#show lldp local-info ports e 20 Local port: 20 + Chassis ID (MAC address): 0000.0033.e2c0 + Port ID (MAC address): 0000.0033.e2d3 + Time to live: 40 seconds + System name: "FCX624SHPOE-ADV Router" + Port description: "GigabitEthernet20" + System description : "Brocade Communications, Inc. FCX_ADV_ROUTER_SOFT_PACKAGE, IronWare Version 07.3.
Resetting LLDP statistics CA Value : "John Doe" + MED Location ID Data Format: ECS ELIN Value : "1234567890" + MED Extended Power via MDI Power Type : PSE device Power Source : Unknown Power Source Power Priority : Low (3) Power Value : 6.5 watts (PSE equivalent: 7005 mWatts) + Port VLAN ID: 99 + Management address (IPv4): 10.1.1.121 + VLAN name (VLAN 99): "Voice-VLAN-99" NOTE The contents of the show output will vary depending on which TLVs are configured to be advertised.
Clearing cached LLDP neighbor information 206 FastIron Ethernet Switch Administration Guide 53-1003075-02
Hardware Component Monitoring ● Supported hardware monitoring features......................................................................207 ● Traffic Limitations in Mixed Environments.....................................................................207 ● Virtual cable testing.......................................................................................................208 ● Digital optical monitoring..............................................................................................
Virtual cable testing TABLE 25 SX Hardware Generations (Continued) First Second Third SX-FI424C SX-FI624C SX-FI-24GPP SX-FI424P SX-FI624HF SX-FI424F SX-FI624P SX-FI424HF SX-FI62XG SX-FI42XG Throughput is 100 percent when only SX third-generation modules are used. Virtual cable testing FastIron devices support Virtual Cable Test (VCT) technology.
Viewing the results of the cable analysis Viewing the results of the cable analysis To display the results of the cable analysis, enter a command such as the following at the Privileged EXEC level of the CLI.
Hardware Component Monitoring TABLE 27 Cable statistics This line... Displays... Port The port that was tested. Speed The port current line speed. Local pair The local link name. Refer to the previous local pair definition table. Pair Length The cable length when terminated, or the distance to the point of fault when the line is not up. Remote pair The remote link name. Pair status The status of the link. This field displays one of the following: • Terminated: The link is up.
Digital optical monitoring TABLE 28 Supported fiber optic transceivers (Continued) Label Type Brocade part number Supports Digital Optical Monitoring? 10G-XFP-ZR 10GBase-ZR XFP, 80 km 33014-000 Yes 10G-XFP-ZRD 10GBase-ZRD XFP, 80 km 33063-000 to 33107-000 Yes 10G-SFPP-SR 10GE SR SFP+ 57-0000075-01 Yes 10G-SFPP-LR 10GE LR SFP+ 57-0000076-01 Yes 10G-SFPP-TWX-0101 FCoE 1M Active Cable 58-1000026-01 No 10G-SFPP-TWX-0301 FCoE 3M Active Cable 58-1000027-01 No 10G-SFPP-TWX-0501 FCoE 5M Ac
Enabling digital optical monitoring NOTE A Brocade ICX 6650 device allows all ports to support Digital Optical Monitoring (DOM). Enabling digital optical monitoring To enable optical monitoring on all Brocade-qualified optics installed in the device, use the following command. device(config)#optical-monitor To enable optical monitoring on a specific port, use the following command.
Hardware Component Monitoring Use the show media command to obtain information about the media devices installed in a device.
Viewing optical monitoring information Use the show media validation command to find out whether the connected optic modules are supported or not on Brocade devices. device# show media validation Port Supported Vendor Type ----------------------------------------------------------------------------1/2/1 Yes FINISAR CORP.
Hardware Component Monitoring NOTE The show optic function takes advantage of information stored and supplied by the manufacturer of the XFP, SFP, or SFP+ transceiver. This information is an optional feature of the Multi-Source Agreement standard defining the optical interface. Not all component suppliers have implemented this feature set.
Viewing optical transceiver thresholds Viewing optical transceiver thresholds The thresholds that determine the alarm status values for an optical transceiver are set by the manufacturer of the XFP, SFP, or SFP+. To view the thresholds for a qualified optical transceiver in a particular port, use the show optic threshold command as shown below.
Syslog ● Supported Syslog features............................................................................................217 ● About Syslog messages................................................................................................218 ● Displaying Syslog messages........................................................................................ 218 ● Syslog service configuration.........................................................................................
About Syslog messages This chapter describes how to display Syslog messages and how to configure the Syslog facility, and lists the Syslog messages that Brocade devices can display during standard operation. About Syslog messages Brocade software can write syslog messages to provide information at the following severity levels: • • • • • • • • Emergencies Alerts Critical Errors Warnings Notifications Informational Debugging The device writes the messages to a local buffer.
Enabling real-time display of Syslog messages Dynamic Log Buffer (50 entries): Dec 15 18:46:17:I:Interface ethernet 4, state up Dec 15 18:45:21:I:Bridge topology change, vlan 4095, interface 4, changed state to forwarding Dec 15 18:45:15:I:Warm start For information about the Syslog configuration information, time stamps, and dynamic and static buffers, refer to Displaying the Syslog configuration on page 220.
Syslog service configuration Syslog service configuration The procedures in this section describe how to perform the following Syslog configuration tasks: • Specify a Syslog server. You can configure the Brocade device to use up to six Syslog servers. (Use of a Syslog server is optional. The system can hold up to 1000 Syslog messages in an internal buffer.) • Change the level of messages the system logs. • Change the number of messages the local Syslog buffer can hold. • Display the Syslog configuration.
Static and dynamic buffers TABLE 31 CLI display of Syslog buffer configuration (Continued) Field Definition overruns The number of times the dynamic log buffer has filled up and been cleared to hold new entries. For example, if the buffer is set for 100 entries, the 101st entry causes an overrun. After that, the 201st entry causes a second overrun. level The message levels that are enabled. Each letter represents a message type and is identified by the key (level code) below the value.
Time stamps Syntax: clear logging [ dynamic-buffer | static-buffer ] You can specify dynamic-buffer to clear the dynamic buffer or static-buffer to clear the static buffer. If you do not specify a buffer, both buffers are cleared. Time stamps The contents of the time stamp differ depending on whether you have set the time and date on the onboard system clock: • If you have set the time and date on the onboard system clock, the date and time are shown in the following format.
Disabling or re-enabling Syslog Example of Syslog messages on a device wih the onboard clock not set The example shows the format of messages on a device where the onboard system clock is not set. Each time stamp shows the amount of time the device had been running when the message was generated. For example, the most recent message, at the top of the list of messages, was generated when the device had been running for 21 days, seven hours, two minutes, and 40 seconds.
Disabling logging of a message level Disabling logging of a message level To change the message level, disable logging of specific message levels. You must disable the message levels on an individual basis. For example, to disable logging of debugging and informational messages, enter the following commands.
Displaying interface names in Syslog messages NOTE You can specify only one facility. If you configure the Brocade device to use two Syslog servers, the device uses the same facility on both servers.
Displaying TCP or UDP port numbers in Syslog messages However, if ip show-portname is configured and a name has been assigned to the port, the port name replaces the interface type as in the example below, where "port5_name" is the name of the port. SYSLOG: <14>0d00h02m18s:ICX6610-48P Router System: Interface port5_name 1/1/5, state up Also, when you display the messages in the Syslog, you see the interface name under the Dynamic Log Buffer section.
Clearing the Syslog messages from the local buffer Syntax: [no] logging persistence Enter no logging persistence to disable this feature after it has been enabled. Clearing the Syslog messages from the local buffer To clear the Syslog messages stored in the local buffer of the Brocade device, enter the clear logging command. device#clear logging Syntax: clear logging Syslog messages for hardware errors NOTE This feature is supported on FastIron X Series devices only.
Syslog messages for hardware errors 228 FastIron Ethernet Switch Administration Guide 53-1003075-02
Network Monitoring ● Supported network monitoring features........................................................................ 229 ● Basic system management........................................................................................... 229 ● RMON support.............................................................................................................. 239 ● sFlow........................................................................................................................
Viewing configuration information To view the software and hardware details for the system, enter the show version command. The following shows an example output. device#show version ========================================================================== Active Management CPU [Slot-9]: SW: Version 04.3.00b17T3e3 Copyright (c) 1996-2008 Brocade Communications, Inc., Inc. Compiled on Sep 25 2008 at 04:09:20 labeled as SXR04300b17 (4031365 bytes) from Secondary sxr04300b17.bin BootROM: Version 04.0.
Viewing port statistics Viewing port statistics Port statistics are polled by default every 10 seconds. You can view statistics for ports by entering the following show commands: • show interfaces • show configuration • show statistics To display the statistics, enter a command such as the following. device#show statistics ethernet 1/3 Port Link State Dupl Speed Trunk Tag Priori MAC Name 1/3 Up Forward Half 100M None No level0 0000.0000.
Network Monitoring TABLE 32 Port statistics shown via the show statistics command (Continued) Parameter Description Name The name of the port, if you assigned a name. Statistics InOctets The total number of good octets and bad octets received. OutOctets The total number of good octets and bad octets sent. InPkts The total number of packets received. The count includes rejected and local packets that are not sent to the switching core for transmission.
Network Monitoring TABLE 32 Port statistics shown via the show statistics command (Continued) Parameter Description Collisions The total number of packets received in which a Collision event was detected. InErrors The total number of packets received that had Alignment errors or phy errors. NOTE Excessive errors for some counters usually indicate a problem.
Viewing STP statistics TABLE 32 Port statistics shown via the show statistics command (Continued) Parameter Description InBitsPerSec The number of bits received per second. OutBitsPerSec The number of bits sent per second. InPktsPerSec The number of packets received per second. OutPktsPerSec The number of packets sent per second. InUtilization The percentage of the port bandwidth used by received traffic. OutUtilization The percentage of the port bandwidth used by sent traffic.
Traffic counters configuration notes Traffic counters configuration notes Consider the following rules when configuring traffic counters for outbound traffic. • This feature is supported on FastIron X Series devices only. • This feature is supported in the Layer 2 and Layer 3 codes. • This feature applies to physical ports only, including 10 Gbps Ethernet ports and trunk ports. It does not apply to virtual interfaces.
Displaying enhanced traffic counter profiles The vlan-ID parameter identifies the VLAN ID for which outbound traffic will be counted. Enter a number from 0 - 4095 or enter all to indicate all VLANs. The priority-queue parameter identifies the 802.1p priority queue for which traffic will be counted. Enter a number from 0 - 7 or enter all to indicate all priority queues.
Viewing egress queue counters on ICX 6610 and FCX devices TABLE 33 Outbound traffic counter statistics (Continued) This line... Displays... Broadcast The number of broadcast packets transmitted. Dropped Frames Bridge Egress Filtered The number of bridged outbound packets that were filtered and dropped. This number includes the number of packets that were dropped because of any one of the following conditions: • The port was disabled or the link was down.
Viewing egress queue counters on ICX 7750 devices Relay Agent Information option: Disabled Egress queues: Queue counters Queued packets Dropped 0 0 1 0 2 1 3 0 4 0 5 0 6 0 7 215703 Packets 0 0 0 0 0 0 0 0 Syntax: show interface [ ethernet port] Specify the port variable in the format stack-unit/slotnum/portnum. TABLE 34 Egress queue statistics Parameter Description Queue counters The QoS traffic class. Queued packets The number of packets queued on the port for the given traffic class.
Clearing the egress queue counters 0 output errors, 0 collisions Relay Agent Information option: Disabled Egress queues: Queue counters 0 1 2 3 4 5 6 7 Queued packets 0 0 0 0 0 0 0 0 Dropped Packets 0 0 0 0 0 0 0 0 Clearing the egress queue counters You can clear egress queue statistics (reset them to zero), using the clear statistics and clear statistics ethernet port command. Syntax: clear statistics [ ethernet port] Specify the port variable in the format stack-unit/slotnum/portnum.
Statistics (RMON group 1) NOTE You must save the change to the startup-config file and reload or reboot. The change does not take effect until you reload or reboot.
Network Monitoring TABLE 35 Export configuration and statistics Parameter Definition Octets The total number of octets of data received on the network. This number includes octets in bad packets. This number does not include framing bits but does include Frame Check Sequence (FCS) octets. Drop events Indicates an overrun at the port. The port logic could not receive the traffic at full line rate and had to drop some packets as a result.
Network Monitoring TABLE 35 Export configuration and statistics (Continued) Parameter Definition Jabbers The total number of packets received that were longer than 1518 octets and had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). NOTE This definition of jabber is different from the definition in IEEE-802.3 section 8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2).
History (RMON group 2) History (RMON group 2) All active ports by default will generate two history control data entries per active Brocade Layer 2 Switch port or Layer 3 Switch interface. An active port is defined as one with a link up. If the link goes down the two entries are automatically deleted.
sFlow sFlow NOTE FastIron devices support sFlow version 5 by default. sFlow is a standards-based protocol that allows network traffic to be sampled at a user-defined rate for the purpose of monitoring traffic flow patterns and identifying packet transfer rates on user-specified interfaces.
Extended router information The configuration procedures for this feature are the same as for IPv4, except where the collector is a link-local address on a Layer 3 switch. For details refer to Specifying the collector on page 248.
sFlow and hardware support sFlow and hardware support • Brocade devices support sFlow packet sampling of inbound traffic only. These devices do not sample outbound packets. However, Brocade devices support byte and packet count statistics for both traffic directions. • sFlow is supported on all Ethernet ports (10/100, Gbps, and 10 Gbps) sFlow and CPU utilization Enabling sFlow may cause a slight and noticeable increase of up to 20% in CPU utilization.
sFlow and source port sFlow and source port By default, sFlow sends data to the collector out of UDP source port 8888, but you can specify a different source port. For more information, refer to Changing the sFlow source port on page 252. sFlow and sampling rate The sampling rate is the average ratio of the number of packets incoming on an sFlow enabled port, to the number of flow samples taken from those packets. sFlow sampling can affect performance in some configurations.
Specifying the collector NOTE If you change the router ID or other IP address value that sFlow uses for its agent_address, you need to disable and then re-enable sFlow to cause the feature to use the new source address. Specifying the collector sFlow exports traffic statistics to an external collector. You can specify up to four collectors. You can specify more than one collector with the same IP address if the UDP port numbers are unique.
Changing the sampling rate the counter data to smooth performance. For example, if sFlow is enabled on two ports and the polling interval is 20 seconds, the Brocade device sends counter data every ten seconds. The counter data for one of the ports are sent after ten seconds, and counter data for the other port are sent after an additional ten seconds. Ten seconds later, new counter data for the first port are sent.
Network Monitoring Module rate While different ports on a module may be configured to have different sampling rates, the hardware for the module will be programmed to take samples at a single rate (the module sampling rate). The module sampling rate will be the highest sampling rate (i.e. lowest number) configured for any of the ports on the module.
Network Monitoring • 134217728 • 536870912 • 2147483648 For example, if the configured sampling rate is 1000, then the actual rate is 2048 and 1 in 2048 packets are sampled by the hardware. Changing the sampling rate of a module You cannot change a module sampling rate directly. You can change a module sampling rate only by changing the sampling rate of a port on that module.
Changing the sFlow source port NOTE Configuring a sampling rate on only the port that is the primary port of a trunk automatically applies that same sampling rate to all ports in the trunk. Changing the sFlow source port By default, sFlow sends data to the collector using UDP source port 8888, but you can change the source UDP port to any port number in the range 1025-65535.
sFlow version 5 feature configuration You can now enable sFlow forwarding on individual ports as described in the next two sections. Syntax: [no] sflow enable Enabling sFlow forwarding on individual interfaces To enable sFlow forwarding enter commands such as the following. device(config)#sflow enable device(config)#interface ethernet 1/1 to 1/8 device(config-mif-1/1-1/8)#sflow forwarding These commands globally enable sFlow, then enable sFlow forwarding on Ethernet ports 1/1 - 1/8.
Egress interface ID for sampled broadcast and multicast packets Egress interface ID for sampled broadcast and multicast packets For broadcast and multicast traffic, the egress interface ID for sampled traffic is always 0x80000000. When broadcast and multicast packets are sampled, they are usually forwarded to more than one port. However, the output port field in an sFlow datagram supports the display of one egress interface ID only.
Specifying the maximum flow sample size Specifying the maximum flow sample size With sFlow version 5, you can specify the maximum size of the flow sample sent to the sFlow collector. If a packet is larger than the specified maximum size, then only the contents of the packet up to the specified maximum number of bytes is exported. If the size of the packet is smaller than the specified maximum, then the entire packet is exported.
Displaying sFlow information Enabling the sFlow agent to export CPU-directed data To enable the sFlow agent on a Brocade device to export data destined to the CPU to the sFlow collector, enter the following command. device(config)# sflow export cpu-traffic Syntax: [no] sflow export cpu-traffic By default, this feature is disabled. The sFlow agent does not send data destined to the CPU to the sFlow collector.
Network Monitoring Port 5/19, configured rate=512, actual rate=512, Subsampling factor=1 Port 5/18, configured rate=512, actual rate=512, Subsampling factor=1 Port 5/17, configured rate=1500, actual rate=2048, Subsampling factor=4 Port 5/16, configured rate=1500, actual rate=2048, Subsampling factor=4 Port 5/15, configured rate=1500, actual rate=2048, Subsampling factor=4 Port 5/14, configured rate=1500, actual rate=2048, Subsampling factor=4 Port 5/13, configured rate=512, actual rate=512, Subsampling fac
Network Monitoring TABLE 36 sFlow information (Continued) Parameter Definition Configured default sampling rate The configured global sampling rate. If you changed the global sampling rate, the value you entered is shown here. The actual rate calculated by the software based on the value you entered is listed on the next line, "Actual default sampling rate". Actual default sampling rate The actual default sampling rate.
Clearing sFlow statistics Clearing sFlow statistics To clear the UDP packet and sFlow sample counters in the show sflow display, enter the following command. device#clear statistics Syntax: clear statistics This command clears the values in the following fields of the show sflow display: • UDP packets exported • sFlow samples collected NOTE This command also clears the statistics counters used by other features.
Displaying utilization percentages for an uplink The num parameter specifies the list number. You can configure up to four lists. Specify a number from 1 - 4. The uplink ethernet parameters and the port numbers you specify after the parameters indicate the uplink ports. The downlink ethernet parameters and the port numbers you specify after the parameters indicate the downlink ports.
Power over Ethernet ● Supported PoE features................................................................................................261 ● Power over Ethernet overview...................................................................................... 262 ● Enabling and disabling Power over Ethernet................................................................ 272 ● Disabling support for PoE legacy power-consuming devices.......................................
Power over Ethernet overview Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800 FSX 1600 ICX 7750 PoE firmware version update 08.0.01 08.0.01 08.0.01 08.0.01 No 08.0.01 No PoE firmware download over SCP 08.0.01 08.0.01 08.0.01 08.0.01 No No No PoE support on LAGs 08.0.01 08.0.01 08.0.01 08.0.01 No 08.0.
PoE endspan method • Endspan - Power is supplied through the Ethernet ports on a power sourcing device. With the Endspan solution, power can be carried over the two data pairs (Alternative A) or the two spare pairs (Alternative B). • Midspan - Power is supplied by an intermediate power sourcing device placed between the switch and the PD. With the Midspan solution, power is carried over the two spare pairs (Alternative B). With both methods, power is transferred over four conductors, between the two pairs.
PoE autodiscovery The Midspan method is illustrated in the figure below. FIGURE 10 PoE Midspan delivery method PoE autodiscovery PoE autodiscovery is a detection mechanism that identifies whether or not an installed device is 802.3af- or 802.3at-compatible. When you plug a device into an Ethernet port that is capable of providing inline power, the autodiscovery mechanism detects whether or not the device requires power and how much power is needed.
Dynamic upgrade of PoE power supplies measuring the current consumption of the PD. Depending on the measured current, the appropriate class is assigned to the PD. PDs that do not support classification are assigned a class of 0 (zero). The table below shows the different power classes and their respective power consumption needs. TABLE 37 Power classes for PDs Class Usage Power (watts) from Power Sourcing Device Standard PoE PoE+ 0 default 15.4 15.
Voltage selection during bootup For safety reasons, all PoE power supplies installed in the chassis must operate at the same voltage mode, either 52 volts or 54 volts. The system will select the voltage mode of the power supply with the lowest supported voltage as the voltage mode for all PoE power supplies installed in the chassis.
Voltage selection when a PoE power supply is removed • If a 54 volt-capable power supply is installed in a chassis that is operating with 52 volt-capable power supplies, the newly installed power supply will be set to operate at 52 volts. • If a 54 volt-capable power supply is installed in a chassis that is operating with 54 volt-capable power supplies, the newly installed power supply will be set to operate at 54 volts.
VoIP VoIP Voice over IP (VoIP) is the convergence of traditional telephony networks with data networks, utilizing the existing data network infrastructure as the transport system for both services. Traditionally, voice is transported on a network that uses circuit-switching technology, whereas data networks are built on packet-switching technology.
FCX and ICX platforms Filename refers to the name of the file, including the pathname. FCX and ICX platforms To install PoE firmware on FCX and ICX platforms, enter a command such as the following. device#inline power install-firmware stack-unit 1 fcx_poeplus_07400.fw tftp 10.120.54.161 Syntax: inline power install-firmware [stack-unit |unit-number] tftp ip-address filename Stack-unit refers to the unit-id of the switch.
Power over Ethernet Sending PoE Firmware to Stack Unit 3. Flash Memory Write (8192 bytes per dot) ................... PoE: Power disabled on port 3/1/1 because of power management. PoE: Power disabled on port 3/1/2 because of power management. PoE: Power disabled on port 3/1/3 because of power management. PoE: Power disabled on port 3/1/4 because of power management. PoE: Power disabled on port 3/1/5 because of power management. PoE: Power disabled on port 3/1/6 because of power management.
Upgrading the PoE firmware file using SCP U3-MSG: PoE Info: Resetting module in slot 1....completed.<======================================resetting twice=========== 3. After downloading the firmware into the controller, the controller resets and reboot with the new PoE firmware, You should see output similar to the following. [MEMBER]local-3@ICX6450-24P Router>Download request from active unit 1 mac = 748e.f8dc.b39c Downloading - poe.fw Done. PoE Info: Resetting in slot 1....
PoE and CPU utilization PoE Info: FW Download on slot 1...erase command...accepted. PoE Info: FW Download on slot 1...erasing firmware memory... PoE Info: FW Download on slot 1...erasing firmware memory...completed PoE Info: FW Download on slot 1...sending program command... PoE Info: FW Download on slot 1...sending program command...accepted. PoE Info: FW Download on slot 1...programming firmware...takes around 6 minutes.... Brocade(config)#U1-MSG: PoE Info: Firmware Download on slot 1.....
Disabling support for PoE legacy power-consuming devices NOTE Inline power should not be configured between two switches as it may cause unexpected behavior. NOTE FastIron PoE and PoE+ devices can automatically detect whether or not a power consuming device is 802.3af- or 802.3at-compliant. Disabling support for PoE legacy power-consuming devices Brocade PoE devices automatically support most legacy power consuming devices (devices not compliant with 802.3af 802.3at), as well as all 802.3af- and 802.
Enabling the detection of PoE power requirementsadvertised through CDP Enabling the detection of PoE power requirementsadvertised through CDP Many power consuming devices, such as Cisco VoIP phones and other vendors’ devices, use the Cisco Discovery Protocol (CDP) to advertise their power requirements to power sourcing devices, such as Brocade PoE devices.
Configuring power levels command syntax configure either a maximum power level or a power class. You cannot configure both. You can, however, configure a maximum power level on one port and a power class on another port. • The Brocade PoE or PoE+ device will adjust the power on a port only if there are available power resources. If power resources are not available, the following message will display on the console and in the Syslog: PoE: Failed power allocation of 30000 mwatts on port 1/1/21.
Setting the power class command syntax TABLE 39 Power classes for PDs (Continued) Class Usage Power (watts) from Power Sourcing Device Standard PoE PoE+ 1 optional 4 4 2 optional 7 7 3 optional 15.4 15.4 4 optional 15.4 30 Consider the following points when setting the power class for a PoE power-consuming device. • The power class sets the maximum power level for a power consuming device.
Setting the power budget for a PoE interface module NOTE Do not configure a class value of 4 on a PoE+ port on which a standard PoE PD is connected. Standard PoE PDs support a maximum of 15.4 watts. Setting the power class value to 4 (30 watts) could damage the PD. For information about resetting the power class, refer to Resetting PoE parameters on page 278. Setting the power budget for a PoE interface module By default, each PoE and PoE+ interface module has a maximum power budget of 65535 watts.
Command syntax for setting the inline power priority for a PoE port comes online and the port is configured with a high priority, if necessary (if power is already fully allocated to power consuming devices), the FastIron PoE device will remove power from a PoE port or ports that have a lower priority and allocate the power to the PoE port that has the higher value.
Displaying Power over Ethernet information To change a PoE port power priority from high to low (the default value) and keep the current maximum configured power level of 3000, enter commands such as the following.
Power over Ethernet 4/15 On On 8075 9500 802.3af n/a 3 n/a 4/16 On On 4131 9500 802.3af Class 1 3 n/a 4/17 On On 2347 9500 802.3af n/a 3 n/a 4/18 On Off 0 9500 n/a n/a 3 n/a 4/19 On On 5352 9500 Legacy n/a 3 n/a 4/20 On On 7981 9500 802.3af n/a 3 n/a 4/21 On On 12958 13000 802.3af Class 3 3 n/a 4/22 On On 12958 13000 802.3af Class 3 3 n/a 4/23 On On 13052 13000 802.3af Class 3 3 n/a 4/24 On On 12864 13000 802.
Power over Ethernet TABLE 40 Field definitions for the show inline power command (Continued) Column Definition PD Type The type of PD connected to the port. This value can be one of the following: • 802.3at - The PD connected to this port is 802.3at-compliant.802.3af - The PD connected to this port is 802.3af-compliant. • Legacy - The PD connected to this port is a legacy product (not 802.3af-compliant).
Displaying PoE data specific to PD ports TABLE 40 Field definitions for the show inline power command (Continued) Column Definition Fault/Error If applicable, this is the fault or error that occurred on the port. This value can be one of the following: • critical temperature - The PoE chip temperature limit rose above the safe operating level, thereby powering down the port.
Power over Ethernet • Total PD power available to PSE • Total PD power switched to PSE In the absence of valid PSU power, the total PD power switched is equal to that available to PSE, as shown in this example: device#show inline power pd Number of PD Ports: 2 Total PD Power Available to PSE: 22400 Total PD Power Switched to PSE: 22400 Port Oper Oper Fault/ State Mode Error -------------------------------1/2/1 On 802.3at n/a 1/2/2 On 802.
Displaying detailed information about PoE power supplies TABLE 41 Field definitions for the show inline power pd command (Continued) Column Definition Total PD Power Switched to PSE Total PD power switched to PSE. It is either 0 or the total available power. Port The port number of the PD port. Oper State The operational state of the PD port. This value can be one of the following: Oper Mode Fault/Error • On - The PD port is linked to the a PSE port and is consuming power.
Power over Ethernet ++++++++++++++++++ Power Supply Data: ++++++++++++++++++ Power Supply #1: Max Curr: 7.5 Amps Voltage: 54.0 Volts Capacity: 410 Watts POE Details Info. On Stack 2 : General PoE Data: +++++++++++++++++ Firmware Version -------02.1.0 ... continued on next page... Slot #Ports #Ports #Ports Power Power Power Pri: 1 Pri: 2 Pri: 3 Consumption Allocation Budget -----------------------------------------------------------------3 0 0 48 513.468 W 739.200 W 65535.0 W 4 0 0 48 1349.320 W 1440.
Power over Ethernet PoE Capacity: 2260 Watts Consumption: 2095 Watts General PoE Data: +++++++++++++++++ Slot Firmware Version -------------3 Device 1: 02.1.0 Device 2: 02.1.0 4 Device 1: 02.1.0 Device 2: 02.1.0 6 02.1.0 7 Device 1: 02.1.0 Device 2: 02.1.0 8 02.1.
Power over Ethernet TABLE 42 Field definitions for the show inline power detail command (Continued) Column Definition H/W Status The PoE power supply hardware status code. This field is used by Brocade Technical Support for troubleshooting. Max Curr The PoE power supply maximum current capacity. Voltage The PoE power supply current input voltage. Capacity The PoE power supply total power capacity (in watts). PoE Capacity The PoE power supply PoE power capacity (in watts).
Inline power on PoE LAG ports TABLE 42 Field definitions for the show inline power detail command (Continued) Column Definition #Ports Off-Denied The number of ports on the Interface module that were denied power because of insufficient power. #Ports Off-No-PD The number of ports on the Interface module to which no PDs are connected. #Ports Off-Fault The number of ports on the Interface module that are not receiving power because of a subscription overload.
Configuring inline power on PoE ports in a LAG You can configure inline power in interface configuration mode on a port that is not a member of a LAG. However, if that port then becomes part of a LAG, you can use the inline power ethernet command to configure inline power parameters on any other port in that LAG. LAG operational changes can affect the PoE power state unless the decouple-datalink keyword is used as a command option when configuring inline power on the LAG ports.
Decouple PoE and datalink operations on PoE ports 6. Configure inline power on a secondary port with the default option. Device(config)# inline power ethernet 1/1/2 Configures inline power on port 1/1/2 with the default option. 7. Configure inline power on a secondary port with the power management option. Device(config)# inline power ethernet 1/1/3 priority 2 Configures inline power on port 1/1/3 with power management option 2. The range is 1 (lowest) to 3 (highest). The default is 1. 8.
Decoupling of PoE and datalink operations on PoE LAG ports Decoupling of PoE and datalink operations on PoE LAG ports Decouples PoE and datalink operations on PoE ports. Perform the following steps to decouple the behavior of the Power over Ethernet (PoE) and the datalink operations for PoE Link Aggregation Group (LAG) ports. This task provides a method of overriding the current default behavior of datalink operations that affect the operation of PoE ports.
Decoupling of PoE and datalink operations on regular PoE ports Decoupling of PoE and datalink operations on regular PoE ports Decouples PoE and datalink operations on regular PoE ports. While PoE and datalink operations are functionally independent of each other, some datalink operations affect the operational behavior of PoE ports.
Power over Ethernet 7. Enables interface configuration for Ethernet 1/1/4 port. Device(config-if-e1000-1/1/3)# interface ethernet 1/1/4 Interface configuration mode is entered for Ethernet 1/1/4. 8. Configure inline power on Ethernet 1/1/4 port, specifying the actual power value.
Decoupling of PoE and datalink operations on regular PoE ports 294 FastIron Ethernet Switch Administration Guide 53-1003075-02
PoE Commands ● inline power ..................................................................................................................
inline power inline power Configures inline power on PoE ports. Configures inline power on Power over Ethernet (PoE) ports in interface configuration mode and link aggregation group (LAG) secondary ports in global configuration mode.
PoE Commands WARNING If you want to keep decoupling in place on a PoE port when you configure the inline power ethernet command to change its other parameters, for example, priority, you must also configure the decoupledatalink keyword. WARNING If you downgrade to a release earlier than 08.0.01, that release will not honor inline power commands using the decouple-datalink keyword and any inline power commands in the startup config will not be effective.
PoE Commands History 298 Release Command History 08.0.01 This command was modified to run in global configuration mode using the ethernet keyword. The decouple-datalink keyword was also introduced.
System Monitoring ● Supported system monitoring features......................................................................... 299 ● Overview of system monitoring..................................................................................... 299 ● Configure system monitoring........................................................................................ 300 ● System monitoring on FCX and ICX devices................................................................
Configuration notes and feature limitations Sysmon starts the timer based on the specified timer setting, with the default value as three minutes. After the interval specified by the timer, the utility checks the hardware error registers. If the sysmon utility detects an error in a hardware error register, it increments the relevant error count by 1. Otherwise, it restarts the timer and waits for the given interval.
disable system-monitoring all disable system-monitoring all Disables system monitoring at the global level for all types. Syntax disable system-monitoring all Modes Privileged EXEC mode. Usage Guidelines Examples Disabling sysmon at the global level disables any individually configured and enabled sysmon tasks as well. However, any sysmon configuration that is made, including global and event-specific configuration are retained.
sysmon log-backoff sysmon log-backoff Defines the number of times to skip logging an event before logging again at the global level. The no form of this command resets the parameter to default value. Syntax sysmon log-backoff number no sysmon log-backoff Parameters number Specifies the number of times to skip an event logging before logging again. Modes Usage Guidelines Global configuration mode.
System monitoring on FCX and ICX devices Examples The following example sets the threshold to 3 events over 7 consecutive polling periods: Brocade(config)# sysmon threshold 3 7 System monitoring on FCX and ICX devices On FCX and ICX devices, system monitoring monitors the following errors: • ECC errors. • Link errors. These errors are monitored on a stack unit basis.
sysmon link-error none The error is logged in the internal sysmon logs. This is the default value. syslog The error is logged to syslog. Modes Usage Guidelines Examples Global configuration mode. This command is supported only on FCX and ICX devices.
System monitoring for Fabric Adapters The error is logged to syslog. Modes Usage Guidelines Examples Global configuration mode. This command is supported only on FCX and ICX devices.
sysmon fa link polling-interval Specifies the number of polling windows. The device polls the internal registers at the interval specified by the sysmon timer value. Valid values 1-32. However, the polling window number must be equal or greater than the number of events. log-backoff If an error condition persists, it will be continuously logged (internally and/or externally to syslog as defined by the action). The log back-off count skips configured number of logs before logging again.
System monitoring for Cross Bar Specifies the number of polling windows. The device polls the internal registers at the interval specified by the sysmon timer value. Valid values 1-32. However, the polling window number must be equal or greater than the number of events. log-backoff If an error condition persists, it will be continuously logged (internally and/or externally). The log back-off count skips configured number of logs before logging again.
sysmon xbar error-count sysmon xbar error-count Configures system monitoring for cross bar errors. The no form of this command resets the parameters to default values. Syntax sysmon xbar error-count { threshold events polling-interval | log-backoff value | action { none | syslog } } no sysmon xbar error-count Parameters threshold Defines the failure threshold for the cross bar error-count event.
sysmon xbar link sysmon xbar link Configures the sysmon parameters for the crossbar link. The no form of this command resets the parameters to default values. Syntax sysmon xbar link { threshold events polling-interval | log-backoff value | action { none | syslog } } no sysmon xbar link Parameters threshold Defines the failure threshold for the fabric adapter error-count event. The threshold is defined as N/W, where N is the number of events, and W is the number of consecutive polling periods.
System monitoring for Packet Processors System monitoring for Packet Processors On FSX devices, errors typically detected in packet processors include: • • • • • • • • • • • • • • Parity errors Error Checking Code (ECC) errors ConfigTable0 errors TCAM error TCAM action parity errors Token bucket priority parity errors State variable parity errors Link list RAM ECC errors FBUF RAM ECC errors Egress VLAN parity errors Ingress VLAN parity errors Layer 2 port isolation parity errors Layer 3 port isolation par
clear sysmon counters Specifies the action to take when the error count exceeds the specified threshold and log back-off values. none No action is taken. This is the default action. syslog The error is logged to syslog. Modes Usage Guidelines Global configuration mode. This is a global configuration for all packet processors-- you cannot configure sysmon parameters for individual packet processors.
show sysmon logs xbar Clears cross bar sysmon counters for cross bar. You can specify all or a cross bar identified by the index. error Clears the cross bar sysmon error counters. You can specify all or a cross bar identified by the index. link Clears the cross bar sysmon counters for links. You can specify all or a cross bar identified by the index. ecc-error Clears the ECC error count on FCX and ICX devices. This option is not supported on FSX devices.
show sysmon counters Examples The following example displays the syslog entries that were made by sysmon if the action specified either at the global level or type level was to log the events to syslog. If the action specified was none , no syslog entries exist. Brocade(config)# show sysmon logs Aug 3 03:59:22:C:Sysmon:XBAR LINK: SFM1/XBAR1/FPORT0 -- NO SYNC Aug 3 03:59:22:C:Sysmon:FA Link: SLOT9/FA16/Link0 -- HG.
System Monitoring Specifies the stack unit on which errors to be displayed. all Displays errors for all stack units. link-error Displays the link error count on FCX and ICX devices. This option is not supported on FSX devices. stack-unit Specifies the stack unit on which errors to be displayed. all Displays errors for all stack units. Modes Privileged EXEC mode. Global configuration mode.
System Monitoring The following example shows the crossbar errors for the switch fabric module 0. Brocade# show sysmon counters xbar error 0 Sysmon SFM 1 xbar 0 HG.link Rx error detected (number of times) HG.link BadLen BadHeader ReformatErr 0 0 0 0 1 0 0 0 2 0 1 0 3 0 0 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0 11 0 0 0 The following example displays the cross bar link errors for the SFM module 0. Brocade# show sysmon counters xbar link 0 Sysmon SFM 0 xbar 1 HG.
System Monitoring The following example displays all error counter data on an FCX device: Brocade(config)#show sysmon counters all Sysmon error detected on: Stacking Unit 1 (number of times) ****Stacking unit 1 (FCX) Link error detect Port 24 Link error detect = 0 remote fault detect = 0 lane error detect Port 25 Link error detect = 0 remote fault detect = 0 lane error detect Port 26 Link error detect = 0 remote fault detect = 0 lane error detect Port 27 Link error detect = 0 remote fault detect = 0 lane e
show sysmon config ECC one-time error detect = 0 ECC two-time error detect = 0 ========================== show sysmon config Displays the complete sysmon configuration, including the global configuration and the event-specific configuration. Syntax show sysmon config Modes User EXEC mode. Privileged EXEC mode. Examples The following command displays the sysmon configuration an FSX device. The global configuration is displayed first, followed by the configuration for specific events.
show sysmon system sfm show sysmon system sfm Displays the status of the switch fabric modules. Syntax Parameters show sysmon system sfm { all | number } all Displays the statistics for all SFMs on the device. number Specifies the SFM ID for which the statistics is to be displayed. Modes User EXEC mode. Privileged EXEC mode. Global configuration mode. Usage Guidelines Examples This command is supported only on FSX devices. The following command displays the statistics for all SFMs on the device.
Syslog messages ● Brocade Syslog messages............................................................................................319 This section lists all of the Syslog messages. Note that some of the messages apply only to Layer 3 switches. NOTE This chapter does not list Syslog messages that can be displayed when a debug option is enabled.
Syslog messages 320 Explanation RADIUS authentication was successful for the specified mac-address on the specified portnum ; however, the VLAN returned in the RADIUS Access-Accept message did not refer to a valid VLAN or VLAN ID on the Brocade device. This is treated as an authentication failure.
Syslog messages Message MAC Authentication failed for mac-address on portnum (RADIUS given VLAN does not match with TAGGED vlan) Explanation Multi-device port authentication failed for the mac-address on a tagged port because the packet with this MAC address as the source was tagged with a VLAN ID different from the RADIUS-supplied VLAN ID. Message Level Alert Message Management module at slot slot-num state changed from module-state to module-state .
Syslog messages device-number , Reg Offset PCI-config-registeroffse t . Explanation The module encountered a hardware configuration read error. Message Level Alert Message System: Module in slot slot-num encountered PCI config write error: Bus PCI-bus-number , Dev PCIdevice-number , Reg Offset PCI-config-registeroffset . Explanation The module encountered a hardware configuration write error.
Syslog messages Explanation The module encountered an unrecoverable hardware configuration read failure. The module will be disabled or powered down. Message Level Alert Message System: Module in slot slot-num encountered unrecoverable PCI config write failure. Module will be deleted. Explanation The module encountered an unrecoverable hardware configuration write failure. The module will be disabled or powered down.
Syslog messages Message System: Temperature is over shutdown level, system is going to be reset in num seconds Explanation The chassis temperature has risen above shutdown level. The system will be shut down in the amount of time indicated. Message Level Alert Message Temperature degrees C degrees, warning level warn-degrees C degrees, shutdown level shutdowndegrees C degrees Explanation Indicates an over temperature condition on the active module.
Syslog messages Message No of prefixes received from BGP peer ip-addr exceeds maximum prefix-limit...shutdown Explanation The Layer 3 switch has received more than the specified maximum number of prefixes from the neighbor, and the Layer 3 switch is therefore shutting down its BGP4 session with the neighbor. Message Level Error Message IPv6: IPv6 protocol disabled on the device from session-id Explanation IPv6 protocol was disabled on the device during the specified session.
Syslog messages Explanation Password of the specified user has been changed during the specified session ID or type. session-id can be console, telnet, ssh, or snmp. Message Level Informational Message device-name : Logical link on interface ethernet slot#/port# is down. Explanation The specified ports were logically brought down while singleton was configured on the port. Message Level Informational Message device-name : Logical link on interface ethernet slot#/port# is up.
Syslog messages Explanation A user has logged out of the USER EXEC mode of the CLI. The user-name is the user name. Message Level Informational Message ACL ACL id added | deleted | modified from console | telnet | ssh| snmp session Explanation A user created, modified, deleted, or applied an ACL through an SNMP, console, SSH, or Telnet session.
Syslog messages Message Level 328 • disabled • blocking • listening • learning • forwarding • unknown Informational Message Cold start Explanation The device has been powered on. Message Level Informational Message DHCP: snooping on untrusted port portnum , type number, drop Explanation The device has indicated that the DHCP client receives DHCP server reply packets on untrusted ports, and packets are dropped.
Syslog messages Message DOT1X: port portnum - MAC mac address Downloading an IP ACL, but IP ACL have no effect on a switch port Explanation The RADIUS server returned an IP ACL, but the portnum is a switch port (no IP address). Message Level Informational Message DOT1X:port portnum - MAC mac address Error could not add all MAC filters Explanation The Brocade device was unable to implement the MAC address filters returned by the RADIUS server.
Syslog messages Message DOT1X: port portnum - MAC mac address Port is already bound with MAC filter Explanation The RADIUS server returned a MAC address filter, but a MAC address filter had already been applied to the port.
Syslog messages Explanation The user connected to portnum has disconnected, causing the port to be moved back into its default VLAN, vlan-id . Message Level Informational Message DOT1X: Port portnum , AuthControlledPortStatus change: authorized Explanation The status of the interface controlled port has changed from unauthorized to authorized.
Syslog messages Message ERR_DISABLE: Link flaps on port ethernet 16 exceeded threshold; port in err-disable state Explanation The threshold for the number of times that a port link toggles from "up" to "down" and "down" to "up" has been exceeded. Message Level Informational Message Interface portnum , line protocol down Explanation The line protocol on a port has gone down. The portnum is the port number.
Syslog messages Explanation A MAC Based VLAN has been enabled on a port. Message Level Informational Message MAC Filter added | deleted | modified from console | telnet | ssh| snmp session filter id = MAC filter ID , src MAC = Source MAC address | any, dst MAC = Destination MAC address | any Explanation A user created, modified, deleted, or applied this MAC address filter through the SNMP, console, SSH, or Telnet session.
Syslog messages 334 Message Port portnum , srcip-security max-ipaddr-per-int reached.Last IP= ipaddr Explanation The address limit specified by the srcip-security max-ipaddr-perinterface command has been reached for the port. Message Level Informational Message Security: console login by username to USER | PRIVILEGE EXEC mode Explanation The specified user logged into the device console into the specified EXEC mode.
Syslog messages Explanation A user made SNMP configuration changes through the SNMP, console, SSH, or Telnet session. [ value-str ] does not appear in the message if SNMP community or engineld is specified. Message Level Informational Message SNMP Auth. failure, intruder IP: ip-addr Explanation A user has tried to open a management session with the device using an invalid SNMP community string. The ip-addr is the IP address of the host that sent the invalid community string.
Syslog messages 336 Message Level Informational Message STP: VLAN vlan id BPDU-Guard on Port port id triggered (Received BPDU), putting into errdisable state Explanation The BPDU guard feature has detected an incoming BPDU on {vlan-id, portid} Message Level Informational Message STP: VLAN vlan id Root-Protect Port port id , Consistent (Timeout) Explanation The root protect feature goes back to the consistent state.
Syslog messages Explanation A user made Syslog configuration changes to the specified Syslog server address, or enabled or disabled a Syslog operation through the SNMP, console, SSH, or Telnet session. Message Level Informational Message SYSTEM: Optic is not Brocade-qualified ( portnumber ) Explanation Brocade does not support the optical transceiver.
Syslog messages 338 Message System: Static MAC entry with MAC Address macaddress is added to the unit / slot / port to unit / slot / port on vlan-id Explanation A MAC address is added to a range of interfaces, which are members of the specified VLAN. Message Level Informational Message System: Static MAC entry with MAC Address macaddress is added to portnumber unit / slot / port on VLAN vlan-id Explanation A MAC address is added to an interface and the interface is a member of the specified VLAN.
Syslog messages Message System: Static MAC entry with MAC Address macaddress is deleted from portnumber unit / slot / port on VLANs vlan-id to vlan-id Explanation A MAC address is deleted from an interface and the interface is a member of the specified VLAN range.
Syslog messages 340 Message Warm start Explanation The system software (flash code) has been reloaded. Message Level Informational Message Stack: Stack unit unit# has been deleted to the stack system Explanation The specified unit has been deleted from the stacking system. Message Level Informational Message Stack unit unitNumber has been elected as ACTIVE unit of the stack system Explanation The specified unit in a stack has been elected as the Master unit for the stacking system.
Syslog messages Explanation The operational status of a power supply of the specified unit in a stack changed from normal to failure. Message Level Informational Message System: Stack unit unit# Power supply powersupply# is up Explanation The operational status of a power supply of the specified unit in a stack changed from failure to normal.
Syslog messages Message vlan vlan-id interface portnum Bridge TC Event (DOT1wTransition) Explanation 802.1W recognized a topology change event in the bridge. The topology change event is the forwarding action that started on a non-edge Designated port or Root port. Message Level Informational Message vlan vlan-id interface portnum STP state - state (DOT1wTransition) Explanation 802.1W changed the state of a port to a new state: forwarding, learning, blocking.
Syslog messages Explanation The port does not have a large enough CAM partition for the ACLs Message Level Notification Message ACL insufficient L4 session resource, using flow based ACL instead Explanation The device does not have enough Layer 4 session entries. To correct this condition, allocate more memory for sessions.
Syslog messages Explanation The multi-device port authentication feature was enabled on the on the specified portnum . Message Level Notification Message BGP Peer ip-addr DOWN (IDLE) Explanation Indicates that a BGP4 neighbor has gone down. The ip-addr is the IP address of the neighbor BGP4 interface with the Brocade device. Message Level Notification Message BGP Peer ip-addr UP (ESTABLISHED) Explanation Indicates that a BGP4 neighbor has come up.
Syslog messages Message DOT1X: Port port_id Mac mac_address -user user_id - RADIUS timeout for authentication Explanation The RADIUS session has timed out for this 802.1x port. Message Level Notification Message ISIS L1 ADJACENCY DOWN system-id on circuit circuit-id Explanation The Layer 3 switch adjacency with this Level-1 IS-IS has gone down. The system-i d is the system ID of the IS-IS. The circuit-id is the ID of the circuit over which the adjacency was established.
Syslog messages Message Level Notification Message Local ICMP exceeds burst-max burst packets, stopping for lockup seconds!! Explanation The number of ICMP packets exceeds the burst-max threshold set by the ip icmp burst command. The Brocade device may be the victim of a Denial of Service (DoS) attack. All ICMP packets will be dropped for the number of seconds specified by the lockup value. When the lockup period expires, the packet counter is reset and measurement is restarted.
Syslog messages Explanation The RADIUS session has timed out for the MAC address for this port. Message Level Notification Message MAC Authentication succeeded for mac-address on portnum Explanation RADIUS authentication was successful for the specified mac-address on the specified portnum . Message Level Notification Message Module was inserted to slot slot-num Explanation Indicates that a module was inserted into a chassis slot.
Syslog messages Message Level Notification Message OSPF intf authen failure, rid router-id , intf addr ip-addr , pkt src addr src-ip-addr , error type error-type , pkt type pkt-type Explanation Indicates that an OSPF interface authentication failure has occurred. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device. The src-ip-addr is the IP address of the interface from which the Brocade device received the authentication failure.
Syslog messages • bad version • area mismatch • unknown NBMA neighbor • unknown virtual neighbor • authentication type mismatch • authentication failure • network mask mismatch • hello interval mismatch • dead interval mismatch • option mismatch • unknown The packet-type can be one of the following: • hello • database description • link state request • link state update • link state ack • unknown Message Level Notification Message OSPF intf rcvd bad pkt, rid router-id ,
Syslog messages The rid ip-addr is the Brocade router ID. The intf addr ip-addr is the IP address of the Brocade interface that received the packet. The pkt size num is the number of bytes in the packet. The checksum num is the checksum value for the packet. The pkt src addr ip-addr is the IP address of the neighbor that sent the packet.
Syslog messages Message Level Notification Message OSPF intf retransmit, rid router-id, intf addr i p-addr, nbr rid nbr- router-id , pkt type is pkttype, LSA type lsa-type , LSA id lsa-id, LSA rid lsa-router-id Explanation An OSPF interface on the Brocade device has retransmitted a Link State Advertisement (LSA). The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device. The nbr-router-id is the router ID of the neighbor router.
Syslog messages Message OSPF max age LSA, rid router-id , area area-id , LSA type lsa-type , LSA id lsa-id , LSA rid lsarouter-id Explanation An LSA has reached its maximum age. The router-id is the router ID of the Brocade device. The area-id is the OSPF area. The lsa-type is the type of LSA. The lsa-id is the LSA ID. The lsa-router-id is the LSA router ID.
Syslog messages The lsa-id is the LSA ID. The lsa-router-id is the LSA router ID. Message Level Notification Message OSPF virtual intf authen failure, rid router-id , intf addr ip-addr , pkt src addr src-ip-addr , error type error-type , pkt type pkt-type Explanation Indicates that an OSPF virtual routing interface authentication failure has occurred. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device.
Syslog messages The src-ip-addr is the IP address of the interface from which the Brocade device received the error packet.
Syslog messages Message OSPF virtual intf retransmit, rid router-id , intf addr ip-addr , nbr rid nbr-router-id , pkt type is pkt-type , LSA type lsa-type , LSA id lsa-id , LSA rid lsa-router-id Explanation An OSPF interface on the Brocade device has retransmitted a Link State Advertisement (LSA). The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device. The nbr-router-id is the router ID of the neighbor router.
Syslog messages Message OSPF virtual nbr state changed, rid router-id , nbr addr ip-addr , nbr rid nbr-router-id , state ospf-state Explanation Indicates that the state of an OSPF virtual neighbor has changed. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the neighbor. The nbr-router-id is the router ID of the neighbor.
Syslog messages The portnum is the port number. The first num is the maximum burst size (maximum number of packets allowed). The second num is the number of seconds during which additional TCP packets will be blocked on the interface. NOTE This message can occur in response to an attempted TCP SYN attack.
Syslog messages The mac-addr is the MAC address of the device with the duplicate IP address. The portnum is the Brocade port that received the packet with the duplicate IP address. The address is the packet source IP address. Message Level Warning Message IGMP/MLD no hardware vidx, broadcast to the entire vlan. rated limited number Explanation IGMP or MLD snooping has run out of hardware application VLANs. There are 4096 application VLANs per device.
Syslog messages The src-tcp / udp-port is the source TCP or UDP port, if applicable, of the denied packets. The portnum indicates the port number on which the packet was denied. The mac-addr indicates the source MAC address of the denied packets. The dst-ip-addr indicates the destination IP address of the denied packets. The dst-tcp / udp-port indicates the destination TCP or UDP port number, if applicable, of the denied packets.
Syslog messages The num is the number of prefixes that matches the percentage you specified. For example, if you specified a threshold of 100 prefixes and 75 percent as the warning threshold, this message is generated if the Layer 3 switch receives a 76th prefix from the neighbor. Message Level Warning Message rip filter list list-num direction V1 | V2 denied ip-addr , num packets Explanation Indicates that a RIP route filter denied (dropped) packets. The list-num is the ID of the filter list.
OpenSSL License ● OpenSSL license.......................................................................................................... 361 OpenSSL license Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. 1. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 3.
OpenSSL License Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. 1. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 2. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 3.
