FAST NETWORK 10 USER GUIDE Segment Status FN10-12 TX RX Act Col Link AUI 1 X 2X 3X 4X 5X 6X 7X 8X 9X 13X 14X 15X 16X 17X 18X 19X 20X 21X 10X 22X 11X 23X 1 2 3 4 5 6 12X 24X 13 14 15 16 17 18 7 8 9 10 11 12 A B 2X 3X 4X 5X 6X 7X 8X 9X 10X 11X 12X Pwr NMS Port Segment Status TX RX Act Col Link X Reset Ready 19 20 21 22 23 24 Link FN10-24 AUI 1 Select Usr 1 2 3 4 5 6 7 8 9 10 11 12 A B Usr Select Reset Ready Pwr NMS Port
NOTICE Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made. The hardware, firmware, or software described in this manual is subject to change without notice.
FCC NOTICE This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules.
CABLETRON SYSTEMS, INC. PROGRAM LICENSE AGREEMENT IMPORTANT: Before utilizing this product, carefully read this License Agreement. This document is an agreement between you, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (the “Program”) contained in this package. The Program may be contained in firmware, chips or other media.
UNITED STATES GOVERNMENT RESTRICTED RIGHTS The enclosed product (a) was developed solely at private expense; (b) contains “restricted computer software” submitted with restricted rights in accordance with Section 52227-19 (a) through (d) of the Commercial Computer Software - Restricted Rights Clause and its successors, and (c) in all respects is proprietary data belonging to Cabletron and/or its suppliers.
CONTENTS CHAPTER 1 INTRODUCTION 1.1 About This Manual....................................................................... 1-1 1.2 Getting Help................................................................................. 1-2 1.3 Document Conventions ............................................................... 1-3 1.4 Related Documentation ............................................................... 1-4 1.5 Overview..................................................................................
Contents CHAPTER 3 CONFIGURING YOUR FN10 3.1 Assigning IP Addresses ...............................................................3-3 3.1.1 Displaying IP Addresses .................................................3-4 3.1.2 Deleting an IP Address....................................................3-4 3.1.3 Changing a Subnet Mask ................................................3-4 3.2 Enabling Bridging .........................................................................3-5 3.3 Disabling Bridging .......
Contents 4.5 Using LCM to Manage the FN10 ............................................... 4-15 4.5.1 Disabling a Port ............................................................ 4-15 4.5.2 Enabling a Port ............................................................. 4-16 4.5.2.1 noRIP Option................................................ 4-16 4.5.3 Changing a Subnet Mask ............................................. 4-17 4.5.4 Changing a Community Name...................................... 4-18 4.5.
Contents APPENDIX A TECHNICAL SPECIFICATIONS A.1 FN10 Specifications .................................................................... A-1 A.2 Serial Cable Pin Assignments..................................................... A-3 A.3 10BASE-T Pin Assignments ....................................................... A-3 A.4 Straight-through Wiring ............................................................... A-4 A.5 Crossover Wiring ........................................................................
CHAPTER 1 INTRODUCTION 1.1 ABOUT THIS MANUAL This manual is for system administrators responsible for configuring, monitoring, and maintaining the Fast Network 10 (FN10). You should have a familiarity with networking concepts and principles. In addition, a basic understanding of SNMP is helpful. Some FN10 configurations can only be done using an SNMP-based Network Management System (NMS). Therefore, how you configure and manage the FN10 is dependent on the NMS you use.
Chapter 1: Introduction • Chapter 5, FN10 Filters, describes FN10 filtering and provides specific examples of how filters can be used. It also provides instructions for adding, modifying, and deleting Port filters using the Local Console Manager (LCM). • Chapter 6, FN10 Diagnostics and Troubleshooting, describes the FN10 diagnostics and provides information on troubleshooting common problems.
Document Conventions 1.3 DOCUMENT CONVENTIONS The following conventions are used throughout this document: LCM commands, prompts, and information displayed by the computer appear in Courier typeface, for example: Current Number of Learned Addresses: 133 Number of Defined Filters: 4 Information that you enter appears in Courier bold typeface, for example: FN10 >status Information that you need to enter with a command is enclosed in angle brackets < >.
Chapter 1: Introduction 1.4 RELATED DOCUMENTATION The following documentation may assist the user in using this product: • Fast Network 10 MIB Reference Guide – contains enterprise MIB information. • Interconnections, Bridges and Routers, Radia Perlman, Addison Wesley © 1992. • Internetworking with TCP/IP: Principles, Protocols, and Architecture (2nd edition), Volumes I and II, Douglas Comer, Prentice Hall © 1991.
Overview .
Chapter 1: Introduction • Implements the Spanning Tree protocol (802.1d). • Configured with factory-set defaults for immediate plug-and-play capability. In addition, the FN10 offers features that can help you manage and maintain your network, such as: • Configuration and management using the Simple Network Management Protocol (SNMP) with either an in-band or out-of-band connection. • Protection against multicast storms. • Data flow control based on user-defined data packet filters.
Overview Media Access Control (MAC) sub-layer of the Data Link layer. Figure 1-3 shows the OSI Reference Model. 7 Application 6 Presentation 5 Session 4 Transport 3 Network 2 Data Link 1 Physical Figure 1-3 FN10 operates at Layer 2 OSI Reference Model Because the FN10 does not process any Network Layer information, it provides a high level of performance in terms of packet throughput.
Chapter 1: Introduction forwards the packet to the network segment associated with that destination address. However, if the packet’s source and destination address are on the same network segment, known as local traffic, the packet is automatically discarded (i.e., ignored by the FN10). For example, a file transmitted from Workstation A to Workstation C in Figure 1-4 does not need to leave LAN 1. The FN10 connected to LANs 1 and 2 sees all traffic from LAN 1, including LAN 1 local traffic.
Overview automatically reconfigured by the Spanning Tree protocol to create an alternate path to the LAN. 1.5.2 FN10 Bridge Address Table The FN10 creates and maintains a dynamic database of addresses called the Bridge Address Table. The FN10 examines every packet to determine its source address and LAN segment origin. It then compares the source address and segment information it finds to the entries in the Bridge Address Table.
Chapter 1: Introduction • A single port number of the LAN on which the address resides • The age of the entry • Various statistics counters • Any filtering restrictions added by a Network Management Station (NMS) Each static entry contains the same information as a dynamic entry, except the static entry is not aged, and can contain a range of port numbers, rather than a single port number. The FN10 stores 8,192 dynamic (learned) entries in its Bridge Address Table.
Overview Additional FN10 features, such as trunking, Fast Ethernet, and virtual workgroups allow you to optimize bandwidth and design a more efficient flow for your network traffic. 1.5.4.1 FN10 Trunking The FN10 allows multiple trunk groups with up to eight ports each to be connected between the FN10 and other network devices. This capability provides a scalable dedicated bandwidth of up to 80 Mbps.
Chapter 1: Introduction Network Management Station Servers 10BASE-T Cables FN10 Network Switch Trunk Lines FN10 10BASE-T Cables WAN Router Workgroup Hub Figure 1-6 FN10 Application #2 1.5.4.2 FN10’s Fast Ethernet Option The FN10, configured with the Fast Ethernet option, has two additional ports that provide a fast Ethernet connection of 100 Mbps.
Overview LAN segment FN10 / FE Front Panel Rear Panel 100 Mbps bandwidth (Fast Ethernet) FN10 / FE Front Panel Rear Panel LAN segment Figure 1-7 FN10 Application #3 Figure 1-8 illustrates how the FN10 can be used in a backbone network configuration using increased bandwidth of the optional Fast Ethernet configuration.
Chapter 1: Introduction 1.5.4.3 Virtual Workgroups The FN10 allows you to define ports for logical groups of associated hosts (virtual workgroups) to provide a more efficient flow of traffic across your Ethernet network. Virtual workgroups offer you the ability to limit broadcasts to logical domains within the network.
Local Console Manager Router A B FN10 A A A B Workgroup A Figure 1-10 B B Workgroup B Using the FN10 to Create Virtual Workgroups to Help Optimize Bandwidth A host from workgroup A can limit a broadcast to all hosts within workgroup A or B and prevent the broadcast from going across the network and adding to the amount of contention for the limited 10 Mbps bandwidth. As illustrated in the previous diagram, virtual workgroups allow you to associate multiple hosts and define a workgroup.
Chapter 1: Introduction The following sections describe LCM command syntax and the basic LCM commands for logging in, logging out, and getting help. • LCM commands used for configuring the FN10 are described in Chapter 3, Configuring Your FN10. • LCM commands used for monitoring and managing the FN10 are described in Chapter 4, Monitoring and Managing Your FN10. • LCM commands used for adding and deleting Port filters are described in Chapter 5, FN10 Filters.
Local Console Manager • Information that you need to enter with an LCM command is enclosed in square brackets [ ]. For example, you must enter a port number and an IP address to execute the ipaddr [PORT-NUMBER] [IP ADDRESS] command: FN10 >ipaddr 6 192.138.217.40 • Parameters that appear in all capital letters, for example bridge [PORT-RANGE], indicate that you must enter a value for that parameter.
Chapter 1: Introduction 1.6.2.1 Help Displays the menu of available commands. Help can also be displayed by typing a question mark (?). The output from the help command is displayed below.
Local Console Manager 1.6.2.3 Exit Logs you out of LCM. (The exit command is functionally equivalent to the logout command.) 1.6.2.4 Logout The logout command logs you out of LCM. (The logout command is functionally equivalent to the exit command.) 1.6.2.5 Traplog Displays the traps messages captured by the FN10. The following is an example of a traplog display: ... FN10 > traplog Trap 16 0:00:00 The unit has booted. Trap 25 0:00:00 The unit’s spanning tree maximum age has changed.
Chapter 1: Introduction Page 1-20 Fast Network 10 User Guide
CHAPTER 2 UNPACKING AND INSTALLING YOUR FN10 Carefully unpack the FN10 from the shipping carton and inspect it for possible damage. If any damage is evident, contact your supplier.
Chapter 2: Unpacking and Installing Your FN10 Segment Status FN10-12 TX RX Act Col Link AUI 1 X 3X 2X 4X 5X 6X 8X 7X 10X 9X 12X 11X Ethernet Attachment RJ45 Ethernet 10BASE-T Unit Interface (AUI) Port Crossover Ports 13X 14X 15X 16X 17X 18X 19X 20X 21X 22X 1 2 3 4 5 6 7 8 9 10 11 12 A B 23X 24X 13 14 15 16 17 18 2X 3X 4X 5X Figure 2-1 6X 7X 8X 9X 10X Pwr NMS Port 19 20 21 22 23 24 Link Segment Status TX RX Act Col Link X Reset Ready Status LEDs and Button
FN10 Panels Table 2-1 Meaning of FN10 LEDs LED Meaning Link (upper level of port LEDs) On – Indicates the link is good. Off – Indicates there is no link. Status (lower level of port LEDs) On/Blinking – Indicates you are monitoring the port for a selected segment status condition. Off – Indicates you are not monitoring the port. Segment Status TX RX Act Col Usr On – Indicates you are monitoring Transmit (TX) activity on all ports. On – Indicates you are monitoring Receive (RX) activity on all ports.
Chapter 2: Unpacking and Installing Your FN10 Table 2-2 describes the FN10 buttons. Table 2-2 Description of FN10 Buttons Button Function Select Cycles through the Segment Status options (TX, RX, Act, Col, and Usr) for all ports. The lower port status LEDs of the ports you are monitoring are activated based on what function you chose with the Select button. Reset Restarts the FN10. 2.
Installing the FN10 Rack-mounting an FN10 The table below describes some general considerations you should be aware of before mounting a FN10 in a rack assembly. Table 2-3 General Considerations for Mounting a FN10 Consideration Discussion Temperature Since the temperature within a rack assembly may be higher than the ambient room temperature, make sure the rack-environment temperature is within the Operating Temperature range specified in Appendix A.
Chapter 2: Unpacking and Installing Your FN10 2. Place the FN10 chassis in the cabinet. 3. Secure the FN10 with the rack-mount fasteners by inserting and securing a fastener through each of the four slots in the rack-mount brackets, as shown in Figure 2-4. Fasteners Fasteners Rack Figure 2-4 Rack-mounting the FN10 4. Once the FN10 is installed, plug the AC power cord into the AC power connector on the rear of the FN10 chassis. Plug the other end of the power cord into a three-prong grounded outlet.
Connecting the Local Console Manager 5. After several more seconds, the Ready LED will stay on, indicating that the power-up diagnostics sequence is complete. In addition, the Port Link LEDs will turn on for those ports with good links and the Segment Status LEDs will turn on (or flash) when the selected status condition is present. NOTE If a critical component fails diagnostics, the Ready LED will turn off and the FN10 will attempt to reboot.
Chapter 2: Unpacking and Installing Your FN10 NOTE See the FN10 Local Console Manager (LCM) Commands Reference Card for a list of all LCM commands, including each command’s options. 2.4 CONNECTING THE FN10 TO THE NETWORK Installations vary depending on existing wiring, application objectives, and other considerations. Be sure to have your current network topology map available or contact your network administrator.
Adding or Replacing the Optional Fast Ethernet Module 2.4.1 Connecting the AUI Interface The FN10 includes one Ethernet Attachment Unit Interface (AUI) connector (Port 1). To connect the AUI to a thick coax network, you must use an AUI drop cable and a tap-type transceiver: 1. Attach a tap-type transceiver to the thick coax cable. Refer to the transceiver manufacturer’s documentation for installation instructions. 2.
Chapter 2: Unpacking and Installing Your FN10 Figure 2-5 NOTE Removing the FN10 Backplate If you are replacing an FE module assembly, slowly pull the module handle away from the FN10 to disconnect the internal connector and slide the assembly out of the FN10. 3. Insert the FE module assembly, making sure the edges of the board fit into the guides that allow the assembly to smoothly glide into place. Refer to Figure 2-6. Figure 2-6 Inserting the FE Module Assembly 4.
Adding or Replacing the Optional Fast Ethernet Module Figure 2-7 Completed FE Module Installation 6. Reconnect the FN10 to the network, plug in the power cord, and power on the unit. 7. Configure the FE module using the LCM command line interface. Refer to Chapter 3, Configuring Your FN10.
Chapter 2: Unpacking and Installing Your FN10 Page 2-12 Fast Network 10 User Guide
CHAPTER 3 CONFIGURING YOUR FN10 The FN10 does not require any additional configuration to operate as a standard, transparent switch. However, if you want to use any of the FN10’s advanced functions, such as filtering, you must first assign an IP (Internet Protocol) address to any of the ports on the FN10 that you use to communicate with a Simple Network Management Protocol (SNMP) manager. To initially assign an IP address, you can use the Local Console Manager (LCM).
Chapter 3: Configuring Your FN10 • Displaying trunking status • Defining and deleting virtual workgroups • Assigning a community name NOTE You can use the LCM erase command to erase all configuration information on the next system reset. If you are using a network management tool other than LCM, refer to its accompanying documentation.
Assigning IP Addresses 3.1 ASSIGNING IP ADDRESSES IP addresses for each port must be unique. IP addresses are divided into classes based on what portion of the address is network or port information. The address classes are A, B, and C. • Class A addresses are used in very large networks that support many ports. The first byte identifies the network and the other three bytes identify the node. The first byte of a class A address must be in the range 1-126. The address 100.125.110.
Chapter 3: Configuring Your FN10 3.1.1 Displaying IP Addresses To display IP addresses, subnet masks, and MAC addresses of all ports on the FN10 you are configuring, at the LCM prompt: 1. Type ipaddr LCM displays the current IP address table, for example: Port 1 2 3 4 5 6 7 8 IP Address Address Mask MAC Address 192.138.217.1 0.0.0.0 192.138.217.10 0.0.0.0 0.0.0.0 192.138.217.20 192.138.217.50 192.138.217.30 255.255.255.0 255.0.0.0 255.255.255.0 255.0.0.0 255.0.0.0 255.255.255.0 255.255.255.0 255.255.
Enabling Bridging NOTE When you change the subnet mask for a port, you must also enter the IP address for that port. Make sure you enter the IP address for the port correctly; whatever you enter becomes the IP address. 3.2 ENABLING BRIDGING The LCM bridge command allows you to set bridging options for a single port or a range of ports. The options include: • off • on (the default with BPDU enabled) • noBPDU BPDU (Bridge Protocol Data Unit) is a data unit transmitted as part of the IEEE 802.
Chapter 3: Configuring Your FN10 3.3 DISABLING BRIDGING To turn off the bridging function for a port or port range, at the LCM prompt: 1. Type bridge [PORT-RANGE] off For example, bridge 2 off would disable bridging on port 2. LCM responds: Port 2 bridging: off 3.4 DISPLAYING BRIDGING FUNCTIONS To display the bridging functions that are enabled for all ports, at the LCM prompt: 1. Type bridge LCM responds with a list of all ports and the bridging function that is enabled.
Enabling Trunking 3.5 ENABLING TRUNKING If your network configuration requires you to connect two or more FN10s together, but the applications you are running over the network require more than 10 Mbps of bandwidth per connection, you can use the built-in trunking feature to increase bandwidth up to 80 Mbps, without installing additional hardware on your network. Trunking is a Cabletron Systems proprietary extension to the 802.1D Spanning Tree algorithm.
Chapter 3: Configuring Your FN10 NOTE In some wiring closets, it may be easier to connect two FN10s via an Ethernet concentrator. However, you must make sure that there are no other devices connected to the Ethernet concentrator. Trunk Groups Each set of connections between two FN10s is called a Trunk Group. You can create several Trunk Groups to interconnect your FN10s. Each FN10 can have up to four Trunk Groups.
Disabling Trunking To enable trunking for the example shown, you would: 1. Connect the desired ports of the FN10s together using 10BASE-T crossover cables. If FN10 A is handling only a small number of users, the A to B Trunk Group could have just two ports per FN10. If FN10 B and C are expected to interconnect many users, you could use up to eight ports in the B to C Trunk Group. 2. Using LCM, turn on trunking for the connected ports on each FN10. For FN10 A, at the LCM prompt: a.
Chapter 3: Configuring Your FN10 1. Type trunk off For example, trunk 2-4 off 3.7 DISPLAYING TRUNKING STATUS To check the status of your current trunking configuration, at the LCM prompt: 1. Type trunk The display could look like the following: FN10 > trunk 2-4 Port 2 trunking joined to Bridge MAC Addr 00:40:27:00:06:1f IP Addr 192.138.217.1 Port 3 trunking joined to Bridge MAC Addr 00:40:27:00:06:c3 IP Addr 192.138.200.
Displaying Trunking Status To check the status for ports configured for trunking, at the LCM prompt: 1.
Chapter 3: Configuring Your FN10 3.8 DEFINING AND DELETING WORKGROUPS The FN10 allows you to define logical groups of associated hosts (virtual workgroups) to provide a more efficient flow of traffic across your Ethernet network. Virtual workgroups offer you the ability to limit broadcasts to logical domains within the network.
Defining and Deleting Workgroups The LCM commands used to create the previous configuration are as follows: 1. To create workgroup A on ports 3, 4, 5, 13, and 16: FN10 > workgroup A 3-5,13,16 LCM responds with the following display: Name: a Ports: 3, 4, 5, 13, 16 Info: all 2.
Chapter 3: Configuring Your FN10 2. To create workgroup B: FN10 > workgroup B 7,11,16,24 ip 198.113.121.0 LCM responds with the following display: Name: b Ports: 7, 11, 16, 24 Info: IP 198.113.121.0 255.255.255.0 In both cases, a specific NETMASK value was omitted and LCM assumed the standard IP address class mask. As illustrated in the previous example, virtual workgroups allow you to associate multiple hosts, define a workgroup, or delete a workgroup.
Assigning a Community Name To delete a workgroup, at the LCM prompt: 1. Type workgroup NAME delete To create or modify the port list for a specific workgroup, at the LCM prompt: 1. Type workgroup NAME PORT-RANGE To modify the network classification of a specific workgroup, at the LCM prompt: 1. Type workgroup NAME INFO 3.9 ASSIGNING A COMMUNITY NAME A community name is similar to a password. You use the same steps to assign a new community name or to change an existing community name.
Chapter 3: Configuring Your FN10 3.10 CONFIGURING MULTICAST STORM PROTECTION The FN10 provides automatic protection against multicast storms. Multicast storms are excessive broadcasts to all ports, typically caused by a malfunctioning device. They can result in severe network performance problems, including causing the network to crash. To protect against multicast storms, you must define an acceptable rate for multicast traffic across a port.
Modifying MIB Variables 3.11 MODIFYING MIB VARIABLES Specific instructions for controlling FN10 operations, modifying parameters, and so on, depend on the NMS you are using. This manual provides instructions for using LCM commands. However, LCM commands do not exist for all configuration options. You may need to modify your configuration using an NMS. This section provides several common MIB variables you may want to change.
Chapter 3: Configuring Your FN10 3.11.4 Authentication Password The set password and get password variables (from the SMC proprietary MIB), must be initialized with the correct authentication passwords. All requests from any SNMP manager contain a community name field. For set requests, the community name must match the set password; otherwise, the request will be rejected by the FN10. For get requests, the community name must match either the set password or the get password.
CHAPTER 4 MONITORING AND MANAGING YOUR FN10 Monitoring the FN10 consists of collecting and analyzing statistics and system status information. Additional statistics gathered by the FN10 are the result of user-configurable filters. See Chapter 5, FN10 Filters, for information on setting up FN10 filters. You can use the Select button on the front panel of the FN10 to monitor segment status on any of the Ethernet ports. Refer to Section 2.1 for a description of the segment status options.
Chapter 4: Monitoring and Managing Your FN10 • MAC statistics • Traffic analysis statistics • SNMP statistics You can use this information to analyze your overall network performance and to make configuration changes as necessary. For example, Ethernet port statistics can help you identify network devices that require high bandwidth, and therefore should be connected through a dedicated, rather than a shared, network connection.
FN10 Statistics 4.2.1 Pseudo Filters You can configure pseudo-filters to optimize your network design. Pseudo-filters generate statistics as if a filter had actually been applied without actually invoking the filter or impacting the network. See Chapter 5, Fast Network 10 Filters for information on setting up FN10 filters. 4.2.2 Gathering Statistics For purposes of network management, managed objects, such as the FN10, must be identified.
Chapter 4: Monitoring and Managing Your FN10 • The number of times each filter was successfully invoked, and the source address of the packet for the last successful invocation of each of the combination filters. To check FN10 system status using LCM, see Section 4.3. NOTE 4.2.4 Ethernet Port Statistics For each Ethernet port connection on the FN10, the following statistics are available.
FN10 Statistics For each of the above categories, statistics on whether a packet was forwarded or filtered are available. In addition, if a packet was filtered, the following conditions are recorded: - If the packet is local traffic - If the port is not in the Spanning Tree Forwarding state - If there is a source address or entry port restriction - If there is a destination address or exit port restriction • The number of bytes in the received packets.
Chapter 4: Monitoring and Managing Your FN10 • The number of received packets with frame alignment errors. • The number of packet transmissions that were initially deferred due to the media being busy. • The number of packets not transmitted due to excessive collisions. • The number of packets transmitted with one collision. • The number of packets transmitted with multiple collisions. • The number of RX and TX collisions. 4.2.
FN10 Statistics 4.2.6 Traffic Analysis Statistics You can configure the FN10 to collect statistics on traffic between active Ethernet ports, for example: • Number of packets sent from Station A to Station B. Configure pseudo source-port filter with Station A’s address as source address match and Station B’s address as destination address match. • Number of IP packets sent from Station A to Station B.
Chapter 4: Monitoring and Managing Your FN10 • The number of SNMP PDUs received by the FN10 which had an ASN.1 parsing error while being decoded by the FN10. [snmpInASNParseErrs] • The total number of MIB objects which have been successfully retrieved by the FN10 as a result of SNMP GetRequest or GetNext PDUs. [snmpInTotalReqVars] • The total number of MIB objects which have been successfully altered by the FN10 as a result of SNMP SetRequest PDUs.
Using LCM to Check FN10 Status • Address display • Ipaddr • Ident These LCM commands are described in the sections that follow. 4.3.1 Displaying Status The status command displays the status of the FN10 and automatically pages through the status of all of the Ethernet ports, pausing at each screen of information. NOTE You can also use the status command to display status for individual Ethernet ports by typing status and specifying a port number. At the LCM prompt: 1.
Chapter 4: Monitoring and Managing Your FN10 Software Currently Running: TigerSwitch software, Tue 08/23/94 15:03:09 Next Bootstrap (1st bank): TigerSwitch software Tue 08/23/94 15:03:09 Power-up test failures: none Current unit temperature is normal. System Up Time: 2:25:57 Current Number of Learned Addresses: 133 Number of Defined Filters: 0 CPU utilization is light. Port 1 2 3 4 . . . 24 RX Packets 0 6978 0 0 . . . 0 TX Packets Collisions 1676 8 0 0 . . . 0 0 0 0 0 . . .
Using LCM to Check FN10 Status 4.3.2 Displaying MAC Addresses The addresses display command displays all MAC addresses in the FN10 Bridge Address Table. The display includes: • The MAC address • Type of address, including: - Dynamic (learned) - Ethernet port (for the MAC address of an Ethernet port) - Static (for an address that was added by an NMS) - BPDU (the MAC address to which all BPDUs are directed) - Reserved (the address reserved by 802.
Chapter 4: Monitoring and Managing Your FN10 To display all MAC addresses, at the LCM prompt: 1. Type addresses display any LCM responds with a list of all MAC addresses, their associated ports, the type, age, and number of frames from and to that address.
Using LCM to Check FN10 Status LCM would display: Address 02:04:06:03:2a:43 02:04:06:00:2a:67 02:04:06:a3:70:2b Type Learned Learned Learned Port 5 4 6 Age(secs) 21 1 0 Enter to continue, Ctrl-C to exit: Frames-From 1181 3421 15339 Frames-To 73 0 235 LCM allows you to display MAC addresses in two formats: • Little-endian (default) Little-endian is a method of storing or transmitting data in which the least significant bit of each byte is presented first. This is used in Ethernet networks.
Chapter 4: Monitoring and Managing Your FN10 4.3.3 Displaying Manufacturing Information The ident command identifies FN10 manufacturing information, including the part number and any power-up test codes and diagnostic data. To display the manufacturing information, at the LCM prompt: 1.
Using LCM to Manage the FN10 4.5 USING LCM TO MANAGE THE FN10 The LCM commands that enable you to manage the FN10 include: • Disable • Enable • Ipaddr • Community • Baud • Reboot These LCM commands are described in the sections that follow. 4.5.1 Disabling a Port There can be times when you need to disable a specific Ethernet port, for example, after you have determined that there is faulty equipment. Disabling a port effectively stops all bridging functions for that port.
Chapter 4: Monitoring and Managing Your FN10 ! CAUTION If you disable the port through which someone is remotely managing the FN10, that person will not be able to communicate with the FN10. Use the LCM command addresses display to find the port number you are using to manage the FN10. 4.5.2 Enabling a Port When you enable an Ethernet port that has been disabled, whatever bridging functions you had previously configured for that port are re-enabled.
Using LCM to Manage the FN10 The noRIP option allows you to turn off the routing information that builds the routing table. You would use this option when you are connecting network devices that do not support RIP. 4.5.3 Changing a Subnet Mask You can optionally set the subnet mask for a port. A subnet mask is a 32-bit address mask used in IP to specify a particular subnet. If the subnet mask is 0.0.0.
Chapter 4: Monitoring and Managing Your FN10 4.5.4 Changing a Community Name A community name is similar to a password. You use the same steps to assign a new community name or to change an existing community name. This sets the MIB variable sxadminAnyPass. You can then enter a community name to perform any SNMP sets. To assign a community name, at the LCM prompt: 1. Type community 2. Enter the old community name. If one has not been assigned, you do not need to enter anything.
Using LCM to Manage the FN10 To display the current baud rate setting, at the LCM prompt: 1. Type baud LCM responds: Usage: baud [1200|2400|4800|9600|19200] Baud rate is 4800. To change the baud rate setting, at the LCM prompt: 1. Type baud For example, baud 9600 would set the baud rate to 9600. LCM responds: Baud rate is 9600. 4.5.6 Setting a Reboot Time You can enter the number of seconds the FN10 waits before rebooting. At the LCM prompt: 1.
Chapter 4: Monitoring and Managing Your FN10 Page 4-20 Fast Network 10 User Guide
CHAPTER 5 FN10 FILTERS One of the most significant features of the FN10 is its powerful user-configurable filtering capabilities. A filter is an instruction to the FN10 to screen data packets based on the criteria you define. Filtering is useful for gathering statistics, implementing security measures, and improving network performance. The FN10 also supports pseudo filtering.
Chapter 5: FN10 Filters • Multicast traffic from any station (MAC layer address). Multicast packets are those destined for more than one address. Each source address can be assigned one of the following restrictions: • Filter all packets from this source address. • Filter all multicast packets from this source address. NOTE You cannot configure Bridge Address Table filters using the Local Console Manager (LCM). The capacity of the FN10 Bridge Address Table is 8,192 entries.
Bridge Address Table Filters With the Bridge Address Table entry shown in Table 5-1, you can use any of the following types of Bridge Address Table filtering: • Source address • Source address multicast • Destination address 5.1.1 Source Address Filter The source address filtering capability uses the source filter flag, which is a component of each entry in the FN10 Bridge Address Table. When the flag is set to ON, all packets originating from the designated MAC address are filtered.
Chapter 5: FN10 Filters 5.1.3 Destination Address Filter A destination address filter can be used to discard all traffic destined to a specific MAC address. This type of filter is configured by setting a static address entry for the MAC address and specifying {null} as the port assignment. The port assigned by the static entry will take precedence over the port learned by the FN10’s learning algorithm. Destination address filters can be used to create virtual LANs.
Port Filters Likewise, you can assign an Exit port one of the following restrictions: • Only allow a certain number of multicast packets every “n” seconds and then stop transmitting. • Filter a packet destined for this port that matches all of the fields in the Port filter. Port filters can include multiple filtering conditions. This makes it possible to configure very specific filters.
Chapter 5: FN10 Filters For the fields defined as True, False, or Not Applicable (NA) in the following sections: • True – Means all traffic that matches the field will be filtered. • False – Means all traffic that does not match the field selection will be filtered (inverse filter). • Not applicable (NA) – Means that when the filter is invoked, the FN10 will not check this field.
Port Filters For example, if you had the configuration shown below, the And operator assigned to Port 2 would apply to the next instance of Port 2, not necessarily the next sequential filter number in the Port Filter Table index. Filter Index 1 2 3 4 5 Filter Port 1 2 1 2 2 Filter Operator Or And Or Or Or The Port filter configuration fields are described in Table 5-2.
Chapter 5: FN10 Filters Table 5-2 Port Filter Configuration Fields (Continued) Field Description Source Range Start The starting MAC address for the source range of MAC addresses. If you are filtering on a single source address, enter that address here. Source Range End Ending MAC address for the source range of MAC addresses. If you are filtering on a single address, enter that address here. Source Range Mask MAC address mask to apply to the range of source MAC addresses.
Port Filters Table 5-2 Port Filter Configuration Fields (Continued) Field Description Default Field Origin Either TYPE, IP, MAC, or SR (see Field Offset description). The origin is the field from which the offset count starts. TYPE The decimal offset of the portion of the packet to be examined. If the origin is TYPE, the field offset value is relative to the end of the Ethernet frame type, regardless of whether or not the frame type is SNAP encapsulated.
Chapter 5: FN10 Filters When adding or modifying a filter, you must enter both a Source Range Start value and a Source Range End value. For example: Source Source Source Source Range: [NA] (InRange/OutRange/NA)>inrange Range Start: [00:00:00:00:00:00] >08:00:20:00:00:00 Range End: [00:00:00:00:00:00] >00:40:60:0a:10:3e Range Mask: [ff:ff:ff:ff:ff:ff] >ff:ff:ff:00:00:00 To filter on a single address, be sure to enter the same address in both the Source Range Start: and Source Range End: fields. 5.
Using Filters for Security Purposes Manufacturing Subnet LAN 1 FN10 Concentrator Engineering Subnet LAN 2 Figure 5-1 Concentrator Accounting Subnet LAN 3 Using Filters to Restrict Access to an Adjoining Network Segment Fast Network 10 User Guide Page 5-11
Chapter 5: FN10 Filters The company wants to allow Engineering and Accounting workstations to access resources on the Manufacturing subnet (LAN 1), but wants to prevent users on the Engineering subnet (LAN 2) from accessing resources on the Accounting subnet (LAN 3). Therefore, the objective is to set up a filter that will block all traffic between LANs 2 and 3, while allowing users on both LANs 2 and 3 to access LAN 1.
Using Filters for Security Purposes Example 2: Blocking Access to Specific Stations In this example, a company uses a FN10 to connect two LANs (see Figure 5-2). Three workstations on LAN 2 (the Accounting Subnet) contain sensitive data (workstations F, G, and H). The company wants to prevent users on LAN 1 (the Manufacturing Subnet) from accessing data on these three workstations. Therefore, the objective is to prevent users on LAN 1 from accessing workstations F, G, and H on LAN 2.
Chapter 5: FN10 Filters This information is used to configure the filter as follows: • Filter identifier – port number of the port attached to LAN 2 as a destination. • Filter fields – destination address F-H (range, match) source LAN = 1 (match). Note that a match flag is specified for both fields; this instructs the FN10 to filter any packets that match both fields (traffic from LAN 1 and to addresses F-H on LAN 2). Several methods are available to accomplish this goal.
Using Filters for Security Purposes Example 3: Restricting Access to Authorized Users The example shown in Figure 5-3 is very similar to the previous example. The difference is that access to workstations F, G, and H will not be denied to all LAN 1 users. Instead, only authorized users on LAN 1 will be able to access the sensitive data workstations F, G, and H on LAN 2.
Chapter 5: FN10 Filters Note that the FN10 is not storing information designed to identify restricted devices or authorized or unauthorized users. Instead, it is using address information (which it does store) to act on filters that have been configured to meet the desired objective: Restrict access to certain workstations to authorized users. 5.
Using Filters to Enhance Network Performance NOTE The FN10 multicast storm protection feature may be thought of as a firewall feature, in that it performs a protective blocking function. However, it is not a filter. Multicast storm protection is described in Section 3.10, Configuring Multicast Storm Protection. Example 4: Using a Firewall Filter to Control Multicasts To optimize network performance, you can configure filters to reduce multicasts (packets broadcast to multiple destinations).
Chapter 5: FN10 Filters This filter is configured as follows: • Filter identifier – port number of the port attached to LAN 2 as a destination (i.e., exit) • Filter identifier – port number of the port attached to LAN 3 as a destination (i.e.
Configuring a Port Filter 5.5 CONFIGURING A PORT FILTER To configure a Port filter, use the Local Console Manager (LCM). The LCM prompts you through the fields for each Port filter you want to configure. If you are adding a Port filter to be used in conjunction with another Port filter, and the filters must be ordered sequentially, use the LCM filters display command to find the filter index number of the existing Port filter.
Chapter 5: FN10 Filters Complete the following steps to configure a Port filter. To accept a default value, press the Enter key. At the LCM prompt: 1. Type filters add 2. Enter the port number. 1 is the default. If the filter is for port 1, you do not need to enter anything; if the filter is for another port, enter that number. 3. Select the filter type. Entry is the default. If the filter will be an entry filter, you do not need to enter anything; if the filter will be an exit filter, type exit. 4.
Configuring a Port Filter 9. Select whether the filter will use a destination range of MAC addresses. NA is the default; meaning the filter will not use a destination range. You do not need to enter anything unless you are using a destination range. (If you are not using a destination range, go to Step 12. If you are using a destination range, type either: True – Filter the packet if the destination MAC address is within the range.
Chapter 5: FN10 Filters 18. Enter the field value. 19. Enter the field mask. 20. Select the operator. Or is the default. You do not need to enter anything if the filter will use the Or operator. If you want the filter to use the And operator, type And. 21. Enter the filter number. One (1) is the default. You do not need to enter anything if the filter number is 1. If you want the filter to have an index number other than 1, enter the value you want to use.
Filtering and Performance Considerations 5.5.2 Deleting a Port Filter To delete a Port filter, at the LCM prompt: 1. Type filters delete LCM prompts you for the filter index. 2. Enter the filter number. LCM responds filter deleted. NOTE All filter indexes are sequential, beginning with the number one. When a filter is deleted, all filters are renumbered so that the filter index remains sequential. 5.
Chapter 5: FN10 Filters Page 5-24 Fast Network 10 User Guide
CHAPTER 6 FN10 DIAGNOSTICS AND TROUBLESHOOTING The FN10 incorporates several built-in diagnostic and testing capabilities which are convenient to use and cause minimal or no disruption to the operational network. These capabilities are effective for isolating problems within the FN10 unit. Built-in diagnostic capabilities include: • System-wide power-up diagnostics, which are run every time the system is powered up or reset. • Local and remote loopback tests on any of the FN10’s 24 Ethernet ports.
Chapter 6: FN10 Diagnostics and Troubleshooting 6.1.1 Power-up LED Sequence When you power-up the FN10, the following occurs: 1. All LEDs, except for the Port Link LEDs, turn on for one second. 2. The Power (Pwr) LED remains on. 3. The Ready LED starts flashing. 4. After several seconds, the Port Link LEDs turn on briefly. 5. After several more seconds, the Ready LED will stay on, indicating that the power-up diagnostics sequence is complete.
Responses to Failures at Power-up 6.1.3 Software Checksum Comparison When the FN10 reboots, its operational software is verified by a checksum comparison before it is loaded. If the software fails the checksum test due to an interrupted new software distribution procedure, the FN10 will automatically use its backup version of software. A backup version of software is always stored in non-volatile memory. The operational parameters of the FN10 software are also protected by a checksum comparison.
Chapter 6: FN10 Diagnostics and Troubleshooting 6.3.1 Loopback Tests Built-in local and remote loopback tests can be used to test individual ports while the FN10 is operational. When in local loopback mode, a port is disconnected from the network. The FN10 generates loopback packets for the port, and the port loops the packets back without sending them onto the network. During a remote loopback test, the port is in normal operation, sending and receiving packets to the network.
Status and Activity Indicators FN10 13X 14X 15X 17X 16X 18X 19X 20X 21X 22X 23X 24X 13 14 15 16 17 18 19 20 21 22 23 24 Link Segment Status FN10-24 TX RX Act Col Link AUI 1 X 2X 3X 4X 5X 6X 7X 8X 9X 10X 11X 12X 1 2 3 4 5 6 7 8 9 10 11 12 A B Select Usr Reset Ready Pwr NMS Port Segment Status LEDs Port Link LEDs (upper row) 13 14 15 16 17 18 System Ready LED 19 20 21 22 23 24 Segment Status Link TX RX Select Act Col Link 1 2 3 4 5 6 Port Status LEDs (lower r
Chapter 6: FN10 Diagnostics and Troubleshooting Table 6-1 Meaning of FN10 LEDs LED Meaning Link (upper level of port LEDs) On – Indicates the link is good. Off – Indicates there is no link. Status (lower level of port LEDs) On/Blinking – Indicates you are monitoring the port for a selected segment status condition. Off – Indicates you are not monitoring the port. Segment Status TX RX Act Col Usr On – Indicates you are monitoring Transmit (TX) activity on all ports.
Troubleshooting Table 6-2 Description of FN10 Buttons Button Function Select Cycles through the Segment Status options (TX, RX, Act, Col, Usr) for all ports. The lower port status LED of the ports you are monitoring is activated based on what function you chose with the Select button. Reset Restarts the system software. 6.5 TROUBLESHOOTING This section lists several situations that could happen while using the FN10, and suggests appropriate action.
Chapter 6: FN10 Diagnostics and Troubleshooting 6.5.3 FN10 Has Rebooted • Use the LCM ident command to check the FN10 diagnostic codes, and call your authorized Cabletron Systems representative. 6.5.4 FN10 Does Not Respond to NMS • Check the port status using LCM. • Check to see if the Spanning Tree topology is stable using LCM. • Check that a pathway to the FN10 exists. • Verify the FN10’s IP address using LCM.
APPENDIX A TECHNICAL SPECIFICATIONS A.1 FN10 SPECIFICATIONS Physical Height Width Depth Weight Installation options 1.75 in (4.45 cm) (1 u) 17 in (43.18 cm) 15.75 in (40 cm) 9 lb (4.
Appendix A: Technical Specifications Bridging Technologies • IEEE 802.1 Part D • IEEE802.2 (Logical Link Control) • IEEE 802.3 (CSMA/CD, 10BASE-T) • Transparent Bridging with Spanning Tree • Ethernet Version 2 • EIA RS232C (DTE-to-DCE Interface Specification) • EIA RS-310-C (Rack-mount Specification) Address Table Size 8,192 dynamic (learned) entries Management Support • MIB II, 802.1d, 802.
Serial Cable Pin Assignments A.2 SERIAL CABLE PIN ASSIGNMENTS For a PC running a Windows terminal connected to the RS232C Network Management Port on the front panel of the FN10, the following serial cable pin assignments are required to manage the FN10 using the Local Console Manager (LCM). DB-9 (male) to the FN10 (female) PC DB-9 (female) 25-pin (female) Pin 2 (Rx) Pin 2 Pin 3 Pin 3 (Tx) Pin 3 Pin 2 Pin 5 (Ground) Pin 5 Pin 7 A.
Appendix A: Technical Specifications Table A-1 Pin Assignments Pin Assignmenta 1 Tx+ 2 Tx- 3 Rx+ 6 Rx- a. The “+” and “-” signs are used to represent the polarity of the two wires that make up each wire pair. A.4 STRAIGHT-THROUGH WIRING If the twisted-pair link segment is to join two ports on a switch, and only one of the ports has an internal crossover, the two pairs of wires must be straight-through, as shown in Table A-2.
Crossover Wiring A.5 CROSSOVER WIRING Two FN10s can communicate only if the transmitter on one unit is connected to the receiver on the other unit. This reversal, or crossover function, can be implemented either in the wiring or in the device itself. When connecting FN10s, a crossover must be implemented in the wiring. Refer to Table A-3 for crossover pin assignments. Table A-3 Crossover RJ45 Pin Assignments FN10 FN10 1 (Tx+) 3 (Rx+) 2 (Tx-) 6 (Rx-) 3 (Rx+) 1 (Tx+) 6 (Rx-) 2 (Tx-) A.
Appendix A: Technical Specifications Page A-6 Fast Network 10 User Guide
Appendix B: Glossary APPENDIX B GLOSSARY address A set of characters that uniquely identifies a station, peripheral device, node, or other unit in a network. address table A database of device addresses and their associated ports maintained by a switch or bridge for use in making data packet forwarding and filtering decisions. address table filter A mechanism for selectively forwarding or discarding (filtering) data that uses address table information to perform relatively simple filtering operations.
Appendix B: Glossary AUI (attachment unit interface) A standard connector type used for Ethernet connections. backbone The major, central transmission path for a network. A backbone usually handles high-volume, high-density traffic. Typically a backbone connects various LANs into an integrated network.
Appendix B: Glossary concentrator A device that provides attachment points for stations that are not connected to the FN10. The concentrator is connected directly to the network; the stations connect to the concentrator. congestion A condition where a portion of the network is overloaded with more data than can be transmitted in the desired time period.
Appendix B: Glossary EIA (Electronic Industries Association) Organization that sets standards for electrical interfaces (connectors). encapsulation A method for moving messages across networks that use different types of protocols. The message is encapsulated (rather than translated), so it can move across a network that otherwise could not understand its protocol. Encapsulating bridges and switches generally use proprietary encapsulation schemes.
Appendix B: Glossary full wire speed Refers to packet forwarding at the maximum rate at which data can be transmitted on a given LAN. ICMP (Internet control message protocol) An auxiliary protocol of IP used to convey advice and error messages about events in the IP layer. IEEE (Institute of Electrical and Electronic Engineers) International professional society which issues networking and other standards. The IEEE created the 802 family of LAN standards: IEEE 802.
Appendix B: Glossary internetworking The linking of one or more networks to facilitate communication across networks. interoperability The ability of equipment from multiple vendors to exchange information using standardized protocols. IP (Internet protocol) IP is the basic datagram protocol used at the network layer of the TCP/IP stack. ISO (International Standards Organization) An organization that creates, controls and publishes standards. jitter Clocking deviation on a network.
Appendix B: Glossary local traffic Traffic within a given network segment. MAC (media access control) The data link layer sublayer responsible for scheduling, transmitting, and receiving data on a shared medium local area network. mask Specified a subset of a larger set of data to be included for comparison and analysis. For example, in switch filtering, a mask might be configured to include only the first four address bits as the basis for filtering decisions.
Appendix B: Glossary packet A group of bits including data and control elements arranged in a specific format that are transmitted and switched as a composite whole. Control elements include a source address, destination address, frame control and status indicators, and a Frame Check Sequence (FCS). PDU (protocol data unit) The portion of a datagram that contains the data associated with a particular protocol.
Appendix B: Glossary RARP (reverse address resolution protocol) A protocol that binds MAC addresses to specific IP addresses. RISC (Reduced Instruction Set Computing) A data processing technology in which functions are performed using the least possible number of instructions to yield very fast processing. segment When two or more networks are interconnected to form an internetwork, the original networks are referred to as segments. service A set of functions offered to a user by a provider.
Appendix B: Glossary synchronous transmission A transmission technique in which an uninterrupted block of data is transmitted, using no redundant information such as stop and start bits to identify the beginning and end of a unit of data. TCP/IP (transmission control protocol/Internet protocol) Internetworking protocols sometimes referred to as the Internet suite of protocols. topology The arrangement of devices and cable paths that make up a network.
INDEX Numerics 10BASE-T pin assignments A-3 5 - 4 - 3 rule A-5 802.
Index overview 6-1 power-up 2-6, 6-1 disabling bridging functions 3-6 ports 4-15 trunking 3-9 displaying baud rate 4-19 bridge functions 3-6 FN10 status 4-9 IP addresses 3-4, 4-13, 4-17 MAC addresses 4-12 manufacturing information 4-14 Document Conventions 1-3 dynamic entry Bridge Address Table 1-9 E enabling bridging functions 3-5 Ethernet ports 4-16 trunking functions 3-9 environmental specifications erase configuration 3-2 Ethernet port statistics 4-4 A-1 MAC 5-8 SR 5-8 Figure 1-12 filter index 5-9 fi
Index bridge 3-5 community 3-15, 4-18 disable 4-15 enable 4-16 erase 3-2 exit 1-19 ident 4-14 ipaddr 3-4, 4-13 logout 1-19 reboot 4-19 status 4-9 trunk 3-9 LED sequence power-up 6-2 linking filters 5-6 little-endian 4-13 LLC Type 1 test packets 6-4 Local Console Manager.
Index SNMP statistics 4-2, 4-7 source range 5-7 Spanning Tree algorithm 1-8 specifications electrical A-1 physical A-1 static entry Bridge Address Table 1-10 statistics Ethernet port 4-4 gathering 4-3 MAC 4-6 overview 4-2 SNMP 4-7 system 4-3 traffic analysis 4-7 status, displaying 4-9 straight-through wiring A-4 subnet mask, IP, changing 3-4, 4-17 syntax, LCM command 1-16 system contact, defined 3-17 system location, defined 3-17 system name, defined 3-17 system statistics 4-3 V virtual LANs 5-4 W wiring
