Summit 200 Series Switch Installation and User Guide Software Version 7.1e0 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.
©2003 Extreme Networks, Inc. All rights reserved. Extreme Networks, ExtremeWare and BlackDiamond are registered trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions.
Contents Preface Chapter 1 Chapter 2 Introduction xiii Conventions xiv Related Publications xiv Summit 200 Series Switch Overview Summit 200 Series Switches 15 Summary of Features 15 Summit 200-24 Switch Physical Features Summit 200-24 Switch Front View Summit 200-24 Switch Rear View 16 16 19 Summit 200-48 Switch Physical Features Summit 200-48 Switch Front View Summit 200-48 Switch Rear View 19 19 22 Mini-GBIC Type and Hardware/Software Support Mini-GBIC Type and Specifications 23 23 Sw
Contents Chapter 3 Chapter 4 iv Creating a Stack 31 Connecting Equipment to the Console Port 32 Powering On the Switch 34 Checking the Installation 34 Logging In for the First Time 34 ExtremeWare Overview Summary of Features Virtual LANs (VLANs) Spanning Tree Protocol Quality of Service Unicast Routing Load Sharing ESRP-Aware Switches 37 38 38 39 39 39 39 Software Licensing Feature Licensing 40 40 Security Licensing for Features Under License Control SSH2 Encryption 41 41 Software Factor
Contents Chapter 5 Chapter 6 Managing the Switch Overview 57 Using the Console Interface 58 Using Telnet Connecting to Another Host Using Telnet Configuring Switch IP Parameters Disconnecting a Telnet Session Controlling Telnet Access 58 58 58 60 61 Using Secure Shell 2 (SSH2) Enabling SSH2 61 61 Using SNMP Accessing Switch Agents Supported MIBs Configuring SNMP Settings Displaying SNMP Settings 62 62 62 62 64 Authenticating Users RADIUS Client Configuring TACACS+ 64 64 69 Network Login Web-B
Contents Configuring Switch Port Speed and Duplex Setting Switch Port Commands Chapter 7 Load Sharing on the Switch Load-Sharing Algorithms Configuring Switch Load Sharing Load-Sharing Example Verifying the Load-Sharing Configuration 91 92 93 93 94 Switch Port-Mirroring Port-Mirroring Commands Port-Mirroring Example 94 95 95 Setting Up a Redundant Gigabit Uplink Port 95 Extreme Discovery Protocol EDP Commands 95 96 Virtual LANs (VLANs) Overview of Virtual LANs Benefits Chapter 8 vi 88 89 97 9
Contents Displaying FDB Entries Chapter 9 Chapter 10 112 Access Policies Overview of Access Policies Access Control Lists Rate Limits Routing Access Policies 115 115 115 116 Using Access Control Lists Access Masks Access Lists Rate Limits How Access Control Lists Work Access Mask Precedence Numbers Specifying a Default Rule The permit-established Keyword Adding Access Mask, Access List, and Rate Limit Entries Deleting Access Mask, Access List, and Rate Limit Entries Verifying Access Control List Conf
Contents Creating Portmap NAT Rules Creating Auto-Constrain NAT Rules Advanced Rule Matching Configuring Timeouts Chapter 11 Chapter 12 viii 139 140 140 141 Displaying NAT Settings 141 Disabling NAT 142 Ethernet Automatic Protection Switching Overview of the EAPS Protocol Optimizing Interoperability Fault Detection and Recovery Restoration Operations 143 145 145 146 Summit 200 Series Switches in Multi-ring Topologies 147 Commands for Configuring and Monitoring EAPS Creating and Deleting an EAP
Contents Chapter 13 Chapter 14 Chapter 15 Modifying a QoS Configuration 168 Traffic Rate-Limiting 168 Dynamic Link Context System DLCS Guidelines DLCS Limitations DLCS Commands 168 169 169 169 Status Monitoring and Statistics Status Monitoring 171 Port Statistics 173 Port Errors 173 Port Monitoring Display Keys 174 Setting the System Recovery Level 175 Logging Local Logging Remote Logging Logging Configuration Changes Logging Commands 175 176 177 178 178 RMON About RMON RMON Features o
Contents Chapter 16 x Proxy ARP ARP-Incapable Devices Proxy ARP Between Subnets 194 195 195 Relative Route Priorities 195 Configuring IP Unicast Routing Verifying the IP Unicast Routing Configuration 196 196 IP Commands 197 Routing Configuration Example 201 Displaying Router Settings 202 Resetting and Disabling Router Settings 203 Configuring DHCP/BOOTP Relay Verifying the DHCP/BOOTP Relay Configuration 204 204 UDP-Forwarding Configuring UDP-Forwarding UDP-Forwarding Example ICMP Packet P
Contents Configuring OSPF Wait Interval Chapter 17 Chapter 18 Chapter 19 225 Displaying OSPF Settings OSPF LSD Display 226 226 Resetting and Disabling OSPF Settings 227 IP Multicast Routing and IGMP Snooping IP Multicast Routing Overview 229 PIM Sparse Mode (PIM-SM) Overview 230 Configuring PIM-SM Enabling and Disabling PIM-SM PIM-SM Commands 230 231 232 IGMP Overview 233 Configuring IGMP and IGMP Snooping 234 Displaying IGMP Snooping Configuration Information 235 Clearing, Disabling,
Contents Status Messages Appendix A Configuring the Summit 200 using ExtremeWare Vista IP Forwarding License OSPF Ports RIP SNMP Spanning Tree Switch User Accounts Virtual LAN 251 252 253 254 261 263 266 267 271 271 272 Reviewing ExtremeWare Vista Statistical Reports Event Log FDB IP ARP IP Configuration IP Route IP Statistics Ports Port Collisions Port Errors Port Utilization RIP Switch 274 275 276 277 278 280 281 283 284 285 286 287 288 Locating Support Information Help TFTP Download 289 289 290
Contents Appendix D Appendix E Software Upgrade and Boot Options Downloading a New Image Rebooting the Switch 307 308 Saving Configuration Changes Returning to Factory Defaults 309 310 Using TFTP to Upload the Configuration 310 Using TFTP to Download the Configuration Downloading a Complete Configuration Downloading an Incremental Configuration Scheduled Incremental Configuration Download Remember to Save 311 311 311 311 312 Upgrading and Accessing BootROM Upgrading BootROM Accessing the BootROM
Contents xiv Summit 200 Series Switch Installation and User Guide
Preface This preface provides an overview of this guide, describes guide conventions, and lists other publications that may be useful. Introduction This guide provides the required information to install the Summit 200 series switch and configure the ExtremeWare™ software running on the Summit 200 series switch. This guide is intended for use by network administrators who are responsible for installing and setting up network equipment.
Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions. Caution Risk of personal injury, system damage, or loss of data. Warning Risk of severe personal injury. Table 2: Text Conventions Convention Description Screen displays This typeface indicates command syntax, or represents information as it appears on the screen.
1 Summit 200 Series Switch Overview This chapter describes the features and functionality of the Summit 200 series switches: • Summit 200 Series Switches on page 15 • Summary of Features on page 15 • Summit 200-24 Switch Physical Features on page 16 • Summit 200-48 Switch Physical Features on page 19 • Mini-GBIC Type and Hardware/Software Support on page 23 Summit 200 Series Switches The Summit 200 series switches include the following switch models: • Summit 200-24 switch • Summit 200-48 switch Summary
Summit 200 Series Switch Overview • Access-policy support for routing protocols • Access list support for packet filtering • Access list support for rate-limiting • IGMP snooping to control IP multicast traffic • Load sharing on multiple ports • RADIUS client and per-command authentication support • TACACS+ support • Network login • Console command-line interface (CLI) connection • Telnet CLI connection • SSH2 connection • Simple Network Management Protocol (SNMP) support • Remote Monitoring (RMON) • Traff
Summit 200-24 Switch Physical Features NOTE See “Summit 200-24 Switch LEDs” on page 18 for more details. Console Port Use the console port (9-pin, “D” type connector) for connecting a terminal and carrying out local management. Port Connections The Summit 200-24 switch has 24 10BASE-T/100BASE-TX ports using RJ-45 connectors for communicating with end stations and other devices over 10/100Mbps Ethernet. The switch also has four Gigabit Ethernet uplink ports.
Summit 200 Series Switch Overview NOTE To support automatic failover between the fiber and copper ports, you must use an Extreme mini-GBIC connector. Full-Duplex The Summit 200-24 switch provides full-duplex support for all ports. Full-duplex allows frames to be transmitted and received simultaneously and, in effect, doubles the bandwidth available on a link. All 10/100 Mbps ports on the Summit 200-24 switch autonegotiate for half- or full-duplex operation.
Summit 200-48 Switch Physical Features Summit 200-24 Switch Rear View Figure 2 shows the rear view of the Summit 200-24 switch. Figure 2: Summit 200-24 switch rear view Power socket LC24002 Power Socket The Summit 200-24 switch automatically adjusts to the supply voltage. The power supply operates down to 90 V. Serial Number Use this serial number for fault-reporting purposes. MAC Address This label shows the unique Ethernet MAC address assigned to this device.
Summit 200 Series Switch Overview Figure 3: Summit 200-48 switch front view Mini-GBIC ports 10/100 Mbps ports Console port 1000-baseT ports LC48001 NOTE See Table 5 for information about supported mini-GBIC types and distances. NOTE See “Summit 200-48 Switch LEDs” on page 22 for more details. Console Port Use the console port (9-pin, “D” type connector) for connecting a terminal and carrying out local management.
Summit 200-48 Switch Physical Features NOTE When configuring the Summit 200-48 switch, all ports specified as mirrored ports and mirroring port, or ACL ingress ports and egress port, must belong to the same port group. Port group 1 consists of ports 1 through 24 and port 49; port group 2 consists of ports 25 through 48 and port 50. Gigabit Ethernet Port Failover Speed The Summit 200-48 switch Gigabit Ethernet port failover from the fiber link to the copper link takes 3-4 seconds.
Summit 200 Series Switch Overview Summit 200-48 Switch LEDs Table 4 describes the LED behavior on the Summit 200-48 switch. Table 4: Summit 200-48 switch LED behavior Unit Status LED (MGMT LED) Color Indicates Green slow blinking The Summit switch is operating normally. Green fast blinking The Summit switch POST is in progress. Amber The Summit switch has failed its POST or an overheat condition is detected. Color Indicates Green The fan is operating normally.
Mini-GBIC Type and Hardware/Software Support Serial Number Use this serial number for fault-reporting purposes. MAC Address This label shows the unique Ethernet MAC address assigned to this device. NOTE The Summit 200-48 switch certification and safety label is located on the bottom of the switch.
Summit 200 Series Switch Overview SX Mini-GBIC Specifications Table 6 describes the specifications for the SX mini-GBIC. Table 6: SX mini-GBIC specifications Parameter Minimum Typical Maximum Transceiver Optical output power –9.5 dBm Center wavelength 830 nm –4 dBm 850 nm 860 nm Receiver Optical input power sensitivity –21 dBm Optical input power maximum Operating wavelength –4 dBm 830 nm 860 nm General Total system budget 11.5 dB Total optical system budget for the SX mini-GBIC is 11.
Mini-GBIC Type and Hardware/Software Support ZX Mini-GBIC Specifications Table 8 describes the specifications for the ZX mini-GBIC.
Summit 200 Series Switch Overview Table 9 lists the minimum attenuation requirements to prevent saturation of the receiver for each type of long range GBIC.
2 Switch Installation This chapter describes the following topics: • Determining the Switch Location on page 27 • Following Safety Information on page 28 • Installing the Switch on page 28 • Creating a Stack on page 31 • Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) on page 29 • Connecting Equipment to the Console Port on page 32 • Powering On the Switch on page 34 • Checking the Installation on page 34 • Logging In for the First Time on page 34 CAUTION Use of controls or adjustme
Switch Installation Following Safety Information Before installing or removing any components of the switch, or before carrying out any maintenance procedures, read the safety information provided in w of this guide. Installing the Switch The Summit 200 series switch switch can be mounted in a rack, or placed free-standing on a tabletop. Rack Mounting CAUTION Do not use the rack mount kits to suspend the switch from under a table or desk, or to attach the switch to a wall.
Installing or Replacing a Mini-Gigabit Interface Connector (Mini-GBIC) Free-Standing The Summit 200 series switch is supplied with four self-adhesive rubber pads. Apply the pads to the underside of the device by sticking a pad in the marked area at each corner of the switch. Desktop Mounting of Multiple Switches You can physically place up to four Summit switches on top of one another. NOTE This relates only to stacking the devices directly one on top of one another.
Switch Installation • Make sure the bend radius of the fiber is not less than 2 inches. In addition to the previously described tasks, Extreme Networks recommends the following when installing or replacing mini-GBICs on an active network: • Use the same type of mini-GBIC at each end of the link. • Connect one end of the link to the Tx port. Without an attenuator, measure the total loss from the Tx port to the other side of the link.
Creating a Stack Removing a Mini-GBIC To remove a mini-GBIC similar to the one labeled “Module A” in Figure 7, gently press and hold the black plastic tab at the bottom of the connector to release the mini-GBIC, and pull the mini-GBIC out of the SFP receptacle on the switch. To remove a mini-GBIC similar to the one labeled “Module B” in Figure 7, rotate the front handle down and pull the mini-GBIC out of the slot.
Switch Installation Figure 8: Stacking Summit 200-48 To upstream routers and switches To downstream switches ES2K001 Connecting Equipment to the Console Port Connection to the console port is used for direct local management. The switch console port settings are set as follows: • Baud rate—9600 • Data bits—8 • Stop bit—1 • Parity—None • Flow control—None NOTE If you set the switch console port flow control to XON/XOFF rather than None, you will be unable to access the switch.
Connecting Equipment to the Console Port Appropriate cables are available from your local supplier. To make your own cables, pinouts for a DB-9 male console connector are described in Table 10.
Switch Installation Powering On the Switch To turn on power to the switch, connect the AC power cable to the switch and then to the wall outlet. Turn the on/off switch to the on position. Checking the Installation After turning on power to the Summit 200 series switch, the device performs a Power On Self-Test (POST). During the POST, all ports are temporarily disabled, the port LED is off, and the MGMT LED flashes. The MGMT LED flashes until the switch successfully passes the POST.
Logging In for the First Time save NOTE For more information on saving configuration changes, see the ExtremeWare Software User Guide. 7 When you are finished using the facility, logout of the switch by typing logout NOTE After two incorrect login attempts, the Summit 200 series switch locks you out of the login facility. You must wait a few minutes before attempting to log in again.
Switch Installation 36 Summit 200 Series Switch Installation and User Guide
3 ExtremeWare Overview This chapter describes the following topics: • Summary of Features on page 37 • Software Licensing on page 40 • Security Licensing for Features Under License Control on page 41 • Software Factory Defaults on page 42 ExtremeWare is the full-featured software operating system that is designed to run on the Summit 200 series switch. This section describes the supported ExtremeWare features for the Summit 200 series switch.
ExtremeWare Overview • RADIUS client and per-command authentication support • TACACS+ support • Network login • Console command-line interface (CLI) connection • Telnet CLI connection • SSH2 connection • Simple Network Management Protocol (SNMP) support • Remote Monitoring (RMON) • Traffic mirroring for ports Virtual LANs (VLANs) ExtremeWare has a VLAN feature that enables you to construct your broadcast domains without being restricted by physical connections.
Summary of Features Quality of Service ExtremeWare has Quality of Service (QoS) features that support IEEE 802.1p, MAC QoS, and four queues. These features enable you to specify service levels for different traffic groups. By default, all traffic is assigned the “normal” QoS policy profile. If needed, you can create other QoS policies and rate-limiting access control lists and apply them to different traffic types so that they have different maximum bandwidth, and priority.
ExtremeWare Overview If Extreme switches running ESRP are connected to layer 2 switches that are not manufactured by Extreme Networks (or Extreme switches that are not running ExtremeWare 4.0 or above), the fail-over times seen for traffic local to the segment may appear longer, depending on the application involved and the FDB timer used by the other vendor’s layer 2 switch. As such, ESRP can be used with layer 2 switches from other vendors, but the recovery times vary.
Security Licensing for Features Under License Control Enabling the Advanced Edge Functionality To enable the Advanced Edge software feature license, use the following command: enable license advanced-edge where license_key is an integer. NOTE The command unconfig switch all does not clear licensing information. Once it is enabled on the switch, this license cannot be disabled. Verifying the Advanced Edge License To verify the Advanced Edge license, use the show switch command.
ExtremeWare Overview http://esupport.extremenetworks.com Fill out a contact form to indicate compliance or noncompliance with the export restrictions. If you are in compliance, you will be given information that will allow you to enable security features. Software Factory Defaults Table 11 shows factory defaults for ExtremeWare features supported on the Summit 200 series switch.
Software Factory Defaults NOTE For default settings of individual ExtremeWare features, see the applicable individual chapters in this guide.
ExtremeWare Overview 44 Summit 200 Series Switch Installation and User Guide
4 Accessing the Switch This chapter describes the following topics: • Understanding the Command Syntax on page 45 • Line-Editing Keys on page 47 • Command History on page 48 • Common Commands on page 48 • Configuring Management Access on page 50 • Domain Name Service Client Services on page 53 • Checking Basic Connectivity on page 54 Understanding the Command Syntax This section describes the steps to take when entering a command.
Accessing the Switch Syntax Helper The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the command as possible and press [Return]. The syntax helper provides a list of options for the remainder of the command. The syntax helper also provides assistance if you have entered an incorrect command. Command Completion with Syntax Helper ExtremeWare provides command completion by way of the [Tab] key.
Line-Editing Keys Names All named components of the switch configuration must have a unique name. Names must begin with an alphabetical character and are delimited by whitespace, unless enclosed in quotation marks. Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 12 summarizes command syntax symbols.
Accessing the Switch Table 13: Line-Editing Keys (continued) Keystroke Description Insert Toggles on and off. When toggled on, inserts text and shifts previous text to right. Left Arrow Moves cursor to left. Right Arrow Moves cursor to right. Home or [Ctrl] + A Moves cursor to first character in line. End or [Ctrl] + E Moves cursor to last character in line. [Ctrl] + L Clears screen and movers cursor to beginning of line.
Common Commands Table 14: Common Commands (continued) Command Description config sys-recovery-level [none | critical | all] Configures a recovery option for instances where an exception occurs in ExtremeWare. Specify one of the following: • none—Recovery without system reboot. • critical—ExtremeWare logs an error to the syslog, and reboots the system after critical exceptions. • all—ExtremeWare logs an error to the syslog, and reboots the system after any exception. The default setting is none.
Accessing the Switch Table 14: Common Commands (continued) Command Description disable ssh2 Disables SSH2 Telnet access to the switch. disable telnet Disables Telnet access to the switch. disable web Disables web access. enable bootp vlan [ | all] Enables BOOTP for one or more VLANs. enable cli-config-logging Enables the logging of CLI configuration commands to the Syslog for auditing purposes. The default setting is enabled.
Configuring Management Access • User account database. • SNMP community strings. A user-level account can use the ping command to test device reachability, and change the password assigned to the account name. If you have logged on with user capabilities, the command-line prompt ends with a (>) sign. For example: Summit200-24:2> Administrator Account An administrator-level account can view and change all switch parameters.
Accessing the Switch NOTE User names and passwords are case-sensitive. To add a password to the default admin account, follow these steps: 1 Log in to the switch using the name admin. 2 At the password prompt, press [Return]. 3 Add a default admin password by entering the following command: config account admin 4 Enter the new password at the prompt. 5 Re-enter the new password at the prompt. To add a password to the default user account, follow these steps: 1 Log in to the switch using the name admin.
Domain Name Service Client Services Viewing Accounts To view the accounts that have been created, you must have administrator privileges. Use the following command to see the accounts: show accounts Deleting an Account To delete a account, you must have administrator privileges. To delete an account, use the following command: delete account NOTE The account name admin cannot be deleted.
Accessing the Switch Checking Basic Connectivity The switch offers the following commands for checking basic connectivity: • ping • traceroute Ping The ping command enables you to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The ping command is available for both the user and administrator privilege level.
Checking Basic Connectivity from Uses the specified source address in the ICMP packet. If not specified, the address of the transmitting interface is used. ttl Configures the switch to trace up to the time-to-live number of the switch. port Uses the specified UDP port number.
Accessing the Switch 56 Summit 200 Series Switch Installation and User Guide
5 Managing the Switch This chapter describes the following topics: • Overview on page 57 • Using the Console Interface on page 58 • Using Telnet on page 58 • Using Secure Shell 2 (SSH2) on page 61 • Using SNMP on page 62 • Authenticating Users on page 64 • Network Login on page 71 • Using EAPOL Flooding on page 81 • Using the Simple Network Time Protocol on page 82 Overview Using ExtremeWare, you can manage the switch using the following methods: • Access the CLI by connecting a terminal (or workstation
Managing the Switch Using the Console Interface The CLI built into the switch is accessible by way of the 9-pin, RS-232 port labeled console, located on the front of the Summit 200 series switch. Once the connection is established, you will see the switch prompt and you can log in. Using Telnet Any workstation with a Telnet facility should be able to communicate with the switch over a TCP/IP network. Up to eight active Telnet sessions can access the switch concurrently.
Using Telnet You can enable BOOTP on a per-VLAN basis by using the following command: enable bootp vlan [ | all] By default, BOOTP is enabled on the default VLAN. If you configure the switch to use BOOTP, the switch IP address is not retained through a power cycle, even if the configuration has been saved. To retain the IP address through a power cycle, you must configure the IP address of the VLAN using the command-line interface, Telnet, or Web interface.
Managing the Switch 4 At the password prompt, enter the password and press [Return]. When you have successfully logged in to the switch, the command-line prompt displays the name of the switch in its prompt. 5 Assign an IP address and subnetwork mask for the default VLAN by using the following command: config vlan ipaddress {} For example: config vlan default ipaddress 123.45.67.8 255.255.255.0 Your changes take effect immediately.
Using Secure Shell 2 (SSH2) Controlling Telnet Access By default, Telnet services are enabled on the switch. To display the status of Telnet, use the following command: show management You can choose to disable Telnet by using the following command: disable telnet To re-enable Telnet on the switch, at the console port use the following: enable telnet You must be logged in as an administrator to enable or disable Telnet.
Managing the Switch You can specify a TCP port number to be used for SSH2 communication. By default the TCP port number is 22. The supported cipher is 3DES-CBC. The supported key exchange is DSA. For additional information on the SSH protocol refer to [FIPS-186] Federal Information Processing Standards Publication (FIPSPUB) 186, Digital Signature Standard, 18 May 1994. This can be downloaded from: ftp://ftp.cs.hut.fi/pub/ssh. General technical information is also available from http://www.ssh.fi.
Using SNMP switch for the trap receiver to receive switch-generated traps. SNMP community strings can contain up to 127 characters. • System contact (optional)—The system contact is a text field that enables you to enter the name of the person(s) responsible for managing the switch. • System name—The system name is the name that you have assigned to this switch. The default name is the model name of the switch (for example, Summit1 switch).
Managing the Switch Table 18: SNMP Configuration Commands (continued) Command Description unconfig management Restores default values to all SNMP-related entries.
Authenticating Users Per-Command Authentication Using RADIUS The RADIUS implementation can be used to perform per-command authentication. Per-command authentication allows you to define several levels of user capabilities by controlling the permitted command sets based on the RADIUS username and password. You do not need to configure any additional switch parameters to take advantage of this capability.
Managing the Switch Table 19: RADIUS Commands (continued) Command Description config radius-accounting [primary | secondary] server [ | ] {} client-ip Configures the RADIUS accounting server. Specify the following: • [primary | secondary] — Configure either the primary or secondary RADIUS server. • [ | ] — The IP address or hostname of the server being configured. • — The UDP port to use to contact the RADIUS server.
Authenticating Users RADIUS Server Configuration Example (Merit) Many implementations of RADIUS server use the publicly available Merit© AAA server application, available on the World Wide Web at: http://www.merit.edu/aaa Included below are excerpts from relevant portions of a sample Merit RADIUS server implementation. The example shows excerpts from the client and user configuration files. The client configuration file (ClientCfg.txt) defines the authorized source machine, source name, and access level.
Managing the Switch Within the users configuration file, additional keywords are available for Profile-Name and Extreme-CLI-Authorization. To use per-command authentication, enable the CLI authorization function and indicate a profile name for that user. If authorization is enabled without specifying a valid profile, the user is unable to perform any commands. Next, define the desired profiles in an ASCII configuration file called profiles.
Authenticating Users Contents of the file “profiles”: PROFILE1 deny { enable *, disable ipforwarding show switch } PROFILE2 { enable *, clear counters show management } PROFILE3 deny { create vlan *, configure iproute *, disable *, show fdb delete *, configure rip add } Configuring TACACS+ Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS client.
Managing the Switch Table 20: TACACS+ Commands Command Description config tacacs [primary | secondary] server [ | ] {} client-ip Configure the server information for a TACACS+ server. Specify the following: • primary | secondary — Specifies primary or secondary server configuration. To remove a server, use the address 0.0.0.0. • | — Specifies the TACACS+ server. • — Optionally specifies the UDP port to be used.
Network Login Network Login Network login is a feature designed to control the admission of user packets into a network by giving addresses only to users that are properly authenticated. Network login is controlled by an administrator on a per port, per VLAN basis. When network login is enabled on a port in a VLAN, that port does not forward any packets until authentication takes place.
Managing the Switch it has to go to some other DHCP server in the network to obtain a permanent address, as is normally done. DHCP is not required for 802.1x, because 802.1x use only Layer 2 frames (EAPOL). URL redirection (applicable to web-based mode only) is a mechanism to redirect any HTTP request to the base URL of the authenticator when the port is in unauthenticated mode. In other words when user is trying to login to the network using the browser, it is first redirected to the Network Login page.
Network Login • Supplicants cannot be re-authenticated transparently. Can not be re-authenticated from the authenticator side. • Does not support more secure methods of authentication Authentication Methods The authentication methods supported are a matter between the supplicant (client) and the authentication server.
Managing the Switch Table 21: VSA Definitions for Web-based Network Login VSA Attribute Value Type Sent-in Description Extreme-Netlogin-VLAN 203 String Access-Accept Name of destination VLAN (must already exist on switch) after successful authentication. Extreme-Netlogin-URL 204 String Access-Accept Destination web page after successful authentication. Extreme-Netlogin-URLDesc 205 String Access-Accept Text description of network login URL attribute.
Network Login Again, any client with a web browser can interoperate using web-based authentication. Authentication Server Side The RADIUS server used for authentication has to be EAP-capable. Consider the following when choosing a RADIUS server: • The types of authentication methods supported on RADIUS, as mentioned above. • Need to support Vendor Specific Attributes (VSA).
Managing the Switch • A network login VLAN port should be an untagged Ethernet port and should not be a part of following protocols: — ESRP — STP • Rate-limiting is not supported on network login ports (both web-based and 802.1x). • AP-NAK cannot be used to negotiate 802.1x authentication types. • Network login is only supported on the local ports of a stack master switch. In stack configurations, the master cannot pass authentication down to slave switches.
Network Login configure configure configure configure configure vlan vlan vlan vlan vlan "corp" "corp" "corp" "corp" "corp" add add add add add port port port port port 10 11 12 13 14 untagged untagged untagged untagged untagged # Network Login Configuration configure vlan temp dhcp-address-range 198.162.32.20 - 198.162.32.80 configure vlan temp dhcp-options default-gateway 198.162.32.1 configure vlan temp dhcp-options dns-server 10.0.1.1 configure vlan temp dhcp-options wins-server 10.0.1.
Managing the Switch using a number for the adapter following the ipconfig command. You can find the adapter number using the command ipconfig/all. At this point, the client will have its temporary IP address. In this example, the client should have obtained the an IP address in the range 198.162.32.20 - 198.162.32.80. NOTE The idea of explicit release/renew is required to bring the network login client machine in the same subnet as the connected VLAN.
Network Login NOTE Because network login is sensitive to state changes during the authentication process, Extreme Networks recommends that you do not log out until the login process is complete. The login process is complete when you receive a permanent address. DHCP Server on the Switch A DHCP server with limited configuration capabilities is included in the switch to provide IP addresses to clients.
Managing the Switch Where is the DNS name of the switch. For example, configure netlogin base-url network-access.net makes the switch send DNS responses back to the netlogin clients when a DNS query is made for network-access.net. To configure the network login redirect page, use the following command: configure netlogin redirect-page Where defines the redirection information for the users once logged in.
Using EAPOL Flooding Table 23: Network Login Configuration Commands (continued) Command Description disable netlogin ports vlan Disables network login on a specified port in a VLAN. enable netlogin session-refresh Changes the refresh rate of the session. Specify the rate in minutes from 1 to 255. The default is 3 minutes. enable dhcp ports vlan Enables DHCP on a specified port in a VLAN.
Managing the Switch authenticating server. The encapsulating mechanism used for communication between the supplicant and the authenticator is referred to as EAP Over LANs, or EAPOL. By default (per IEEE 802.1D), Summit 200 series switches do not forward EAPOL frames. Also, if network login is enabled, EAPOL flooding cannot be enabled.
Using the Simple Network Time Protocol for switches using SNTP to query the SNTP server(s) directly. A combination of both methods is possible. You must identify the method that should be used for the switch being configured. 2 Configure the Greenwich Mean Time (GMT) offset and Daylight Savings Time preference. The command syntax to configure GMT offset and usage of Daylight Savings is as follows: config timezone {autodst | noautodst} The GMT_OFFSET is in +/- minutes from the GMT time.
Managing the Switch Table 25: Greenwich Mean Time Offsets (continued) GMT Offset in Hours GMT Offset Common Time Zone in Minutes References -2:00 -120 -3:00 -180 -4:00 -240 AST—Atlantic Standard Caracas; La Paz -5:00 -300 EST—Eastern Standard Bogota, Columbia; Lima, Peru; New York, NY, Trevor City, MI USA -6:00 -360 CST—Central Standard Mexico City, Mexico -7:00 -420 MST—Mountain Standard Saskatchewan, Canada -8:00 -480 PST—Pacific Standard Los Angeles, CA, Cupertino, CA, Seattle,
Using the Simple Network Time Protocol Table 25: Greenwich Mean Time Offsets (continued) GMT Offset in Hours GMT Offset Common Time Zone in Minutes References +11:00 +660 +12:00 +720 Cities IDLE—International Date Line East Wellington, New Zealand; Fiji, Marshall Islands NZST—New Zealand Standard NZT—New Zealand SNTP Configuration Commands Table 26 describes SNTP configuration commands.
Managing the Switch 86 Summit 200 Series Switch Installation and User Guide
6 Configuring Ports on a Switch This chapter describes the following topics: • Enabling and Disabling Switch Ports on page 87 • Load Sharing on the Switch on page 91 • Switch Port-Mirroring on page 94 • Setting Up a Redundant Gigabit Uplink Port on page 95 • Extreme Discovery Protocol on page 95 For information about configuring ports on a stack of switches, see “Configuring Ports and VLANS on Stacks” on page 240. Enabling and Disabling Switch Ports By default, all ports are enabled.
Configuring Ports on a Switch disable ports 7:* For information about ports and port addressing in stacked configurations, see “Introducing Stacking” on page 237. Configuring Switch Port Speed and Duplex Setting By default, the switch is configured to use autonegotiation to determine the port speed and duplex setting for each port. You can manually configure the duplex setting and the speed of 10/100 Mbps ports. 10BASE-T and 100BASE-TX ports can connect to either 10BASE-T or 100BASE-T networks.
Enabling and Disabling Switch Ports Under certain conditions, you might opt to turn autopolarity off on one or more 10BASE-T and 100BASE-TX ports. The following example turns autopolarity off for ports 3-5 on a Summit 200 series switch: config ports 3-5 auto-polarity off NOTE If you attempt to invoke this command on a Gigabit Ethernet switch port, the system displays a message indicating that the specified port is not supported by this feature.
Configuring Ports on a Switch Table 27: Switch Port Commands (continued) Command Description config ports auto-polarity Disables or enables the autopolarity detection feature for one or more Ethernet ports. Specify the following: • all—Specifies that the feature is either disabled or enabled for all of the Ethernet ports on the switch.
Load Sharing on the Switch Table 27: Switch Port Commands (continued) Command Description show ports {} info [detail] Displays system-related information for an individual switch. The optional keyword, detail, provides more in-depth information. show ports vlan [stacking] info [detail] Displays system-related information for a port on a stack or all ports in a VLAN.
Configuring Ports on a Switch ports as a single logical port. For example, VLANs see the load-sharing group as a single logical port. Most load-sharing algorithms guarantee packet sequencing between clients. If a port in a load-sharing group fails, traffic is redistributed to the remaining ports in the load-sharing group. If the failed port becomes active again, traffic is redistributed to include that port. NOTE Load sharing must be enabled on both ends of the link or a network loop may result.
Load Sharing on the Switch mac_source Indicates that the switch should examine the MAC source address. mac_destination Indicates that the switch should examine the MAC destination address. mac_source_destination Indicates that the switch should examine the MAC source and destination address. ip_source Indicates that the switch should examine the IP source address. ip_source_destination Indicates that the switch should examine the IP source address and destination address.
Configuring Ports on a Switch enable sharing 9 grouping 9-12 In this example, logical port 9 represents physical ports 9 through 12. When using load sharing, you should always reference the master logical port of the load-sharing group (port 9 in the previous example) when configuring or viewing VLANs. VLANs configured to use other ports in the load-sharing group will have those ports deleted from the VLAN when load sharing becomes enabled. NOTE Do not disable a port that is part of a load-sharing group.
Setting Up a Redundant Gigabit Uplink Port On a stacked configuration, the monitored port, VLAN, or virtual port that is being monitored, must be located on the same Summit 200-24 or Summit 200-48 switch that has the mirror port. Port-Mirroring Commands Switch port-mirroring commands are described in Table 28. Table 28: Switch Port-Mirroring Configuration Commands Command Description config mirroring add ports Adds a single mirroring filter definition.
Configuring Ports on a Switch • Switch port number. EDP is supported across all switches in a stacked configuration. EDP Commands Table 29 lists EDP commands. Table 29: EDP Commands Command Description disable edp ports Disables the EDP on one or more ports. enable edp ports Enables the generation and processing of EDP messages on one or more ports. The default setting is enabled. show edp Displays EDP information.
7 Virtual LANs (VLANs) This chapter describes the following topics: • Overview of Virtual LANs on page 97 • Types of VLANs on page 98 • VLAN Names on page 102 • Configuring VLANs on the Switch on page 103 • Displaying VLAN Settings on page 104 • MAC-Based VLANs on page 105 Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations.
Virtual LANs (VLANs) Types of VLANs VLANs can be created according to the following criteria: • Physical port • 802.1Q tag • MAC address • A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch. A port can be a member of only one port-based VLAN. The Summit 200 series switch supports L2 port-based VLANs.
Types of VLANs Figure 12: Single port-based VLAN spanning two switches System 1 1 2 3 4 A B 5 6 7 8 Sales 1 2 3 4 LC24005 To create multiple VLANs that span two switches in a port-based VLAN, a port on system 1 must be cabled to a port on system 2 for each VLAN you want to have span across the switches. At least one port on each switch must be a member of the corresponding VLANs, as well. Figure 13 illustrates two VLANs spanning two switches.
Virtual LANs (VLANs) VLAN Accounting spans system 1 and system 2 by way of a connection between system 1, port 26 and system 2, slot 1, port 6. VLAN Engineering spans system 1 and system 2 by way of a connection between system 1, port 25, and system 2, slot 8, port 6. Using this configuration, you can create multiple VLANs that span multiple switches, in a daisy-chained fashion. Each switch must have a dedicated port for each VLAN.
Types of VLANs Figure 14 illustrates the physical view of a network that uses tagged and untagged traffic. Figure 14: Physical diagram of tagged and untagged traffic System 1 S M 1 2 3 4 A B S 5 6 7 8 50015 802.1Q Tagged server M M 1 M = Marketing S = Sales = Tagged port Marketing & Sales M S 2 S 3 S S 4 System 2 LC24007 Figure 15 is a logical diagram of the same network.
Virtual LANs (VLANs) • The server connected to port 16 on system 1 is a member of both VLAN Marketing and VLAN Sales. • All other stations use untagged traffic. As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged. Traffic coming from and going to the trunk ports is tagged. The traffic that comes from and goes to the other stations on this network is not tagged.
Configuring VLANs on the Switch Renaming a VLAN To rename an existing VLAN, use the following command: config vlan name The following rules apply to renaming VLANs: • Once you change the name of the default VLAN, it cannot be changed back to default. • You cannot create a new VLAN named default. • You cannot change the VLAN name MacVlanDiscover. Although the switch accepts a name change, once it is rebooted, the original name is recreated.
Virtual LANs (VLANs) Table 30: VLAN Configuration Commands (continued) Command Description config vlan name Renames a previously configured VLAN. create vlan Creates a named VLAN. delete vlan Removes a VLAN. unconfig ports monitor vlan Removes port-based VLAN monitoring. unconfig vlan ipaddress Resets the IP address of the VLAN.
MAC-Based VLANs MAC-Based VLANs MAC-Based VLANs allow physical ports to be mapped to a VLAN based on the source MAC address learned in the FDB. This feature allows you to designate a set of ports that have their VLAN membership dynamically determined by the MAC address of the end station that plugs into the physical port. You can configure the source MAC address-to-VLAN mapping either offline or dynamically on the switch.
Virtual LANs (VLANs) MAC-Based VLAN Limitations The following list contains the limitations of MAC-based VLANs: • Ports participating in MAC VLANs must first be removed from any static VLANs. • The MAC-to-VLAN mapping can only be associated with VLANs that exist on the switch. • A MAC address cannot be configured to associate with more than 1 VLAN. If this is attempted, the MAC address is associated with the most recent VLAN entry in the MAC-to-VLAN database.
MAC-Based VLANs Example In relation to MAC-based VLANs, the downloaded file is an ASCII file that consists of CLI commands used to configure the most recent MAC-to-VLAN database. This feature is different from the normal download configuration command in that it allows incremental configuration without the automatic rebooting of the switch. The following example shows an incremental configuration file for MAC-based VLAN information that updates the database and saves changes: config config config . . .
Virtual LANs (VLANs) 108 Summit 200 Series Switch Installation and User Guide
8 Forwarding Database (FDB) This chapter describes the following topics: • Overview of the FDB on page 109 • Configuring FDB Entries on page 111 • Displaying FDB Entries on page 112 Overview of the FDB The switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered.
Forwarding Database (FDB) interface are stored as permanent. The Summit 200 series switches support a maximum of 64 permanent entries. Once created, permanent entries stay the same as when they were created. For example, the permanent entry store is not updated when any of the following take place: — A VLAN is deleted. — A VLAN identifier (VLANid) is changed. — A port mode is changed (tagged/untagged). — A port is deleted from a VLAN. — A port is disabled. — A port enters blocking state.
Configuring FDB Entries Configuring FDB Entries To configure entries in the FDB, use the commands listed in Table 31. Table 31: FDB Configuration Commands Command Description clear fdb [{ | vlan | ports }] Clears dynamic FDB entries that match the filter. When no options are specified, the command clears all FDB entries. config fdb agingtime Configures the FDB aging time. The range is 15 through 1,000,000 seconds. The default value is 300 seconds.
Forwarding Database (FDB) create fdbentry 00:E0:2B:12:34:56 vlan marketing port 4 The permanent entry has the following characteristics: • MAC address is 00:E0:2B:12:34:56. • VLAN name is marketing. • Port number for this device is 4. This example associates the QoS profile qp2 with a dynamic entry that will be learned by the FDB: create fdbentry 00:A0:23:12:34:56 vlan net34 dynamic qosprofile qp2 This entry has the following characteristics: • MAC address is 00A023123456. • VLAN name is net34.
Displaying FDB Entries slot Displays a slot on a stacked set of switches. Slot 1 specifies the master switch, slots 2 through 8 specify member switches. To display all the FDB entries on the entire stack, use the following command: show fdb { | vlan | ports | permanent} where: mac_address Displays the entry for a particular MAC address. vlan Displays the entries for a VLAN. ports Displays the entries for a slot and port combination.
Forwarding Database (FDB) 114 Summit 200 Series Switch Installation and User Guide
9 Access Policies This chapter describes the following topics: • Overview of Access Policies on page 115 • Using Access Control Lists on page 116 • Using Routing Access Policies on page 128 • Making Changes to a Routing Access Policy on page 132 • Removing a Routing Access Policy on page 132 • Routing Access Policy Commands on page 133 Overview of Access Policies Access policies are a generalized category of features that impact forwarding and route forwarding decisions.
Access Policies Routing Access Policies Routing access policies are used to control the advertisement or recognition of routing protocols, such as RIP or OSPF. Routing access policies can be used to ‘hide’ entire networks, or to trust only specific sources for routes or ranges of routes. The capabilities of routing access policies are specific to the type of routing protocol involved, but are sometimes more efficient and easier to implement than access lists.
Using Access Control Lists For packets that match a particular access control list, you can specify the following actions: • Drop—Drop the packets. Matching packets are not forwarded. • Permit-established—Drop the packet if it would initiate a new TCP session (see, “The permit-established Keyword” on page 118). • Permit—Forward the packet. You can send the packet to a particular QoS profile, and modify the packet’s 802.1p value and/or DiffServe code point.
Access Policies How Access Control Lists Work When a packet arrives on an ingress port, the fields of the packet corresponding to an access mask are compared with the values specified by the associated access lists to determine a match. It is possible that a packet will match more than one access control list. If the resulting actions of all the matches do not conflict, they will all be carried out. If there is a conflict, the actions of the access list using the higher precedence access mask are applied.
Using Access Control Lists NOTE For an example of using the permit-established keyword, refer to “Using the Permit-Established Keyword” on page 124. The permit-established keyword denies the access control list. Having a permit-established access control list blocks all traffic that matches the TCP source/destination, and has the SYN=1 and ACK=0 flags set. Adding Access Mask, Access List, and Rate Limit Entries Entries can be added to the access masks, access lists, and rate limits.
Access Policies Deleting Access Mask, Access List, and Rate Limit Entries Entries can be deleted from access masks, access lists, and rate limits. An access mask entry cannot be deleted until all the access lists and rate limits that reference it are also deleted.
Using Access Control Lists Table 32: Access Control List Configuration Commands Command Description create access-list access-mask {dest-mac } {source-mac } {vlan } {ethertype [IP | ARP | ]} {tos | code-point } {ipprotocol [tcp|udp|icmp|igmp|]} {dest-ip /} {dest-L4port } {source-ip /} {source-L4port | {icmp-type } {icmp-code
Access Policies Table 32: Access Control List Configuration Commands (continued) Command Description create access-mask {dest-mac} {source-mac} {vlan} {ethertype} {tos | code-point} {ipprotocol} {dest-ip /} {dest-L4port} {source-ip /} {source-L4port | {icmp-type} {icmp-code}} {permit-established} {egressport} {ports} {precedence } Creates an access mask. The mask specifies which packet fields to examine.
Using Access Control Lists Table 32: Access Control List Configuration Commands (continued) Command Description create rate-limit access-mask {dest-mac } {source-mac } {vlan } {ethertype [IP | ARP | ]} {tos | code-point } {ipprotocol [tcp|udp|icmp|igmp|]} {dest-ip /} {dest-L4port } {source-ip /} {source-L4port | {icmp-type
Access Policies Table 32: Access Control List Configuration Commands (continued) Command Description delete access-list Deletes an access list. delete access-mask Deletes an access mask. Any access lists or rate limits that reference this mask must first be deleted. delete rate-limit Deletes a rate limit. show access-list { | ports } Displays access-list information. show access-mask {} Displays access-list information.
Using Access Control Lists Step 1—Deny IP Traffic. First, create an access-mask that examines the IP protocol field for each packet. Then create two access-lists, one that blocks all TCP, one that blocks UDP. Although ICMP is used in conjunction with IP, it is technically not an IP data packet. Thus, ICMP data traffic, such as ping traffic, is not affected.
Access Policies Figure 18: Access list allows TCP traffic TCP UDP ICMP 10.10.10.100 10.10.20.100 EW_035 Step 3 - Permit-Established Access List. When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN, SYN/ACK, and ACK packets. Figure 19 shows an illustration of the handshake that occurs when host A initiates a TCP session to host B. After this sequence, actual data can be passed.
Using Access Control Lists Figure 20: Permit-established access list filters out SYN packet to destination SYN SYN 10.10.10.100 10.10.20.100 EW_037 Example 2: Filter ICMP Packets This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo packets are defined as type 8 code 0.
Access Policies Using Routing Access Policies To use routing access policies, you must perform the following steps: 1 Create an access profile. 2 Configure the access profile to be of type permit, deny, or none. 3 Add entries to the access profile. Entries are IP addresses and subnet masks 4 Apply the access profile. Creating an Access Profile The first thing to do when using routing access policies is to create an access profile.
Using Routing Access Policies Specifying Subnet Masks The subnet mask specified in the access profile command is interpreted as a reverse mask. A reverse mask indicates the bits that are significant in the IP address. In other words, a reverse mask specifies the part of the address that must match the IP address to which the profile is applied. If you configure an IP address that is an exact match that is specifically denied or permitted, use a mask of /32 (for example, 141.251.24.28/32).
Access Policies • Export Filter—Use an access profile to determine which RIP routes are advertised into a particular VLAN, using the following command: config rip vlan [ | all] export-filter [ | none] Examples In the example shown in Figure 22, a switch is configured with two VLANs, Engsvrs and Backbone. The RIP protocol is used to communicate with other routers on the network.
Using Routing Access Policies In addition, if the administrator wants to restrict any user belonging to the VLAN Engsvrs from reaching the VLAN Sales (IP address 10.2.1.0/24), the additional access policy commands to build the access policy would be: create config config config access-profile nosales ipaddress access-profile nosales mode deny access-profile nosales add 10.2.1.0/24 rip vlan backbone import-filter nosales This configuration results in the switch having no route back to the VLAN Sales.
Access Policies Figure 23: OSPF access policy example Internet Switch being configured 10.0.0.10 / 24 Backbone (OSPF) area 0.0.0.0 10.0.0.11 / 24 10.1.1.1 / 24 Engsvrs area 0.0.0.1 10.0.0.12 / 24 10.2.1.1 / 24 Sales area 0.0.0.2 LC24012 To configure the switch labeled Internet, the commands would be as follows: create config config config access-profile okinternet ipaddress access-profile okinternet mode permit access-profile okinternet add 192.1.1.
Routing Access Policy Commands Routing Access Policy Commands Table 33 describes the commands used to configure routing access policies. Table 33: Routing Access Policy Configuration Commands Command Description config access-profile add {} {permit | deny} [ipaddress {exact}] Adds an entry to the access profile. The explicit sequence number, and permit or deny attribute should be specified if the access profile mode is none.
Access Policies Table 33: Routing Access Policy Configuration Commands (continued) Command Description config ospf direct-filter [ | none] Configures the router to use the access policy to limit the routes that are advertised into OSPF for the switch as a whole for switches configured to support direct route re-distribution into OSPF. config rip vlan [ | all ] export-filter [ | none] Configures RIP to suppress certain routes when performing route advertisements.
10 Network Address Translation (NAT) This chapter covers the following topics: • Overview on page 135 • Internet IP Addressing on page 136 • Configuring VLANs for NAT on page 136 • Configuring NAT on page 138 • Configuring NAT Rules on page 138 • Creating NAT Rules on page 139 • Displaying NAT Settings on page 141 • Disabling NAT on page 142 Overview NAT is a feature that allows one set of IP addresses, typically private IP addresses, to be converted to another set of IP addresses, typically public Intern
Network Address Translation (NAT) You can configure NAT to conserve IP address space by mapping a large number of inside (private) addresses to a much smaller number of outside (public) addresses. In implementing NAT, you must configure at least two separate VLANs involved. One VLAN is configured as inside, and corresponds to the private IP addresses you would like to translate into other IP addresses.
Configuring VLANs for NAT When a VLAN is configured to be outside, it routes all traffic destined for inside VLANs. Because the routed traffic runs through the CPU, it cannot run at line-rate. When a VLAN is configured to be none, all NAT functions are disabled and the VLAN operates normally. NAT Modes There are four different modes used to determine how the outside IP addresses and Layer 4 ports are assigned.
Network Address Translation (NAT) Because of the large number of simultaneous requests that can be made from a web browser, it is not recommended that this mode be used when a large number of inside hosts are being translated to a small number of outside IP addresses. ICMP traffic is not translated in this mode. You must add a dynamic NAT rule for the same IP address range to allow for ICMP traffic. Configuring NAT The behavior of NAT is determined by the rules you create to translate the IP addresses.
Creating NAT Rules Creating NAT Rules This section describes how to configure the various types of NAT (static, dynamic, portmap, and auto-constrain). In the examples in this section, advanced port and destination matching options have been removed. For information on how to use some of the more advanced rule matching features, refer to “Advanced Rule Matching” on page 140.
Network Address Translation (NAT) Creating Auto-Constrain NAT Rules To create auto-constrain NAT rules, use the following command: config nat [add | delete] vlan map source [any | [/ | ]] to [/ | | - ] {[tcp | udp | both] auto-constrain} This rule uses auto-constrain NAT. Remember that each inside IP address will be restricted in the number of simultaneous connections. Most installations should use portmap mode.
Displaying NAT Settings Configuring Timeouts When an inside host initiates a session, a session table entry is created. Depending on the type of traffic or the current TCP state, the table entries timeout after the configured timeout expires. Table 35 describes the commands used to configure timeout periods. Table 35: NAT Timeout Commands Command Description config nat finrst-timeout Configures the timeout for a TCP session that has been torn down or reset. The default setting is 60 seconds.
Network Address Translation (NAT) Disabling NAT To disable NAT, use the following command: disable nat 142 Summit 200 Series Switch Installation and User Guide
11 Ethernet Automatic Protection Switching This chapter describes the use of the Ethernet Automatic Protection Switching (EAPS™) protocol, and includes information on the following topics: • Overview of the EAPS Protocol on page 143 • Summit 200 Series Switches in Multi-ring Topologies on page 147 • Commands for Configuring and Monitoring EAPS on page 148 Overview of the EAPS Protocol The EAPS protocol provides fast protection switching to Layer 2 switches interconnected in an Ethernet ring topology, such
Ethernet Automatic Protection Switching EAPS protection switching is similar to what can be achieved with the Spanning Tree Protocol (STP), but offers the advantage of converging in less than a second when a link in the ring breaks. NOTE In order to use EAPS, you must enable EDP on the switch. For more information on EDP, refer to Chapter 6. EAPS operates by declaring an EAPS domain on a single ring.
Overview of the EAPS Protocol Optimizing Interoperability You may either configure a Summit 200 series switch as the EAPS master or you may configure another switch from Extreme Networks as the EAPS master.
Ethernet Automatic Protection Switching Polling The master node (including a Summit stack operating as the master node) transmits a health-check packet on the control VLAN at a user-configurable interval (see Figure 26). If the ring is complete, the master node will receive the health-check packet on its secondary port (the control VLAN is not blocked on the secondary port). When the master node receives the health-check packet, it resets its fail-period timer and continues normal operation.
Summit 200 Series Switches in Multi-ring Topologies Summit 200 Series Switches in Multi-ring Topologies Figure 28 shows how a data VLAN could span two rings having two interconnecting switches in common. Figure 28: EAPS data VLAN spanning two rings.
Ethernet Automatic Protection Switching ring-connecting nodes. However, having EAPSv2 running on the node that interconnects the rings will prevent problems with super-loops without requiring STP. This configuration process is described in the EAPS chapter of the ExtremeWare Software User Guide, Version 7.1.0. Commands for Configuring and Monitoring EAPS Table 36 lists the ExtremeWare EAPS commands. Each command is described in detail in the sections that follow.
Commands for Configuring and Monitoring EAPS Creating and Deleting an EAPS Domain Each EAPS domain is identified by a unique domain name. NOTE Only a single EAPS domain per switch is supported by Summit 200 series switches. To create an EAPS domain, use the following command: create eaps The name parameter is a character string of up to 32 characters that identifies the EAPS domain to be created.
Ethernet Automatic Protection Switching Use the hellotime keyword and its associated seconds parameter to specify the amount of time the master node waits between transmissions of health-check packets on the control VLAN. seconds must be greater than 0 when you are configuring a master node. The default value is one second. NOTE Increasing the hellotime value keeps the processor from sending and processing too many health-check packets.
Commands for Configuring and Monitoring EAPS Configuring the EAPS Control VLAN You must configure one control VLAN for each EAPS domain. The control VLAN is used only to send and receive EAPS messages. NOTE A control VLAN cannot belong to more than one EAPS domain.
Ethernet Automatic Protection Switching To configure an EAPS protected VLAN, use the following command: config eaps add protect vlan NOTE As long as the ring is complete, the master node blocks the protected VLANs on its secondary port. The following command example adds the protected VLAN “orchid” to the EAPS domain “eaps_1.
Commands for Configuring and Monitoring EAPS NOTE The output displayed by this command depends on whether the node is a transit node or a master node. The display for a transit node contains information fields that are not shown for a master node. Also, some state values are different on a transit node than on a master node. The following example of the show eaps {} detail command displays detailed EAPS information for a transit node. Table 37 describes the fields and values in the display.
Ethernet Automatic Protection Switching Table 37: show eaps Display Fields Field Description EAPS Enabled: Current state of EAPS on this switch: • Yes—EAPS is enabled on the switch. • no—EAPS is not enabled. Number of EAPS instances: Number of EAPS domains created. There can only be one EAPS domain on this platform. EAPSD-Bridge links: The total number of EAPS bridge links in the system. The maximum count is 255. Each time a VLAN is added to EAPS, this count increments by 1.
Commands for Configuring and Monitoring EAPS Table 37: show eaps Display Fields (continued) Field Description Port status: • Unknown—This EAPS domain is not running, so the port status has not yet been determined. • Up—The port is up and is forwarding data. • Down—The port is down. • Blocked—The port is up, but data is blocked from being forwarded. Tag status: Tagged status of the control VLAN: • Tagged—The control VLAN has this port assigned to it, and the port is tagged in the VLAN.
Ethernet Automatic Protection Switching 156 Summit 200 Series Switch Installation and User Guide
12 Quality of Service (QoS) This chapter covers the following topics: • Overview of Policy-Based Quality of Service on page 157 • Applications and Types of QoS on page 158 • Configuring QoS for a Port or VLAN on page 159 • Traffic Groupings on page 159 — MAC-Based Traffic Groupings on page 160 — Explicit Class of Service (802.
Quality of Service (QoS) NOTE As with all Extreme switch products, QoS has no impact on switch performance. Using even the most complex traffic groupings has no cost in terms of switch performance. Applications and Types of QoS Different applications have different QoS requirements.
Configuring QoS for a Port or VLAN An exception to this may be created by some Java™ -based applications. In addition, Web-based applications are generally tolerant of latency, jitter, and some packet loss, however small packet-loss may have a large impact on perceived performance due to the nature of TCP. The relevant parameter for protecting browser applications is minimum bandwidth.
Quality of Service (QoS) Traffic groupings are separated into the following categories for discussion: • Access list based information (IP source/destination, TCP/UDP port information, and VLANid) • Destination MAC (MAC QoS groupings) • Explicit packet class of service information, such as 802.
Traffic Groupings create fdbentry vlan [blackhole | port | dynamic] qosprofile The MAC address options, defined below, are as follows: • Permanent • Dynamic • Blackhole Permanent MAC addresses Permanent MAC addresses can be assigned a QoS profile whenever traffic is destined to the MAC address. This can be done when you create a permanent FDB entry.
Quality of Service (QoS) An advantage of explicit packet marking is that the class of service information can be carried throughout the network infrastructure, without repeating what can be complex traffic grouping policies at each switch location. Another advantage is that end stations can perform their own packet marking on an application-specific basis. The Summit 200 series switch has the capability of observing and manipulating packet marking information with no performance penalty.
Traffic Groupings Table 41: 802.1p Priority Value-to-QoS Profile to Hardware Queue Default Mapping Priority Value QoS Profile Hardware Queue Priority Value 0 Qp1 1 1 Qp2 1 2 Qp3 2 3 Qp4 2 4 Qp5 3 5 Qp6 3 6 Qp7 4 7 Qp8 4 802.1p Commands Table 42 shows the command used to configure 802.1p priority. This is explained in more detail in the following paragraphs. Table 42: 802.1p Configuration Commands Command Description config vlan priority Configures the 802.
Quality of Service (QoS) Observing DiffServ code points as a traffic grouping mechanism for defining QoS policies and overwriting the Diffserv code point fields are supported in the Summit 200 series switch. Figure 30 shows the encapsulation of an IP packet header.
Traffic Groupings NOTE DiffServ examination requires one access mask while it is enabled. See “Maximum Entries” on page 119 for more information. Changing DiffServ Code point assignments in the QoS Profile The DiffServ code point has 64 possible values (26 = 64). By default, the values are grouped and assigned to the default QoS profiles listed in Table 44.
Quality of Service (QoS) In the following example, all the traffic from network 10.1.2.x is assigned the DiffServe code point 23 and the 802.1p value of 2: create access-mask SriIpMask source-ip/24 create access-list TenOneTwo access-mask SrcIpMask source-ip 10.1.2.
Verifying Configuration and Performance Verifying Configuration and Performance Once you have created QoS policies that manage the traffic through the switch, you can use the QoS monitor to determine whether the application performance meets your expectations. QoS Monitor The QoS monitor is a utility that monitors the incoming packets on a port or ports. The QoS monitor keeps track of the number of frames and the frames per second, sorted by 802.1p value, on each monitored port.
Quality of Service (QoS) • Priority • A list of all traffic groups to which the QoS profile is applied Additionally, QoS information can be displayed from the traffic grouping perspective by using one or more of the following commands: • show fdb permanent—Displays destination MAC entries and their QoS profiles. • show switch—Displays information including PACE enable/disable information. • show vlan—Displays the QoS profile assignments to the VLAN.
Dynamic Link Context System DLCS Guidelines Follow these guidelines when using DLCS: • Only one user is allowed on one workstation at a given time. • A user can be logged into many workstations simultaneously. • An IP-address can be learned on only one port in the network at a given time. • Multiple IP-addresses can be learned on the same port. • DLCS mapping is flushed when a user logs in or logs out, or when an end-station is shutdown.
Quality of Service (QoS) 170 Summit 200 Series Switch Installation and User Guide
13 Status Monitoring and Statistics This chapter describes the following topics: • Status Monitoring on page 171 • Port Statistics on page 173 • Port Errors on page 173 • Port Monitoring Display Keys on page 174 • Setting the System Recovery Level on page 175 • Logging on page 175 • RMON on page 179 Viewing statistics on a regular basis allows you to see how well your network is performing.
Status Monitoring and Statistics Table 46 describes commands that are used to monitor the status of the switch. Table 46: Status Monitoring Commands Command Description show diag Displays software diagnostics. show log {} Displays the current snapshot of the log. Specify the priority option to filter the log to display message with the selected priority or higher (more critical). Priorities include critical, emergency, alert, error, warning, notice, info, and debug.
Port Statistics Port Statistics ExtremeWare provides a facility for viewing port statistic information. The summary information lists values for the current counter against each port on each operational module in the system, and it is refreshed approximately every 2 seconds. Values are displayed to nine digits of accuracy.
Status Monitoring and Statistics • Transmit Collisions (TX Coll)—The total number of collisions seen by the port, regardless of whether a device connected to the port participated in any of the collisions. • Transmit Late Collisions (TX Late Coll)—The total number of collisions that have occurred after the port’s transmit window has expired.
Setting the System Recovery Level Table 47: Port Monitoring Display Keys (continued) Key(s) Description [Space] Cycles through the following screens: • Packets per second • Bytes per second • Percentage of bandwidth Available using the show port utilization command only.
Status Monitoring and Statistics Table 48: Fault Levels Assigned by the Switch Level Description Informational Actions and events that are consistent with expected behavior. Debug Information that is useful when performing detailed troubleshooting procedures. By default, log entries that are assigned a critical or warning level remain in the log after a switch reboot. Issuing a clear log command does not remove these static entries.
Logging that are logged into the switch on any port. To view the log on a member switch, Telnet through the StkMgmt VLAN. Real-Time Display In addition to viewing a snapshot of the log, you can configure the system to maintain a running real-time display of log messages on the console.
Status Monitoring and Statistics Logging Configuration Changes ExtremeWare allows you to record all configuration changes and their sources that are made using the CLI by way of Telnet or the local console. The changes are logged to the system log. Each log entry includes the user account name that performed the change and the source IP address of the client (if Telnet was used). Configuration logging applies only to commands that result in a configuration change.
RMON Table 50: Logging Commands (continued) Command Description config syslog delete { Deletes a syslog host address. • facility—The syslog facility level for local use (local0 - local7). • priority—Filters the log to display messages with the selected priority or higher (more critical). Priorities include critical, emergency, alert, error, warning, notice, info, and debug. If not specified, only critical priority messages and are sent to the syslog host.
Status Monitoring and Statistics • RMON probe—An intelligent, remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN. The probe transfers the information to a management workstation on request, or when a predefined threshold is crossed. • Management workstation—Communicates with the RMON probe and collects the statistics from it.
RMON Effective use of the Events group saves you time. Rather than having to watch real-time graphs for important occurrences, you can depend on the Event group for notification. Through the SNMP traps, events can trigger other actions, which provides a mechanism for an automated response to certain occurrences. Configuring RMON RMON requires one probe per LAN segment, and standalone RMON probes traditionally have been expensive.
Status Monitoring and Statistics 182 Summit 200 Series Switch Installation and User Guide
14 Spanning Tree Protocol (STP) This chapter describes the following topics: • Overview of the Spanning Tree Protocol on page 183 • Spanning Tree Domains on page 183 • STP Configurations on page 184 • Configuring STP on the Switch on page 186 • Displaying STP Settings on page 189 • Disabling and Resetting STP on page 189 Using the Spanning Tree Protocol (STP) functionality of the switch makes your network more fault tolerant.
Spanning Tree Protocol (STP) The key points to remember when configuring VLANs and STP are: • Each VLAN forms an independent broadcast domain • STP blocks paths to create a loop-free environment • When STP blocks a path, no data can be transmitted or received on the blocked port • Within any given STPD, all VLANs belonging to it use the same spanning tree • On a stacked configuration, a Spanning Tree for the network recognizes the stack as a single bridge. The stacking ports do not run STP.
STP Configurations • Marketing is defined on all switches (switch A, switch B, switch Y, switch Z, and switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of the default STPD, but not assigned to either STPD1 or STPD2.
Spanning Tree Protocol (STP) Figure 32: Tag-based STP configuration Marketing & Sales Marketing, Sales & Engineering Switch 3 Switch 1 Switch 2 Sales & Engineering LC24014 The tag-based network in Figure 32 has the following configuration: • Switch 1 contains VLAN Marketing and VLAN Sales. • Switch 2 contains VLAN Engineering and VLAN Sales. • Switch 3 contains VLAN Marketing, VLAN Engineering, and VLAN Sales.
Configuring STP on the Switch 3 Enable STP for one or more STP domains using the following command: enable stpd {} NOTE All VLANs belong to a STPD. If you do not want to run STP on a VLAN, you must add the VLAN to a STPD that is disabled. Once you have created the STPD, you can optionally configure STP parameters for the STPD. CAUTION You should not configure any STP parameters unless you have considerable knowledge and experience with STP.
Spanning Tree Protocol (STP) Table 52: STP Configuration Commands (continued) Command Description config stpd maxage Specifies the maximum age of a BPDU in this STPD. The range is 6 through 40. The default setting is 20 seconds. Note that the time must be greater than, or equal to 2 * (Hello Time + 1) and less than, or equal to 2 * (Forward Delay –1).
Displaying STP Settings STP Configuration Example The following Summit 200 series switch example creates and enables an STPD named Backbone_st. It assigns the Manufacturing VLAN to the STPD. It disables STP on ports 1 through 7 and port 12.
Spanning Tree Protocol (STP) 190 Summit 200 Series Switch Installation and User Guide
15 IP Unicast Routing This chapter describes the following topics: • Overview of IP Unicast Routing on page 191 • Proxy ARP on page 194 • Relative Route Priorities on page 195 • Configuring IP Unicast Routing on page 196 • IP Commands on page 197 • Routing Configuration Example on page 201 • Displaying Router Settings on page 202 • Resetting and Disabling Router Settings on page 203 • Configuring DHCP/BOOTP Relay on page 204 • UDP-Forwarding on page 205 This chapter assumes that you are already familiar wi
IP Unicast Routing Router Interfaces The routing software and hardware routes IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route between the VLANs. Both the VLAN switching and IP routing function occur within the switch. NOTE Each IP address and mask assigned to a VLAN must represent a unique IP subnet.
Overview of IP Unicast Routing Populating the Routing Table The switch maintains an IP routing table for both network routes and host routes. The table is populated from the following sources: • Dynamically, by way of routing protocol packets or by ICMP redirects exchanged with other routers.
IP Unicast Routing NOTE If you define multiple default routes, the route that has the lowest metric is used. If multiple default routes have the same lowest metric, the system picks one of the routes. You can also configure blackhole routes. Traffic to these destinations is silently dropped. IP Route Sharing IP route sharing allows multiple equal-cost routes to be used concurrently. IP route sharing can be used with static routes or with OSPF routes.
Relative Route Priorities ARP-Incapable Devices To configure the switch to respond to ARP Requests on behalf of devices that are incapable of doing so, you must configure the IP address and MAC address of the ARP-incapable device using the use the following command: config iparp add proxy {} {always} Once configured, the system responds to ARP Requests on behalf of the device as long as the following conditions are satisfied: • The valid IP ARP Request is received on a rout
IP Unicast Routing Table 54: Relative Route Priorities Route Origin Priority Direct 10 BlackHole 50 Static 1100 ICMP 1200 OSPFIntra 2200 OSPFInter 2300 RIP 2400 OSPFExtern1 3200 OSPFExtern2 3300 BOOTP 5000 To change the relative route priority, use the following command: config iproute priority [rip | bootp | icmp | static | ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2] Configuring IP Unicast Routing This section describes the commands associate
IP Commands Additional verification commands include: • show iparp—Displays the IP ARP table of the system. On a stacked set of switches, this command displays the statistics for the master switch and for the IP ARP table of member switches by redirecting the console output through the master switch. • show iparp stats—Displays the IP ARP statistics for member switches of a stack from the stack master.
IP Unicast Routing Table 55: Basic IP Commands (continued) Command Description disable bootp vlan [ | all] Disables the generation and processing of BOOTP packets. disable bootprelay Disables the forwarding of BOOTP requests. disable ipforwarding {vlan } Disables routing for one or all VLANs. disable ipforwarding broadcast {vlan } Disables routing of broadcasts to other networks. disable loopback-mode vlan [ | all] Disables loopback-mode on an interface.
IP Commands Table 56: Route Table Configuration Commands (continued) Command Description config iproute add default {} Adds a default gateway to the routing table. A default gateway must be located on a configured IP interface. If no metric is specified, the default metric of 1 is used. Use the unicast-only or multicast-only options to specify a particular traffic type. If not specified, both unicast and multicast traffic uses the default route.
IP Unicast Routing Table 57: ICMP Configuration Commands (continued) Command Description disable icmp parameter-problem {vlan } Disables the generation of ICMP messages for the parameter problem packet type. disable ip-option loose-source-route Disables the loose source route IP option. disable ip-option record-route Disables the record route IP option. disable ip-option record-timestamp Disables the record timestamp IP option.
Routing Configuration Example Table 57: ICMP Configuration Commands (continued) Command Description enable icmp useredirects Enables the modification of route table information when an ICMP redirect message is received. This option applies to the switch when it is not configured for routing. The default setting is disabled. enable ip-option loose-source-route Enables the loose source route IP option. enable ip-option record-route Enables the record route IP option.
IP Unicast Routing Figure 34: Unicast routing configuration example 192.207.35.1 192.207.36.1 192.207.35.0 Finance 2 192.207.36.0 Personnel 3 192.207.35.11 4 5 192.207.35.13 192.207.36.12 192.207.36.14 EW_090 In this configuration, all IP traffic from stations connected to ports 2 and 4 have access to the router by way of the VLAN Finance. Ports 3 and 5 reach the router by way of the VLAN Personnel.
Resetting and Disabling Router Settings Table 58: Router Show Commands Command Description show iparp { | permanent} Displays the IP Address Resolution Protocol (ARP) table. You can filter the display by IP address, VLAN, or permanent entries. show iparp proxy { {}} Displays the proxy ARP table. show ipconfig {vlan } Displays configuration information for one or all VLANs. show ipconfig {vlan } {detail} Displays IP configuration settings.
IP Unicast Routing Table 59: Router Reset and Disable Commands (continued) Command Description disable icmp time-exceeded {vlan } Disables the generation of ICMP time exceeded messages. If a VLAN is not specified, the command applies to all IP interfaces. disable icmp timestamp {vlan } Disables the generation of ICMP timestamp response messages. If a VLAN is not specified, the command applies to all IP interfaces.
UDP-Forwarding UDP-Forwarding UDP-forwarding is a flexible and generalized routing utility for handling the directed forwarding of broadcast UDP packets. UDP-forwarding allows applications, such as multiple DHCP relay services from differing sets of VLANs, to be directed to different DHCP servers. The following rules apply to UDP broadcast packets handled by this feature: • If the UDP profile includes BOOTP or DHCP, it is handled according to guidelines in RFC 1542.
IP Unicast Routing ICMP Packet Processing As ICMP packets are routed or generated, you can take various actions to control distribution. For ICMP packets typically generated or observed as part of the routing function, you can assert control on a per-type, per-VLAN basis. You would alter the default settings for security reasons: to restrict the success of tools that can be used to find an important application, host, or topology information.
16 Interior Gateway Routing Protocols This chapter describes the following topics: • Overview on page 207 • Overview of RIP on page 208 • Overview of OSPF on page 210 • Route Re-Distribution on page 215 • Configuring RIP on page 217 • RIP Configuration Example on page 219 • Displaying RIP Settings on page 220 • Resetting and Disabling RIP on page 220 • Configuring OSPF on page 220 • Displaying OSPF Settings on page 226 • Resetting and Disabling OSPF Settings on page 227 This chapter assumes that you are al
Interior Gateway Routing Protocols OSPF is a link-state protocol, based on the Dijkstra link-state algorithm. OSPF is a newer Interior Gateway Protocol (IGP), and solves a number of problems associated with using RIP on today’s complex networks. NOTE Both RIP and OSPF can be enabled on a single VLAN. RIP Versus OSPF The distinction between RIP and OSPF lies in the fundamental differences between distance-vector protocols and link-state protocols.
Overview of RIP Routing Table The routing table in a router using RIP contains an entry for every known destination network.
Interior Gateway Routing Protocols NOTE If you are using RIP with supernetting/Classless Inter-Domain Routing (CIDR), you must use RIPv2 only. In addition, RIP route aggregation must be turned off. Overview of OSPF OSPF is a link-state protocol that distributes routing information between routers belonging to a single IP domain, also known as an autonomous system (AS). In a link-state routing protocol, each router maintains a database describing the topology of the autonomous system.
Overview of OSPF Database Overflow The OSPF database overflow feature allows you to limit the size of the LSDB and to maintain a consistent LSDB across all the routers in the domain, which ensures that all routers have a consistent view of the network. Consistency is achieved by: • Limiting the number of external LSAs in the database of each router. • Ensuring that all routers have identical LSAs.
Interior Gateway Routing Protocols The three types of routers defined by OSPF are as follows: • Internal Router (IR)—An internal router has all of its interfaces within the same area. • Area Border Router (ABR)—An ABR has interfaces in multiple areas. It is responsible for exchanging summary advertisements with other ABRs. You can create a maximum of 7 non-zero areas. • Autonomous System Border Router (ASBR)—An ASBR acts as a gateway between OSPF and other routing protocols, or other autonomous systems.
Overview of OSPF The translate option determines whether type 7 LSAs are translated into type 5 LSAs. When configuring an OSPF area as an NSSA, the translate should only be used on NSSA border routers, where translation is to be enforced. If translate is not used on any NSSA border router in a NSSA, one of the ABRs for that NSSA is elected to perform translation (as indicated in the NSSA specification). The option should not be used on NSSA internal routers.
Interior Gateway Routing Protocols Figure 36: Virtual link providing redundancy Virtual link Area 2 ABR 1 Area 1 ABR 2 Area 0 Area 3 EW_017 Point-to-Point Support You can manually configure the OSPF link type for a VLAN. Table 62 describes the link types. Table 62: OSPF Link Types Link Type Number of Routers Description Auto Varies ExtremeWare automatically determines the OSPF link type based on the interface type. This is the default setting.
Route Re-Distribution Route Re-Distribution Both RIP and OSPF can be enabled simultaneously on the switch. Route re-distribution allows the switch to exchange routes, including static routes, between the two routing protocols. Figure 37 is an example of route re-distribution between an OSPF autonomous system and a RIP autonomous system. Figure 37: Route re-distribution OSPF AS Backbone Area 0.0.0.0 ABR Area 121.2.3.
Interior Gateway Routing Protocols Re-Distributing Routes into OSPF Enable or disable the exporting of RIP, static, and direct (interface) routes to OSPF using the following commands: enable ospf export [static | rip | direct] [cost [ase-type-1 | ase-type-2] {tag }] disable ospf export [static | rip | direct] These commands enable or disable the exporting of RIP, static, and direct routes by way of LSA to other OSPF routers as AS-external type 1 or type 2 routes.
Configuring RIP Configuring RIP Table 63 describes the commands used to configure RIP. Table 63: RIP Configuration Commands Command Description config rip add vlan [ | all] Configures RIP on an IP interface. When an IP interface is created, per-interface RIP configuration is disabled by default. config rip delete vlan [ | all] Disables RIP on an IP interface. When RIP is disabled on the interface, the parameters are not reset to their defaults.
Interior Gateway Routing Protocols Table 63: RIP Configuration Commands (continued) Command Description enable rip aggregation Enables aggregation of subnet information on interfaces configured to send RIP v2 or RIP v2-compatible traffic. The switch summarizes subnet routes to the nearest class network route. The following rules apply when using RIP aggregation: • Subnet routes are aggregated to the nearest class network route when crossing a class boundary.
RIP Configuration Example RIP Configuration Example Figure 38 illustrates a switch that has two VLANs defined as follows: • Finance, which contains ports 2 and 4 and has the IP address 192.207.35.1 • Personnel, which contains ports 3 and 5 and has the IP address 192.207.36.1 Figure 38: RIP configuration example 192.207.35.1 192.207.36.1 192.207.35.0 Finance 2 192.207.36.0 Personnel 3 192.207.35.11 4 5 192.207.35.13 192.207.36.12 192.207.36.
Interior Gateway Routing Protocols Displaying RIP Settings To display settings for RIP, use the commands listed in Table 64. Table 64: RIP Show Commands Command Description show rip {detail} Displays RIP configuration and statistics for all VLANs. show rip stat {detail} Displays RIP-specific statistics for all VLANs. show rip stat vlan Displays RIP-specific statistics for a VLAN. show rip vlan Displays RIP configuration and statistics for a VLAN.
Configuring OSPF Table 66 describes the commands used to configure OSPF. Table 66: OSPF Configuration Commands Command Description config ospf add vlan area link-type [auto | broadcast | point-to-point] {passive} Configures the OSPF link type. Specify one of the following: • auto—ExtremeWare automatically determines the OSPF link type based on the interface type. • broadcast—Broadcast link, such as Ethernet. Routers must elect a DR and a BDR during synchronization.
Interior Gateway Routing Protocols Table 66: OSPF Configuration Commands (continued) Command Description config ospf [vlan | area | virtual-link ] timer Configures the timers for one interface or all interfaces in the same OSPF area.
Configuring OSPF Table 66: OSPF Configuration Commands (continued) Command Description config ospf ase-summary delete Deletes an aggregated OSPF external route. config ospf delete virtual-link Removes a virtual link. config ospf delete vlan [ | all] Disables OSPF on one or all VLANs (router interfaces). config ospf direct-filter [ | none] Configures a route filter for direct routes.
Interior Gateway Routing Protocols Table 66: OSPF Configuration Commands (continued) Command Description config ospf vlan timer [] Configures the OSPF wait interval. Specify the following: • rxmtinterval—The length of time that the router waits before retransmitting an LSA that is not acknowledged. If you set an interval that is too short, unnecessary retransmissions will result. The default value is 5 seconds.
Configuring OSPF Table 66: OSPF Configuration Commands (continued) Command Description enable ospf export static [cost [ase-type-1 | ase-type-2] {tag }] Enables the distribution of static routes into the OSPF domain. Once enabled, the OSPF router is considered to be an ASBR. The default tag number is 0. The default setting is disabled.
Interior Gateway Routing Protocols Displaying OSPF Settings To display settings for OSPF, use the commands listed in Table 67. Table 67: OSPF Show Commands Command Description show ospf Displays global OSPF information. show ospf area {detail} Displays information about all OSPF areas. show ospf area Displays information about a particular OSPF area. show ospf ase-summary Displays the OSPF external route aggregation configuration.
Resetting and Disabling OSPF Settings Resetting and Disabling OSPF Settings To return OSPF settings to their defaults, use the commands listed in Table 68. Table 68: OSPF Reset and Disable Commands Command Description delete ospf area [ | all] Deletes an OSPF area. Once an OSPF area is removed, the associated OSPF area and OSPF interface information is removed. The backbone area cannot be deleted. A non-empty area cannot be deleted. disable ospf Disables OSPF process in the router.
Interior Gateway Routing Protocols 228 Summit 200 Series Switch Installation and User Guide
17 IP Multicast Routing and IGMP Snooping This chapter describes the following topics: • IP Multicast Routing Overview on page 229 • PIM Sparse Mode (PIM-SM) Overview on page 230 • Configuring PIM-SM on page 230 • IGMP Overview on page 233 • Configuring IGMP and IGMP Snooping on page 234 • Displaying IGMP Snooping Configuration Information on page 235 • Clearing, Disabling, and Resetting IGMP Functions on page 235 For more information on IP multicast groups and IGMP snooping, see the following publications
IP Multicast Routing and IGMP Snooping PIM Sparse Mode (PIM-SM) Overview Protocol independent Multicast-Sparse Mode (PIM-SM) routes multicast packets to multicast groups. The sparse mode protocol is designed for installations where the multicast groups are scattered over a large area such as a wide area network (WAN). PIM-SM is a router-to-router protocol, so all routers and switches must upgrade to the same PIM-SM version.
Configuring PIM-SM For example, the following command statically configures an RP and its associated groups defined in access profile rp-list: configure pim crp static 10.0.3.1 rp-list To configure the candidate RP advertising interval for PIM-SM timers, enter this command: configure pim timer vlan [] Specify the intervals in seconds. The hello interval specifies the amount of time before a hello message is sent out by the PIM router.
IP Multicast Routing and IGMP Snooping PIM-SM Commands Table 69 summaries the PIM-SM commands available on the Summit 200: Table 69: PIM-SM Commands Command Description configure pim {add | delete} {vlan} sparse {passive} Configures or unconfigures PIM-SM on an IP interface. Specify the following: • add—Configures PIM-SM on an IP interface. • delete—Configures PIM-SM on an IP interface. • vlan—Configures or unconfigures PIM-SM on all VLANs.
IGMP Overview Table 69: PIM-SM Commands (continued) Command Description configure pim timer vlan [] Configures the global PIM-SM timers. Specify the following: configure pim vlan [ | all] trusted-gateway [ | none] [enable | disable] ipmcforwarding { } • hello interval—The amount of time before a hello message is sent out by the PIM router. The valid range is from 1 to 65,519 seconds.
IP Multicast Routing and IGMP Snooping flooded to parts of the network that do not need it. The switch does not reduce any IP multicast traffic in the local multicast domain (224.0.0.x). If IGMP snooping is disabled, all IGMP and IP multicast traffic floods within a given VLAN. IGMP snooping expects at least one device in the network to generate periodic IGMP query messages. Without an IGMP querier, the switch stops forwarding IP multicast packets to any port.
Displaying IGMP Snooping Configuration Information Table 70: IGMP and IGMP Snooping Commands (continued) Command Description enable igmp {vlan } Enables IGMP on a router interface. If no VLAN is specified, IGMP is enabled on all router interfaces. The default setting is enabled. enable igmp snooping {forward-mcrouter-only} {with-proxy} Enables IGMP snooping on the switch.
IP Multicast Routing and IGMP Snooping Table 71: IGMP Disable and Reset Commands (continued) Command Description unconfig igmp Resets all IGMP settings to their default values and clears the IGMP group table.
18 Configuring Stacked Switches This chapter describes the following topics: • Introducing Stacking on page 237 • Configuring a Stack on page 238 • Recovering a Stack on page 242 • Changing a Stack Configuration on page 243 • Testing Images for a Stack on page 245 • Using the Console for Managing the Stack on page 246 Introducing Stacking Stacking allows users to physically connect eight individual Summit switches together as a single logical unit.
Configuring Stacked Switches “Stack Discovery” on page 239 for more information on configuring the master in the middle of the stack. The stacking ports are tagged ports. When the stack comes up, these ports become members of every VLAN in the stack to provide connectivity throughout the stack. The show commands related to stacking display the state of the stacking port (active or ready). Configuring a Stack This section describes the commands associated with setting up a stack.
Configuring a Stack Enabling a Stack Member After connecting to the switch through either the console port or through a Telnet session, enter the following command on each of the stack members: enable stacking slave ports The ports in the portlist must be Gigabit Ethernet ports (ports 49 and/or 50 on the S200-48 and ports 25 and/or 26 on the S200-24). After entering the enable stacking slave command, the switch reboots and comes back up using default information stored in NVRAM.
Configuring Stacked Switches Figure 40: Slot Assignments with the Master in the Middle of a Chain Port 25/49 Slot 4 Slot 3 Slot 2 Port 26/50 Slot 1 master Slot 5 Slot 6 ES2K003 To manually assign a slot number to a switch, you can map the MAC address of the switch to a specific slot number in the stack by entering the following command: configure stacking slave slot mac_address If a switch has a MAC address that is mapped to a slot, the master assigns the slot to that MAC address.
Configuring a Stack If you enter the traditional command of config vlan v1 add po * on the master you receive an error message. If stacking is unconfigured, port numbers resort back to their original format. Stacking increases the number of ports, so several commands now allow you to use VLAN-based port selection when working with stacks. When you use the optional keyword, stacking, the stacking ports are included in the selection.
Configuring Stacked Switches Recovering a Stack Whenever the stack is active, the stack master monitors the stack members for link state changes, such as a link changing from up to down. However, the master monitors the stacking links at all times for changes in stack topology. Examples of a change in stack topology are a switch being added, deleted, or a link being down that results in the lost of connectivity to a member switch.
Changing a Stack Configuration command is later issued on the stack master, all member switches in the stack must also be enabled for stacking. If the unconfigure stacking command is issued on the stack master when the stack is disabled, only the stack master is unconfigured. Use the show switch command to see information about the selected configuration on a member switch.
Configuring Stacked Switches Stack Configuration Commands Table 72 summarizes the commands used to configure a stack. Table 72: Stack Configuration Commands Command Description configure slot module Preconfigures a slot in the stack. This command allows users to copy switch configurations, similar to function on Alpine and Black Diamond. configure stacking add port Configures additional ports as stacking ports.
Testing Images for a Stack Table 72: Stack Configuration Commands (continued) Command Description reboot slot Reboots a specific slot in a stack. Valid entries are between 1 and 8. show stack Displays the local switch type on member switches. show stacking Displays the current state of stacking as well as ports configured as stacking ports on each switch in the stack. unconfigure slot Erases the configuration for a slot.
Configuring Stacked Switches Using the Console for Managing the Stack The console port on the stack master works the same as it does on an non-stacked switch. If the user has administrative privileges then they may make configuration changes to the master. The console on a member switch blocks all administrative commands while stacking is active, even when the user has administrative privileges.
19 Using ExtremeWare Vista on the Summit 200 This chapter describes the following topics: • ExtremeWare Vista Overview on page 247 • Accessing ExtremeWare Vista on page 248 • Navigating within ExtremeWare Vista on page 250 • Configuring the Summit 200 using ExtremeWare Vista on page 251 • Reviewing ExtremeWare Vista Statistical Reports on page 274 • Locating Support Information on page 289 • Logging Out of ExtremeWare Vista on page 293 ExtremeWare Vista Overview A standard device-management feature on the
Using ExtremeWare Vista on the Summit 200 • Check for newer versions of stored pages. Every visit to the page should be selected as a cache setting. If you are using Netscape Navigator, configure the cache option to check for changes “Every Time” you request a page. If you are using Microsoft Internet Explorer, configure the Temporary Internet Files setting to check for newer versions of stored pages by selecting “Every visit to the page.
Accessing ExtremeWare Vista Figure 41: Home Page for ExtremeWare Vista 2 Click Logon to open the Username and Password dialog box shown in Figure 42.
Using ExtremeWare Vista on the Summit 200 3 Type your username and password and click OK. The main page for the switch opens as shown in Figure 43. If you enter the username and password of an administrator-level account, you have access to all ExtremeWare Vista pages. If you enter a user-level account name and password, you only have access to the Statistics and Support information.
Configuring the Summit 200 using ExtremeWare Vista When you choose a submenu link in the task frame, the content frame populates with the corresponding data. However when you choose a new task, the content frame does not change until you choose a new a submenu link and repopulate the frame. Browser Controls Browser controls include drop-down list boxes, check boxes, and multiselect list boxes. A multiselect list box has a scrollbar on the right side of the box.
Using ExtremeWare Vista on the Summit 200 • RIP on page 263 • SNMP on page 266 • Spanning Tree on page 267 • Switch on page 271 • User Accounts on page 271 • Virtual LAN on page 272 Figure 44: Configuration Submenu Links IP Forwarding From this window, you can enable or disable the IP unicast forwarding across VLANs. For an example of this window, see Figure 45. In the top of the window is a table that shows each existing IP interface configuration.
Configuring the Summit 200 using ExtremeWare Vista • Configuring IP Unicast Routing on page 196 • Subnet-Directed Broadcast Forwarding on page 194 • IP Multicast Routing Overview on page 229 Figure 45: IP Interface Configuration License The License window allows you to enable the Advanced Edge license by submitting a valid license key purchased from Extreme Networks. See Figure 46 for an example of this window. For more information on levels of licensing, see “Software Licensing” on page 40.
Using ExtremeWare Vista on the Summit 200 Figure 46: License Window OSPF The OSPF configuration window allows you to perform a wide-range of OSPF configuration tasks.
Configuring the Summit 200 using ExtremeWare Vista • Enable or disable the exporting of RIP, static, and direct (interface) routes to OSPF. Be sure you disable exporting of static and RIP before setting other global OSPF parameters. • Enable or disable the exporting of static, direct, and OSPF-learned routes into a RIP domain. • Set the route type as external type 1 or external type 2. • Set the cost metric for all RIP-learned, static, and direct routes injected into OSPF.
Using ExtremeWare Vista on the Summit 200 Configure an Area Range This portion of the window allows you to configure a range of IP addresses in an OSPF area. The example in Figure 48 shows that six areas are defined: the backbone (0.0.0.0), and area IDs 1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, and 5.5.5.5. The Area Range Configuration box shows non-default values for the areas. The Add Area Ranges allow you to add a range to an area, set a netmask, or to specify advertising.
Configuring the Summit 200 using ExtremeWare Vista Figure 49: OSPF Area Configuration For more information on area types, see “Areas” on page 211.
Using ExtremeWare Vista on the Summit 200 Transit delay—From 1 to 3600 seconds Hello interval—From 1 to 65535 seconds Router dead time—From 1 to 2147483647 seconds Retransmit interval—From 1 to 3600 seconds The three boxes that follow the table allow you to change the values of the interfaces in that table. Figure 50: IP Interface Configuration for OSPF The first box allows you to associate VLANs with areas by selecting a VLAN name and an area ID.
Configuring the Summit 200 using ExtremeWare Vista Figure 51: Miscellaneous Parameters and Timers Use the next three sets of boxes, shown in Figure 52, to configure virtual links. When non-default values are configured for a router ID or an area ID, the top table displays those values. In the following box you can configure the timers for the virtual link (transit delay, hello interval, router dead time, and retransmit interval). For further information on virtual links, see“Virtual Links” on page 213.
Using ExtremeWare Vista on the Summit 200 Figure 52: OSPF Virtual Links Configure OSPF Authentication The final section in the OSPF configuration window allows you to configure an interface. This section is shown at the bottom of Figure 53. The table displays the interface and whether an interface type is currently configured. The configuration box allows you to specify a simple authentication password of up to eight characters, or a Message Digest 5 (MD5) key for the interface.
Configuring the Summit 200 using ExtremeWare Vista Figure 53: OSPF Authentication Ports Port configuration provides a convenient way to see all the pertinent information about a port in one place.
Using ExtremeWare Vista on the Summit 200 Redundant Media—The backup wiring media, always unshielded twisted-pair (UTP) QoS Profile—A QoS profile in the format of QPn, where n is from 1 to 8 Figure 54: Port Configuration Window Below the Port Configuration table is the box for configuring port parameters. When configuring ports, you must select appropriate values for all parameters before submitting the change.
Configuring the Summit 200 using ExtremeWare Vista Figure 55: Configure Port Parameters RIP The RIP configuration window allows you to configure global RIP parameters or RIP for an IP interface. Configure Global RIP Parameters Use the global parameters to set up RIP for the switch. See the top portion of Figure 56 for an example of the global parameters window. From this portion of the window, you can make multiple changes with a single update: • Enable or disable RIP for the switch.
Using ExtremeWare Vista on the Summit 200 Use the Unconfigure button to reset the global RIP parameters to the default values. Use the Submit button to submit the changes to the system. Figure 56: RIP Global Configuration For more information about setting RIP parameters globally, see “Overview of RIP” on page 208. Configure RIP for an IP interface Following the global configuration section is for configuring RIP for an individual IP interface. Figure 57 shows an example of this section of the window.
Configuring the Summit 200 using ExtremeWare Vista Figure 57: IP Interface Configuration for RIP Using this portion of the window, you can: • Review the existing RIP configuration for an IP interface.
Using ExtremeWare Vista on the Summit 200 • Use the Submit button to submit the changes to the system. SNMP The SNMP window is divided into two sections. The top section allows you to enter system group information and authentication information for the community strings. The bottom section allows you to set the configuration associated with SNMP traps.
Configuring the Summit 200 using ExtremeWare Vista Trap Information As shown in Figure 59, the lower section of the SNMP window allows you to enable SNMP and configure trap receivers. To enable SNMP trap support, click the checkbox and submit the request. If authorized trap receivers are currently configured on the network, the Trap Station Configuration table lists the community string and IP address or User Datagram Protocol (UDP) port of the trap receivers.
Using ExtremeWare Vista on the Summit 200 Figure 60: Spanning Tree Configuration (1 of 4) In the bottom section, you can: • Review all STPD configurations Each STPD shows the: — STPD name. — State of the domain, either enabled or disabled. — Priority level of the bridge, a value between 1 and 65535 (default 32768). — Hello time interval for the bridge, a value between 1 and 10 seconds (default 2 seconds).
Configuring the Summit 200 using ExtremeWare Vista Figure 61: Spanning Tree Configuration (2 of 4) • Review all ports belonging to STPDs. A port can belong to only one STPD. If a port is a member of multiple VLANs, then all those VLANs must belong to the same STPD. The Spanning Tree Port Configuration Table contains the following fields: Port Number—Summit 200-24 shows port numbers 1 to 25 while the Summit 200-48 shows port numbers 1 to 49.
Using ExtremeWare Vista on the Summit 200 Figure 62: Spanning Tree Configuration (3 of 4) Figure 63: Spanning Tree Configuration (4 of 4) 270 Summit 200 Series Switch Installation and User Guide
Configuring the Summit 200 using ExtremeWare Vista Switch This window, shown in Figure 64, manages basic switch operation. The four sections are: • Set date and time • Enable or disable Telnet remote management and SNMP management • Select the image and configuration to use You can choose a primary or secondary image to use from the pull-down menu. • Save the configuration Settings that are stored in run-time memory are not retained by the switch when the switch is rebooted.
Using ExtremeWare Vista on the Summit 200 You can also manage user accounts through this window. Each account requires a user name and password. Users with administrative access have read-write authority, where normally a user would have read-only access to the system. Only users with read-write authority have permission to change the switch’s configuration. There is also a checkbox to delete a user. For more information on controlling user access, see “Configuring Management Access” on page 50.
Configuring the Summit 200 using ExtremeWare Vista Figure 66: VLAN Administration (1 of 2) Renaming a VLAN The following section allows you to rename a VLAN. When renaming a VLAN, be sure to following the naming guidelines described in “VLAN Names” on page 102. This area of the window is also shown in Figure 66. Configuring a VLAN This section of the VLAN window allows you to change VLAN parameters. Use the pull-down menu to choose an existing VLAN name and click Get to populate the remaining fields.
Using ExtremeWare Vista on the Summit 200 The Configure VLAN Ports area of window allows you to remove VLAN ports or to change ports back and forth from tagged-based to port-based. Figure 67 shows an example of the Configure VLAN Information. Figure 67: VLAN Administration (2 of 2) Reviewing ExtremeWare Vista Statistical Reports ExtremeWare Vista offers a number of pre-formatted reports on the most frequently requested information.
Reviewing ExtremeWare Vista Statistical Reports Port Collisions—Contains Ethernet collision summary Port Errors—Contains Ethernet port errors Port Utilization—Contains link utilization information RIP—Contains global RIP statistics and router interface statistics Switch—Contains the hardware profile for the switch Event Log The System Even Log tracks all configuration and fault information pertaining to the device.
Using ExtremeWare Vista on the Summit 200 FDB This window allows you to review the contents of the FDB table. It also gives summary information about the contents of the view and allows you tailor the view by various parameters.
Reviewing ExtremeWare Vista Statistical Reports The View Options allow you to filter and restrict the amount of information presented in the FDB view. Figure 70: FDB (2 of 2) For further information about the FDB, see “Forwarding Database (FDB)” on page 109. IP ARP Use the IP ARP to find the MAC address associated with an IP address.
Using ExtremeWare Vista on the Summit 200 Figure 71: IP ARP Table IP Configuration In this window you can review two different tables containing IP configuration information. The Global IP Configuration Statistics table provides IP settings and summary statistics for the entire switch. The Router Interface table provides details on each VLAN. Both tables are shown in Figure 72.
Reviewing ExtremeWare Vista Statistical Reports OSPF—The OSPF routing protocol for the switch. The setting is either enabled or disabled. Advertisement Address—The destination address of the router advertisement messages. Maximum Interval—The maximum time between router advertisements. The default setting is 600 seconds. Minimum Interval—The minimum amount of time between router advertisements. The default setting is 450 seconds. Lifetime—The client aging timer setting, the default is 1,800 seconds.
Using ExtremeWare Vista on the Summit 200 Netmask Broadcast—The broadcast address in dotted-quad notation Multicast TTL—The multicast time-to-live MTU—Maximum Transmission Unit (MTU) size Metric—The hop count to the destination address IP Forwarding—IP forwarding on this interface is enabled or disabled Fwd Bcast—The hardware forwarding of subnet-directed broadcast IP packets is enabled or disabled RIP—RIP is enabled or disabled on this interface OSPF—OSPF is enabled or disabled on this interface IDRP—IDRP
Reviewing ExtremeWare Vista Statistical Reports Use—The number of times the entry is used VLAN—VLAN name Origin—Route origin. One of the following: • direct • blackhole • static • ICMP • OSPFIntra • OSPFInter • RIP • OSPFExtern1 • OSPFExtern2 • BOOTP As shown in Figure 73, you can also use the View Options to restrict different aspects of the view. For more information on IP routing, see “Populating the Routing Table” on page 193.
Using ExtremeWare Vista on the Summit 200 Statistics” and “Global IP Statistics”. For information about error counts on an interface, see “Global ICMP Statistics”. Global IP Statistics The Global IP Statistics report IP traffic flow through the switch.
Reviewing ExtremeWare Vista Statistical Reports • Out Errors • Bad Checksums Router Interface IP Statistics The Router Interface IP Statistics give detailed traffic details at the VLAN level.
Using ExtremeWare Vista on the Summit 200 Link State Received Packet Count Transmitted Packet Count Received Byte Count Transmitted Byte Count Collisions Figure 76: Physical Port Statistics Port Collisions This window provides information about Ethernet collisions that occur when the port is operating in half-duplex mode. An example of this window is shown in Figure 77.
Reviewing ExtremeWare Vista Statistical Reports Figure 77: Port Collisions Port Errors In this window, you can review Ethernet link errors.
Using ExtremeWare Vista on the Summit 200 Figure 78: Ethernet Port Errors Port Utilization This window shows port utilization.
Reviewing ExtremeWare Vista Statistical Reports Figure 79: Utilization Averages RIP This window provides statistics about the Routing Information Protocol (RIP) both at the global (switch level) and at the interface level. At the switch level, the Global Routing Information Protocol Statistics table shows the number of route changes and the number of queries.
Using ExtremeWare Vista on the Summit 200 Bad Routes Figure 80: RIP Statistics Switch Use this window to locate hardware status information.
Locating Support Information Power Supply—Power supply information. If at full capacity it is displayed in green. If it installed but not operating, it is displayed in red. Figure 81: Hardware Status Locating Support Information ExtremeWare Vista provides a central location to find support information and to download the most current software images.
Using ExtremeWare Vista on the Summit 200 Figure 82: Product Manual Link TFTP Download You can download the latest software images using Trivial File Transfer Protocol (TFTP) from this window.
Locating Support Information Figure 83: TFTP Download Contact Support The Contact Support window contains the mailing address, telephone number, fax number, and URL for Customer Support. An example of this window is shown in Figure 84.
Using ExtremeWare Vista on the Summit 200 Figure 84: Support Address Email Support When you click the submenu link for Email Support, the browser closes the ExtremeWare Vista page and opens your browser’s email window. You can then send an email directly to customer support as shown in Figure 85.
Logging Out of ExtremeWare Vista Figure 85: Email Support Logging Out of ExtremeWare Vista When you click the Logout button in the task frame, it causes an immediate exit from ExtremeWare Vista. Be sure you want to exit the application because there is no confirmation screen.
Using ExtremeWare Vista on the Summit 200 294 Summit 200 Series Switch Installation and User Guide
A Safety Information Important Safety Information WARNING! Read the following safety information thoroughly before installing your Extreme Networks switch. Failure to follow this safety information can lead to personal injury or damage to the equipment. Installation, maintenance, removal of parts, and removal of the unit and components must be done by qualified service personnel only.
Safety Information • This unit operates under Safety Extra Low Voltage (SELV) conditions according to IEC 950. The conditions are only maintained if the equipment to which it is connected also operates under SELV conditions. • The appliance coupler (the connector to the unit and not the wall plug) must have a configuration for mating with an EN60320/IEC320 appliance inlet. • France and Peru only—This unit cannot be powered from IT† supplies.
Important Safety Information WARNING! Danger of explosion if battery is incorrectly replaced. Replace only with the same or equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer’s instructions. • Disposal requirements vary by country and by state. • Lithium batteries are not listed by the Environmental Protection Agency (EPA) as a hazardous waste. Therefore, they can typically be disposed of as normal waste.
Safety Information 298 Summit 200 Series Switch Installation and User Guide
B Technical Specifications This appendix provides technical specifications for the following Summit 200 series switches: • Summit 200-24 Switch on page 299 • Summit 200-48 Switch on page 302 Summit 200-24 Switch Physical and Environmental Dimensions Height: 1.75 inches (4.44 cm) Width: 17.3 inches (43.94 cm) Depth: 8.1 inches (20.57 cm) Weight Weight: 5.72 lbs (2.
Technical Specifications Safety Certifications North America UL 60950 3rd Edition, listed (US Safety) CAN/CSA-C22.2 No.
Summit 200-24 Switch GOST (Russian Federation) ACN 090 029 066 C-Tick (Australian Communication Authority) Underwriters Laboratories (USA and Canada) MIC (South Korea) BSMI, Republic of Taiwan NOM (Mexican Official Normalization, Electronic Certification and Normalization) Summit 200 Series Switch Installation and User Guide 301
Technical Specifications Summit 200-48 Switch Physical and Environmental Dimensions Height: 1.75 inches (4.44 cm) Width: 17.3 inches (43.94 cm) Depth: 12.2 inches (31.00 cm) Weight Weight: 9.7 lbs (4.
Summit 200-48 Switch Electromagnetic Compatibility North America FCC 47 CFR Part 15 Class A (US Emissions) ICES-003 Class A (Canada Emissions) Europe 89/336/EEC EMC Directive ETSI/EN 300 386:2001 (EU Telecommunications Emissions and Immunity) EN55022:1998 Class A (European Emissions) EN55024:1998 includes IEC/EN 61000-2, 3, 4, 5, 6, 11 (European Immunity) EN 61000-3-2, -3 (Europe Harmonics and Flicker) International IEC/CISPR 22:1997 Class A (International Emissions) IEC/CISPR 24:1998 (International I
Technical Specifications 304 Summit 200 Series Switch Installation and User Guide
C Supported Standards ExtremeWare supports the following standards for the Summit 200 series switch. Standards and Protocols RFC 1058 RIP RFC 783 TFTP RFC 1723 RIP v2 RFC 1542 BootP RFC 1112 IGMP RFC 854 Telnet RFC 2236 IGMP v2 RFC 768 UDP RFC 2328 OSPF v2 (incl.
Supported Standards 306 Summit 200 Series Switch Installation and User Guide
D Software Upgrade and Boot Options This appendix describes the following topics: • Downloading a New Image on page 307 • Saving Configuration Changes on page 309 • Using TFTP to Upload the Configuration on page 310 • Using TFTP to Download the Configuration on page 311 • Upgrading and Accessing BootROM on page 312 • Boot Option Commands on page 313 Downloading a New Image The image file contains the executable code that runs on the switch. It comes preinstalled from the factory.
Software Upgrade and Boot Options To download the image, use the following command: download image [ | ] {primary | secondary} slot | all where: ipaddress Specifies the IP address of the TFTP server. hostname Specifies the hostname of the TFTP server. (You must enable DNS to use this option.) filename Specifies the filename of the new image. primary Specifies the primary image. secondary Specifies the secondary image.
Saving Configuration Changes where: date Specifies the date when the switch will be rebooted The date is entered in the format mm/dd/yyyy. time Specifies the time of day, using a 24-hour clock, when the switch will be rebooted. The time is entered in the format hh:mm:ss. If you do not specify a reboot time, the reboot occurs immediately following the command, and any previously scheduled reboots are cancelled. To cancel a previously scheduled reboot, use the cancel option.
Software Upgrade and Boot Options NOTE If the switch is rebooted while in the middle of a configuration save, the switch boots to factory default settings. The configuration that is not in the process of being saved is unaffected. Returning to Factory Defaults To return the switch configuration to factory defaults, use the following command: unconfig switch This command resets the entire configuration, with the exception of user accounts and passwords that have been configured, and the date and time.
Using TFTP to Download the Configuration upload configuration cancel Using TFTP to Download the Configuration You can download ASCII files that contain CLI commands to the switch to modify the switch configuration. Three types of configuration scenarios that can be downloaded: • Complete configuration • Incremental configuration • Scheduled incremental configuration Downloading a Complete Configuration Downloading a complete configuration replicates or restores the entire configuration to the switch.
Software Upgrade and Boot Options To enable scheduled incremental downloads, use the following command: download configuration every To display scheduled download information, use the following command: show switch To cancel scheduled incremental downloads, use the following command: download configuration cancel Remember to Save Regardless of which download option is used, configurations are downloaded into switch runtime memory, only.
Boot Option Commands For example, to change the image that the switch boots from in flash memory, press 1 for the image stored in primary or 2 for the image stored in secondary. Then, press the f key to boot from newly selected on-board flash memory. To boot to factory default configuration, press the d key for default and the f key to boot from the configured on-board flash. Boot Option Commands Table 74 lists the CLI commands associated with switch boot options.
Software Upgrade and Boot Options Table 74: Boot Option Commands (continued) Command Description save {configuration} {primary | secondary} Saves the current configuration to nonvolatile storage. You can specify the primary or secondary configuration area. If not specified, the configuration is saved to the primary configuration area. show configuration Displays the current configuration to the terminal. You can then capture the output and store it as a file.
E Troubleshooting If you encounter problems when using the switch, this appendix might be helpful. If you have a problem not listed here or in the release notes, contact your local technical support representative. LEDs Power LED does not light: Check that the power cable is firmly connected to the device and to the supply outlet. On powering-up, the MGMT LED lights amber: The device has failed its Power On Self Test (POST) and you should contact your supplier for advice.
Troubleshooting Stack LED changes to zero: On a stacked set of switches, the stack number LED on the S200-24 normally displays from one to eight. If the LED changes from the stack number to zero it indicates that the stack is now down. To recover: 1 Check that all of the stack cables are all free from damage and are completely seated. For more information on cabling for a stacked set of switches, see “Creating a Stack” on page 31. 2 Disable stacking and enable it on the master.
Using the Command-Line Interface Check that the port through which you are trying to access the device is in a correctly configured VLAN. Try accessing the device through a different port. If you can now access the device, a problem with the original port is indicated. Re-examine the connections and cabling. A network problem may be preventing you accessing the device over the network. Try accessing the device through the console port.
Troubleshooting NOTE A mismatch of duplex mode between the Extreme switch and another network device will cause poor network performance. Viewing statistics using the show port rx command on the Extreme switch may display a constant increment of CRC errors. This is characteristic of a duplex mismatch between devices. This is NOT a problem with the Extreme switch. Always verify that the Extreme switch and the network device match in configuration for speed and duplex.
Debug Tracing VLANs, IP Addresses and default routes: The system can have an IP address for each configured VLAN. It is necessary to have an IP address associated with a VLAN if you intend to manage (Telnet, SNMP, ping) through that VLAN or route IP traffic. You can also configure multiple default routes for the system. The system first tries the default route with the lowest cost metric.
Troubleshooting or by email at: • support@extremenetworks.com You can also visit the support website at: • http://www.extremenetworks.com/extreme/support/techsupport.asp to download software updates (requires a service contract) and documentation.
Index Numerics 802.1p configuration commands (table) 802.
Index CIDR notation CLI command authorization checking command history command shortcuts disabling enabling line-editing keys named components numerical ranges, Summit 200 series switch symbols syntax helper using collisions command history prompt, stacking shortcuts syntax, understanding Command-Line Interface.
Index error level messages in ExtremeWare Vista errors, port establishing a Telnet session Ethernet collisions Ethernet link errors Ethernet ports, autopolarity detection feature Events, RMON export restrictions security licensing SSH2 encryption protocol exporting routes to OSPF Extensible Authentication Protocol.
Index rack verifying interfaces, router Internet Group Management Protocol.
Index N names, VLANs NAT configuration commands (table) creating rules rule matching timeout commands (table) Netscape Navigator, using for ExtremeWare Vista Network Address Translation. See NAT network login campus mode configuration commands (table) disabling settings, displaying non-aging entries, FDB Not-So-Stubby_Area. See NSSA NSSA. See OSPF 102 138 140 140 141 248 71 77 80 79, 81 79, 81 109 O opaque LSAs, OSPF Open Shortest Path First.
Index examples MAC address source port VLAN FDB entry association file server applications IP TOS configuration commands (table) monitor description real-time display traffic groupings access list blackhole by precedence (table) explicit packet marking MAC address source port VLAN verifying video applications web browsing applications Quality of Service.
Index Simple Network Management Protocol.
Index environmental requirements front view heat dissipation laser safety certifications LEDs MAC address port connections power safety certifications power socket power supply specifications power-off specifications rear view serial number temperature and humidity weight support information switch configuration using ExtremeWare Vista logging monitoring RMON features switch port commands (table) syntax, understanding syslog host system contact, SNMP system location, SNMP system name, SNMP defined in Extre
Index groups guidelines limitations timed configuration download mixing port-based and tagged names network login port-based renaming routing StkInternal and StkMgmt tagged trunks types UDP-Forwarding 105 105 106 106 102 102 71 98 103 196 241 100 100 98 205 W warning level messages in ExtremeWare Vista web browsing applications, and QoS web-based authentication weight Summit 200-24 Summit 200-48 Summit 200 Series Switch Installation and User Guide 251 158 71, 72 299 302 247
Index 248 Summit 200 Series Switch Installation and User Guide
Index of Commands C clear counters 178 clear dlcs 169 clear fdb 111, 161 clear igmp snooping 235 clear iparp 197, 203 clear ipfdb 197, 203 clear log 178 clear session 48, 60 config access-profile 133 config access-profile add 128, 133 config access-profile delete 129, 133 config access-profile mode 128 config account 48 config banner 48 config bootprelay add 197, 204 config bootprelay delete 197, 204 config dns-client add 53 config dns-client default-domain 53 config dns-client delete 53 config download se
Index of Commands config ospf delete virtual-link config ospf delete vlan config ospf direct-filter config ospf lsa-batching-timer config ospf metric-table config ospf originate-default config ospf routerid config ospf spf-hold-time config ospf timer config ospf vlan config ospf vlan area config ospf vlan neighbor add config ospf vlan neighbor delete config ospf vlan timer config pim crp static config pim register-checksum-to config pim sparse config pim spt-threshold config pim timer config pim timer vlan
Index of Commands D delete access-list 120, 124 delete access-mask 120, 124 delete access-profile 134 delete account 49 delete eaps 148, 149 delete fdbentry 111 delete ospf area 227 delete rate-limit 120, 124 delete stpd 189 delete udp-profile 206 delete vlan 49, 104 disable bootp 49, 198, 203 disable bootprelay 198, 203 disable cli-config-logging 49, 178, 179 disable clipaging 49 disable dhcp ports vlan 79, 80 disable diffserv examination ports 164 disable dlcs 169 disable dlcs ports 169 disable eapol-flo
Index of Commands enable eapol-flooding 82 enable eaps 148, 152 enable edp ports 96 enable icmp address-mask 200 enable icmp parameter-problem 200 enable icmp port-unreachables 200 enable icmp redirects 200 enable icmp time-exceeded 200 enable icmp timestamp 200 enable icmp unreachables 200 enable icmp useredirects 201 enable idletimeouts 50 enable igmp 235 enable igmp snooping 235 enable ignore-bpdu 184 enable ignore-bpdu vlan 188 enable ignore-stp vlan 188 enable ipforwarding 196, 198 enable ipforwarding
Index of Commands show configuration show debug-tracing show diagnostics show dlcs show dns-client show eapol-flooding show eaps show edp show fdb show fdb permanent show igmp snooping show iparp show iparp proxy show iparp stats show ipconfig show ipfdb show iproute show ipstats show log show log config show management show memory show mirroring show nat connections show nat rules show nat stats show nat timeout show netlogin show netlogin info vlan show netlogin vlan show ospf show ospf area show ospf as
Index of Commands use image use image slot 254 245, 314 245 Summit 200 Series Switch Installation and User Guide
