Intel NetStructure™ 480T Routing Switch ® Intel ® NetStructure™ 480T Routing Switch User Guide A14542-001 100044-00 rev04 User Guide
Copyright © 2001, Intel Corporation. All rights reserved. Intel Corporation, 5200 NE Elam Young Parkway, Hillsboro OR 97124-6497 Intel Corporation assumes no responsibility for errors or omissions in this manual. Nor does Intel make any commitment to update the information contained herein. * Other names and brands may be claimed as the property of others.
Contents Contents ................................................ i Preface .................................................1 Introduction ..................................................................... 1 Related Publications ....................................................... 2 1: Overview ..........................................3 Summary of Features ..................................................... 3 Full-Duplex Support.....................................................
C O N T E N T S AC Connector ............................................................ 10 Serial Number............................................................ 10 Console Port.............................................................. 10 Management Port ...................................................... 10 MAC Address ............................................................ 10 Switch LEDs .............................................................. 10 Software Factory Defaults .........
Intel® NetStructure™ 480T Routing Switch User Guide Viewing RMON Information ..........................................30 To View RMON Statistics .......................................... 31 4: Using Web Device Manager .......... 33 Enabling and Disabling Web Access ...........................33 Setting Up Your Browser ..............................................34 Accessing Web Device Manager ..................................35 Navigating Web Device Manager .................................
C O N T E N T S Domain Name Service Client ........................................51 Real-time Basic Connectivity Checking ......................52 Ping ........................................................................... 52 Traceroute ................................................................. 53 Methods of Managing the Switch ................................53 Using the Console Interface ...................................... 54 Using the 10/100 UTP Management Port..................
Intel® NetStructure™ 480T Routing Switch User Guide 6: Configuring Ports .......................... 79 Configuring Ports ..........................................................79 Changing Port Speed and Duplex Setting ................. 80 Random Early Detection (RED)................................. 80 Turning Off Auto-negotiation for a GBIC Port ............ 81 Jumbo Frames ...............................................................81 Enabling Jumbo Frames...........................................
C O N T E N T S Assigning a VLAN Tag ............................................100 Mixing Port-Based and Tagged VLANs ...................102 Protocol-Based VLANs............................................ 102 Predefined Protocol Filters ......................................103 Defining Protocol Filters ..........................................104 Deleting a Protocol Filter .........................................105 Precedence of Tagged Packets Over Protocol Filters.... 105 VLAN Names ...............
Intel® NetStructure™ 480T Routing Switch User Guide How FDB Entries Get Added ................................... 121 Associating a QoS Profile with an FDB Entry .......... 122 Configuring FDB Entries .............................................122 FDB Configuration Examples 123 Displaying FDB Entries ...............................................124 Removing FDB Entries ................................................124 9: Spanning Tree Protocol (STP) ..... 125 Overview of Spanning Tree Protocol ....
C O N T E N T S Explicit Class of Service Traffic Groupings (802.1p and DiffServ)................................................................... 147 Configuring 802.1p Priority ......................................148 Observing 802.1p Information .................................148 Replacing 802.1p Priority Information .....................149 802.1p Commands ..................................................150 Configuring DiffServ ................................................
Intel® NetStructure™ 480T Routing Switch User Guide Ensure that EDP is Enabled .................................... 169 ESRP and Host Attached Ports ............................... 169 Open Shortest Path First and ESRP ....................... 169 Determining the ESRP Master ....................................170 ESRP Tracking ........................................................ 171 ESRP VLAN Tracking ..............................................171 ESRP Route Table Tracking ..........................
C O N T E N T S BGP and OSPF Route Map Support for Tagging.... 195 BGP and OSPF Route Map Support for DSB Accounting 195 Proxy ARP ....................................................................196 ARP-Incapable Devices........................................... 196 Proxy ARP Between Subnets.................................. 196 Relative Route Priorities .............................................197 IP Multinetting ..............................................................
Intel® NetStructure™ 480T Routing Switch User Guide Triggered Updates ................................................... 226 Route Advertisement of VLANs ............................... 226 RIP Version 1 Compared to RIP Version 2 ............. 226 Overview of OSPF .......................................................226 Link-State Database ................................................ 227 Areas ....................................................................... 227 Area 0 ........................
C O N T E N T S 14: Border Gateway Protocol (BGP) 255 Overview ......................................................................255 BGP Attributes .............................................................256 BGP Communities .......................................................256 BGP Features ...............................................................257 Route Reflectors...................................................... 257 Route Confederations............................................
Intel® NetStructure™ 480T Routing Switch User Guide PIM-SM Configuration Example .............................. 286 Configuration for ABR1............................................ 287 Displaying IP Multicast Routing Settings ..................287 Deleting and Resetting IP Multicast Settings ...........288 16: IPX Routing ............................... 291 Overview of IPX ...........................................................291 Router Interfaces ...................................................
C O N T E N T S Precedence Numbers.............................................. 312 Specifying a Default Rule ........................................ 312 The Permit-Established Keyword ............................ 313 Adding and Deleting Access List Entries................. 314 Maximum Entries..................................................... 314 Access Lists for ICMP .................................................314 Security and Access Policies...................................
Intel® NetStructure™ 480T Routing Switch User Guide Route Map Operation .............................................. 341 Route Map Example ................................................341 Changes to Route Maps .......................................... 342 Route Maps in BGP ................................................. 343 Route Map Commands............................................ 343 18: Server Load Balancing (SLB) ..... 347 Overview ..........................................................
C O N T E N T S External Health Checking ........................................ 374 Health Checks for Web Cache Redirection and Policy Based Routing ......................................................... 375 Layer 4 Flows .......................................................... 376 Policy-Based Routing with Route Load-Sharing...... 376 Layer 4 Destination Port .......................................... 376 Maintenance Mode ......................................................377 Persistence .......
Intel® NetStructure™ 480T Routing Switch User Guide Port Monitoring Display Keys ....................................407 Setting the System Recovery Level......................... 408 Logging ........................................................................408 Local Logging .......................................................... 410 If not specified, info and higher priority messages display. .........................................................................410 Real-Time Display ..........
Intel® NetStructure™ 480T Routing Switch User Guide A: Technical Specifications and Supported Limits............................... 431 Technical Specifications .............................................431 Supported Standards, RFCs and Protocols ..............433 Supported Limits .........................................................434 B: Troubleshooting............................ 439 LEDs .............................................................................
Intel® NetStructure™ 480T Routing Switch User Guide List of Figures Figure 1.1: Intel® NetStructure™ 480T routing switch (front) ........................................................................... 9 Figure 1.2: Intel® NetStructure™ 480T routing switch (with and without redundant power supply) ......................... 9 Figure 2.1: Fitting the mounting bracket ........................ 19 Figure 2.2: GBIC module (1000 Mbps ports) ................. 22 Figure 7.
C O N T E N T S Figure 14.1: Route reflectors ........................................ 257 Figure 14.2: Routing confederation .............................. 258 Figure 15.1: IP multicast routing PIM-DM configuration example ........................................................................ 285 Figure 15.2: IP multicast routing using PIM-SM configuration ........................................................................... 286 Figure 16.1: IPX VLAN configuration .........................
Intel® NetStructure™ 480T Routing Switch User Guide List of Tables Table 1.1: Switch LEDs .................................................. 11 Table 1.2: Global Factory Defaults ................................. 12 Table 1.3: Media Types and Distances ........................... 14 Table 1.4: 1000LH Specifications .................................. 15 Table 4.1: Multi-Select List Box Key Definitions .......... 36 Table 5.1: Command Syntax Symbols ........................... 42 Table 5.
C O N T E N T S Table 10.7: 802.1p Priority Value-to-Hardware Queue Mapping ................................................................................ 150 Table 10.8: 802.1p Configuration Commands .............. 150 Table 10.9: Default Code Point-to-QoS Profile Mapping .. 152 Table 10.10: Default 802.1p Priority Value-to-Code Point Mapping ......................................................................... 154 Table 10.11: DiffServ Configuration Commands ......... 155 Table 10.
Intel® NetStructure™ 480T Routing Switch User Guide Table 16.2: IPX§ Protocol Filters and Encapsulation Types 298 Table 16.3: Basic IPX§ Commands ............................ 300 Table 16.4: IPX§ /RIP Configuration Commands ........ 301 Table 16.5: IPX§/SAP Configuration Commands ........ 302 Table 16.6: IPX§ Show Commands .............................. 305 Table 16.7: IPX§ Reset and Disable Commands ......... 306 Table 17.1: Access List Configuration Commands ...... 316 Table 17.
C O N T E N T S xxiv
Preface This preface provides an overview of this user guide, describes guide conventions, and lists other useful publications. Introduction This user guide provides the information you need to configure the Intel® NetStructure™ 480T routing switch. Information in the “Late Breaking News” shipped with your switch is more up to date than the information in this guide.
Intel® NetStructure™ 480T Routing Switch User Guide • Internet Packet Exchange (IPX) • Server Load Balancing (SLB) • Simple Network Management Protocol (SNMP) Related Publications For further information refer to these publications: • Command Line Interface Reference Guide • Intel® NetStructure™ 480T Routing Switch Quick Start Guide • Late Breaking News Documentation for Intel products is available on the World Wide Web at the Intel support home page: http://support.intel.
1 Overview The Intel® NetStructure™ 480T routing switch uses a powerful, fullfeatured software operating system for local management of the switch. This chapter offers an overview of the switch operation and covers these topics: • Summary of features • Software licensing • Hardware specifications and factory defaults • Media types Summary of Features The features of the 480T routing switch include: • Virtual local area networks (VLANs) including support for IEEE 802.1Q and IEEE 802.
Intel® NetStructure™ 480T Routing Switch User Guide 4 • IP Multinetting • Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol (BOOTP) Relay • Enterprise Standby Router Protocol (ESRP) • RIP (Routing Information Protocol) version 1 and version 2 • OSPF (Open Shortest Path First) routing protocol • BGP-4 • Wire-speed IP multicast routing support • Diffserv (Differentiated Services) protocol support • Access policy support for routing protocols • Access list support for packet fi
C H A P T E R 1 Overview Full-Duplex Support The 480T routing switch provides full-duplex support for all ports. Full-duplex mode allows frames to be transmitted and received simultaneously and, in effect, doubles the bandwidth available on a link. All 100/1000 Mbps ports on the 480Tswitch autonegotiate for half-duplex or full-duplex operation. The 1000BASE-SX, 1000BASE-LX and 1000LH ports operate in full-duplex mode only.
Intel® NetStructure™ 480T Routing Switch User Guide Quality of Service (QoS) See Chapter 10,"Quality of Service (QoS)" on page 135. The local management software has Policy-Based Quality of Service (QoS) features that enable you to specify service levels for different traffic groups. By default, all traffic is assigned a normal QoS policy profile.
C H A P T E R 1 Overview Load Sharing See “Configuring Ports” on page 79. Load sharing allows you to increase bandwidth and resiliency by using a group of ports to carry traffic in parallel between systems. The switch’s sharing algorithm allows you to use multiple ports as a single logical port. For example, VLANs treat the load-sharing group as a single virtual port. Software Licensing - Router License Keys You can expand the feature set of your switch using a license key.
Intel® NetStructure™ 480T Routing Switch User Guide Full Layer 3 Functionality Switches using a Full Layer 3 license also support other routing protocols and functions in addition to Basic functions, including: • IP routing using OSPF • IP multicast routing using DVMRP • IP multicast routing using PIM (Dense or Sparse Mode) • IPX routing (direct, static, and dynamic using IPX/RIP and IPX/ SAP) • IP routing using BGP • Server load balancing (SLB) • Web cache redirection Verifying the Router Li
C H A P T E R 1 Overview 100/1000 Mbps ports Unit status LEDs ® 1 9 2 3 4 5 6 7 1 2 3 4 9 10 11 12 5 6 7 8 8 13 14 15 16 10 11 12 13 14 15 16 Rx Tx Port status LEDs Rx Tx Rx Tx Rx Tx GBIC ports 480t_fr Figure 1.1: Intel® NetStructure™ 480T routing switch (front) For information on switch LEDs, refer to "Switch LEDs" on page 10. Rear View Figure 1.2 shows two rear view configurations. The second has a redundant power supply.
Intel® NetStructure™ 480T Routing Switch User Guide AC Connector The 480T routing switch automatically adjusts to the supply voltage. The power supply unit (PSU) operates down to 100V, and is suitable for both 110 VAC and 200-240 VAC operation. Serial Number Use this serial number for fault-reporting purposes. Console Port Use the console port (9-pin, D-type connector) for connecting a terminal and carrying out local out-of-band management.
C H A P T E R 1 Overview . Table 1.1: Switch LEDs LED Color Indicates 1000BASE-X Port Status LEDs (GBIC LEDs) Link/activity Green Orange Green flashing (steady) Off Link is present; port is enabled. Frames are being transmitted/received on this port. Link is present; port is disabled. Link is not present. 100/1000BASE-T Port Status LEDs Link/activity Green Orange Green flashing (steady) Off Speed Status Green Off Link is present; port is enabled.
Intel® NetStructure™ 480T Routing Switch User Guide Software Factory Defaults Table 1.2 lists factory defaults for global features. Table 1.2: Global Factory Defaults Item Default Setting Serial or Telnet user account admin with no password and user with no password Web network management Enabled Telnet Enabled SNMP access Enabled SNMP read community string public SNMP write community string private RMON Enabled BOOTP Enabled on the default VLAN Quality of Service (QoS) Disabled.
C H A P T E R 1 Overview Table 1.2: Global Factory Defaults (continued) Item Default Setting 802.1Q tagging Packets are untagged on the default VLAN.
Intel® NetStructure™ 480T Routing Switch User Guide Media Types, Distances and Specifications Table 1.3 describes the media types and distances (cable lengths) for the different types of switch ports. Table 1.3: Media Types and Distances Type Media M Hz/Km Rating Maximum Distance 1000BASE-SX 50/125 µm Multimode Fiber 50/125 µm Multimode Fiber 62.5/125 µm Multimode Fiber 62.
C H A P T E R 1 Overview Table 1.4 describes the specifications for the 1000B-LH interface. Table 1.4: 1000LH Specifications Parameter Minimum Typical Maximum Optical Output Power 0 dBm 3 dBm 5 dBm Center Wavelength 1540 nm 1550 nm 1560 nm Transceiver Receiver Optical Input Power Sensitivity -20 dBm Optical Input Power Maximum Operating Wavelength -3d Bm 1200nm 1560 nm Optical Output Power The minimum cable length without a 10 dB attenuator is 32 kilometers.
Intel® NetStructure™ 480T Routing Switch User Guide 16
2 Installation and Setup This chapter describes: • Determining the Switch Location • Installing the Switch • Connecting Equipment to the Console Port • Checking the Installation Using the Power-On Self Test (POST) • Logging In for the First Time • Upgrading Your Firmware • Installing the Gigabit Interface Connector (GBIC) Important Safety Information Safety related specifications are provided in Appendix A, "Technical Specifications and Supported Limits" on page 431.
Intel® NetStructure™ 480T Routing Switch User Guide Determining the Switch Location The 480T routing switch can be free standing or mounted in a standard 19-inch equipment rack. Mounting brackets are supplied with the switch. When deciding where to install the switch, ensure that: • The switch is accessible and you can connect cables easily. • Water or moisture cannot enter the case of the unit. • Air flow around the unit and through the side vents is not restricted.
C H A P T E R 2 Installation and Setup 4 Replace the screws and fully tighten with a screwdriver, as shown in Figure 2.1. ® 480t_028 Figure 2.1: Fitting the mounting bracket 5 Repeat the two previous steps for the other side of the switch. 6 Insert the switch into the 19-inch rack. Ensure that ventilation holes are not obstructed. 7 Secure the switch with rack mount screws (not provided). 8 Remove the label over the AC connector and attach the power cord.
Intel® NetStructure™ 480T Routing Switch User Guide Free-Standing The 480T routing switch is supplied with four self-adhesive rubber pads. You can stack up to four switches on top of one another. 1 Apply the pads to the underside of the device by sticking a pad in the marked area at each corner of the switch. 2 Place the devices on top of one another, ensuring that the corners align. Connecting Equipment to the Console Port For direct local management, connect to the console port.
C H A P T E R 2 Installation and Setup If the switch passes the POST, the MGMT LED blinks at a slow rate (1 blink per second). If the switch fails the POST, the MGMT LED shows a solid orange light. Logging In for the First Time After the switch has completed the Power-On Self Test (POST), it is operational. Then you can log in to the switch and configure an IP address for the default VLAN (named default).
Intel® NetStructure™ 480T Routing Switch User Guide Upgrading Your Firmware To upgrade your Intel® NetStructure™ 480T routing switch you must upgrade the BootRom image and firmware. Refer to the Late Breaking News that shipped with your switch for this procedure. Installing the Gigabit Interface Connector (GBIC) Ensure that the SC fiber-optic connector is removed from the GBIC prior to removing the GBIC from the I/O module.
3 Using Intel® Device View Intel® Device View is a graphical user interface that helps you manage the Intel NetStructure™ 480T routing switch and other supported Intel networking devices on your network.
Intel® NetStructure™ 480T Routing Switch User Guide You can install both the Windows and the Web version of Intel Device View. To Install Intel Device View If you manage devices with Intel Device View from only one location on the network, install the Windows§ version. 1. Put the Intel Device View CD-ROM in your computer’s CD-ROM drive. The Intel Device View installation screen appears. If it does not appear, run autoplay.exe from the CD-ROM (use the Run dialog from the Start menu).
C H A P T E R 3 Using Intel® Device View Starting the Windows§ Version We recommend you use the Window version of Intel Device View if you manage devices from only one location on the network. To start the Windows version: 1 From your desktop, click Start. 2 Point to Programs > Intel Device View > Intel Device View Windows. Intel Device View’s main screen appears.
Intel® NetStructure™ 480T Routing Switch User Guide Installing a New Device After you’ve installed a new switch on your network, you can use Intel Device View’s Device Install Wizard to configure it for management. To Install and Configure a New Switch for Management 1. Start Intel Device View. The Device Install Wizard appears. If not, click Install from the Device menu or double-click the appropriate MAC address in the Device Tree under Unconfigured Devices. 2. In the Start screen, click Next. 3.
C H A P T E R 3 Using Intel® Device View network. As it discovers devices, it adds an icon for each device to the Device Tree on the left side of the screen. Different states of the 480T routing switch are represented by unique icons in the Device Tree as indicated below.
Intel® NetStructure™ 480T Routing Switch User Guide The Device Tree works much like Windows Explorer: • To expand the root or a subnet, click the (+) next to the icon. • To collapse the view, click the (-) next to the icon. • Double-click a device icon to view the device image. To Add a Device to the Device Tree 1. Right-click anywhere on the Device Tree. 2. When a menu appears, click Add Device. 3. In the Add Device dialog box, enter the IP address of the switch you want to add. 4.
C H A P T E R 3 Using Intel® Device View 3. In the Find Device dialog box, enter the IP address of the device you want to find in the tree. 4. Click OK. The device’s icon is highlighted in the Device Tree. Losing Contact with a Device If Intel Device View loses contact with a switch, it replaces the switch icon with the red non-responding switch icon. When the red non-responding switch icon appears, you will not be able to manage the device in Intel Device View.
Intel® NetStructure™ 480T Routing Switch User Guide The Express 480T Web Device Manager appears in the Intel Device View window. For complete information on using Intel Device View, refer to the program’s online help or see the Intel Device View Help file on the installation CD-ROM.
C H A P T E R 3 Using Intel® Device View switch creates an event (see below). For example, you might set an alarm if switch utilization exceeds 30%. • Group 9 Events—Provides notification and tells the switch what to do when an event occurs on the network. Events can send a trap to a trap-receiving station, place an entry in the log table, or both. For example, when the switch experiences an RMON event, it sounds an alarm.
Intel® NetStructure™ 480T Routing Switch User Guide 32
4 Using Web Device Manager Web Device Manager is device-management software running in the Intel® NetStructure™ 480T routing switch. It allows you to access the switch over a TCP/IP network, using a Web browser that supports frames and JavaScript§ (such as Netscape Navigator§ 3.0 or later, or Microsoft Internet Explorer§ 3.0 or later) to manage the system. Web Device Manager provides a subset of the command-line interface (CLI) commands available for configuring and monitoring the switch.
Intel® NetStructure™ 480T Routing Switch User Guide Use the none option to remove a configured access profile. To display the status of Web access, use this command: show management To disable Web access, use this command: disable web To re-enable Web access, use this command: enable web {access-profile [ | none]} {port ] Reboot the system for these changes to take effect. Setting Up Your Browser Your browser’s default settings should work well with Web Device Manager.
C H A P T E R 4 Using Web Device Manager Accessing Web Device Manager To access the default home page of the switch, enter this URL in your browser (substituting the actual ip address): http:// When you access the home page of the system, the Login screen appears. Enter your user name and password and click OK. If you have entered the name and password of an administratorlevel account, you have access to all Web Device Manager pages.
Intel® NetStructure™ 480T Routing Switch User Guide Below the task buttons are options. Options are specific to the task button that you select. When you select an option, the information displayed in the content frame changes. However, when you select a new task button, the content frame does not change until you select a new option. Content Frame When you submit a configuration page with no change an asterisk (*) will appear at the CLI prompt, even though actual configuration values have not changed.
C H A P T E R 4 Using Web Device Manager Status Messages Status messages are displayed at the top of the content frame. There are four types of status messages: • Information—Displays information that is useful to know prior to, or as a result of, changing configuration options. • Warning—Displays warnings about the switch configuration. • Error—Displays errors caused by incorrectly configured settings. • Success—Displays informational messages after you click Submit.
Intel® NetStructure™ 480T Routing Switch User Guide Filtering Information On some pages you can click a Filter button to display a subset of information for a page. For example, on the OSPF configuration page, you can configure authentication based on the VLAN, area identifier, or virtual link. Once you select a filtering option and click the Filter button, the form that provides the configuration options displays the available interfaces in the drop-down menu, based on your filtering selection.
5 Accessing the Switch This chapter provides information to help you manage the Intel® NetStructure™ 480T routing switch, including: For information on using the save command, see "Software Upgrade and Boot Options" on page 419.
Intel® NetStructure™ 480T Routing Switch User Guide To use the command-line interface (CLI): Most configuration commands require that you have administrator privileges. An asterisk (*) in front of the command-line prompt indicates you have made changes that have not been saved. 1. Enter the command name. When entering a command at the prompt, ensure that you have the appropriate privilege level. 2. Enter the parameter name and values, if included.
C H A P T E R 5 Accessing the Switch Command Shortcuts All component names must be unique. Name components using the create command. When you enter a command to configure a named component, you do not need to use the keyword of the component. For example, to create a VLAN, you must enter a unique VLAN name: create vlan engineering After you create the VLAN with a unique name, you can eliminate the keyword vlan from all other commands that require the name to be entered.
Intel® NetStructure™ 480T Routing Switch User Guide Symbols You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 5.1 summarizes command syntax symbols. Press the Tab key in the command line interface for more command options. Table 5.1: Command Syntax Symbols Symbol Description < > Angle brackets Enclose a variable or value. You must specify the variable or value.
C H A P T E R 5 Accessing the Switch Line-Editing Keys Table 5.2 describes the line-editing keys available using the CLI. Table 5.2: Line-Editing Keys Key(s) Description Backspace Deletes characters to the left of the cursor and shifts the remainder of the line to the left. Delete or Ctrl + D Deletes character at the cursor position and shifts the remainder of line to the left. Ctrl + K Deletes characters from the cursor position to the end of the line.
Intel® NetStructure™ 480T Routing Switch User Guide Command History The local management software stores the last 49 commands you entered. You can display a list of these commands by using this command: history Common Commands Table 5.3 describes common commands used to manage the 480T routing switch. Commands specific to particular features are described in detail throughout the guide. For detailed command information use the Quick Reference Guide that accompanies this user manual.
C H A P T E R 5 Accessing the Switch Table 5.3: Common Commands (continued) Command Description configure time
Intel® NetStructure™ 480T Routing Switch User Guide Table 5.3: Common Commands (continued) Command Description disable clipaging Disables pausing of the screen display when a show command output reaches the end of the page. disable idletimeout Disables the timer that disconnects all sessions. Once disabled, console sessions remain open until the switch is rebooted or you log off. Telnet sessions remain open until you close the Telnet client.
C H A P T E R 5 Accessing the Switch Table 5.3: Common Commands (continued) Command Description enable telnet {access-profile [ | none]} {port } Enables Telnet access to the switch. By default, Telnet is enabled with no access profile, and uses Transmission Control Protocol (TCP) port number 23. To cancel a previously configured access profile, use the none option.
Intel® NetStructure™ 480T Routing Switch User Guide Configuring Management Access The local management software supports these two levels of management: • User • Administrator In addition to these management levels, you can optionally use an external RADIUS server to provide CLI command authorization checking for each command. For more information on RADIUS, refer to "RADIUS Client" on page 66.
C H A P T E R 5 Accessing the Switch Prompt Text The prompt text is taken from the SNMP sysname setting (see Table 5.8, “SNMP Configuration Commands,” on page 64). The number that follows the colon indicates the sequential line/ command number. If an asterisk (*) appears in front of the command-line prompt, it indicates that you have configuration changes that have not been saved. For example: *switch480T:19# Default Accounts The switch is configured with two default accounts. as shown in Table 5.4.
Intel® NetStructure™ 480T Routing Switch User Guide 4. Enter the new password at the prompt. 5. Re-enter the password for verification. To add a password to the default user account: 1. Log in to the switch using the name admin. 2. At the password prompt, press Enter, or enter the password that you have configured for the admin account. 3. Add a default user password using this command: configure account user 4. Enter the new password at the prompt. 5. Re-enter the new password at the prompt.
C H A P T E R 5 Accessing the Switch Deleting an Account To delete an account, you must have administrator privileges. Use this command to delete an account: delete account The account name admin cannot be deleted.
Intel® NetStructure™ 480T Routing Switch User Guide Real-time Basic Connectivity Checking Use these commands to check basic connectivity: • ping • traceroute Ping You can use the ping command to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The ping command is available for both the user and administrator privilege level.
C H A P T E R 5 Accessing the Switch Table 5.6: Ping Command Parameters (continued) Parameter Description from Uses the specified source address in the ICMP packet. If not specified, the address of the transmitting interface is used. with recordroute Decodes the list of recorded routes and displays them when the ICMP echo reply is received. Traceroute The traceroute command enables you to trace the routed path between the switch and a destination endstation.
Intel® NetStructure™ 480T Routing Switch User Guide You can use Telnet, a Web browser, or an SNMP manager to manage the switch remotely. There can be one console session, one Web session or eight concurrent Telnet sessions. Using the Console Interface You can access the built-in CLI of the 480T routing switch through the 9-pin RS-232 port located on the back of the switch. After the connection is established, the switch prompt appears, so you can log in.
C H A P T E R 5 Accessing the Switch Telnet session is lost inadvertently, the switch terminates the session within two hours. Before you can start a Telnet session, you must set up the IP parameters described in the section "Configuring Switch IP Parameters" on page 55.. Telnet is enabled by default. To open the Telnet session, you must specify the IP address of the device that you want to manage. Check the user manual supplied with the Telnet facility if you are unsure of how to do this.
Intel® NetStructure™ 480T Routing Switch User Guide You can enable BOOTP on a per-VLAN basis using this command: enable bootp vlan [ | all] By default, BOOTP is enabled on the default VLAN. If you configure the 480T routing switch to use BOOTP, the switch IP address is not retained through a power cycle, even if the configuration is saved. To retain the IP address through a power cycle, you must configure the IP address of the VLAN using the command-line interface, Telnet, or Web interface.
C H A P T E R 5 Accessing the Switch login: admin Administrator capabilities enable you to access all switch functions. The default user names have no passwords assigned. 4. If you have been assigned a user name and password with administrator privileges, enter them at the login prompt and press Enter. When you have successfully logged in, the command-line prompt displays the name of the switch. 5.
Intel® NetStructure™ 480T Routing Switch User Guide Disconnecting a Telnet Session An administrator-level account can disconnect a management session that is established through Telnet connection. If this happens, the user logged in through Telnet is notified that the session is terminated. To terminate a Telnet session: 1. Log in to the switch with administrator privileges. 2. Determine the session number of the session you want to terminate by using this command: show session 3.
C H A P T E R 5 Accessing the Switch Using Access Profiles An access profile permits or denies a named list of IP addresses and subnet masks. To use access profiles, first define the list, and then apply the named list to the desired application. Access profiles are used by several routing switch features as a way to restrict access. Applications that use access profiles for remotely managing the switch are: See "Access Policies" on page 309.
Intel® NetStructure™ 480T Routing Switch User Guide Table 5.7: Access Profile Configuration Commands (continued) Command Description configure access-profile delete {vlan | ipaddress } Deletes an IP address or VLAN name from the access profile. configure access-profile mode [permit | deny | none] Configures the access profile to one of the following: permit—Allows the addresses that match the access profile description.
C H A P T E R 5 Accessing the Switch Access Profile Rules These rules apply when using access profiles: • Only one access profile can be applied to each application. • The access profile can either permit or deny the entries in the profile. • The same access profile can be applied to more than one application. Access Profile Example The following example creates an access profile named testpro, and denies access for the device with the IP address 192.168.10.
Intel® NetStructure™ 480T Routing Switch User Guide When you access the home page of the switch the Logon screen appears. Controlling Web Access By default, Web access is enabled on the routing switch. You can restrict access through the Web Device Manager using an access profile, which permits or denies access to a named list of IP addresses and subnet masks. For more information on assigning an IP address, refer to "Configuring Switch IP Parameters" on page 55.
C H A P T E R 5 Accessing the Switch Accessing Switch Agents To have access to the SNMP agent in the routing switch, at least one VLAN must have an IP address assigned to it. For more information on assigning IP addresses, refer to Table 5.3 on page 44. Supported MIBs Along with private MIBs, the routing switch supports the MIBs listed in "Technical Specifications and Supported Limits" on page 431.
Intel® NetStructure™ 480T Routing Switch User Guide • Community strings—Allows a simple method of authentication between the 480T routing switch and the remote Network Manager. There are two types of community strings on the switch. Read community strings provide read-only access to the switch. The default read-only community string is public. Read-write community strings provide read and write access to the switch. The default read-write community string is private.
C H A P T E R 5 Accessing the Switch Table 5.8: SNMP Configuration Commands (continued) Command Description configure snmp community [readonly | readwrite] {encrypted} Adds an SNMP read or read/write community string. The default readonly community string is public. The default readwrite community string is private. Each community string can have a maximum of 127 characters, and can be enclosed by double quotation marks.
Intel® NetStructure™ 480T Routing Switch User Guide Displaying SNMP Settings To display the SNMP settings configured on the routing switch, use this command: show management This command displays the following information: • Enable/disable state for Telnet, SNMP, and Web access, along with access profile information • SNMP community strings • Authorized SNMP station list • SNMP trap receiver list • RMON polling configuration • Login statistics SNMP enhancements allow the ifMIB to display the p
C H A P T E R 5 Accessing the Switch and then to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is enabled, but access to the RADIUS primary and secondary servers fail, the routing switch uses its local database for authentication. The privileges assigned to the user (admin versus non-admin) at the RADIUS server take precedence over the configuration in the local switch database. Per-Command Authentication Using RADIUS Use RADIUS to perform per-command authentication.
Intel® NetStructure™ 480T Routing Switch User Guide Table 5.9: RADIUS® Commands Command Description configure radius [primary | secondary] server [ | ] {} client-ip Configures the primary and secondary RADIUS§ server. Specify the following: • [primary | secondary]—Either the primary or secondary RADIUS server. • [ | ]—The IP address or host name of the server being configured.
C H A P T E R 5 Accessing the Switch Table 5.9: RADIUS® Commands (continued) Command Description configure radius-accounting [primary | secondary] server [ | ] {} client-ip Configures the RADIUS accounting server. Specify the following: • [primary | secondary]—Either the primary or secondary RADIUS server. • [ | ]—The IP address or host name of the server being configured. • —The UDP port to use to contact the RADIUS server.
Intel® NetStructure™ 480T Routing Switch User Guide RADIUS RFC 2138 Attributes The RADIUS RFC 2138 optional attributes supported are: • User-Name • User-Password • Service-Type • Login-IP-Host Configuring TACACS+ Terminal Access Controller Access Control System Plus (TACACS+) is a means for providing authentication, authorization, and accounting on a centralized server, similar in function to a RADIUS client.
C H A P T E R 5 Accessing the Switch Table 5.10: TACACS+ Commands Command configure tacacs [primary | secondary] server [ | ] {} client-ip Description Configures the server information for a TACACS+ server. Specify the following: • primary | secondary—Specifies primary or secondary server configuration. To remove a server, use the address 0.0.0.0. • | —The IP address or hostname of the TACACS+ server.
Intel® NetStructure™ 480T Routing Switch User Guide Table 5.10: TACACS+ Commands (continued) Description Command enable tacacs-accounting Enables TACACS+ accounting. If accounting is used, the TACACS+ client must also be enabled. enable tacacs-authorization Enables CLI command authorization. When enabled, each command is transmitted to the remote TACACS+ server for authorization before the command is executed. show tacacs Displays the current TACACS+ configuration and statistics.
C H A P T E R 5 Accessing the Switch Configuring and Using SNTP To use SNTP: 1 Identify the host(s) that are configured as NTP server(s). 2 Identify the preferred method for obtaining NTP updates. The options are for the NTP server to send out broadcasts, or for switches using NTP to query the NTP server(s) directly. A combination of both methods is possible. 3 Configure the Greenwich Mean Time (GMT) offset and daylight saving time preference. NTP updates are distributed using GMT time.
Intel® NetStructure™ 480T Routing Switch User Guide If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the sntp-client update interval before querying again.
C H A P T E R 5 Accessing the Switch Table 5.11: Greenwich Mean Time Offsets (continued) GMT Offset in Hours GMT Offset in Minutes Common Time Zone References Geographical Reference -6:00 -360 CST - Central Standard Chicago, Illinois, USA; Mexico City, Mexico; Saskatchewan, Canada -7:00 -420 MST - Mountain Standard Salt Lake City, Utah, USA; Alberta, Canada -8:00 -480 PST - Pacific Standard Los Angeles, CA.
Intel® NetStructure™ 480T Routing Switch User Guide Table 5.
C H A P T E R 5 Accessing the Switch SNTP Configuration Commands Table 5.12 describes Simple Network Time Protocol (SNTP) configuration commands. Press the Tab key in the command line interface for more command options. Table 5.12: SNTP Configuration Commands Command Description configure sntp-client [primary | secondary] server [ | ] Configures an NTP server for the switch to obtain time information. Queries are first sent to the primary server.
Intel® NetStructure™ 480T Routing Switch User Guide 78
6 Configuring Ports This chapter describes how to configure ports on the Intel® NetStructure™ 480T routing switch and covers these topics: • Configuring Ports • Changing Port Speed and Duplex Settings • Jumbo Frames • Load Sharing • Jumbo Frames • Port-Mirroring • Enterprise Discovery Protocol Configuring Ports By default, all ports are enabled.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide Changing Port Speed and Duplex Setting By default, the switch is configured to use auto-negotiation to determine port speed and duplex setting for each port. You can manually configure the duplex setting and the speed of 100/1000 Mbps ports, and you can manually configure the duplex setting on the GBIC ports The 480T routing switch fast Ethernet ports can connect to either 100BASE-TX or 1000BASE-T networks.
C H A P T E R 6 Configuring Ports To turn on RED, use this command: enable red port To configure the probability at which you want random early detection to drop packets, use this command: configure red drop-probability The percentage range is 0 - 100. Turning Off Auto-negotiation for a GBIC Port In certain interoperability situations, it is necessary to turn autonegotiation off on a GBIC.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide Enabling Jumbo Frames Some network interface cards have a configured maximum MTU size that does not include the additional 4 bytes of CRC. Ensure that the NIC maximum MTU size is at or below the maximum MTU size configured on the switch. Larger frames are dropped at the ingress port. To enable jumbo frame support, you must configure the MTU size (the largest jumbo frame allowed).
C H A P T E R 6 Configuring Ports IP Fragmentation with Jumbo frames To set the MTU size greater than 1500, all ports in the VLAN must be jumbo-frame enabled. If an IP packet originates in a local network that allows large packets and that packet traverses a network that limits packets to a smaller size, the packet is fragmented instead of discarded. This is designed for use in conjunction with jumbo frame support. Frames that are fragmented are not processed at wire-speed within the switch fabric.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide want IP fragmentation only within a VLAN. This is for inter-VLAN IP fragmentation only. For intra-VLAN IP fragmentation, all ports in the VLAN must be configured for jumbo frame support. Load Sharing Load sharing (also called link aggregation) using 480T routing switches allows you to increase bandwidth and resilience between switches by using a group of ports to carry traffic in parallel between switches.
C H A P T E R 6 If you do not explicitly select an algorithm, the port-based scheme is used. However, the address-based algorithm has a more even distribution and is the recommended choice. Configuring Ports You can configure one of three load-sharing algorithms: • Port-based • Address-based • Round-robin Port-based load sharing algorithms use the ingress port to determine which physical port in the load-sharing group is used to forward traffic out of the switch.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide To define a load-sharing group, you assign a group of ports to a single, logical port number. To enable or disable a load-sharing group, use these commands: enable sharing grouping {algorithm [port-based | address-based | roundrobin]} disable sharing Load-Sharing Example Do not disable a port that is part of a load-sharing group.
C H A P T E R 6 Configuring Ports Table 6.1: Port Commands Command Description configure jumbo-frame size Configures the jumbo frame size. The range is between 1523 and 9216. The default setting is 9216. configure ports auto off {speed [100 | 1000]} duplex [half | full] Changes the configuration of a group of ports. Specify: • auto off—The port will not autonegotiate the settings. • speed—The speed of the port.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide Table 6.1: Port Commands (continued) Command Description disable ports Disables a port. Even when disabled, the link is available for diagnostic purposes. disable sharing Disables a load-sharing group of ports. enable jumbo-frame ports [ | all] Enables reception and transmission of jumbo frames.
C H A P T E R 6 Configuring Ports Table 6.1: Port Commands (continued) Command Description show ports { | mgmt} configuration Displays the port configuration. show ports { | mgmt} info {detail} Displays detailed system-related information. show ports { | mgmt} packet Displays a histogram of packet statistics. show ports { | mgmt} qosmonitor Displays real-time QoS statistics. For more information, refer to "Quality of Service (QoS)" on page 135.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide Port-Mirroring Port-mirroring configures the switch to copy all traffic coming in and out of one or more ports to a monitor port on the switch. You can connect the monitor port to a network analyzer or RMON probe for packet analysis. The switch uses a traffic filter that copies a group of traffic to the monitor port.
C H A P T E R 6 Configuring Ports Mirroring IP Multicast Traffic Due to IGMP snooping, multicast traffic may cease to be seen on a mirror port. If you issue a restart command for the mirror port or remove and reinsert the port connection, multicast traffic will resume for the IGMP host time-out period (260 seconds). Mirroring Bandwidth Performing mirroring on gigabit ports running at line-rate will reduce the traffic throughput by approximately 30 percent.
C H A P T E R 6 Intel® NetStructure™ 480T Routing Switch User Guide Table 6.2: Port-Mirroring Configuration Commands Command Description configure mirroring delete [vlan | port | vlan port ] Deletes a particular mirroring filter definition, or all mirroring filter definitions. disable mirroring Disables port mirroring. enable mirroring to port [tagged | untagged] Designates a port as the mirror output port. See “Tagged VLANs” on page 99.
C H A P T E R 6 Configuring Ports EDP Commands Table 6.3 lists EDP commands. For further command options, press the Tab key in the command line interface. Table 6.3: EDP Commands Command Description disable edp ports [ | all] Disables the EDP on one or more ports. enable edp ports [ | all] Enables generation and processing of EDP messages on one or more ports. The default setting is enabled.
C H A P T E R 94 6 Intel® NetStructure™ 480T Routing Switch User Guide
7 Virtual LANs (VLANs) Setting up Virtual Local Area Networks (VLANs) on the switch eases many time-consuming tasks of network administration while increasing efficiency in network operations. This chapter describes the concept of VLANs and explains how to implement VLANs on the Intel® NetStructure™ 480T routing switch. Overview of Virtual LANs The term VLAN (Virtual Local Area Network) refers to a collection of devices that communicate as if they were on the same physical LAN.
Intel® NetStructure™ 480T Routing Switch User Guide VLANs Help to Control Traffic With traditional networks, broadcast traffic can cause congestion, because packets are sent to all network devices, even though the data is not needed by all. VLANs increase the efficiency of your network because each VLAN can be set up to include only those devices that must communicate with each other. VLANs Provide Extra Security Devices within each VLAN can only communicate with member devices in the same VLAN.
C H A P T E R 7 Virtual LANs (VLANs) Types of VLANs You can create VLANs based on these criteria: • Physical port • 802.1Q tag • Ethernet, Logical Link Control Service Advertising Protocol (LLC SAP), or Logical Link Control Subnetwork Access Protocol (LLC/SNAP) Ethernet protocol type • MAC address • A combination of these criteria Port-Based VLANs In a port-based VLAN, a VLAN name is given to a group of one or more ports on the switch. A port can be a member of only one portbased VLAN.
Intel® NetStructure™ 480T Routing Switch User Guide of the same port. This means that each VLAN must be configured as a router interface with a unique IP address. Spanning Switches with Port-Based VLANs To create a port-based VLAN that spans two switches, you must: • Assign the port on each switch to the VLAN. • Connect the two switches using one port on each switch per VLAN. Figure 7.2 illustrates a single VLAN that spans two 480T routing switches. All ports on both switches belong to VLAN Sales.
C H A P T E R 7 Virtual LANs (VLANs) On System 2, ports 1 through 4 are part of VLAN Accounting and ports 5 through 8, 15, and 16 are part of VLAN Engineering. • System 1 ® 1 2 3 4 9 10 11 12 5 13 6 7 14 Accounting 8 15 16 Engineering ® 1 2 3 4 9 10 11 12 5 13 6 14 7 8 15 16 System 2 480t_018 Figure 7.3: Two port-based VLANs spanning two switches • VLAN Accounting spans System 1 and System 2 by way of a connection between System 1, port 12 and System 2, port 1.
Intel® NetStructure™ 480T Routing Switch User Guide lead to connectivity problems if non-802.1Q bridges or routers are placed in the path. Uses of Tagged VLANs Tagging is most commonly used to create VLANs that span switches. The switch-to-switch connections are typically called trunks. Using tags, multiple VLANs can span multiple switches using one or more trunks. In a port-based VLAN, each VLAN requires its own pair of trunk ports, as shown in Figure 7.3.
C H A P T E R 7 Virtual LANs (VLANs) ® 1 9 2 3 M S 10 4 5 6 7 8 M S 11 12 S M 13 14 15 16 Switch 1 M = Marketing S = Sales 802.1Q Tagged server = Tagged port ® 1 2 M S 9 10 M S 3 11 4 12 5 13 14 6 7 M S 8 15 16 Switch 2 480t_001 Figure 7.4: Physical diagram of tagged and untagged traffic Figure 7.5 shows a logical diagram of the same network.
Intel® NetStructure™ 480T Routing Switch User Guide • The trunk port on each switch is tagged. • The server connected to port 9 on System 1 has a NIC that supports 802.1Q tagging. • The server connected to port 9 on System 1 is a member of both VLAN Marketing and VLAN Sales. • All other stations use untagged traffic. As data passes out of the switch, the switch determines if the destination port requires the frames to be tagged or untagged. All traffic coming from and going to the server is tagged.
C H A P T E R 7 Virtual LANs (VLANs) • The remainder of the traffic belongs to the VLAN named MyCompany. • All ports are members of the VLAN MyCompany. ® 192.207.35.1 192.207.36.1 My Company 192.207.35.0 Finance 192.207.36.0 Personnel 1 2 3 4 = IP traffic = All other traffic 480t_003 Figure 7.
Intel® NetStructure™ 480T Routing Switch User Guide Defining Protocol Filters For more information on SNAP for Ethernet protocol types, see TR 11802-5:1997 (ISO/ IEC) [ANSI/IEEE std. 802.1H, 1997 Edition]. For more information on standards see "Technical Specifications and Supported Limits" on page 431. If necessary, you can define a customized protocol filter, based on Ethertype, Logical Link Control (LLC), and/or Subnetwork Access Protocol (SNAP). Up to six protocols may be part of a protocol filter.
C H A P T E R 7 Virtual LANs (VLANs) Deleting a Protocol Filter If a protocol filter is deleted from a VLAN, the VLAN is assigned a protocol filter of none. You can continue to configure the VLAN. However, no traffic is forwarded to the VLAN until a protocol is assigned to it.
Intel® NetStructure™ 480T Routing Switch User Guide Default VLAN The switch ships with one default VLAN that has these properties: • The VLAN name is default. • It includes all the ports on a new or initialized switch. The default VLAN is untagged on all ports. It has an internal VLANid of 1. Renaming a VLAN To rename a VLAN, use this command: configure vlan name These rules apply to renaming VLANs: • Once you change the default VLAN name, it cannot be changed back to default.
C H A P T E R 7 Virtual LANs (VLANs) Table 7.2 describes the commands used to configure a VLAN. For a complete list of command options, press the Tab key in the command line interface. Table 7.2: VLAN Configuration Commands Command Description configure dot1q ethertype Configures an IEEE 802.1Q Ethertype. Use this command only if you have another switch that supports 802.1Q, but uses an Ethertype value other than 8100. You must reboot the switch for this command to take effect.
Intel® NetStructure™ 480T Routing Switch User Guide Table 7.2: VLAN Configuration Commands (continued) Command Description configure vlan protocol [ | any] Configures a protocol-based VLAN. If the keyword any is specified, it becomes the default VLAN. All packets that cannot be forwarded to other protocol-based VLANs are assigned to the default VLAN of that port. configure vlan qosprofile [ | none] Configures a VLAN to use a particular QoS profile.
C H A P T E R 7 Virtual LANs (VLANs) configure default delete port 1-3,6 configure accounting add port 1-3,6 Because VLAN names are unique, you do not need to enter the keyword vlan after you have created the unique VLAN name. You can use the VLAN name alone. Example 2 This example creates a tag-based VLAN named video. It assigns the VLANid 1000. Ports 4 through 8 are added as tagged ports to the VLAN.
Intel® NetStructure™ 480T Routing Switch User Guide create protocol myprotocol configure protocol myprotocol add etype 0xf0f0 configure protocol myprotocol add etype 0xffff create vlan myvlan configure myvlan protocol myprotocol Displaying VLAN Settings To display VLAN settings, use this command: show vlan {} The show command displays summary information about each VLAN, and includes: • Name • VLANid • How the VLAN was created • IP address • IPX address (if configured) • STPD information
C H A P T E R 7 Virtual LANs (VLANs) VLAN Statistics You can collect statistics on a per VLAN basis. Available statistics include: • Receive and Transmit Unicast • Receive and Transmit Multicast • Receive and Transmit Broadcast • Receive and Transmit Byte Count. To display VLAN statistics use the command: show vlan stats vlan You can use multiple VLAN names in this syntax for multiple VLAN displays.
Intel® NetStructure™ 480T Routing Switch User Guide You can tunnel any number of 802.1Q VLANs into a single VLAN that can be switched through the 480T routing switch Ethernet infrastructure. Each tunnel is completely isolated from other tunnels or VLANs. This feature is useful in building transparent private networks (also called virtual metropolitan area networks or vMANs) that need point-to-point or point-to-multipoint connectivity across an Ethernet infrastructure.
C H A P T E R 7 Virtual LANs (VLANs) The figure shows a vMAN configuration with two tunnels that have ingress/egress ports on each 480T routing switch. Figure 7.
Intel® NetStructure™ 480T Routing Switch User Guide Specific to this configuration, a Layer 1 or Layer 2 redundancy method would also be employed, such as Spanning Tree or other protocol available on the switch. MAC-Based VLANs MAC-based VLANs allow physical ports to be mapped to a VLAN based on the source MAC address learned in the forwarding database (FDB).
C H A P T E R 7 Virtual LANs (VLANs) This example show MAC 00:00:00:00:00:aa is only allowed to enter into the VLAN on ports 10 and 11 because of membership in group 100: * switch480T:50 # show mac Port Vlan 10 MacVlanDiscover 100 Group Discover State 11 MacVlanDiscover 100 Discover 12 MacVlanDiscover any Discover 13 MacVlanDiscover any Discover 14 MacVlanDiscover any Discover Total Entries in Database:2 Mac Vlan Group 00:00:00:00:00:aa sales 100 00:00:00:00:00:01 sales any 2
Intel® NetStructure™ 480T Routing Switch User Guide VLAN association remains until the port connection is dropped or the FDB entry ages out. MAC-Based VLAN Commands Table 7.4 describes MAC-based VLAN commands. For a complete list of command options, press the Tab key in the command line interface. Table 7.4: MAC-Based VLAN Commands Command Description configure mac-vlan add mac-address [any | ] mac-group [any | ] vlan Adds a MAC address to a MAC-based VLAN.
C H A P T E R 7 Virtual LANs (VLANs) • The MAC address 00:00:00:00:00:01 has a group number of 10 associated with it, and can only be assigned to a VLAN if inserted into ports 5 or 6. • The MAC address 00:00:00:00:00:03 has a group number of 200 associated with it and can only be inserted into ports 9 through 12.
Intel® NetStructure™ 480T Routing Switch User Guide Example For MAC-based VLANs, the downloaded file is an ASCII file that consists of CLI commands used to configure the most recent MACto-VLAN database. This feature is different from the normal download configuration command in that it allows incremental configuration without automatically rebooting.
8 Forwarding Database (FDB) This chapter describes the contents of the forwarding database (FDB), how the FDB works, and how to configure the FDB. Overview of the FDB The Intel® NetStructure™ 480T routing switch maintains a database of all media access control (MAC) addresses received on all of its ports. It uses the information in this database to decide whether a frame should be forwarded or filtered.
Intel® NetStructure™ 480T Routing Switch User Guide You can download up to 7,000 MAC addresses to the switch when using MAC-based VLANs. You can create up to 3,000 VLANs on the switch. FDB Contents Each FDB entry consists of: • The MAC address of the device • An identifier for the port on which it was received • An identifier for the VLAN to which the device belongs. Frames destined for devices that are not in the FDB are flooded to all members of the VLAN.
C H A P T E R 8 Forwarding Database (FDB) Permanent Entries All entries entered through the command line interface are stored as permanent.Only entries designated as Permanent are retained in the database if the switch is reset or a power off/on cycle occurs. A permanent entry can either be a unicast or multicast MAC address. The switch can support up to 256 permanent MAC entries in the forwarding database. Once created, permanent entries cannot be updated.
Intel® NetStructure™ 480T Routing Switch User Guide • You can enter and update entries using a MIB browser, an SNMP Network Manager, or the command line interface (CLI). Associating a QoS Profile with an FDB Entry The switch applies the QoS profile as soon as the FDB entry is learned. You can associate a QoS profile with a MAC address (and VLAN) of a device that is dynamically learned. The FDB treats the entry like a dynamic entry (it is learned, it can be aged out of the database, and so on).
C H A P T E R 8 Forwarding Database (FDB) Table 8.1: FDB Configuration Commands (continued) Command Description configure fdb agingtime Configures the FDB aging time (in seconds). The range is 15 through 1,000,000. The default value is 300. A value of 0 indicates that the entry is never aged out. disable learning port Disables MAC-address learning on one or more ports for security purposes.
Intel® NetStructure™ 480T Routing Switch User Guide Displaying FDB Entries To display FDB entries, use the command: Show fdb { | vlan | ports | permanent} where the following is true: • mac_address—Displays the entry for a particular MAC address. • vlan —Displays the entries for a VLAN. • portlist—Displays the entries for a port. • permanent—Displays all permanent entries. With no options, the command displays all FDB entries.
9 Spanning Tree Protocol (STP) Using the Spanning Tree Protocol (STP) functionality of the Intel® NetStructure™ 480T routing switch makes your network more fault tolerant. STP is a part of the 802.1D bridge specification defined by the IEEE (Institute of Electrical and Electronics Engineers), a standard-setting body. To explain STP in terms used by the 802.1D specification, the switch is referred to as a bridge.
Intel® NetStructure™ 480T Routing Switch User Guide STPD has its own Root Bridge and active path. After the STPD is created, you can assign one or more VLANs to it. A port can belong to only one STPD. If a port is a member of multiple VLANs, then all those VLANs must belong to the same STPD. Remember these key points when configuring VLANs and STP: • Each VLAN forms an independent broadcast domain. • STP blocks paths to create a loop-free environment.
C H A P T E R 9 Spanning Tree Protocol (STP) • Marketing is defined on all switches (Switch A, Switch B, Switch Y, Switch Z, and Switch M). Two STPDs are defined: • STPD1 contains VLANs Sales and Personnel. • STPD2 contains VLANs Manufacturing and Engineering. The VLAN Marketing is a member of the default STPD, but not assigned to either STPD1 or STPD2.
Intel® NetStructure™ 480T Routing Switch User Guide Be careful when configuring your VLANs within a single STPD. Figure 9.2 illustrates an incorrect network configuration using a single STPD. The STP configuration disables the ability of the switches to forward VLAN traffic. Marketing & Sales Marketing, Sales & Engineering ® ® Switch 1 Switch 3 Switch 2 ® Sales & Engineering 480t_011 Figure 9.2: Tag-based STP configuration -Incorrect The tag-based network in Figure 9.
C H A P T E R 9 Spanning Tree Protocol (STP) Configuring STP We recommend that you do not configure STP parameters unless you have considerable knowledge and experience with STP. The default STP parameters are adequate for most networks. To configure STP: STPD, VLAN, and QoS profile names must be unique. For example, a name used to identify a VLAN cannot be used for an STPD or a QoS profile. 1. Create one or more STP domains using this command: create stpd 2.
Intel® NetStructure™ 480T Routing Switch User Guide Table 9.3: STP Configuration Commands Command Description configure stpd add vlan Adds a VLAN to the STPD. configure stpd forwarddelay Specifies the time (in seconds) that the ports in this STPD spend in the listening and learning states when the switch is the root bridge. The range is 4 through 30. Default setting is 15.
C H A P T E R 9 Spanning Tree Protocol (STP) Table 9.3: STP Configuration Commands (continued) Command Description create stpd Creates an STPD. When created, an STPD has these default parameters: • Bridge priority—32,768 • Hello time—2 seconds • Forward delay—15 seconds enable ignore-stp vlan Configures the switch to ignore the STP protocol, and not block traffic for the VLAN(s).
Intel® NetStructure™ 480T Routing Switch User Guide STP Configuration Example This example creates and enables an STPD named Backbone_st. It assigns the Manufacturing VLAN to the STPD. It disables STP on ports 1 through 7, and port 12.
C H A P T E R 9 Spanning Tree Protocol (STP) Disabling and Resetting STP To disable STP or return STP settings to their defaults, use the commands listed in Table 9.4. For further command options, press the Tab key in the command line interface. Table 9.4: STP Disable and Reset Commands Command Description delete stpd Removes an STPD. An STPD can only be removed if all VLANs were deleted from it. The default STPD, s0, cannot be deleted.
Intel® NetStructure™ 480T Routing Switch User Guide 134
10 Quality of Service (QoS) This chapter describes the concept of Quality of Service (QoS) and explains how to configure QoS on the Intel® NetStructure™ 480T routing switch. Overview of Policy-Based Quality of Service Policy-based QoS allows you to assign specific levels of service to different traffic types traversing the switch. Policy-based QoS is an effective control mechanism for networks that have heterogeneous traffic patterns.
Intel® NetStructure™ 480T Routing Switch User Guide prioritization parameters. The bandwidth-management and prioritization parameters that modify the forwarding behavior of the switch affect how the switch transmits traffic for a given hardware queue on a physical port. The switch tracks and enforces the minimum and maximum percentage utilization transmitted on every hardware queue for every port.
C H A P T E R 10 Quality of Service (QoS) Applications and Types of QoS Applications vary significantly in QoS requirements. These applications are ones that you will most commonly encounter and need to prioritize: • Voice applications • Video applications • Critical database applications • Web browsing applications • File server applications General guidelines for each traffic type are given below and summarized in Table 10.1 on page 139.
Intel® NetStructure™ 480T Routing Switch User Guide For example, in the playback of stored video streams, some applications can transmit large amounts of data for multiple streams in one spike, with the expectation that the endstations will buffer significant amounts of video-stream data. This can present a problem to the network infrastructure, because it must be capable of buffering the transmitted spikes where there are speed differences (for example, going from Gigabit Ethernet to Fast Ethernet).
C H A P T E R 10 Quality of Service (QoS) File Server Applications File serving typically poses the greatest demand on bandwidth, although file server applications are tolerant of latency, jitter, and some packet loss, depending on the network operating system and the use of TCP or UDP. Table 10.
Intel® NetStructure™ 480T Routing Switch User Guide 2. Assign one or more traffic groupings to a QoS profile to create a QoS policy. Traffic grouping—A classification or traffic type that has one or more attributes in common. These can range from a physical port to a VLAN to IP Layer 4 port information. Traffic groupings are assigned to QoS profiles to modify switch forwarding behavior.
C H A P T E R 10 Quality of Service (QoS) other queues. The minimum bandwidth for all queues should add up to less than 90%. The default value on all minimum bandwidth parameters is 0%. • Maximum bandwidth – The maximum percentage of total link bandwidth that may be transmitted by a hardware queue on a physical port. The default value on all maximum bandwidth parameters is 100%. • Priority – The level of priority assigned to a hardware queue on a physical port.
Intel® NetStructure™ 480T Routing Switch User Guide Table 10.3: Default QoS Profiles Profile Name Hardware Queue Priority Buffer Minimum Bandwidth Maximum Bandwidth Qp1 Q0 Low 0 0% 100% Qp2 Q1 Lowhi 0 0% 100% Qp3 Q2 Normal 0 0% 100% Qp4 Q3 Normalhi 0 0% 100% Qp5 Q4 Medium 0 0% 100% Qp6 Q5 Mediumhi 0 0% 100% Qp7 Q6 High 0 0% 100% Qp8 Q7 Highhi 0 0% 100% Configuring a QoS Profile Table 10.4 lists the commands used to configure QoS.
C H A P T E R 10 Quality of Service (QoS) Table 10.4: QoS Configuration Commands Command Description configure qosprofile {minbw } {maxbw } {priority } { | maxbuf minbuf [K | M]} Configures a QoS profile. Specify: • minbw—The minimum buffer percentage guaranteed to be available to this queue for transmission. The default setting is 0. • maxbw—The maximum buffer percentage this queue is permitted to use for transmission.
Intel® NetStructure™ 480T Routing Switch User Guide Modifying a QoS Profile You can modify the default profiles as desired. To modify the parameters of an existing QoS profile, use this command: configure qosprofile {minbw } {maxbw } {priority } {minbuf } {maxBuf } [K | M] Traffic Groupings and Creating a QoS Policy Use full-duplex links when deploying policy-based QoS.
C H A P T E R 10 Quality of Service (QoS) Table 10.5: Traffic Groupings by QoS Mode (continued) IP Information (Access Lists) Groupings Destination Address MAC-based Groupings • Permanent • Dynamic • Blackhole • Broadcast/unknown rate limiting Explicit Packet Class of Service Groupings • DiffServ (IP TOS) • 802.
Intel® NetStructure™ 480T Routing Switch User Guide The MAC address options are: • Permanent • Dynamic • Blackhole • Broadcast/unknown rate limiting Permanent MAC Addresses Permanent MAC addresses can be assigned a QoS profile whenever traffic is destined for the MAC address. You can do this when you create a permanent FDB entry.
C H A P T E R 10 Quality of Service (QoS) Broadcast/Unknown Rate Limiting MAC Address IP multicast traffic is subject to broadcast and unknown rate limiting only when IGMP snooping is disabled. Refer to "IGMP Snooping" on page 278. It is possible to assign broadcast and unknown destination packets to a QoS profile that has the desired priority and bandwidth parameters. Broadcast/unknown rate limiting is an extension of the QoS feature used for destination MAC addresses.
Intel® NetStructure™ 480T Routing Switch User Guide be preserved across a routed switch boundary and DiffServ code points can be observed or overwritten across a Layer 2 switch boundary. Configuring 802.1p Priority The switch supports the standard 802.1p priority bits that are part of a tagged Ethernet packet. The 802.1p bits can be used to prioritize the packet, and assign it to a particular QoS profile. When a packet arrives at the switch, the 802.
C H A P T E R 10 Quality of Service (QoS) Table 10.6: 802.1p Priority Value-to-QoS Profile Mapping Priority Value QoS Profile 0 Qp1 1 Qp2 2 Qp3 3 Qp4 4 Qp5 5 Qp6 6 Qp7 7 Qp8 As described in Table 10.2, by default a QoS profile is mapped to a hardware queue, and each QoS profile has configurable bandwidth parameters and priority. In this way, an 802.1p priority value detected on ingress can be mapped to a particular QoS profile with specified bandwidth-management and priority behavior.
Intel® NetStructure™ 480T Routing Switch User Guide that is used when transmitting the packet. To replace 802.1p priority information, use the command: enable dot1p replacement ports [ | all] 802.1p priority information is replaced according to the hardware queue that is used when transmitting from the switch. The mapping is described in Table 10.7. This mapping cannot be changed. Table 10.7: 802.1p Priority Value-to-Hardware Queue Mapping Hardware Queue 802.
C H A P T E R 10 Quality of Service (QoS) Table 10.8: 802.1p Configuration Commands (continued) Command Description disable dot1p replacement ports [ | all] Disables the ability to overwrite 802.1p priority values for a given set of ports. enable dot1p replacement ports [ | all] Enables the 802.1p priority field to be overwritten on egress according to the QoS profile to 802.1p priority mapping for a given set of ports. show dot1p Displays the 802.1p-to-QoS profile mappings.
Intel® NetStructure™ 480T Routing Switch User Guide Observing DiffServ Information When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits. These bits are called the code point. The switch can assign the QoS profile used to subsequently transmit the packet based on the code point. The QoS profile controls a hardware queue used when transmitting the packet out of the switch, and determines the forwarding characteristics of a particular code point.
C H A P T E R 10 Quality of Service (QoS) You can change the QoS profile assignment for all 64 code points. Use this command: configure diffserv examination code-point qosprofile ports [] Once assigned, the rest of the switches in the network prioritize the packet using the characteristics specified by the QoS profile.
Intel® NetStructure™ 480T Routing Switch User Guide Table 10.10: Default 802.1p Priority Value-to-Code Point Mapping Hardware Queue 802.1p Priority Value Code Point 0 0 0 1 1 8 2 2 16 3 3 24 4 4 32 5 5 40 6 6 48 7 7 56 You can change the 802.
C H A P T E R 10 Quality of Service (QoS) Table 10.11 describes the commands used to configure DiffServ. For further command options, press the Tab key in the command line interface. Table 10.11: DiffServ Configuration Commands Command Description configure diffserv examination code-point qosprofile ports [] Configures the default ingress DiffServ code points to QoS profile mapping. The is a 6-bit value in the IP-TOS byte in the IP header.
Intel® NetStructure™ 480T Routing Switch User Guide DiffServ Example In this example, we use DiffServ to signal a class of service throughput and assign any traffic coming from network 10.1.2.x with a specific DiffServ code point. This allows all other network switches to send and observe the Diffserv code point instead of repeating the same QoS policy on every network switch. Configure the switch that handles incoming traffic from network 10.1.2.x as follows: 1.
C H A P T E R 10 Quality of Service (QoS) transmitted out to any other port. To configure a source port traffic grouping, use this command: configure ports [all | mgmt | ] qosprofile In the following example, all traffic sourced from port 7 uses the QoS profile named qp3 when being transmitted.
Intel® NetStructure™ 480T Routing Switch User Guide QoS Monitor The QoS monitor is a utility that monitors the hardware queues associated with any port(s). The QoS monitor keeps track of the number of frames and the frames per second that a specific queue is responsible for transmitting on a physical port. Two options are available: a real-time display, and a separate option for retrieving information in the background and writing it to the log. Table 10.12 describes the QoS monitor commands.
C H A P T E R 10 Quality of Service (QoS) • A port is sampled for five seconds before the packets per second (pps) value is displayed on the screen. Background Performance Monitoring Monitoring QoS in the background places the transmit counter and any overflow information into the switch log. The log notification appears if one of the queues experiences an overflow condition since the last time it was sampled.
Intel® NetStructure™ 480T Routing Switch User Guide • To display information including QoS information for the port. show ports info {detail} Modifying a QoS Policy If you change the parameters of a QoS profile after a QoS policy was created (by applying a QoS profile to a traffic grouping), the timing of the configuration change depends on the traffic grouping involved.
C H A P T E R 10 Quality of Service (QoS) To set the maxbuf value on a queue, use this command: configure qosprofile minbw maxbw priority maxbuf To view the maxbuf configuration, use this command: show qosprofile Bandwidth Settings and Their Impact Bandwidth settings applied to QoS profiles used for ingress or egress traffic are expressed as a percentage of bandwidth. QoS profile bandwidth settings are in turn applied to queues on physical ports.
Intel® NetStructure™ 480T Routing Switch User Guide Table 10.13: QoS Maximum Bandwidth Settings Maximum Bandwidth Setting (%) Maximum Bandwidth @ 100Mbps Maximum Bandwidth @ 1000 Mbps 10% 9.6 Mbps 96 Mbps 11% 11.2 Mbps 112 Mbps 15% 15 Mbps 150 Mbps 20% 19 Mbps 190 Mbps 25% 25 Mbps 250 Mbps 30% 33Mbps 330 Mbps 35% 35 Mbps 350 Mbps 40% 42 Mbps 420 Mbps Minimum bandwidth settings The minimum bandwidth settings determine the reserved port bandwidth available to each queue. Table 10.
C H A P T E R 10 Quality of Service (QoS) Table 10.14: QoS Profile Minimum Bandwidth Minimum Bandwidth Setting (%) Minimum Bandwidth@ 100 Mbps Minimum Bandwidth @ 1000 Mbps 8% 7.5 Mbps 75 Mbps 9% 9.3 Mbps 93 Mbps 10% 10 Mbps 100 Mbps 20% 18.7 Mbps 187 Mbps 25% 26.
Intel® NetStructure™ 480T Routing Switch User Guide You can utilize up to eight ingress rate-shaping queues per VLAN and eight egress rate-shaping queues per physical port. By defining a QoS profile’s minimum and maximum bandwidth corresponding to the physical queue and port, you define committed information rates for each queue and port. Different bandwidth rates can be applied to ingress vs. egress traffic. You can then create traffic groupings (e.g.
C H A P T E R 10 Quality of Service (QoS) • Unicast traffic from a non-rate-shaped port to a rate-shaped port within the VLAN will not be rate-shaped. • The aggregate forwarding bandwidth of all rate-shaped ports in a VLAN is determined by the traffic groupings and bandwidth settings for the QoS profiles of the loopback port. For egress rate shaping, simply set the maximum bandwidth of the QoS profile on the egress port.
Intel® NetStructure™ 480T Routing Switch User Guide To add rate-shaped ports to the VLAN, use the following command: configure vlan add port {tagged | untagged} {nobroadcast} soft-rate-limit To delete rate-shaped ports from the VLAN, use the command: configure vlan delete port To configure the rate-shaping parameters of the loopback port, use the normal QoS profile configuration command, as follows: configure qosprofile {minbw } {maxbw
11 Enterprise Standby Router Protocol (ESRP) Overview We recommend that all switches using ESRP use the same version of firmware for interoperability. See "Software Upgrade and Boot Options" on page 419. Enterprise Standby Router Protocol (ESRP) allows multiple switches to provide redundant routing services to users.
Intel® NetStructure™ 480T Routing Switch User Guide ESRP-Aware Switches 480T routing switches that are not running ESRP, but are connected on a network with other 480T routing switches running ESRP, are ESRP-aware. When ESRP-aware switches are attached to ESRP-enabled switches, the ESRP-aware switches reliably perform failover and failback scenarios in the prescribed recovery times. It isn’t necessary to configure this feature.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) Multiple ESRP VLANs If multiple ESRP VLANs share a host port, each VLAN must be in an ESRP group. Mixing Clients and Routers on ESRP VLANs ESRP should not be enabled on a VLAN that is also expected to exchange routes with other non-ESRP routers (such as routers using RIP or OSPF). ESRP is intended and designed as a Layer 2 or Layer 3 redundancy method for clients with a single default route.
Intel® NetStructure™ 480T Routing Switch User Guide ESRP cannot be enabled on the VLAN default. • For a VLAN to be recognized as participating in ESRP, the assigned IP address or the IPX NetID for the separate switches must be identical. Other aspects of the VLAN, including its name, are ignored. • ESRP must be enabled on the desired VLANs for each switch. • Enterprise Discovery Protocol (EDP) must be enabled on the ports that are members of the ESRP VLANs (the default setting is enabled).
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) default priority setting is 0. A priority setting of 255 loses the election and remains in standby mode. • System MAC address —The switch with the higher MAC address has priority. ESRP Tracking You can use tracking information to monitor various forms of connectivity from the ESRP switch to the outside world. This section describes your ESRP tracking options.
Intel® NetStructure™ 480T Routing Switch User Guide route of the switch, or any device meaningful to network connectivity of the master ESRP switch. The switch automatically relinquishes master status and remains in standby mode if a ping keepalive fails three consecutive times. To view the status of tracked devices, use this command: show esrp ESRP Election Algorithms You configure the switch to use one of five different election algorithms to select the ESRP master.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) Electing the Master Switch A new master can be elected in one of these ways: • A communicated parameter change • Loss of communication between master and slave(s). Whenever a parameter that determines the master changes (for example, link loss or priority change), the election of the new master typically occurs within one timer cycle (2 seconds by default).
Intel® NetStructure™ 480T Routing Switch User Guide ESRP Options ESRP options include: • ESRP Host Attach • ESRP Domains • ESRP Groups • Linking ESRP Switches • Configuring ESRP and Multinetting • ESRP and Spanning Tree ESRP Host Attach ESRP host attach (HA) is an optional ESRP configuration that allows you to connect active hosts directly to an ESRP master or standby switch.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) OSPF/BGP4 ® 1 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 2 3 4 5 6 7 9 10 11 12 13 Rx 14 Tx Rx 15 Tx Rx ® 8 8 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 16 Tx Rx Tx 1 2 3 4 9 10 11 12 5 6 7 Tx Rx 8 8 13 Rx 14 Tx Rx 15 16 Tx Rx Tx 480T_045R Figure 11.
Intel® NetStructure™ 480T Routing Switch User Guide For example, two ESRP switches provide Layer 2 and Layer 3 connectivity and redundancy for the subnet, while another two ESRP switches provide Layer 2 connectivity and redundancy for a portion of the same subnet. Figure 11.2 shows ESRP groups.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) Linking ESRP Switches Direct links between ESRP switches are useful under these conditions: • When the ESRP switches are routing and supporting multiple VLANs (where the master/standby configuration is split so one switch is master for some VLANs and a second switch is master for other VLANs), a direct link provides a more direct path. The direct link can contain a unique router-to-router VLAN/ subnet.
Intel® NetStructure™ 480T Routing Switch User Guide you can combine ESRP and STP on a network and a VLAN, but you must do so on separate devices. Be careful to maintain ESRP connectivity between ESPR master and standby switches when you design a network that uses ESRP and STP. ESRP and VLAN Aggregation Do not configure a subVLAN to run ESRP. The system will allow you to enable ESRP on a VLAN and then designate the VLAN as a sub-VLAN, but this is not a supported configuration.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) • show esrp {detail}—Verifies ESRP is enabled and operational. ESRP Commands Table 11.1 describes the commands used to configure ESRP. Press the Tab key in the command line interface for more command options. Table 11.1: ESRP Commands Command Description configure esrp port-mode [host | normal] ports {dont-count} Configures the ESRP port mode.
Intel® NetStructure™ 480T Routing Switch User Guide Table 11.1: ESRP Commands (continued) Command Description configure vlan delete track-diagnostic Disables the priority of the diagnostic failover. configure vlan delete track-environment Disables the priority of the environmental failover. configure vlan delete track-ping frequency miss Configures an ESRP-enabled VLAN to stop tracking an external gateway.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) Table 11.1: ESRP Commands (continued) Command Description configure vlan esrp group Configures the ESRP group number. configure vlan esrp priority Configures the ESRP priority. The range is 0 to 255. The higher number has higher priority. The default setting is 0. A setting of 255 configures the switch to be in standby state.
Intel® NetStructure™ 480T Routing Switch User Guide ESRP Examples This section provides examples of ESRP configurations. Single VLAN Using Layer 2 and Layer 3 Redundancy This example, shown in Figure 11.3, uses a number of switches that perform Layer 2 switching for VLAN Sales. The switches are multihomed to the VLAN Sales switches. The VLAN Sales switches perform Layer 2 switching between the switches shown near the bottom of the diagram, and Layer 3 routing to the outside world.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) ® OSPF or RIP ® ® Sales VLAN (master) Sales VLAN (standby) ® ® 480t_019 Figure 11.3: ESRP example using Layer 2 and Layer 3 redundancy The VLAN Sales master switch, acting as master for VLAN Sales, performs both Layer 2 switching and Layer 3 routing services for VLAN Sales. The switch in standby mode for VLAN Sales performs neither, thus preventing bridging loops in the VLAN.
Intel® NetStructure™ 480T Routing Switch User Guide The following commands are used to configure both VLAN Sales switches. The assumption is that the inter-router backbone is running OSPF, with other routed VLANs already properly configured. Similar commands would be used to configure a switch on a network running RIP. The primary requirement is that the IP address for the VLAN(s) running ESRP must be identical.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) Figure 11.3 builds on Figure 11.4, but eliminates the requirement of Layer 3 redundancy. It has these features: • An additional VLAN, Engineering, is added that uses Layer 2 redundancy. • The VLAN Sales uses three active links to each upper switch. • The VLAN Engineering has two active links to each upper switch. • The switch labeled Sales + Engineering carries traffic for both VLANs.
Intel® NetStructure™ 480T Routing Switch User Guide create vlan sales configure sales add port 1-3 configure sales ipaddr 10.1.2.3/24 create vlan eng configure eng add port 1,4 configure eng ipaddr 10.4.5.
C H A P T E R 11 Enterprise Standby Router Protocol (ESRP) Then, set the priority of environmental failover using the command: configure vlan add track-environment failover Disable the priority of environmental failover, using this command: configure vlan delete track-environment failover To enable the priority of the diagnostic failover, use this command: configure vlan add track-diagnostic failover To disable the priority of the dia
Intel® NetStructure™ 480T Routing Switch User Guide 188
12 IP Unicast Routing This chapter describes how to configure IP routing on the Intel® NetStructure™ 480T routing switch. It assumes that you are already familiar with IP unicast routing. If not, refer to these publications for additional information: • RFC 1256 — ICMP Router Discovery Messages • RFC 1812 — Requirements for IP Version 4 Routers For IEEE standards information refer to http://standards.ieee.
Intel® NetStructure™ 480T Routing Switch User Guide Policy-Based Routing and Route Load-Sharing Policy-based routing is used to alter the normally calculated nexthop route, which is based on the route table. This same alteration can also load-share across multiple routers. It implies a set of rules or policies that take precedence over information in the route table.
C H A P T E R 12 IP Unicast Routing Router Interfaces The routing software and hardware move IP traffic between router interfaces. A router interface is simply a VLAN that has an IP address assigned to it. As you create VLANs with IP addresses belonging to different IP subnets, you can also choose to route between the VLANs. Both the VLAN switching and IP routing function occur within the 480T routing switch. Each IP address and mask assigned to a VLAN must represent a unique IP subnet.
Intel® NetStructure™ 480T Routing Switch User Guide Populating the Routing Table The 480T routing switch maintains an IP routing table for both network routes and host routes. The table is populated from these sources: If you define a default route, and later delete the VLAN on the subnet associated with it, the now-invalid default route entry remains. You must manually delete the configured default route.
C H A P T E R 12 IP Unicast Routing Multiple Routes When there are multiple, conflicting choices of equal-cost routes to a particular destination, the router picks the route with the longest matching network mask. If these are still equal, the router picks the route using these criteria (in this order): 1. Directly attached network interfaces 2. ICMP redirects (refer to Table 12.6 on page 216). 3. Static routes 4.
Intel® NetStructure™ 480T Routing Switch User Guide • Direct • Static • RIP • OSPF • BGP These route maps match the various characteristics of the route based on the originating protocol and set the accounting indices.
C H A P T E R 12 IP Unicast Routing enable ospf export [bgp | i-bgp | e-bgp] [[cost [ase-type-1 | ase-type-2] {tag } | ] enable ospf export vip [[cost [ase-type-1 | ase-type-2] {tag } | ] BGP and OSPF Route Map Support for Tagging The 480T routing switch has route map support for BGP and OSPF tagging. This allows you to redistribute OSPF routes from the kernel routing table to BGP, or BGP routes to OSPF.
Intel® NetStructure™ 480T Routing Switch User Guide Proxy ARP Proxy Address Resolution Protocol (ARP) was first invented so that ARP-capable devices could respond to ARP request packets on behalf of ARP-incapable devices. Proxy ARP can also be used to achieve router redundancy and simplify IP client configuration. The switch supports proxy ARP for this type of network configuration.
C H A P T E R 12 IP Unicast Routing For example, an IP host is configured with a class B address of 100.101.102.103 and a mask of 255.255.0.0: • The switch is configured with the IP address 100.101.102.1 and a mask of 255.255.255.0. • The switch is also configured with a proxy ARP entry of IP address 100.101.0.0 and mask 255.255.0.0, without the always parameter. • When the IP host tries to communicate with the host at address 100.101.45.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.1: Relative Route Priorities (continued) Route Origin Priority OSPFExtern2 3300 BOOTP 5000 To change the relative route priority, use this command: configure iproute priority [rip | bootp | icmp | static | ospf-intra | ospf-inter | e-bgp | i-bgp | ospf-extern1 | ospf-extern2] IP Multinetting IP multinetting is used in many legacy IP networks to overlap multiple subnets onto the same physical segment.
C H A P T E R 12 IP Unicast Routing IP Multinetting Operation Multinetted VLAN groups must contain identical port assignments. To use IP multinetting, follow these steps: 1. Select a port where you want IP multinetting to run, for example, port 2. 2. Remove the port from the default VLAN, using this command: configure default delete port 2 3. Create a dummy protocol using this command: create protocol mnet 4.
Intel® NetStructure™ 480T Routing Switch User Guide IP Multinetting Examples This example configures the switch to have one multinetted segment (port 5) that contains three subnets (192.67.34.0, 192.67.35.0, and 192.67.37.0): configure default delete port 5 create protocol mnet create vlan net34 create vlan net35 create vlan net37 configure net34 ipaddress 192.67.34.1 configure net35 ipaddress 192.67.35.1 configure net37 ipaddress 192.67.37.
C H A P T E R 12 IP Unicast Routing configure net35 protocol mnet configure net37 protocol mnet config net34 add port 5 config net35 add port 5 config net37 add port 5 configure default delete port 8,9,10 create vlan net36 create vlan net45 configure configure configure configure configure configure configure configure net36 ipaddress 192.67.36.1 net45 ipaddress 192.99.45.
Intel® NetStructure™ 480T Routing Switch User Guide 5. Turn on RIP or OSPF using one of these commands: enable rip enable ospf Verifying the IP Unicast Routing Configuration Use the show iproute command to display the current configuration of IP unicast routing for the switch and for each VLAN. The show iproute command displays the currently configured routes and includes how each route was learned. The show iproute display has a special flag for routes that are active and in use.
C H A P T E R 12 IP Unicast Routing • The subVLANs use the IP address of the superVLAN as the default router address. • Groups of clients are then assigned to subVLANs that have no IP address, but are members of the superVLAN. • Clients can be informally allocated any valid IP addresses within the subnet. Optionally, you can prevent communication between subVLANs for isolation purposes so that subVLANs can be quite small, but allow for growth without re-defining subnet boundaries.
Intel® NetStructure™ 480T Routing Switch User Guide In Figure 12.2, all stations are configured to use the address 10.3.2.1 for the default router. VLAN Aggregation Properties These properties apply to VLAN aggregation operation: • All broadcast and unknown traffic remains local to the subVLAN and does not cross the subVLAN boundary. • All traffic within the subVLAN is switched by the subVLAN, allowing traffic separation between subVLANs (while using the same default router address among them).
C H A P T E R 12 IP Unicast Routing SubVLAN Address Range Checking The use of static ARP entries associated with superVLANs or subVLANs is not supported. Sub-VLAN address ranges can be configured on each subVLAN to prohibit the entry of IP addresses from hosts outside of the configured range.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.2: VLAN Aggregation Commands Command Description configure vlan add secondary-ip {} Adds a secondary IP address to the superVLAN for responding to ICMP ping requests. configure vlan add subvlan Adds a subVLAN to a superVLAN.
C H A P T E R 12 IP Unicast Routing 2. Create and add ports to the subVLANs: create vlan vsub1 configure vsub1 add port 8-10 create vlan vsub2 configure vsub2 add port 11-13 create vlan vsub3 configure vsub3 add port 15-16 3. Configure the superVLAN by adding the subVLANs: configure vsuper add subvlan vsub1 configure vsuper add subvlan vsub2 configure vsuper add subvlan vsub3 4.
Intel® NetStructure™ 480T Routing Switch User Guide • Configure the addresses, where you want to direct DHCP or BOOTP requests, using this command: configure bootprelay add To delete an entry, use this command: configure bootprelay delete { | all} Verifying the DHCP/BOOTP Relay Configuration To verify the DHCP/BOOTP relay configuration, use this command: show ipconfig This command displays the configuration of the BOOTP relay service, and the addresses that are currently configur
C H A P T E R 12 IP Unicast Routing Configuring UDP Forwarding To configure UDP forwarding, the you must first create a UDPforward destination profile. The profile describes the types of UDP packets (by port number) that are used, and where they are to be forwarded. You must give the profile a unique name, in the same manner as a VLAN, protocol filter, or Spanning Tree Domain. Next, configure a VLAN to use the UDP-forwarding profile.
Intel® NetStructure™ 480T Routing Switch User Guide • You can alter the default settings for security reasons, by restricting the success of tools that could be used to find information on an important application, host, or topology. • For ICMP packets that are typically routed, you can apply access lists to restrict forwarding behavior.
C H A P T E R 12 IP Unicast Routing Table 12.3: UDP-Forwarding Commands (continued) Command Description configure vlan udp-profile Assigns a UDP-forwarding profile to the source VLAN. Once the UDP profile is associated with the VLAN, the Intel® NetStructure™ 480T routing switch picks up any broadcast UDP packets that match the user-configured UDP port number, and forwards those packets to the userdefined destination.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.4: Basic IP Commands Command Description clear iparp { | vlan } Removes dynamic entries in the IP ARP table. Permanent IP ARP entries are not affected. clear ipfdb { | vlan } Removes the dynamic entries in the IP forwarding database. If no options are specified, all dynamic IP FDB entries are removed. configure bootprelay add Adds the IP destination address to forward BOOTP packets.
C H A P T E R 12 IP Unicast Routing Table 12.4: Basic IP Commands (continued) Command Description configure iparp timeout Configures the IP ARP timeout period. The default setting is 20 minutes. A setting of 0 disables ARP aging. The maximum aging time is 32 minutes. configure tcp-sync-rate Configures a limit for the switch to process TCP connection requests.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.4: Basic IP Commands (continued) Command Description enable bootprelay Enables the forwarding of BOOTP and Dynamic Host Configuration Protocol (DHCP) requests. enable ipforwarding {vlan } Enables IP routing for one or all VLANs. If no argument is provided, enables routing for all VLANs that are configured with an IP address. The default setting for ipforwarding is disabled.
C H A P T E R 12 IP Unicast Routing Table 12.5: Route Table Configuration Commands (continued) Command Description configure iproute add blackhole Adds a blackhole address to the routing table. All traffic destined for the configured IP address is dropped, and no Internet Control Message Protocol (ICMP) message is generated. configure iproute add default {} Adds a default gateway to the routing table.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.6 describes the commands used to configure IP options and the ICMP protocol. For more command options, press the Tab key in the command line interface. Table 12.6: ICMP Configuration Commands Command Description configure irdp [multicast | broadcast] Configures the destination address of the router advertisement messages. The default setting is multicast.
C H A P T E R 12 IP Unicast Routing Table 12.6: ICMP Configuration Commands (continued) Command Description enable icmp address-mask vlan [ | all] Enables an ICMP address-mask reply (type 18, code 0) when an ICMP address mask request is received.The default setting is enabled. If a VLAN is not specified, the command applies to all IP interfaces.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.6: ICMP Configuration Commands (continued) Command Description enable icmp unreachables vlan [ | all] Enables ICMP network-unreachable messages (type 3, code 0), and host unreachable messages (type 3, code 1) when a packet cannot be forwarded to the destination because of an unreachable route or host. The default setting is enabled. If a VLAN is not specified, the command applies to all IP interfaces.
C H A P T E R 12 IP Unicast Routing Routing Configuration Example Figure 12.3 illustrates a 480T routing switch with three VLANs defined as: • • • Financeaddress 192.207.35.1 • protocol sensitive VLAN using the IP protocol • Ports 1 and 3 are assigned • IP address 192.207.35.1. Personnel • Protocol-sensitive VLAN using the IP protocol • Ports 2 and 4 are assigned • IP address 192.207.36.1 MyCompany • Port-based VLAN • All ports are assigned Figure 12.
Intel® NetStructure™ 480T Routing Switch User Guide The stations connected to ports 1 through 4 generate a combination of IP traffic and NetBIOS traffic. The IP traffic is filtered by the protocol-sensitive VLANs. All other traffic is directed to the VLAN MyCompany. In this configuration, all IP traffic from stations connected to ports 1 and 3 have access to the router using the VLAN Finance. Ports 2 and 4 reach the router through the VLAN Personnel.
C H A P T E R 12 IP Unicast Routing Table 12.7: Router Show Commands (continued) Command Description show iparp { | permanent} Displays the IP ARP table. You can filter the display by IP address, VLAN, or permanent entries. show ipconfig {vlan | detail} Displays configuration information for one or all VLANs. show ipfdb {/ | vlan } Displays the contents of the IP FDB table. If no option is specified, all IP FDB entries are displayed.
Intel® NetStructure™ 480T Routing Switch User Guide Table 12.8: Router Reset and Disable Commands (continued) Command Description disable bootp vlan [ | all] Disables the generation and processing of BOOTP packets. disable bootprelay Disables the forwarding of BOOTP requests. disable icmp vlan [] Disables ICMP parameter-problem messages. If a VLAN is not specified, the command applies to all IP interfaces.
13 RIP and OSPF This chapter describes the interior routing protocols available on the Intel® NetStructure™ 480T routing switch, RIP and OSPF. It assumes that you are already familiar with IP unicast routing. If not, refer to these publications: • RFC 1058 — Routing Information Protocol (RIP) • RFC 1723 — RIP Version 2 • RFC 2178 — OSPF Version 2 Overview Both RIP and OSPF can be enabled on a single VLAN.
Intel® NetStructure™ 480T Routing Switch User Guide Distinguishing RIP and OSPF The distinction between RIP and OSPF lies in the fundamental differences between distance-vector protocols and link-state protocols. Using a distance-vector protocol, each router creates a unique routing table from summarized information obtained from neighboring routers. Using a link-state protocol, every router maintains an identical routing table created from information obtained from all routers in the autonomous system.
C H A P T E R 13 RIP and OSPF Overview of RIP RIP is an IGP first used in computer routing in the Advanced Research Projects Agency Network (ARPAnet) as early as 1969. It is primarily intended for use in homogeneous networks of moderate size. To determine the best path to a distant network, a router using RIP always selects the path that has the least number of hops. Each router that data must traverse is considered to be one hop.
Intel® NetStructure™ 480T Routing Switch User Guide Triggered Updates Triggered updates occur whenever a router changes the metric for a route, and it is required to send an update message immediately, even if it is not yet time for a regular update message to be sent. This will generally result in faster convergence, but may also result in more RIP-related traffic.
C H A P T E R 13 RIP and OSPF Link-State Database Upon initialization, each router transmits a link-state advertisement (LSA) on each of its interfaces. LSAs are collected by each router and entered into the LSDB of each router. OSPF uses flooding to distribute LSAs between routers. Any change in routing information is sent to all of the routers in the network. All routers within an area have the exact same LSDB. Table 13.1 describes LSA type numbers. Table 13.
Intel® NetStructure™ 480T Routing Switch User Guide • Area Border Router (ABR): An ABR has interfaces in multiple areas. It is responsible for exchanging summary advertisements with other ABRs. You can create a maximum of 7 non-zero areas. • Autonomous System Border Router (ASBR): An ASBR acts as a gateway between OSPF and other routing protocols, or other autonomous systems.
C H A P T E R 13 RIP and OSPF • External routes originating from an ASBR connected to the NSSA can be advertised within the NSSA. • External routes originating from the NSSA can be propagated to other areas, including the backbone area.
Intel® NetStructure™ 480T Routing Switch User Guide ABR Virtual link ® ABR ® Area 2 Area 1 Area 0 480t_012 Figure 13.1: Virtual link for stub area You can use virtual links to repair a discontiguous backbone area. In Figure 13.2, if the connection between ABR1 and the backbone fails, the ABR2 connection provides redundancy so the discontiguous area continues to communicate with the backbone using the virtual link.
C H A P T E R 13 RIP and OSPF OSPF Database Overflow The OSPF Database Overflow feature allows you to both limit the size of the LSDB and maintain a consistent LSDB across all the routers in the system. Maintaining a consistent LSDB across all the routers in the domain ensures that all routers have a consistent view of the network.
Intel® NetStructure™ 480T Routing Switch User Guide To reconfigure an OSPF interface as a normal interface: configure ospf add vlan area To display passive interface configuration: show ospf interfaces [detail] Routing with OSPF Set the RouterID We recommend manually setting the routerID of the switches participating in OSPF instead of having the switch automatically choose its routerID based on the highest interface IP address.
C H A P T E R 13 RIP and OSPF OSPF AS Backbone Area 0.0.0.0 ® ABR Area 121.2.3.4 ® ASBR ® ASBR RIP AS 480t_015 Figure 13.3: Route redistribution Configuring Route Redistribution Exporting routes from OSPF to RIP, and from RIP to OSPF, are discrete configuration functions. To run OSPF and RIP simultaneously, first configure both protocols, and then verify the independent operation of each. Then you can configure the routes to export from OSPF to RIP and from RIP to OSPF.
Intel® NetStructure™ 480T Routing Switch User Guide These commands enable or disable the exporting of RIP, static, and direct routes by way of LSAs to other OSPF routers as Autonomous System (AS)-external type 1 or type 2 routes. The default setting is disabled. The cost metric is inserted for all RIP-learned, static, and direct routes injected into OSPF. If the cost metric is set to 0, the cost is inserted from the route. The tag value is used only by special routing applications.
C H A P T E R 13 RIP and OSPF OSPF Timers and Authentication Configuring OSPF timers and authentication on a per-area basis is a shorthand for applying the timers and authentication to each VLAN in the area at the time of configuration. If you add more VLANs to the area, be sure to configure the timers and authentication for the new VLANs explicitly. OSPF Password Encryption The neighbor password for OSPF is encrypted in upload/download configuration.
Intel® NetStructure™ 480T Routing Switch User Guide You can make dynamic changes to the route map. Direct and Static route changes are reflected immediately, while RIP, OSPF, and BGP changes are reflected within 30 seconds. Route Map Support for OSPF Export When OSPF is enabled the route map is applied on each and every route exported to OSPF. It can be used for filtering or for setting the cost, cost type, and tag of the exported route. You can use this feature to make dynamic changes to the route map.
C H A P T E R 13 RIP and OSPF BGP and OSPF Route Map Support for DSB Accounting Route map support for BGP and OSPF accounting allows you to set the cost and type of the exported routes.
Intel® NetStructure™ 480T Routing Switch User Guide Table 13.2: RIP Configuration Commands (continued) Command configure rip Rxmode [none | v1only | v2only | any] {vlan [ | all]} Description Changes the RIP receive mode for one or all VLANs. Specify: • none—Drop all received RIP packets. • v1only—Accept only RIP v1 format packets. • v2only—Accept only RIP v2 format packets. • any—Accept both RIP v1 and v2 packets. If no VLAN is specified, the setting is applied to all VLANs.
C H A P T E R 13 RIP and OSPF Table 13.2: RIP Configuration Commands (continued) Command enable rip aggregation Description Enables aggregation of subnet information on interfaces configured to send RIP v2 or RIP v2compatible traffic. The 480T routing switch summarizes subnet routes to the nearest class network route. These rules apply when using RIP aggregation: • Subnet routes are aggregated to the nearest class network route when crossing a class boundary.
Intel® NetStructure™ 480T Routing Switch User Guide Table 13.2: RIP Configuration Commands (continued) Command Description enable rip originate-default {always} cost {tag } Configures a default route to be advertised by RIP if no other default route is advertised. If always is specified, RIP always advertises the default route to its neighbors. If always is not specified, RIP adds a default route if there is a reachable default route in the route table.
C H A P T E R 13 RIP and OSPF MyCompany • Port-based VLAN • All ports have been assigned Figure 13.4: RIP configuration example The stations connected to the system generate a combination of IP traffic and NetBIOS§ traffic. The IP traffic is filtered by the protocolsensitive VLANs. All other traffic is directed to the VLAN MyCompany. In this configuration, all IP traffic from stations connected to ports 1 and 3 have access to the router by way of the VLAN Finance.
Intel® NetStructure™ 480T Routing Switch User Guide configure Finance add port 1,3 configure Personnel add port 2,4 configure MyCompany add port all configure Finance ipaddress 192.207.35.1 configure Personnel ipaddress 192.207.36.1 enable ipforwarding configure rip add vlan all enable rip Displaying RIP Settings To display settings for RIP, use the commands listed in Table 13.3. For more command options, press the Tab key in the command line interface. Table 13.
C H A P T E R 13 RIP and OSPF Table 13.4: RIP Reset and Disable Commands Command Description configure rip delete vlan [ | all] Disables RIP on an IP interface. When RIP is disabled on the interface, the parameters are not reset to their defaults. disable rip Disables RIP. disable rip aggregation Disables the RIP aggregation of subnet information on a RIP v2 interface.
Intel® NetStructure™ 480T Routing Switch User Guide Table 13.5: OSPF Configuration Commands Command Description configure ospf [area | vlan [ | all]] cost [automatic | ] Configures the cost metric of one or all VLAN(s). If an area is specified, the cost metric is applied to all VLANs currently within that area. When automatic is specified, the advertised cost is determined from the OSPF metric table and corresponds to the active highest bandwidth port in the VLAN.
C H A P T E R 13 RIP and OSPF Table 13.5: OSPF Configuration Commands (continued) Command configure ospf [vlan | area | virtual-link ] timer Description Configures the timers for one interface or all interfaces in the same OSPF area.
Intel® NetStructure™ 480T Routing Switch User Guide Table 13.5: OSPF Configuration Commands (continued) Command Description configure ospf area [interareafilter | external-filter] [ | none] Configures an OSPF area specifying filter and access profile. configure ospf asbr-filter [ | none] Configures a route filter for non-OSPF routes exported into OSPF. If none is specified, no RIP and static routes are filtered.
C H A P T E R 13 RIP and OSPF Table 13.5: OSPF Configuration Commands (continued) Command Description configure ospf routerid [automatic | ] Configures the OSPF routerID. If automatic is specified, the 480T routing switch uses the largest IP interface address as the OSPF routerID. Manual routerID setting is recommended. configure ospf spf-hold-time Configures the minimum number of seconds between Shortest Path First (SPF) recalculations. The default setting is 3.
Intel® NetStructure™ 480T Routing Switch User Guide Table 13.5: OSPF Configuration Commands (continued) Command Description enable ospf export static cost [ase-type-1 | ase-type-2] {tag } Enables the distribution of static routes into the OSPF domain. Once enabled, the OSPF router is considered to be an ASBR. The default tag number is 0. The default setting is disabled.
C H A P T E R 13 RIP and OSPF OSPF Configuration Example Figure 13.5 shows an example of an autonomous system using OSPF routers. The details of this network follow. Figure 13.
Intel® NetStructure™ 480T Routing Switch User Guide • Network number 10.0.x.x • 2 identified VLANs (A0_10_0_2 and A0_10_0_3) Area 5 is connected to the backbone area through ABR1 and ABR2, having these characteristics: • Network number 160.26.x.x • 1 identified VLAN (A5_160_26_26) • 2 internal routers • A virtual link from ABR1 to ABR2 that traverses both internal routers.
C H A P T E R 13 RIP and OSPF configure vlan A5_160_26_26 ipaddress 160.26.26.1 255.255.255.0 create ospf area 0.0.0.5 create ospf area 0.0.0.6 enable ipforwarding configure ospf area 0.0.0.6 stub nosummary stubdefault-cost 10 configure ospf vlan A6_161_48_2 area 0.0.0.6 configure ospf vlan A5_160_26_26 area 0.0.0.5 configure ospf add virtual-link 160.26.25.1 0.0.0.
Intel® NetStructure™ 480T Routing Switch User Guide Displaying OSPF Settings To display settings for OSPF, use the commands listed in Table 13.6. For more command options, press the Tab key in the command line interface. Table 13.6: OSPF Show Commands Command Description show ospf Displays global OSPF information. show ospf area {detail} Displays information about all OSPF areas. show ospf area Displays information about a particular OSPF area.
C H A P T E R 13 RIP and OSPF Resetting and Disabling OSPF Settings To return OSPF settings to their defaults, use the commands listed in Table 13.7. For more command options, press the Tab key in the command line interface. Table 13.7: OSPF Reset and Disable Commands Command Description delete ospf area [ | all] Deletes an OSPF area. Once removed, the associated OSPF area and interface information are deleted. Neither a backbone area, nor a nonempty area can be deleted.
Intel® NetStructure™ 480T Routing Switch User Guide 254
14 1 Border Gateway Protocol (BGP) This chapter describes how to configure the Border Gateway Protocol (BGP), an exterior routing protocol available on the Intel® NetStructure™ 480T routing switch. For IEEE standards information, refer to http://standards.ieee.
Intel® NetStructure™ 480T Routing Switch User Guide You can use BGP as an exterior border gateway protocol (EBGP), or you can use it within an AS, as an interior border gateway protocol (IBGP). BGP Attributes These well-known BGP attributes are supported by the 480T routing switch: • Origin – Defines the origin of the route. Possible values are IGP, EGP, and incomplete. • AS_Path – The list of ASs that are traversed for this route.
C H A P T E R 14 Border Gateway Protocol (BGP) BGP Features The BGP features supported by the 480T routing switch include: • Route Reflectors • Route Confederations • Route Aggregation • Route Map Support • IGP Synchronization • Loopback Interface • OSPF-to-BGP Route Redistribution • BGP Peer Groups Route Reflectors Be certain that peer routers that are not part of the cluster are fully meshed according to the rules of BGP.
Intel® NetStructure™ 480T Routing Switch User Guide Route Confederations BGP requires networks to use a fully-meshed router configuration. This requirement does not scale well, especially when BGP is used as an interior gateway protocol. One way to reduce the size of a fully-meshed AS is to divide the AS into multiple sub-autonomous systems and group them into a routing confederation. Within the confederation, each sub-AS must be fully meshed.
C H A P T E R 14 Border Gateway Protocol (BGP) Using the confederation, AS 200 is split into two sub-ASs: SubAS65001 and SubAS65002. Each sub-AS is fully meshed, and IBGP (Internal BGP) is running among its members. EBGP (External BGP) is used between Sub65001 and SubAS65002. Router B and Router D are EBGP peers. EBGP is also used between the confederation and outside ASs.
Intel® NetStructure™ 480T Routing Switch User Guide create vlan bd configure vlan bd add port 3 configure vlan bd ipaddress 192.1.1.9/30 enable ipforwarding vlan bd configure ospf add vlan bd area 0.0.0.0 disable bgp configure bgp as-number 65001 configure bgp routerid 192.1.1.22 configure bgp confederation-id 200 enable bgp create bgp neighbor 192.1.1.6 as-number remote-ASnumber 65001 create bgp neighbor 192.1.1.21 as-number remote-ASnumber 65001 create bgp neighbor 192.1.1.
C H A P T E R 14 Border Gateway Protocol (BGP) To configure Router D, use these commands: create vlan db configure vlan db add port 1 configure vlan db ipaddress 192.1.1.10/30 enable ipforwarding vlan db configure ospf add vlan db area 0.0.0.0 create vlan de configure vlan de add port 2 configure vlan de ipaddress 192.1.1.14/30 enable ipforwarding vlan de configure ospf add vlan de area 0.0.0.0 disable bgp configure bgp as-number 65002 configure bgp routerid 192.1.1.
Intel® NetStructure™ 480T Routing Switch User Guide Route Aggregation Route aggregation involves combining the sub-networks of several routes so that they are advertised as a single route. Aggregation reduces the amount of information that a BGP speaker must store and exchange with other BGP speakers. Reducing the information that is stored and exchanged also reduces the size of the routing table.
C H A P T E R 14 Border Gateway Protocol (BGP) Using the Loopback Interface If you are using BGP as your interior gateway protocol, you may decide to advertise the interface as available, regardless of the status of any particular interface. The loopback interface can also be used for EBGP multihop. Using the loopback interface eliminates multiple, unnecessary route changes. OSPF-to-BGP Route Redistribution You can enable both BGP and OSPF simultaneously on the 480T routing switch.
Intel® NetStructure™ 480T Routing Switch User Guide Use these commands to configure the parameters of the peer group.
C H A P T E R 14 Border Gateway Protocol (BGP) • Password To create a new neighbor and include it as a member of the peer group, use this command: create bgp neighbor peer-group {multi-hop} This creates the new neighbor as part of the peer group, and the neighbor inherits all existing parameters from the peer group. This command requires the peer group to have remote AS configured.
Intel® NetStructure™ 480T Routing Switch User Guide BGP Password Encryption The neighbor password for BGP is encrypted in upload/download configuration. Configuring BGP Table 14.1 describes the commands used to configure BGP. For more command options, press the Tab key in the command line interface. Table 14.
C H A P T E R 14 Border Gateway Protocol (BGP) Table 14.1: BGP Configuration Commands (continued) Command Description configure bgp delete network [ | | all] Deletes a network originated from this router. configure bgp as-number Changes the local AS number used by BGP. You must disable BGP before the AS number can be changed. configure bgp cluster-id Appends a BGP route reflector cluster-ID to the cluster list of a route.
Intel® NetStructure™ 480T Routing Switch User Guide Table 14.1: BGP Configuration Commands (continued) Command Description configure bgp neighbor [ | all] password [none | {encrypted} ] Configures a password for a neighbor. When the password is configured, TCP MD5 authentication is enabled on the TCP connection established with the neighbor. The encrypted keyword is used in the configuration to hide the plain text password.
C H A P T E R 14 Border Gateway Protocol (BGP) Table 14.1: BGP Configuration Commands (continued) Command Description configure bgp neighbor [ | all] soft-reset {in | out} Applies the current input or output routing policy to the routing information already exchanged with the neighbor. The input/ output routing policy is determined by the nlri-filter, as-path-filter, and the route map configured for the neighbor in the inputoutput side.
Intel® NetStructure™ 480T Routing Switch User Guide Table 14.1: BGP Configuration Commands (continued) Command Description disable bgp aggregation Disables BGP route-aggregation filtering. disable bgp always-compare-med Disables BGP use of the Multi-Exit Discriminator (MED) from neighbors in different autonomous systems in the routeselection algorithm. MED is only used when comparing paths from the same AS. The default setting is enabled.
C H A P T E R 14 Border Gateway Protocol (BGP) Table 14.1: BGP Configuration Commands (continued) Command Description enable bgp synchronization Enables synchronization between BGP and IGP. When enabled, BGP waits for IGP to provide the next-hop reachability before advertising the route to an external neighbor. The default setting is enabled. enable bgp export [ospf | ospf-intro | ospfinter | ospf-extern1 | ospf-extern2] {} Configures BGP to export OSPF-related routes to BGP peers.
Intel® NetStructure™ 480T Routing Switch User Guide Resetting and Disabling BGP To return BGP settings to their defaults, or to disable BGP, use the commands listed in Table 14.3. For more command options, press the Tab key in the command line interface. Table 14.3: BGP Reset and Disable Commands Command Description delete bgp neighbor [ | all] Deletes one or all BGP neighbors. disable bgp Disables BGP. disable bgp aggregation Disables BGP route-aggregation.
C H A P T E R 14 Border Gateway Protocol (BGP) BGP Route Selection BGP will select routes based on the following precedence (from highest to lowest): • Weight • Local preference • Shortest length (shortest AS path) • Lowest origin code • Lowest MED • Route from external peer • Lowest cost to next hop • Lowest RouterID 273
Intel® NetStructure™ 480T Routing Switch User Guide 274
15 IP Multicast Routing This chapter describes the components of IP multicast routing, and how to configure it on the Intel® NetStructure™ 480T routing switch. For more information on IP multicasting, refer to these publications: • RFC 1112—Host Extension for IP Multicasting • RFC 2236—Internet Group Management Protocol, Version 2 • DVMRP Version 3—draft_ietf_dvmrp_v3_07 • PIM-DM Version 2—draft_ietf_pim_v2_dm_03 • RFC 2326— Protocol Independent Multicast-Sparse Mode Refer to http://www.ietf.
Intel® NetStructure™ 480T Routing Switch User Guide IP multicast routing consists of these functions: Configure IP unicast routing before you configure IP multicast routing. • A router that can forward IP multicast packets. • A router-to-router multicast routing protocol, for example, Distance Vector Multicast Routing Protocol (DVMRP), or Protocol Independent Multicast (PIM). • A method for the IP host to communicate its multicast group membership to a router.
C H A P T E R 15 IP Multicast Routing PIM Sparse Mode (PIM-SM) You can run either PIMDM or PIM-SM on each VLAN. Unlike PIM-DM, PIM-SM is an explicit join and prune protocol, and supports shared trees as well as shortest path trees (SPTs). The routers must explicitly be joined to one or more groups to enable communication. This is beneficial for large networks that have group members sparsely distributed. Using PIM-SM, the router sends a join message to the rendezvous point (RP).
Intel® NetStructure™ 480T Routing Switch User Guide The switch also forwards PIM-SM traffic to a PIM-DM network. The PMBR sends a join message to the RP and the PMBR then broadcasts traffic from the RP into the PIM-DM network. There are no new commands that need to be entered to enable PIMSM to PIM-DM functionality. By having both the DM mode interface and SM mode interface on the same router, the PMBR functionality is automatically enabled.
C H A P T E R 15 IP Multicast Routing IGMP snooping is disabled, all IGMP and IP multicast traffic will flood within a given VLAN. This is normal 802.1d bridge behavior. IGMP and IGMP snooping must be enabled when IP unicast or multicast routing is configured (the default setting is enabled). IGMP snooping expects at least one device in the network to periodically generate IGMP query messages. Without an IGMP querier, the switch stops forwarding IP multicast packets to the ports.
Intel® NetStructure™ 480T Routing Switch User Guide IGMP Query Interval The maximum value you can set for the IGMP query interval is 429,496,729. The values you can set for query response interval and the last member query interval are between 1 second and 25 seconds. IGMP Configuration Commands Table 15.1 describes the commands used to configure the Internet Gateway Message Protocol (IGMP). For more command options, press the Tab key in the command line interface. Table 15.
C H A P T E R 15 IP Multicast Routing Table 15.1: IGMP Configuration Commands (continued) Command configure igmp Description Configures the IGMP timers. Timers are based on IEEE RFC2236. Specify: • query_interval—The amount of time, in seconds, the system waits between sending out general queries. The range is 1 to 429,496,729 seconds. The default setting is 125.
Intel® NetStructure™ 480T Routing Switch User Guide Configuring IP Multicasting Routing To configure IP multicast routing: 1. Configure the system for IP unicast routing. 2. Enable multicast routing on the interface, using this command: enable ipmcforwarding {vlan } 3. Enable DVMRP or PIM on all IP multicast routing interfaces, using either: configure dvmrp add vlan [ | all] configure pim add vlan [ | all] {dense | sparse} 4.
C H A P T E R 15 IP Multicast Routing Table 15.2: IP Multicast Routing Configuration Commands (continued) Command Description configure dvmrp timer Configures the global DVMRP timers. Specify the following: • route_report_interval—how many seconds the system waits between transmitting periodic route report packets. The range is 1 to 2,147,483,647 seconds (68 years). The default setting is 60.
Intel® NetStructure™ 480T Routing Switch User Guide Table 15.2: IP Multicast Routing Configuration Commands (continued) Command Description configure dvmrp vlan timer Configures DVMRP interface timers. Specify: • probe_interval—How many seconds the system waits between transmitting DVMRP probe messages. The range is 1 to 2,147,483,647 seconds (68 years). The default setting is 10.
C H A P T E R 15 IP Multicast Routing Configuration Examples See Chapter 13, "RIP and OSPF" on page 223 for information on configuring OSPF. Area 0 In the example below, the system labeled IR1 is configured for IP multicast routing using PIM-DM. l IR 2 IR 1 10.0.1.2 10.0.1.1 10.0.2.2 10.0.3.2 0_0_ 2 A0 _1 0_ A0_1 0_ 3 ABR 2 10.0.3.1 2 6_ A5 8_ _1 _4 60 61 _2 _1 A6 Virtual link 10.0.2.1 161.48.2.2 160.26.26.1 26 160.26.25.1 ABR 1 161.48.2.1 160.26.26.2 160.26.25.
Intel® NetStructure™ 480T Routing Switch User Guide configure vlan A0_10_0_2 ipaddress 10.0.2.2 255.255.255.0 configure ospf add vlan all enable ipforwarding enable ospf enable ipmcforwarding configure pim add vlan all enable pim PIM-SM Configuration Example In this example, the system labeled ABR1 is configured for IP multicast routing using PIM-SM. Figure 15.2: IP multicast routing using PIM-SM configuration Area 0 IR 2 10.0.1.1 IR 1 10.0.1.2 10.0.2.2 10.0.3.2 2 A 0_0_ 0_ _0 _3 ABR 2 10.0.
C H A P T E R 15 IP Multicast Routing Configuration for ABR1 The following is the configuration for the router labeled ABR1: configure vlan A0_10_0_2 ipaddress 10.0.2.1 255.255.255.0 configure vlan A0_10_0_3 ipaddress 10.0.3.1 255.255.255.0 configure vlan A6_161_48_2 ipaddress 161.48.2.2 255.255.255.0 configure vlan A5_160_26_26 ipaddress 160.26.26.1 255.255.255.
Intel® NetStructure™ 480T Routing Switch User Guide Table 15.3: IP Multicast Routing Show Commands (continued) Command Description show igmp snooping {vlan | detail} Displays IGMP snooping registration information, and a summary of all IGMP timers and states. show ipmc cache {detail} {} { } Displays the IP multicast forwarding cache. show pim {vlan | detail} Displays the PIM configuration and statistics.
C H A P T E R 15 IP Multicast Routing Table 15.4: IP Multicast Routing Reset and Disable Commands (continued) Command Description disable dvmrp {[Rxmode | txmode] vlan [ | all]} Disables DVMRP on the system. disable dvmrp Rxmode vlan [ | all] Disables receiving of DVMRP packets on a perVLAN basis. disable dvmrp txmode vlan [ | all] Disables transmitting of DVMRP packets on a per-VLAN basis.
Intel® NetStructure™ 480T Routing Switch User Guide 290
16 IPX Routing This chapter describes how to configure IPX§, IPX/RIP, and IPX/SAP on the Intel® NetStructure™ 480T routing switch. It assumes that you are familiar with IPX. If not, refer to your Novell documentation. Overview of IPX The 480T routing switch provides support for IPX, IPX/RIP (Routing Information Protocol), and IPX/SAP (Service Advertisement Protocol). The switch dynamically builds and maintains an IPX routing table and an IPX service table.
Intel® NetStructure™ 480T Routing Switch User Guide IPX NetID or an IP address. You also can configure a VLAN for both IPX and IP routing. Figure 16.1 shows the same switch discussed earlier in Figure 12.1 on page 191. In Figure 16.1, IPX routing is added to the switch, and two additional VLANs have been defined—Exec and Support. Both VLANs have been configured as protocol-specific VLANs, using IPX. ® IP 192.207.35.0 Finance 1 2 IPX § 192.207.36.0 Personnel 3 2516 Exec 4 A2B5 Support 5 192.
C H A P T E R 16 IPX Routing IPX Encapsulation Types Novell NetWare§ supports four types of frame encapsulation. The term for each type is described in Table 16.1. Table 16.1: IPX§ Encapsulation Types Name Description ENET_II The frame uses the Ethernet 2 header. ENET_8023 The frame includes the IEEE 802.3 length field, but does not include the IEEE 802.2 Logical Link Control (LLC) header. This encapsulation is used by NetWare§ version 2.x and the original 3.x version.
Intel® NetStructure™ 480T Routing Switch User Guide IP and IPX on the Same VLAN The switch supports IP and IPX routing within the same VLAN. This feature does not require any special configuration. Tagged IPX VLAN The switch supports tagged 802.1Q traffic on an IPX VLAN that is performing routing. Tagging is most commonly used to create VLANs that span multiple switches. Using VLAN tags, multiple VLANs can span multiple switches using one or more trunks.
C H A P T E R 16 IPX Routing Populating the Routing Table The routing switch builds and maintains an IPX routing table. As in the case of IP, the table is populated using dynamic and static entries. Dynamic Routes Dynamic routes are typically learned using IPX/RIP. Routers that use IPX/RIP exchange information in their routing tables in the form of advertisements. Using dynamic routes, the routing table contains only networks that are reachable.
Intel® NetStructure™ 480T Routing Switch User Guide IPX/RIP is automatically enabled when a NetID is assigned to the VLAN. To remove the advertisement of an IPX VLAN, use the command: configure ipxrip delete {vlan | all} GNS Support The 480T routing switch supports the Get Nearest Server (GNS) reply function. When a NetID is assigned to the switch, the GNS reply service is automatically enabled.
C H A P T E R 16 IPX Routing Configuring IPX This section describes the commands associated with configuring IPX, IPX/RIP, and IPX/SAP on the 480T routing switch. Configure IPX routing as follows: 1. Create at least two VLANs (see "Virtual LANs (VLANs)" on page 95). 2. If you are combining an IPX VLAN with another VLAN on the same port(s), you must use a protocol filter on one of the VLANs, or use 802.1Q tagging. 3.
Intel® NetStructure™ 480T Routing Switch User Guide • • show ipxrip—Displays the enable status of IPX/RIP for the VLAN, including operational and administrative status. It also lists identified IPX/RIP neighbors, RIP packet statistics, and several other timer settings. show ipxservice—Displays the contents of the IPX Service Table. Protocol-Based VLANs for IPX When combining IPX VLANs with other VLANs on the same physical port, it may be necessary to assign a protocol filter to the VLAN.
C H A P T E R 16 IPX Routing To increase route stability, you can increase the hold multiplier (default is 3 for 180 seconds). To modify these parameters use CLI commands: configure ipxrip update-interval
Intel® NetStructure™ 480T Routing Switch User Guide IPX Commands Table 16.3 describes the commands used to configure basic IPX settings. For more command options, press the Tab key in the command line interface. Table 16.3: Basic IPX§ Commands Command Description configure ipxmaxhops Configures the IPX maximum hop count when forwarding IPX packets. The default setting is 16. Change this only if NetWare§ Link Services Protocol (NLSP) is running in the IPX network.
C H A P T E R 16 IPX Routing Table 16.3: Basic IPX§ Commands (continued) Command Description configure ipxservice delete Deletes an IPX service from the service table. configure vlan xnetid [enet_ii | enet_8023 | enet_8022 | enet_snap] Configures a VLAN to run IPX routing. Specify: • enet_ii—Uses Ethernet 2 header. • enet_8023—Uses IEEE 802.3 length field, but does not include the IEEE 802.2 LLC header.
Intel® NetStructure™ 480T Routing Switch User Guide Table 16.4: IPX§ /RIP Configuration Commands (continued) Command Description configure ipxrip vlan [all | ] [importfilter | export-filter | trusted-gateway] [none | ] Configures the import, export, or trustedgateway options and specifies an access profile. configure ipxrip delete vlan [ | all] Disables IPX/RIP on one or all interfaces.
C H A P T E R 16 IPX Routing Table 16.5: IPX§/SAP Configuration Commands (continued) Command Description configure ipxsap delete vlan [ | all] Disables IPX/SAP on an interface. configure ipxsap vlan [ | all] delay Configures the time between each SAP packet within an update interval. The default setting is 55 milliseconds.
Intel® NetStructure™ 480T Routing Switch User Guide IPX Configuration Example Figure 16.2 builds on the example showing the IP/RIP configuration that was used in Figure 13.4 on page 241. Now, along with having IP VLANs configured, this example illustrates a switch that has two IPX VLANs defined.
C H A P T E R 16 IPX Routing The stations connected to the system generate a combination of IP traffic and IPX traffic. The IP traffic is filtered by the IP VLANs. IPX traffic is filtered by the IPX VLANs. In this configuration, all IP traffic from stations connected to ports 1 and 3 have access to the IP router through the VLAN Finance. IP traffic on ports 2 and 4 reach the IP router using the VLAN Personnel.
Intel® NetStructure™ 480T Routing Switch User Guide Table 16.6: IPX§ Show Commands (continued) Command Description show ipxroute {vlan | xnetid | origin [static | rip | local]} Displays the IPX routes in the route table. show ipxsap {vlan } {stats} Displays IPX/SAP configuration and status for one or all VLANs. show ipxservice {vlan | name | type | origin [static | ipxsap]} Displays IPX services learned through SAP.
C H A P T E R 16 IPX Routing Table 16.7: IPX§ Reset and Disable Commands (continued) Command Description unconfigure ipxsap {vlan } Resets the IPX/SAP settings on one or all VLANs to the default. Removes import and export filters, and resets the MTU size, update interval, and inter-packet delay. unconfigure vlan xnetid Removes the IPX NetID of a VLAN.
Intel® NetStructure™ 480T Routing Switch User Guide 308
17 Access Policies This chapter describes access policies, and how they are created and implemented on the Intel® NetStructure™ 480T routing switch. Overview of Access Policies Access policies are a generalized category of features that impact forwarding and route forwarding decisions. Access policies are used primarily for security and quality of service (QoS) purposes.
Intel® NetStructure™ 480T Routing Switch User Guide profile or dropped. Using access lists has no impact on switch performance. Access lists are typically applied to traffic that crosses Layer 3 router boundaries, but it is possible to use access lists within a Layer 2 VLAN. Routing Access Policies Routing access policies are used to control the advertisement or recognition of routing protocols, such as Router Information Protocol (RIP), Open Shortest Path First (OSPF) or Border Gateway Protocol (BGP).
C H A P T E R 17 Access Policies configure access-profile [add | delete] {seq-number} ipx-sap To assign IPX access profiles as either import or export filters to RIP or SAP, use these commands: configure ipxrip vlan [ | all] importfilter [ | none] configure ipxrip vlan [ | all] exportfilter [ | none] configure ipxsap vlan [ | all] importfilter [ | none] configure ipxsa
Intel® NetStructure™ 480T Routing Switch User Guide • Physical source port • Precedence number (optional) How IP Access Lists Work For each access list entry, you can either permit the packet to be forwarded, or deny the packet (in which case, it is dropped). When you create a permit access list condition, you can optionally specify a QoS profile. The QoS profile informs the 480T routing switch which bandwidth management and priority to use when transmitting the packet.
C H A P T E R 17 Access Policies or dropped. If no default rule is specified, the default implicit behavior is to forward the packet. This example shows a default entry used to specify an implicit deny: create access-list denyall ip destination 0.0.0.0/0 source 0.0.0.0/0 deny ports any Once the default behavior of the access list is established, you can create additional entries with precedence. The optional precedence numbers range from 1 to 25,600 (number 1 having the highest precedence).
Intel® NetStructure™ 480T Routing Switch User Guide the keyword. For example, you could use this entry to permit TCP sessions originated from anywhere in the 10.1.0.0 network only: create access-list TCPout tcp destination 10.1.0.0/ 16 ip-port any source 0.0.0.0/0 ip-port any permit-established ports any In this example, using the permit-established keyword allows only TCP packets with the ACK (acknowledgement) or RST (reset) bit set to destination 10.1.0.0.
C H A P T E R 17 Access Policies • IP source and destination address and mask • ICMP type code • Physical source port (optional) • Numbered precedence (optional) When using an access control list with an IP deny any rule, all ICMP traffic will not be blocked (for either Layer 2 or Layer 3). To block all traffic within Layer 2 and Layer 3, two access lists must be created, an IP deny any rule and an ICMP deny any rule.
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.1: Access List Configuration Commands Command Description create access-list ip destination [/ | any] source [/ | any] [deny | permit | deny] ports [ | any] {precedence } Creates a named IP access list. The access list is applied to all ingress packets. Options include: • —Specifies the access list name.
C H A P T E R 17 Access Policies Table 17.
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.
C H A P T E R 17 Access Policies Table 17.1: Access List Configuration Commands (continued) Command create access-list icmp destination [/ | any] source [/ | any] type code [permit | deny] {} {precedence } Description Creates a named ICMP access list. The access list is applied to all ingress packets. Options include: • —Specifies the access list name of between 1 and 16 characters.
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.1: Access List Configuration Commands (continued) Command Description show access-list { | ports } Displays access-list information. show access-list-fdb Displays the hardware access control list mapping. show access-list-monitor Refreshes the access-list statistics display.
C H A P T E R 17 Access Policies in conjunction with IP, it is technically not an IP data packet. Thus, ICMP data traffic, such as ping traffic, is not affected. Use this command to create the access-list: create access-list denyall ip destination any source any deny ports any Figure 17.1: Access list denies all TCP and UDP traffic Step 2 – Allow TCP Traffic The next set of access-list commands permits TCP-based traffic to flow.
Intel® NetStructure™ 480T Routing Switch User Guide Step 3 - Permit-Established Access List When a TCP session begins, there is a three-way handshake that includes a sequence of a SYN, SYN/ACK and ACK packets. Figure 17.3 shows an illustration of the handshake that occurs when Host A initiates a TCP session to Host B. After this sequence, actual data can be passed. SYN SYN / ACK ACK Host A 10.10.10.100 Host B 10.10.20.100 EW_ Figure 17.
C H A P T E R 17 Access Policies Figure 17.4 shows the final outcome of this access list. SYN SYN 10.10.10.100 10.10.20.100 Figure 17.4: Permit-established access list filters out SYN packet to destination Example 2: Filtering ICMP Packets This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo packets are defined as type any code any.
Intel® NetStructure™ 480T Routing Switch User Guide See “Creating an Access Profile” on page 324. To use routing access policies 1. Create an access profile. 2. Configure the access profile to be of type permit, deny, or none. 3. Add entries to the access profile. 4. Apply the access profile. Creating an Access Profile The first thing to do when using routing access policies is to create an access profile.
C H A P T E R 17 Access Policies with each entry in the list. Once a match is found, the operation is either permitted or denied, depending on the configuration of the matched entry. If no match is found, the operation is implicitly denied.
Intel® NetStructure™ 480T Routing Switch User Guide can be used when you wish to match only against the subnet address, and ignore all addresses within the subnet. If you are using CIDR subnet masking, the same logic applies, but the configuration is more tricky. For example, the address 141.251.24.128/25 represents any host from network 141.251.24.128/255.255.255.128. Sequence Numbering You can specify the sequence number for each access profile entry.
C H A P T E R 17 Access Policies Table 17.2: Regular Expression Notation Character Definition * Matches zero or more instances + Matches one or more instances ? Matches zero or one instance Deleting an Access Profile Entry To delete an access profile entry, use this command: configure access-profile delete Applying Access Profiles After the access profile is defined, apply it to one or more routing protocols or VLANs.
Intel® NetStructure™ 480T Routing Switch User Guide configure rip vlan [ | all] import-filter [ | none] • Export Filter—Use an access profile to determine which RIP routes are advertised into a particular VLAN, using this command: configure rip vlan [ | all] export-filter [ | none] Examples In the example shown in Figure 17.6, a switch is configured with three VLANs, Engsvrs, Sales and Backbone.
C H A P T E R 17 Access Policies Assuming the backbone VLAN interconnects all the routers in the company (and, therefore, the Internet router does not have the best routes for other local subnets), the commands to build the access policy for the switch would be: create access-profile nointernet type ipaddress configure access-profile nointernet mode deny configure access-profile nointernet add ipaddress 10.0.0.
Intel® NetStructure™ 480T Routing Switch User Guide • External Filter—For switches configured to support multiple OSPF areas (an ABR function), you can apply an access profile to an OSPF area that filters a set of OSPF external routes from being advertised into that area.
C H A P T E R 17 Access Policies Internet 192.1.1.1/24 allowed Switch being configured Internet ® 10.0.0.10 / 24 Backbone (OSPF) area 0.0.0.0 10.0.0.11 / 24 Engsvrs 10.0.0.12 / 24 ® 10.1.1.1 / 24 Engsvrs area 0.0.0.1 ® Sales 10.2.1.1 / 24 Sales area 0.0.0.2 480t_008 Figure 17.7: OSPF access policy example Routing Access Policies for DVMRP The access policy capabilities for DVMRP resemble those for RIP.
Intel® NetStructure™ 480T Routing Switch User Guide • Export Filter—Use an access profile to determine which DVMRP routes are advertised into a particular VLAN, using this command: configure dvmrp vlan [ | all] exportfilter [ | none] DVMRP Example In this example, the network used in the previous RIP example is configured to run DVMRP. The network administrator wants to disallow Internet access for multicast traffic to users on the VLAN Engsvrs.
C H A P T E R 17 Access Policies configure the switch to use an access profile to determine trusted neighbor (PIM) router neighbors for the VLAN on the switch running PIM. To configure a trusted neighbor policy, use this command: configure pim vlan [ | all] trustedgateway [ | none] PIM Example With PIM, you can use the unicast access policies to restrict multicast traffic. In this example, a network similar to the example used in the previous RIP example is also running PIM.
Intel® NetStructure™ 480T Routing Switch User Guide attributes of the NLRI. To configure an autonomous system path filter policy, use this command: configure bgp neighbor [ | all] aspath-filter [in | out] [ | none] You can apply the autonomous system path filter to the ingress or egress updates, using the in and out keywords, respectively.
C H A P T E R 17 Access Policies Routing Access Policy Commands Table 17.3 describes the commands used to configure routing access policies. Press the Tab key in the command line interface for further command options. Table 17.
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.3: Routing Access Policy Configuration Commands (continued) Command Description configure access-profile delete Deletes an access profile entry using the sequence number. configure access-profile mode [permit | deny | none] Configures the access profile to one of the following: • permit—Allows the addresses that match the access profile description.
C H A P T E R 17 Access Policies Table 17.3: Routing Access Policy Configuration Commands (continued) Command Description configure ospf area interareafilter [ | none] Configures the router to use the access policy to determine which inter-area routes are allowed to be exported into the area. This router must be an ABR.
Intel® NetStructure™ 480T Routing Switch User Guide Route maps are used in conjunction with the match and set operations. A match operation specifies a criteria that must be matched. A set operation specifies a change that is made to the route when the match operation is successful. There are three basic steps to configuring a route-map: 1. Create a route-map. 2. Add entries to the route map. 3. Add statements to the route map entries.
C H A P T E R 17 Access Policies configure route-map add match [nlri-list | as-path [access_profile | ] | community [access-profile | : | number ] | next-hop | med | origin [igp | egp | incomplete | tag ]] configure route-map add set [as-path | community [remove | {add | delete} [access-profile
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.4: Match Operation Keywords Keyword Description community [ | ] Matches the communities in the path attribute against the specified BGP community access profile or the community number. next-hop Matches the next-hop in the path attribute against the specified IP address. med Matches the multi-existing discriminator (MED) in the path attribute against the specified MED number.
C H A P T E R 17 Access Policies Route Map Operation The entries in the route map are processed in the ascending order of the sequence number. Within the entry, the match statements are processed first. When the match operation is successful, the set and goto statements within the entry are processed, and the action associated with the entry is either applied, or the next entry is processed. If the end of the route map is reached, it is implicitly denied.
Intel® NetStructure™ 480T Routing Switch User Guide These points apply to this example: • RTA is a member of AS 1111 and peers with a router in the Internet to receive the entire Internet routing table. • RTB is a member of AS 2222, and has an EBGP connection with RTA through which it receives the Internet routing table. • AS 1111 is acting as a transit AS for all traffic between AS 2222 and the Internet.
C H A P T E R 17 Access Policies You can apply the changes on the NLRI information that had been exchanged before the policy changes, by issuing a soft reset on the ingress or egress side, depending on the changes. For soft resets to be applied on the ingress side, the changes must be previously enabled on the neighbor. Changes to the route maps associated with network aggregation or redistribution commands become effective after a maximum interval of 30 seconds.
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.6: Route Map Commands Command Description configure route-map [add | delete] [deny | permit] {match-all | match one} Adds or deletes entries to the route map. Specify: • The sequence number uniquely identifies the entry, and determines the position of the entry in the route map. Route maps are evaluated sequentially.
C H A P T E R 17 Access Policies Table 17.
Intel® NetStructure™ 480T Routing Switch User Guide Table 17.6: Route Map Commands (continued) Command Description configure route-map add [permit | deny] {matchone | match-all] Adds a statement to the route map with the specified sequence number and action. The sequence number determines the order of the statement in the route map, and the action specifies the action to be taken on a successful match against the statements in the route map.
18 Server Load Balancing (SLB) Overview The Server Load Balancing (SLB) feature of the Intel® NetStructure™ 480T routing switch divides many client requests among several servers. This activity is transparent to the client using the resource. It is mainly used for Web hosting where several redundant servers are used to increase the performance and reliability of busy Web sites.
Intel® NetStructure™ 480T Routing Switch User Guide Nodes A node is an individual service on a physical server that consists of an IP address and a port number. Pools A pool is a group of nodes that is mapped to a corresponding virtual server. Pools allow you to scale large networks that contain many nodes. Pools may be configured independently and associated with virtual servers in complex ways. Each pool has its own load balancing method.
C H A P T E R 18 Server Load Balancing (SLB) • The virtual port number Once you know which virtual server options are useful in your network, you can: • Define standard virtual servers • Define wildcard virtual servers Each virtual server maps to a single pool, which can be a group of content servers, firewalls, routers, or cache servers.
Intel® NetStructure™ 480T Routing Switch User Guide Table 18.1 summarizes the features supported by each forwarding mode. Table 18.
C H A P T E R 18 Server Load Balancing (SLB) . Clients Servers Stream 1 Stream 1 Stream 3 Stream 2 1 2 9 10 11 12 13 14 15 16 3 4 5 6 7 1 2 3 4 9 10 11 12 5 6 7 8 8 13 Rx 14 Tx Rx 15 Tx Rx 16 Tx Rx Tx Stream 2 Stream 3 480T_055R Figure 18.1: Transparent mode In Figure 18.1, the 480T routing switch is configured to respond to requests for the VIP by forwarding them to the load balanced servers.
Intel® NetStructure™ 480T Routing Switch User Guide Use these commands to create a round-robin pool called MyWeb, and add nodes to the new pool: create slb pool MyWeb lb-method round configure slb pool MyWeb add 192.168.200.1:80 configure slb pool MyWeb add 192.168.200.2:80 Use this command to create a transparent mode VIP for the Web site and assign the MyWeb pool to it: create slb vip WebVip pool MyWeb mode transparent 192.168.201.
C H A P T E R 18 Server Load Balancing (SLB) To configure translational mode, use this command: create slb vip pool mode translation {-}: {unit } Figure 18.2 shows translational mode.
Intel® NetStructure™ 480T Routing Switch User Guide configure vips ipaddress 192.168.201.1 /24 configure srvr add port 4-8 configure clnt add port 1-4 enable ipforwarding These commands create a round-robin pool called MyWeb, and add nodes to the new pool: create slb pool MyWeb lb-method round configure slb pool MyWeb add 192.168.200.1:80 configure slb pool MyWeb add 192.168.200.
C H A P T E R 18 Server Load Balancing (SLB) routing switch automatically changes the IP address and port address on incoming packets to that of the load balanced servers. As with any server load balancing application, the content must be duplicated on all physical servers.
Intel® NetStructure™ 480T Routing Switch User Guide In Figure 18.3, the 480T routing switch is configured to balance all traffic sent to the VIP based on the client IP address. All servers have the same: • MAC address • IP address • Content The commands used to configure the switch, as indicated in the example are: create vlan server create vlan client configure srvr ipaddress 10.1.1.1 /24 configure clnt ipaddress 1.1.1.
C H A P T E R 18 Server Load Balancing (SLB) • Subnet-Route - If your network configuration requires that the VIPs be propagated through a routing protocol by the switch, you need to create a loopback VLAN with the VIP(s) being valid members of the loopback VLAN’s subnet. When a routing protocol is enabled, the subnet containing the VIPs is propagated through the network.
Intel® NetStructure™ 480T Routing Switch User Guide Ratio If you are working with servers that differ significantly in processing speed and memory, you may want to switch to the ratio load balancing method. In ratio, the 480T routing switch distributes connections among devices according to ratio weights that you set, where the number of connections that each device receives over time is proportionate to the ratio weight.
C H A P T E R 18 Server Load Balancing (SLB) Priority Priority mode is a variant of round-robin designed to provide redundant standby nodes within a pool. When you add a node to a pool, you can assign a priority level. Priority numbers range from 1 to 65,535, with the highest number indicating the highest priority. The 480T routing switch will distribute traffic in round-robin fashion among the pool’s active nodes with the highest priority.
Intel® NetStructure™ 480T Routing Switch User Guide Table 18.2: Basic SLB Commands Command Description configure slb pool delete : Deletes a physical server from a server pool. configure slb pool lb-method [round-robin | ratio | priority | leastconnections] Configures the SLB load-balancing method.
C H A P T E R 18 Server Load Balancing (SLB) Table 18.2: Basic SLB Commands Command Description disable slb Disables SLB processing. Disabling SLB: • Closes all connections. • Withdraws VIP routes or routes that do not respond with proxy ARP responses of VIP addresses. • Disconnects the switch from redundant SLB switches. disable slb gogo-mode {all | ping-check | tcp-port-check | servicecheck } Disables gogo-mode processing.
Intel® NetStructure™ 480T Routing Switch User Guide Table 18.2: Basic SLB Commands Command Description enable slb Enables SLB processing on the switch, and activates these functions for transparent, translational, and port translation modes: • Exporting of VIP routes or proxy ARP for VIP addresses. • Processing of VIP lookup and connection setup. • Establishing communication with redundant SLB switches. The default setting is disabled.
C H A P T E R 18 Server Load Balancing (SLB) Table 18.2: Basic SLB Commands Command Description show slb pool Displays the configuration for the specified SLB pool. show slb l4-port {} Displays the SLB configuration for one or all L4 ports. show slb vip {detail} Displays the current VIP configuration and statistics. show slb vip {detail} Displays the configuration for the specified VIP. unconfigure slb all Resets SLB global defaults and clears the SLB configuration.
Intel® NetStructure™ 480T Routing Switch User Guide ® 1 2 9 10 11 12 13 14 15 16 3 4 5 6 7 1 2 3 4 9 10 11 12 5 6 7 Tx Rx 8 8 13 Rx 14 Tx Rx 15 16 Tx Rx Tx Clients 172.16.0.1 Server pools Pool "Site1" Pool "Site3" Round Robin Round Robin Pool "Site2" Pool "FTP1" Real unique IP addresses Real unique IP addresses Round Robin Least Connections Server1 192.168.200.1 Server1 192.168.200.7 Real unique IP addresses Real unique IP addresses Server2 192.168.200.2 Server2 192.168.
C H A P T E R 18 Server Load Balancing (SLB) configure vlan sites ipaddress 192.168.201.254 /24 All VIPs is configured to use this subnet. There are no ports associated with this VLAN. You can use these commands to create the VLAN servers and enable IP forwarding: create vlan servers configure vlan servers ipaddress 192.168.200.254 / 24 configure vlan servers add ports 9-16 enable ipforwarding The next example shows a series of commands used to create a Web site.
Intel® NetStructure™ 480T Routing Switch User Guide enable slb node 192.168.200.2:443 tcp-port-check The next series of commands creates a second Web site. This second site is similar to the first example; the difference is that content checking is enabled on this site. For this type of health checking, the server downloads a specified page (/testpage.htm) and looks for a specific string in the content (“test successful”). If it finds the string, the server is considered online.
C H A P T E R 18 Server Load Balancing (SLB) create slb vip myssl3 pool site3web mode transparent 192.168.201.4:443 The next example demonstrates the series of commands you would use to create an FTP site. The site is defined as having two servers: 192.168.200.3 and 192.168.200.4. Only FTP is being serviced by the servers. The two different VIPs and port numbers refer to the control and data channels used by the FTP service. Two VIPs are then created to point at the appropriate pools.
Intel® NetStructure™ 480T Routing Switch User Guide Health Checking The 480T routing switch supports both internal and external health checking. Health check definitions For reference, the following health checks are available on all Server Load Balancing, Web Cache Redirection and Policy-based Routing functions. SLB functions test individual servers. Web Cache Redirection and Policy-based routing functions test the nexthops in accordance with the flow-redirection rules.
C H A P T E R 18 Server Load Balancing (SLB) using the name and password supplied during the configuration. The check will succeed when the switch successfully logs into the next-hop. Layer 7 NNTP Check The NNTP health check connects to the server or next-hop, establishes a connection, and attaches to a user defined newsgroup. Layer 7 POP3, SMTP, and Telnet Check These health checks attach to the server or next-hop using the specified protocol and log in.
Intel® NetStructure™ 480T Routing Switch User Guide The 480T routing switch also supports external health checking. External health checking uses an external service configured by the user to perform health checks and uses SNMP (Simple Network Management Protocol) as a mechanism to notify the switch of a server failure. Ping-Check Ping-check is Layer 3-based pinging of the physical node. The default ping frequency is one ping generated to the node every 10 seconds.
C H A P T E R 18 Server Load Balancing (SLB) Service-Check Service-check is Layer 7-based and application-dependent. It is defined on a VIP and is performed on each node in the pool with which this VIP is associated. The default frequency is 60 seconds and the default timeout is 180 seconds. Each service check has associated parameters that you can set. These parameters are described in Table 18.3. Table 18.
Intel® NetStructure™ 480T Routing Switch User Guide text from error text, we recommend that you specify an actual string to match. For FTP, Telnet, and POP3, service-check attempts to log on and off the application on the server using the specified userID and password. For SMTP, service-check identifies the identity of the switch by providing the specified DNS domain. The SMTP server might not even use the specified DNS domain for authentication, only identification.
C H A P T E R 18 Server Load Balancing (SLB) enable slb gogo-mode master service-check [http | ftp | telnet | smtp | nntp | pop3 | all | tcpport] Use these commands to disable GoGo mode health checking: disable slb gogo-mode master ping-check disable slb gogo-mode master tcp-port-check [port | all] disable slb gogo-mode master service-check [http | ftp | telnet | smtp | nntp | pop3 | all | tcpport] unconfigure slb gogo-mode master health-check This command disables and deletes all ping-check, tcp-port-c
Intel® NetStructure™ 480T Routing Switch User Guide configure slb gogo-mode master service-check pop3 {l4-port port} {userid userid password {encrypted} password} configure slb gogo-mode master service-check timer [http | ftp | telnet | smtp | nntp | pop3 | tcpport] frequency seconds timeout seconds Use these command to view your GoGo mode health checking configuration: show slb gogo-mode {master} {configuration} SLB Global Connection Timeout For SLB transparent and translational modes you can configure
C H A P T E R 18 Server Load Balancing (SLB) Health Checks for Web Cache Redirection and Policy Based Routing Health checking works on the ports configured by their associated flow. For example, if you configure a flow to redirect on port 80 (HTTP), but FTP is configured as the service check, the switch will try to open an FTP session on port 80. The health check will fail if the protocol will not work on the configured flow.
Intel® NetStructure™ 480T Routing Switch User Guide Layer 4 Flows Policy-based routing and Web cache redirection support an any option for the Layer 4 protocol type which allows the redirection of TCP, UDP and other traffic types with the exception of ICMP traffic. To configure this capability, use the any option in the syntax for flow re-direction.
C H A P T E R 18 Server Load Balancing (SLB) To show configuration and status of flow redirection rules, use this command: show flow-redirect [] Maintenance Mode You can easily put a node or VIP into maintenance mode by disabling the node or VIP. In maintenance mode, existing connections remain active, but no new connections are permitted. The existing connections are either closed by the client and server, or are aged out if idle for more than 600 seconds.
Intel® NetStructure™ 480T Routing Switch User Guide configure slb proxy-client-persistent [add | delete] Sticky Persistence Sticky persistence provides a special type of persistence that is especially useful for cache servers. Similar to client persistence, sticky persistence keeps track of incoming clients’ source and destination IP addresses.
C H A P T E R 18 Server Load Balancing (SLB) Availability mode or having to introduce another interconnecting switch), and recovery from a switch failure occurs in less than 8 seconds. Figure 18.5 shows SLB enabled using ESRP and dual-attached servers. OSPF ESRP and SLB running on this VLAN Switch 1 VLAN inside 1.10.0.2/16 VIP site1 1.10.1.1 (switch) VIP site2 1.10.1.2 (switch) Clients VLAN outside 1.201.0.
Intel® NetStructure™ 480T Routing Switch User Guide Configuring the Switches for SLB and ESRP The SLB and ESRP configurations are identical on both switches, in relation to the ports being used. The procedure used to configure the Switch 1 and Switch 2 in Figure 18.5 is described below. 1. Create the VLANs, using these commands: create vlan inside create vlan server 2. Connect the gateway to the VLAN inside, using these commands: configure inside ipaddress 1.10.0.2 /16 configure inside add port 10 3.
C H A P T E R 18 Server Load Balancing (SLB) show slb stats vip site2 7. To configure the ratio and priority of an existing pool member and to display the current SLB pool statistics, use this command for each pool member, filling in the ipaddress, port, ratio and prioity as needed: configure slb pool member [ratio | priority ] 8.
Intel® NetStructure™ 480T Routing Switch User Guide Configuration of SLB with ESRP Note the following about the configurations for switches running SLB and ESRP: • All switch ports connected directly to the servers must be configured as ESRP host ports. • The link between the two switches must be configured as an ESRP host port. • The configuration uses transparent mode and HTTP services, but can be configured to support any of the currently supported load balancing protocols.
C H A P T E R 18 Server Load Balancing (SLB) Redundant SLB The 480T routing switch supports a failover process that uses a redundant configuration of two switches. If one switch fails, the second switch takes over the SLB duties of the first. By preparing a redundant switch for the possibility of failover, you effectively maintain your site’s reliability and availability in advance. You can configure the switches so that both perform SLB simultaneously. This type of operation is called active-active.
Intel® NetStructure™ 480T Routing Switch User Guide When both switches are active, each switch performs SLB only for the VIPs assigned to it. If a switch fails, the other switch takes over the VIPs assigned to the failed switch.
C H A P T E R 18 Server Load Balancing (SLB) test oo Real unique IP addresses Server1 1.205.1.1/16 Server2 1.205.1.2/16 Associated VIPs 1.10.1.1 port 80 (site1) 1.10.1.2 port 80 (site2) Switch 1 VLAN inside 1.10.0.2/16 VIP site1 1.10.1.1 (unit 1) VIP site2 1.10.1.2 (unit 2) Clients VLAN outside 1.201.0.1/16 1 2 9 10 11 12 13 14 15 16 3 4 5 6 7 1 2 9 10 11 12 13 14 15 16 3 4 5 6 7 Switch 1 VLAN server 1.205.0.
Intel® NetStructure™ 480T Routing Switch User Guide create slb pool testpool1 configure slb pool testpool1 add 1.205.1.1:80 configure slb pool testpool1 add 1.205.1.2:80 create slb vip site1 pool testpool1 mode transparent 1.10.1.1:80 create slb vip site2 pool testpool1 mode transparent 1.10.1.2:80 configure enable slb configure vlan inside slb-type client configure vlan server slb-type server configure slb failover unit 1 remote 1.10.0.3 local 1.10.0.
C H A P T E R 18 Server Load Balancing (SLB) enable slb failover enable slb fail ping configure slb vip site1 unit 1 configure slb vip site2 unit 2 configure slb fail ping-check 1.10.0.1 freq 1 The differences between the configurations of these two switches are the IP addresses, and the designation of the first switch as the master of the active-active configuration.
Intel® NetStructure™ 480T Routing Switch User Guide testpool1 Real unique IP addresses Server1 1.205.1.1/16 Server2 1.205.1.2/16 Associated VIPs 1.10.1.1 port 80 (site1) 1.10.1.2 port 80 (site2) Switch 1 VLAN inside 1.10.0.2/16 VIP site1 1.10.1.1 (unit 1) VIP site2 1.10.1.2 (unit 2) Clients VLAN outside 1.201.0.1/16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Switch 1 VLAN server 1.205.0.
C H A P T E R 18 Server Load Balancing (SLB) Create the VLANs, using these commands: create vlan inside create vlan server The VLAN inside connects to the gateway and the VLAN server contains all of the load balanced servers. The gateway is connected to the VLAN inside, using these commands: configure inside ipaddress 1.10.0.2 /16 configure inside add port 10 Connect the servers to the VLAN server on ports 4-8, using these commands: configure server ipaddress 1.205.0.
Intel® NetStructure™ 480T Routing Switch User Guide configure inside slb client configure server slb server Configure SLB H/A for the switch, using this command: configure slb failover unit 1 remote 1.10.0.3 local 1.10.0.2 l4-port 1028 One switch in a High Availability pair is designated as unit 1 and the other is designated as unit 2. VIPs associated with the unit numbers are primarily serviced by the appropriate switch. The IP address of the remote switch in the failover pair is 1.10.0.3.
C H A P T E R 18 Server Load Balancing (SLB) in the load balancing scheme. Without ESRP, another switch interconnecting all the servers is necessary. • One switch is designated as unit 1 and the other as unit 2. This designation determines which VIPs are active on each switch in the failover pair. • In this configuration, site1 is serviced by Switch 1 and has two servers that respond to client requests.
Intel® NetStructure™ 480T Routing Switch User Guide This configuration uses transparent mode. Therefore, the VIPs need to be added to the servers as loopback addresses. This is done by configuring the network interfaces on the servers. A detailed description for doing this is provided after Figure 18.1. Advanced SLB Commands Table 18.4 describes advanced SLB commands. For further command options, press the Tab key in the command line interface. Table 18.
C H A P T E R 18 Server Load Balancing (SLB) Table 18.4: Advanced SLB Commands Command configure slb failover unit {remoteip local-ip : {}} configure slb global [ping-check | tcp-portcheck | service-check] frequency timeout Description Configures the slb failover. Specify: • remote-ip-address—The remote peer IP address. • local-ip-address—The address of a local IP interface used for the failover connection.
Intel® NetStructure™ 480T Routing Switch User Guide Table 18.4: Advanced SLB Commands Command Description configure slb global http url match-string [ | any-content] Configures the default parameters for L7 service checking. configure slb global nntp newsgroup Configures the default parameter for L7 service checking. configure slb global persistence-level [samevip-same-port | same-vip-any-port | any-vip] Configures the default parameter for persistence level.
C H A P T E R 18 Server Load Balancing (SLB) Table 18.4: Advanced SLB Commands Command Description configure slb vip service-check frequency timeout Configures the L7 service check frequency and timeout parameters for a particular VIP. To return to the global values, specify 0 for frequency and timeout. configure slb vip service-check http {url match-string [ | anycontent]} Configures VIP service checking for the HTTP service.
Intel® NetStructure™ 480T Routing Switch User Guide Table 18.4: Advanced SLB Commands Command Description disable slb node :{ | all} tcp-port-check Disables L4 port checking. disable slb node ping-check Disables L3 pinging. disable slb vip [ | all] clientpersistence Disables client-persistence. disable slb vip [ | all] closeconnections-now Disables one or all VIP groups. All existing connections are immediately closed.
C H A P T E R 18 Server Load Balancing (SLB) Table 18.4: Advanced SLB Commands Command enable slb vip [ | all] clientpersistence {mask } Description Enables client persistence and specifies the timeout and client address mask. If the client sets up multiple sessions to a virtual server, all sessions must connect to the same physical node.
Intel® NetStructure™ 480T Routing Switch User Guide Table 18.4: Advanced SLB Commands Command Description enable slb vip [ | all] svcdown-reset Enables the svcdown-reset configuration. If enabled, the switch sends TCP RST to both the clients and the node, if the node associated with this VIP completely fails a ping-check, port-check, or service-check.
C H A P T E R 18 Server Load Balancing (SLB) Precedence of Flow Redirection Rules Multiple flow redirection rules can overlap in making a redirection decision. In these cases, precedence is determined by "best match" where the most specific redirection rule that satisfies the criteria will win.
Intel® NetStructure™ 480T Routing Switch User Guide In this case, Policy 1 is the rule with the best match as it contains an explicit Destination IP Port even though the mask for the Destination IP Address is less specific. Table 18.6: Example #2: Flow Redirection Rules Destination IP Address Destionation IP Port Source IP Address Priority Selection 192.168.2.0/24 80 ANY 2 192.168.0.0/16 ANY 10.10.10.0./24 4 192.168.2.0/24 ANY 10.10.0.0/16 3 192.168.2.0/24 80 10.10.0.
C H A P T E R 18 Server Load Balancing (SLB) Table 18.7: Flow Redirection Commands (continued) Command Description create flow-redirect [any | tcp | udp] destination [ | any] ip-port [ | any] source [ | any] Creates a flow redirection policy. delete flow-redirect Deletes a flow redirection policy. show flow-redirect Displays the current flow redirection configuration and statistics. Flow Redirection Example Figure 18.
Intel® NetStructure™ 480T Routing Switch User Guide These commands are used to configure the 480T routing switch in this example: create vlan client configure vlan client add port 1 configure vlan client ipaddress 10.10.10.1/24 create vlan cache configure vlan cache add port 2 configure vlan cache ipaddress 10.10.20.1/24 create vlan internet configure vlan internet add port 3 configure vlan internet ipaddress 10.10.30.
19 Status Monitoring and Statistics This chapter describes how to view the current operating status of the Intel® NetStructure™ 480T routing switch, how to display information in the log, and how to take advantage of available Remote Monitoring (RMON) capabilities. Viewing statistics on a regular basis allows you to see how well your network is performing. If you keep simple daily records, you may see trends emerging and notice problems arising before they cause major network faults.
Intel® NetStructure™ 480T Routing Switch User Guide Table 19.1: Status Monitoring Commands Command Description show log config Displays the log configuration, including the syslog host IP address, the priority level of messages being logged locally, and the priority level of messages being sent to the syslog host. show log {} Displays the current snapshot of the log. Priority options filter the log to display messages with the selected priority or higher (more critical).
C H A P T E R 19 Status Monitoring and Statistics Table 19.
Intel® NetStructure™ 480T Routing Switch User Guide • Received Packet Count (Rx Pkt Count)—The total number of good packets that were received by the port. • Received Byte Count (Rx Byte Count)—The total number of bytes that were received by the port, including bad or lost frames. This number includes bytes contained in the Frame Check Sequence (FCS), but excludes bytes in the preamble.
C H A P T E R 19 Status Monitoring and Statistics To view port receive errors, use this command: show ports rxerrors The following port receive error information is collected: • Receive Bad CRC Frames (Rx CRC)—The total number of frames received by the port that were of the correct length, but contained a bad FCS value. • Receive Oversize Frames (Rx Over)—The total number of good frames the port received that were longer than the supported maximum length of 1,522 bytes.
Intel® NetStructure™ 480T Routing Switch User Guide Table 19.2: Port Monitoring Display Keys (continued) Key(s) Description Esc or Enter Exits from the screen. 0 Clears all counters. Spacebar Cycles through these screens: • Packets per second • Bytes per second • Percentage of bandwidth Available using the show port utilization command only.
C H A P T E R 19 Status Monitoring and Statistics form HH:MM:SS. If the event was caused by a user, the user name is also provided. • Fault level—Table 19.3 describes the three levels of importance that the system can assign to a fault. Table 19.3: Fault Levels Level Description Critical A desired switch function is inoperable. The switch may need to be reset. Warning A noncritical error that may lead to a function failure.
Intel® NetStructure™ 480T Routing Switch User Guide Table 19.4: Fault Log Subsystems (continued) Subsystem Description Brdg Bridge-related functionality. Examples include low table space and queue overflow. SNMP SNMP information. Examples include community string violations. Telnet Information related to Telnet login and configuration performed using a Telnet session. VLAN VLAN-related configuration information. Port Port management-related configuration.
C H A P T E R 19 Status Monitoring and Statistics Real-Time Display Along with viewing a snapshot of the log, you can configure the system to maintain a running real-time display of log messages on the console. To turn on the log display, enter this command: enable log display To configure the log display, use this command: configure log display {} If priority is not specified, only messages of critical priority display.
Intel® NetStructure™ 480T Routing Switch User Guide The priorities are the same as for local logging. If not specified, only critical priority messages are sent to the syslog host. Logging Configuration Changes The local management software allows you to record all configuration changes (and their sources) made through the CLI using Telnet or the local console. The changes are logged to the system log.
C H A P T E R 19 Status Monitoring and Statistics Table 19.5:Logging Commands (continued) Command Description configure log display {} Configures the real-time log display. Displays the current snapshot of the log. Priority filters the log to display messages with the selected or higher (more critical) priority. Priorities include (in order): • Critical • Emergency • Error • Alert • Warning • Notice • Info • Debug If not specified, info and higher priority messages display.
Intel® NetStructure™ 480T Routing Switch User Guide Table 19.5:Logging Commands (continued) Command Description disable log display Disables the log display. disable syslog Disables logging to a remote syslog host. enable cli-config-logging Enables the logging of CLI configuration commands to the Syslog for auditing purposes. The default setting is enabled. enable log display Enables the log display. enable syslog Enables logging to a remote syslog host.
C H A P T E R 19 Status Monitoring and Statistics A typical RMON setup consists of two components: • RMON probe—An intelligent, remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN. The probe transfers the information to a management workstation on request, or when a predefined threshold is crossed. • Management workstation—Communicates with the RMON probe and collects the statistics from it.
Intel® NetStructure™ 480T Routing Switch User Guide The History group is useful for analysis of traffic patterns and trends on a LAN segment or VLAN, and to establish baseline information indicating normal operating parameters. Alarms The Alarms group provides a versatile, general mechanism for setting threshold and sampling intervals to generate events on any RMON variable. Both rising and falling thresholds are supported, and thresholds can be on the absolute value of a variable or its delta value.
Intel® NetStructure™ 480T Routing Switch User Guide network without costing more than traditional network management. The 480T routing switch accurately maintains RMON statistics at the maximum line rate of all of its ports. For example, statistics can be related to individual ports. RMON Probe with Security Features Enabled A probe must be able to monitor all traffic. Unlike Intel’s built-in probe, a stand-alone probe must be attached to a nonsecure port.
Intel® NetStructure™ 480T Routing Switch User Guide 418
20 Software Upgrade and Boot Options Overview This chapter describes the procedure for upgrading the Intel® NetStructure™ 480T routing switch firmware image. It also includes a discussion of how to save and load a primary and secondary image and configuration file on the switch. Saving Configuration Changes The configuration is the customized set of parameters that you have selected to run on the switch. As you make configuration changes, the new settings are stored in run-time memory.
Intel® NetStructure™ 480T Routing Switch User Guide If you make a mistake, or find you must revert to the configuration as it was before you started making changes, you can set the switch to use the secondary configuration on the next reboot. If the switch is rebooted during a configuration save, the switch boots to factory default settings. The configuration in the process of being saved is unaffected.
C H A P T E R 20 Software Upgrade and Boot Options Once the TFTP server is running, click the Server Dir. button. Verify that the active directory is Program Files\Intel\Intel Device View\Firmware. Make sure that both the BootROM image (a file named ngbootnn.bin) and the firmware image (a file named vnnnnbnn.tfp) are in this directory.
Intel® NetStructure™ 480T Routing Switch User Guide Upgrading the Firmware To upgrade the firmware on the switch: 1. Download the latest image from your TFTP server. download image vb.tfp primary 2. Verify that primary image is now at the latest version and that the secondary image is still at the older version: show switch 3. Save this configuration in the primary configuration database: save configuration primary 4. Then reboot the switch, and log back into the switch.
C H A P T E R 20 Software Upgrade and Boot Options show switch • Reboot the switch using the reboot command. If you have followed upgrade instructions, your original configuration should be operational. If you did not have an older configuration, you may perform a minimal configuration for the switch through the command line interface (CLI) sufficient to TFTP download the configuration file generated during the upgrade procedure.
Intel® NetStructure™ 480T Routing Switch User Guide specified, the current configuration is immediately uploaded to the TFTP server. To cancel a scheduled configuration upload, use the command: upload configuration cancel Using TFTP to Download the Configuration To modify the switch configuration, you can download ASCII files that contain CLI commands to the switch.
C H A P T E R 20 Software Upgrade and Boot Options connection (and not the console port), your connection is terminated when the switch reboots, but the command executes normally. Downloading an Incremental Configuration You can make a partial or incremental change to the switch configuration using downloaded ASCII files that contain CLI commands. The switch interprets these commands as a script of CLI commands. They take effect at the time of the download, without requiring a reboot of the switch.
Intel® NetStructure™ 480T Routing Switch User Guide Remember to Save Regardless of the download option used, configurations are downloaded into switch runtime memory only. The configuration is saved only when the save command is issued, or if the configuration file itself includes the save command. If the configuration currently running in the switch does not match the configuration that the switch used when it originally booted, an asterisk (*) appears before the command line prompt when using the CLI.
C H A P T E R 20 Software Upgrade and Boot Options • Press 2 for the image stored in secondary. Then, press the f key to boot from newly selected on-board flash memory. To boot to factory default configuration: • Press the d key for default, and • Press the f key to boot from the configured on-board flash. Boot Option Commands Table 20.1 lists the CLI commands associated with switch boot options. For further command options, press the Tab key in the command line interface. Table 20.
Intel® NetStructure™ 480T Routing Switch User Guide Table 20.1: Boot Option Commands (continued) Command Description download image [ | ] {primary | secondary} Downloads a new image from a TFTP server over the network. If parameters are not specified, the image is saved to the current image. reboot {time
C H A P T E R 20 Software Upgrade and Boot Options Table 20.1: Boot Option Commands (continued) Command Description use configuration [primary | secondary] Configures the switch to use a particular configuration on the next reboot. Options include the primary configuration area or the secondary configuration area. use image [primary | secondary] Configures the switch to use a particular image on the next reboot.
Intel® NetStructure™ 480T Routing Switch User Guide 430
A Technical Specifications and Supported Limits Technical Specifications For IEEE standards information refer to http://standards.ieee.org The following table lists specifications for the Intel® NetStructure™ 480T routing switch. Table A.1: Specifications Physical Dimensions Height: 3.5 inches x Width: 17.36 inches x Depth: 19.20 inches Weight: with single PSU: 21.7 lbs with dual PSU: 27.
Intel® NetStructure™ 480T Routing Switch User Guide Table A.1: Specifications CE (European Community) TUV/GS (German Notified Body) C-Tick (Australian Communication Authority) Underwriters Laboratories (USA and Canada) Safety Agency Certifications Electromagnetic Compatibility Heat Dissipation UL 1950 3rd Edition, listed cUL listed to CSA 22.
Appendix A Technical Specifications and Supported Limits Supported Standards, RFCs and Protocols Table A.2: Supported Standards, RFCs and Protocols RFCs, Standards, and Protocols RFC 1058 RIP RFC 1723 RIP v2 RFC 1112 IGMP RFC 2236 IGMP v2 DVMRP v3 - Draft IETF DVMRP v3-07 PIM-DM v2 - Draft IETF PIM-DM v2-dm-01 RFC 2362 PIM-SM RFC 1587-NSSA option RFC 2178 OSPF RFC 1122 Host requirements IEEE 802.1D-1998 (802.1p) Packet priority IEEE 802.1Q VLAN tagging IEEE 802.3u 100 Mbps Ethernet IEEE 802.
Intel® NetStructure™ 480T Routing Switch User Guide Supported Limits The table below summarizes tested metrics for various features on the 480T routing switch. These metrics are laboratory results and are for reference and comparison only. Table A.3: Supported Limits Metric Description Limit Access Profiles Used by SNMP, Telnet, Vista Web interface, and Routing Access Policies. 128 Access Profile entries Used by SNMP, Telnet, Vista Web interface, and Routing Access Policies.
Appendix A Technical Specifications and Supported Limits Table A.3: Supported Limits MAC-based VLANs – MAC addresses Maximum number of MAC addresses that can be downloaded to the switch when using MACbased VLANs. 7000 Protocol-sensitive VLANs – active protocol filters The number of simultaneously active protocol filters in the switch. 15 Spanning Tree - Max STPDs Maximum number of Spanning Tree Domains.
Intel® NetStructure™ 480T Routing Switch User Guide Table A.3: Supported Limits ESRP – number of instances Maximum number of ESRP-supported VLANs for a single switch. 64 ESRP – number of ESRP groups Maximum number of ESRP groups within a broadcast domain. 4 ESRP – number of VLANs in a single ESRP domain Maximum number of VLANs that can be joined to a single ESRP instance through an ESRP domain. 256 default; 300 max FDB – Maximum number of L2/L3 entries Maximum number of MAC addresses.
Appendix A Technical Specifications and Supported Limits Table A.3: Supported Limits OSPF virtual links Maximum number of OSPF virtual links supported. 32 BGP routes Maximum number of routes contained in the BGP route table. 500,000 BGP peers Maximum number of BGP peers on a single router. 64 Policy-Based Routing Maximum number of policy-based routes that can be stored on a switch.
Intel® NetStructure™ 480T Routing Switch User Guide Table A.3: Supported Limits IPX Router interfaces Maximum number of IPX router interfaces. 256 IPX Access control lists Maximum number of access lists in which all rules utilize all available options.
B Troubleshooting If you encounter problems when using the Intel® NetStructure™ 480T routing switch, this appendix may be helpful. If you have a problem not listed here or in the “Late Breaking News,” contact your local technical support representative (see "Intel Customer Support" on page 491). LEDs Why doesn’t the power LED light? • Check that the power cable is firmly connected to the device and to the supply outlet.
Intel® NetStructure™ 480T Routing Switch User Guide the link LED lit, and the side with autonegotiation enabled will not have the LED lit. • The default configuration for a 1000 Mbps port is autonegotiation enabled. Verify by using this command: show port config Why won’t the switch power on? • The 480T routing switch uses a digital power supply with surge protection. During a power surge, the protection circuits turn off the power supply.
Appendix B Troubleshooting Why won’t the Telnet workstation access the device? • Check that the device IP address, subnet mask and default gateway are configured correctly, and that the device has been reset. • Ensure that you enter the IP address of the switch correctly when invoking the Telnet facility. • Check that Telnet access was not disabled for the switch. If you attempt to log in and the maximum number of Telnet sessions are being used, you should receive an error message indicating so.
Intel® NetStructure™ 480T Routing Switch User Guide How do I remove unused default and static routes? • If you have defined static or default routes, those routes will remain in the configuration, independent of whether the VLAN and VLAN IP address that used them remains. You should manually delete the routes if no VLAN IP address is capable of using them.
Appendix B Always verify that the switch and the network device match in configuration for speed and duplex. Troubleshooting • To establish a full-duplex link either force it at both sides, or run autonegotiation on both sides (using full-duplex as an advertised capability, the default setting). • A mismatch of duplex mode between the 480T routing switch and another network device will cause poor network performance.
Intel® NetStructure™ 480T Routing Switch User Guide • Then convert each octet into a decimal value. (for example, 00000000.00000000.0000001.10010000 = 0.0.1.144). • Therefore, 400 = 0.0.1.144 VLANs What if I can’t add a port to a VLAN? • If you attempt to add a port to a VLAN and get an error message similar to: localhost:7 # configure vlan marketing add port 1,2 ERROR: Protocol conflict on port 1 you already have a VLAN using untagged traffic on a port.
Appendix B Troubleshooting VLAN Names There are restrictions on VLAN names. They cannot contain white spaces and cannot start with a numeric value unless you use quotation marks around the name. If a name contains white spaces, starts with a number, or contains nonalphabetical characters, you must use quotation marks whenever referring to the VLAN name. What if 802.1Q links do not work correctly? • VLAN names are only locally significant through the commandline interface.
Intel® NetStructure™ 480T Routing Switch User Guide Why does the switch keep aging out endstation entries in the switch Forwarding Database (FDB)? • Reduce the number of topology changes by disabling STP on those systems that do not use redundant paths. • Specify that the endstation entries are static or permanent.
C Regulatory Information Compliance statements Each of the following compliance statements applies only to products that bear the mark or text required by the appropriate certification agency. FCC Part 15 Compliance Statement This product has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment.
Intel® NetStructure™ 480T Routing Switch User Guide This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the interference-causing equipment standard entitled: "Digital Apparatus," ICES-003 of the Canadian Department of Communications. CE Compliance Statement This certifies that the Intel® NetStructure™ 480T routing switch complies with the EU Directive, 89/336/EEC, using the EMC standards EN55022 (Class A) and EN50082-1.
Appendix C Regulatory Information Warnings WARNING This is a Class A product. In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures. Internal access to the Intel NetStructure 480T routing switch is intended only for qualified service personnel. Do not remove any covers. There are no user serviceable parts inside. WARNING Choose a site that is: • Clean and free of airborne particles (other than normal room dust).
Intel® NetStructure™ 480T Routing Switch User Guide • in Regionen, in denen elektrische Stürme auftreten, mit einem Überspannungsschutzgerät verbunden sein; während eines elektrischen Sturms sollte keine Verbindung der Telekommunikationsleitungen mit dem Modem bestehen; • mit einer geerdeten Wechselstromsteckdose ausgerüstet sein. Versuchen Sie nicht, das mitgelieferte Netzkabel zu ändern oder zu verwenden, wenn es sich nicht um genau den erforderlichen Typ handelt.
Appendix C Regulatory Information WARRANTY IS IN LIEU OF ANY OTHER WARRANTY, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY OF NONINFRINGEMENT OF INTELLECTUAL PROPERTY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR ANY WARRANTY ARISING OUT OF ANY PROPOSAL, SPECIFICATION, SAMPLE OR OTHERWISE. This warranty does not cover replacement of products damaged by abuse, accident, misuse, neglect, alteration, repair, disaster, improper installation or improper testing.
Intel® NetStructure™ 480T Routing Switch User Guide systems) by Licensee or Sublicensees, and such use is entirely at the user’s risk. Licensee agrees to defend, indemnify, and hold Intel harmless from and against any and all claims arising out of use of the hardware product in such applications by Licensee or Sublicensees. Software: Software provided with the hardware product is not covered under the hardware warranty described above.
Appendix C Regulatory Information Country Number Language Germany +49 (0) 69 9509 6099 German Italy +39 (0) 2 696 33276 Italian United Kingdom +44 (0) 870 607 2439 English If the Customer Support Group verifies that the product is defective, they will have the Return Material Authorization Department issue you an RMA number to place on the outer package of the product. Intel cannot accept any product without an RMA number on the package.
Intel® NetStructure™ 480T Routing Switch User Guide INTEL SE RESERVE LE DROIT DE VOUS LIVRER UN PRODUIT CONTENANT DES COMPOSANTS NOUVEAUX OU REPARES.
Appendix C Regulatory Information CONCERNANT TOUS LES LITIGES RELATIFS AU PRESENT ACCORD NE SERA PAS SUPERIEURE AU PRIX PAYE POUR LE PRODUIT. CES LIMITATIONS DE RESPONSABILITE POTENTIELLE ONT CONSTITUE UN FACTEUR DETERMINANT LORS DE LA FIXATION DU PRIX DU PRODUIT. INTEL N’ASSUME AUCUNE AUTRE RESPONSABILITE ET N’AUTORISE QUICONQUE A LE FAIRE EN SON NOM. La garantie limitée du matériel est régie et interprétée par les lois en vigueur en Angleterre et au Pays de Galles.
Intel® NetStructure™ 480T Routing Switch User Guide riciclate, completamente collaudate e garantite come nuove. Per maggiori informazioni sulla garanzia, chiamare uno dei numeri indicati qui sotto.
Appendix C Regulatory Information Beschränkte Hardwaregarantie (Nur für Europa) Intel garantiert dem ursprünglichen Eigentümer, daß die in diesem Paket enthaltene Hardware keine Material- oder Herstellungsfehler aufweist.
Intel® NetStructure™ 480T Routing Switch User Guide Land Telefon Sprache Italien +39 (0) 2 696 33276 Italienisch Great Britain +44 (0) 870 607 2439 Englisch Nachdem die Beschädigung vom Kundendienst bestätigt worden ist, wird von der zuständigen Abteilung eine Rückgabenummer (RMA-Nummer) ausgegeben, die auf der äußeren Verpackung der Hardware angebracht werden muß. Intel akzeptiert kein Produkt ohne RMA-Nummer auf der Verpackung.
Appendix C Regulatory Information partir de la fecha que resulte más reciente de entre las opciones siguientes: (i) la fecha de compra, sólo si devuelve la tarjeta de registro con prueba de compra de la forma indicada al respecto para registrarse; o bien (ii) la fecha de fabricación; o (iii) la fecha de registro, si éste se ha producido por medios electrónicos y dentro de los treinta (30) días siguientes a la compra.
Intel® NetStructure™ 480T Routing Switch User Guide LA IMPOSIBILIDAD DEL USO DE ESTE PRODUCTO, YA PROVENGA DE CONTRATO, NEGLIGENCIA, AGRAVIO O BAJO CUALQUIER GARANTÍA, SIN IMPORTAR QUE INTEL HAYA RECIBIDO PREVIO AVISO DE LA POSIBILIDAD DE DICHOS DAÑOS, INCLUIDOS, AUNQUE NO LIMITADOS A, PÉRDIDAS DE USO, INFRINGIMIENTO DE LA PROPIEDAD INTELECTUAL, SUSPENSIÓN DEL EJERCICIO COMERCIAL Y PÉRDIDA DE BENEFICIOS, A PESAR DE LO ANTERIOR, TODA LA RESPONSABILIDAD DE INTEL SOBRE LAS RECLAMACIONES REALIZADAS BAJO ESTE A
D Intel Customer Support Intel offers a range of support services for your Intel® NetStructure™ 480T routing switch. You can learn about the options available for your area by visiting the Intel support Web site at http://www.intel.com/ network/services. Worldwide Access to Technical Support Intel has technical support centers worldwide. The technicians who staff the centers generally offer service in the languages of the region. Visit our Web site at http:/support.intel.com/.
Intel® NetStructure™ 480T Routing Switch User Guide Other areas For support in other countries, use the following table to dial the tollfree support number. Using the table, locate the country from which you are calling, dial the access number, await the dial tone, and then dial the listed 800 number.
Appendix D Intel Customer Support Country United Kingdom (Mercury) Vietnam Dialing Information 3 0500-89-0011 await dial tone, then 800-838-7136 12010288 await dial tone, then 800-838-7136 Notes: 1 Public phones require coin deposit 2 Use phones allowing international access 3 May not be available from every phone 4 Public phones require local phone payment through the call duration 5 Not available from public phones 463
Intel® NetStructure™ 480T Routing Switch User Guide 464
Index Numerics 10/100 Mbps management port ................................................10 802.1p configuration commands (table) ...................................150 802.1Q links, troubleshooting ................................................445 802.1Q VLAN tag ...............................................................100 8021Q .................................................................................99 A AC connector ......................................................................
I N D E X access policy soft reset ......................................................................334 access profiles configuration commands (table) ..........................................59 create .............................................................................59 example .........................................................................61 reverse mask ...........................................................60, 325 rules .....................................................
Intel® NetStructure™ 480T Routing Switch User Guide B backbone area, OSPF ............................................................228 bandwidth ..........................................................................138 bandwidth management .........................................................163 bandwidth settings ...............................................................161 Basic Layer 3 access list .........................................................................7 ESRP ...........
I N D E X show commands (table) ...................................................271 soft reset ......................................................................334 bi-directional rate shaping .....................................................163 blackhole ............................................................................146 blackhole entries, FDB ..........................................................121 boot option commands (table) ................................................
Intel® NetStructure™ 480T Routing Switch User Guide command history ...........................................................................44 shortcuts ........................................................................41 syntax, understanding .......................................................39 command completion .............................................................40 Command-Line Interface, troubleshooting ................................440 Command-Line Interface.
I N D E X control flow ..........................................................................80 controlling Telnet access .........................................................58 conversion of OSPF area .......................................................443 convert OSPF area ...............................................................443 cooling, heat dissipation ........................................................432 CRC ...................................................................
Intel® NetStructure™ 480T Routing Switch User Guide Device Tree ..........................................................................26 DF bit ..................................................................................82 DHCP multinetting ..................................................................198 relay, configuring ...........................................................207 DHCP and UDP-Forwarding ..................................................208 DiffServ, configuring ........
I N D E X enable log display ................................................................411 enable SLB .........................................................................354 enable slb ...................................................................367, 389 enable slb failover ................................................................383 enable slb node tcp-port-check ...............................................365 enable slb vip ftpc service-check ...................................
Intel® NetStructure™ 480T Routing Switch User Guide master, failover ..............................................................170 master, priority ..............................................................170 master, tracking .............................................................170 ping .............................................................................171 redundancy ...................................................................167 route table ...............................
I N D E X FDB handling .....................................................................119 file server applications, QoS ...................................................139 Filter button (Web Access) ......................................................38 filter, ICMP ........................................................................323 filter, traffic ..........................................................................90 filtering, packet ..............................................
Intel® NetStructure™ 480T Routing Switch User Guide heat dissipation ....................................................................432 high availability ...........................................................387, 388 high availability mode, SLB ...................................................378 History ................................................................................30 history .................................................................................44 history command ..
I N D E X IP access rules .....................................................................309 IP address, entering ................................................................56 IP address, troubleshooting ....................................................445 IP ARP Request ...................................................................196 IP FDB handling ..................................................................119 IP multicast routing configuration commands (table) ................
Intel® NetStructure™ 480T Routing Switch User Guide resetting .......................................................................221 router interfaces .............................................................191 router show commands (table) ..........................................220 routing table ..........................................................192, 214 populating 192 settings, displaying .........................................................220 static routes .......................
I N D E X settings, displaying .........................................................305 show commands (table) ...................................................305 IRDP .................................................................................218 J jumbo frame .....................................................81, 87, 88, 112 mtu range .......................................................................82 K keys line-editing ...............................................................
Intel® NetStructure™ 480T Routing Switch User Guide log display ..........................................................................411 logging and Telnet ....................................................................411 commands (table) ..........................................................412 configuration changes .....................................................412 description ....................................................................408 fault level ........................
I N D E X metropolitan area network .....................................................112 MGMT LED .........................................................................21 MIB ..................................................................................433 MIBs ...................................................................................63 microprocessor utilization ......................................................446 mirror port .......................................................
Intel® NetStructure™ 480T Routing Switch User Guide Origin, BGP ........................................................................256 OSPF advantages ....................................................................224 area 0 ..........................................................................228 areas ............................................................................227 backbone area ...............................................................
I N D E X permanent entries, FDB .........................................................121 permanent entry, troubleshooting ............................................441 persistence, SLB, client .........................................................377 PIM trusted neighbor .............................................................333 PIM mode translation ...........................................................277 PIM-DM configuration ...........................................................
Intel® NetStructure™ 480T Routing Switch User Guide master port .....................................................................85 mirroring ........................................................................90 monitoring ....................................................................403 monitoring display keys ..................................................407 priority, STP .................................................................129 receive errors ...............................
I N D E X bandwidth management ...................................................135 bandwidth settings .........................................................161 blackhole ......................................................................146 broadcast/unknown rate limiting .......................................147 buffer ..........................................................................141 building blocks ..............................................................
Intel® NetStructure™ 480T Routing Switch User Guide queries, router, IGMP ...........................................................278 query, group specific, IGMP ..................................................281 R rack .....................................................................................18 rack mount ...........................................................................18 rack mounting .......................................................................18 RADIUS ............
I N D E X split horizon ..................................................................225 timer ...........................................................................225 triggered updates ...........................................................226 version 2 ......................................................................226 vs. OSPF ......................................................................224 RJ-45 connector ....................................................................
Intel® NetStructure™ 480T Routing Switch User Guide access profile ................................................................324 access profile, applying ...................................................327 access profile, changing ..................................................334 access profile, configuring ...............................................324 access profile, creating ....................................................324 BGP .....................................................
I N D E X service-check ......................................................................371 sessions, deleting ...................................................................58 shortcuts, command ................................................................41 show flow-redirect ...............................................................377 show iproute .......................................................................202 show port ......................................................
Intel® NetStructure™ 480T Routing Switch User Guide ratio weight ..................................................................358 redundant configuration ..................................................383 round-robin ...................................................................357 service-check ................................................................371 standard virtual servers ...................................................349 sticky ..............................................
I N D E X Greenwich Mean Time Offsets (table) ..................................74 soft resets ...........................................................................334 software factory defaults ................................................................12 Software Licensing ..................................................................7 software upgrade .................................................................420 spanning switches .....................................................
Intel® NetStructure™ 480T Routing Switch User Guide forward delay ................................................................129 hello time .....................................................................129 initialization, troubleshooting ...........................................445 max age .......................................................................129 overview ......................................................................125 path cost ......................................
I N D E X T TACACS+ commands (table) ............................................................71 description ......................................................................70 servers, specifying ...........................................................70 tag ....................................................................................100 tagged IPX VLAN ...............................................................294 tagged VLAN .........................................................
Intel® NetStructure™ 480T Routing Switch User Guide Transparent mode ................................................................349 transparent mode .................................................................349 transparent mode, SLB ..........................................................350 transparent private networks ...................................................112 Trap Receiver, troubleshooting ...............................................441 triggered update .....................
I N D E X viewing accounts ...................................................................50 VIPs, SLB ..........................................................................348 Virtual LANs. See VLANs virtual link, OSPF ................................................................229 VLAN debug-tracing ................................................................446 ESRP tracking ...............................................................171 IP fragmentation ..............................
Intel® NetStructure™ 480T Routing Switch User Guide names ..........................................................................105 port, troubleshooting .......................................................444 port-based ......................................................................97 protocol filters ...............................................................103 protocol-based ...............................................................102 protocol-based, IPX ........................
I N D E X wildcard IP address 496 ..............................................................
Intel NetStructure™ 480T Routing Switch ® Intel ® NetStructure™ 480T Routing Switch User Guide A14542-001 100044-00 rev04 User Guide
