53-1002637-02 24 June 2013 FastIron Ethernet Switch Administration Guide Supporting FastIron Software Release 08.0.
Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Contents About This Document Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Supported Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Network Time Protocol Version 4 (NTPv4). . . . . . . . . . . . . . . . . . . . . 20 NTP and SNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 NTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 NTP Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 NTP peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 NTP broadcast server . . . . . . . .
Software reboot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Software boot configuration notes . . . . . . . . . . . . . . . . . . . . . . . 81 Displaying the boot preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Loading and saving configuration files . . . . . . . . . . . . . . . . . . . . . . . 82 Replacing the startup configuration with the running configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Layer 3 hitless route purge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 Setting the IPv4 hitless purge timer on the defatult VRF . . . .111 Example for setting IPv4 hitless purge timer on the default VRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 Setting the IPv4 hitless purge timer on the non-default VRF .112 Example for setting the IPv4 hitless purge timer on the non-default VRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deleting a license file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Deleting a license on SX 800 and SX 1600 devices . . . . . . . .138 Deleting a license on FCX and ICX devices . . . . . . . . . . . . . . .139 Using a trial license. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 What happens when a trial license expires . . . . . . . . . . . . . . .140 Console, syslog, and trap messages for trial license expiration . . . . . . . . . . . . . . . .
SNMP version 3 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170 Defining an SNMP group and specifying which view is notified of traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170 Defining the UDP port for SNMP v3 traps . . . . . . . . . . . . . . . . 171 Trap MIB changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172 Specifying an IPv6 host as an SNMP trap receiver . . . . . . . . .172 SNMP v3 over IPv6 . . . . . . . . . . . . . .
LLDP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199 LLDP configuration notes and considerations . . . . . . . . . . . . .199 Enabling and disabling LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . .200 Enabling support for tagged LLDP packets . . . . . . . . . . . . . . .200 Changing a port LLDP operating mode . . . . . . . . . . . . . . . . . .200 Configuring LLDP processing on 802.1x blocked port . . . . . .202 Maximum number of LLDP neighbors . . . . .
Displaying Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244 Enabling real-time display of Syslog messages . . . . . . . . . . . .245 Enabling real-time display for a Telnet or SSH session . . . . . .245 Displaying real-time Syslog messages . . . . . . . . . . . . . . . . . . .246 Syslog service configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Displaying the Syslog configuration . . . . . . . . . . . . . . . . . . . . .
Chapter 12 Power over Ethernet Power over Ethernet overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292 Power over Ethernet terms used in this chapter . . . . . . . . . . .292 Methods for delivering Power over Ethernet . . . . . . . . . . . . . .292 PoE autodiscovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294 Power class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .294 Dynamic upgrade of PoE power supplies . . . . . . . . . .
xii FastIron Ethernet Switch Administration Guide 53-1002637-02
About This Document This chapter contains the following sections: • Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • What’s new in this document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Unsupported features Features that are not documented in “Related publications” on page xvi are not supported. Audience This document is designed for network engineers with a working knowledge of Layer 2 and Layer 3 switching and routing. If you are using a Brocade Layer 3 switch, you should be familiar with the following protocols if applicable to your network – IP, RIP, OSPF, BGP, IGMP, PIM, and VRRP. What’s new in this document This document includes the information from IronWare software release 08.0.
TABLE 1 Summary of enhancements in FastIron release 08.0.00a Feature Description Described in Default Log Buffer Size This release enhances the default-log buffer size to 1000 lines. “Syslog” on page 243 Enhancement to Port Group Naming This release introduces the feature to provide a single name to a group of ports. “Assigning port names” on page 41 Static IPv6 routes This feature allows you to configure a static IPv6 route to be redistributed into a routing protocol.
Notes, cautions, and danger notices The following notices and statements are used in this manual. They are listed below in order of increasing severity of potential hazards. NOTE A note provides a tip, guidance or advice, emphasizes important information, or provides a reference to related information. CAUTION A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data.
Getting technical help To contact Technical Support, go to http://www.brocade.com/services-support/index.page for the latest e-mail and telephone contact information. Document feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback to: documentation@brocade.
xviii FastIron Ethernet Switch Administration Guide 53-1002637-02
Chapter 1 Management Applications Table 2 lists the individual Brocade FastIron switches and the management application features they support. These features are supported in the Layer 2 and Layer 3 software images.
1 Management port overview The management port is an out-of-band port that customers can use to manage their devices without interfering with the in-band ports. The management port is widely used to download images and configurations, for Telnet sessions. For FCX devices, the MAC address for the management port is derived from the base MAC address of the unit, plus the number of ports in the base module. For example, on a 48-port FCX standalone device, the base MAC address is 0000.0034.2200.
1 Management port overview interface management 1 ip address 10.44.9.64 255.255.255.0 To display the current configuration, use the show interfaces management command. Syntax: show interfaces management num Brocade(config)#show interfaces management 1 GigEthernetmgmt1 is up, line protocol is up Hardware is GigEthernet, address is 0000.0076.544a (bia 0000.0076.
1 Logging on through the CLI InGiantPkts0 InShortPkts0 InJabber0 InFlowCtrlPkts0OutFlowCtrlPkts0 InBitsPerSec83728OutBitsPerSec24 InPktsPerSec130OutPktsPerSec0 InUtilization0.01%OutUtilization0.00% To display the management interface statistics in brief form, enter the show statistics brief management command.
Logging on through the CLI 1 If you enter an invalid command followed by ?, a message appears indicating the command was unrecognized. An example is given below. Brocade(config)#rooter ip Unrecognized command Command completion The CLI supports command completion, so you do not need to enter the entire name of a command or option. As long as you enter enough characters of the command or option name to avoid ambiguity with other commands or options, the CLI understands what you are typing.
1 Using stack-unit, slot number, and port number with CLI commands TABLE 3 CLI line editing commands (Continued) Ctrl+Key combination Description Ctrl+C Escapes and terminates command prompts and ongoing tasks (such as lengthy displays), and displays a fresh command prompt. Ctrl+D Deletes the character at the cursor. Ctrl+E Moves to the end of the current command line. Ctrl+F Moves the cursor forward one character. Ctrl+K Deletes all characters from the cursor to the end of the command line.
Using stack-unit, slot number, and port number with CLI commands 1 CLI nomenclature on Stackable devices Stackable devices (FCX and ICX) use the stack-unit/slot/port nomenclature. When you enter CLI commands that include the port number as part of the syntax, you must use the stack-unit/slot/port number format.
1 Using stack-unit, slot number, and port number with CLI commands Brocade#show who | exclude closed Console connections: established you are connecting to this session 2 seconds in idle Telnet connections (inbound): 1 established, client ip address 10.168.9.
Using stack-unit, slot number, and port number with CLI commands 1 --More--, next page: Space, next line: Return key, quit: Control-c +telnet The filtered results are displayed. filtering... telnet Telnet by name or IP address To display lines that do not contain a specified search string (similar to the exclude option for show commands) press the minus sign key ( - ) at the --More-- prompt and then enter the search string.
1 Using stack-unit, slot number, and port number with CLI commands TABLE 4 Special characters for regular expressions (Continued) Character Operation ? The question mark matches on zero occurrences or one occurrence of a pattern. For example, the following regular expression matches output that contains "dg" or "deg": de?g NOTE: Normally when you type a question mark, the CLI lists the commands or options at that CLI level that begin with the character or string you entered.
Using stack-unit, slot number, and port number with CLI commands 1 Brocade#show ip route bgp | include \* Creating an alias for a CLI command You can create aliases for CLI commands. An alias serves as a shorthand version of a longer CLI command. For example, you can create an alias called shoro for the CLI command show ip route. Then when you enter shoro at the command prompt, the show ip route command is issued.
1 12 Using stack-unit, slot number, and port number with CLI commands FastIron Ethernet Switch Administration Guide 53-1002637-02
Chapter 2 Basic Software Features Table 5 lists the individual Brocade FastIron switches and the basic software features they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
2 Basic system parameter configuration TABLE 5 Supported basic software features Feature FSX 800 FSX 1600 FCX ICX 6610 ICX 6430 ICX 6450 Port status (enable or disable) Yes Yes Yes Yes Yes Flow control: • Responds to flow control packets, but does not generate them Yes Yes Yes Yes Yes Symmetric flow control • Can transmit and receive 802.
Basic system parameter configuration 2 NOTE For information about the Syslog buffer and messages, refer to Appendix A, “Syslog messages”. The procedures in this section describe how to configure the basic system parameters listed in Table 5. Entering system administration information You can configure a system name, contact, and location for a Brocade device and save the information locally in the configuration file for future reference.
2 Basic system parameter configuration Specifying an SNMP trap receiver You can specify a trap receiver to ensure that all SNMP traps sent by the Brocade device go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network. When you specify the host, you also specify a community string. The Brocade device sends all the SNMP traps to the specified hosts and includes the specified community string.
Basic system parameter configuration 2 Specifying a single trap source You can specify a single trap source to ensure that all SNMP traps sent by the Layer 3 switch use the same source IP address. For configuration details, refer to “Specifying a single source interface for specified packet types” section in the FastIron Ethernet Switch Layer 3 Routing Configuration Guide.
2 Basic system parameter configuration • Bridge topology change • Locked address violation SNMP Layer 3 traps The following traps are generated on devices running Layer 3 software: • • • • • • • • • • • • • SNMP authentication key Power supply failure Fan failure Cold start Link up Link down Bridge new root Bridge topology change Locked address violation BGP4 OSPF VRRP VRRP-E To stop link down occurrences from being reported, enter the following.
Basic system parameter configuration 2 To enable SNMP to display VE statistics, enter the enable snmp ve-statistics command. Brocade(config)# enable snmp ve-statistics Syntax: [no] enable snmp ve-statistics Use the no form of the command to disable this feature once it is enabled. Note that the above CLI command enables SNMP to display virtual interface statistics. It does not enable the CLI to display the statistics.
2 Network Time Protocol Version 4 (NTPv4) Brocade# show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 12 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: Dec 15 19:04:14:A:Fan 1, fan on right connector, failed Dynamic Log Buffer (50 entries): Oct 15 18:01:11:info:dg logout from USER EXEC mode Oct 15 17:59:22:info:dg logout from PRIVILEGE EXEC mode Oct 15 1
Network Time Protocol Version 4 (NTPv4) 2 else in the world. It allows clients to use different time zone and daylight-saving properties. Primary servers are synchronized by wire or radio to national standards such as GPS. Timing information is conveyed from primary servers to secondary servers and clients in the network. NTP runs on UDP, which in turn runs on IP. NTP has a hierarchical structure.
2 Network Time Protocol Version 4 (NTPv4) NOTE Network Time Protocol (NTP) commands must be configured on each individual device. FIGURE 1 • • • • • NTP implementation conforms to RFC 5905. NTP can be enabled in server and client mode simultaneously. The NTP uses UDP port 123 for communicating with NTP servers/peers. NTP server and client can communicate using IPv4 or IPv6 address NTP implementation supports below association modes.
Network Time Protocol Version 4 (NTPv4) 2 • Broadcast client • NTP supports maximum of 8 servers and 8 peers. The 8 peers includes statically configured and dynamically learned. • NTP can operate in authenticate or non-authenticate mode. Only symmetric key authentication is supported. • By default, NTP operates in default VLAN and it can be changed. Limitations • FastIron devices cannot operate as primary time server (or stratum 1). It only serves as secondary time server (stratum 2 to 15).
2 Network Time Protocol Version 4 (NTPv4) When the NTP server is enabled, it will start listening on the NTP port for client requests and responds with the reference time. Its stratum number will be the upstream time server's stratum + 1. The stratum 1 NTP server is the time server which is directly attached to the authoritative time source. The device cannot be configured as primary time server with stratum 1.
Network Time Protocol Version 4 (NTPv4) 2 NOTE Use the master command with caution. It is very easy to override valid time sources using this command, especially if a low stratum number is configured. Configuring multiple machines in the same network with the master command can cause instability in timekeeping if the machines do not agree on the time. NTP Client An NTP client gets time responses from an NTP server or servers, and uses the information to calibrate its clock.
2 Network Time Protocol Version 4 (NTPv4) The following scenarios are observed when you remove the last NTP server/peer under the conditions - the NTP server/peer is configured, master command is not configured, system clock is synchronized and the reference time is the NTP time: • If the local clock is not valid, the system clock is not synchronized. • If the local clock is valid, the system clock is synchronized and the reference time is the local clock.
Network Time Protocol Version 4 (NTPv4) 2 NTP broadcast client An NTP broadcast client listens for NTP packets on a broadcast address. When the first packet is received, the client attempts to quantify the delay to the server, to better quantify the correct time from later broadcasts. This is accomplished by a series of brief interchanges where the client and server act as a regular (non-broadcast) NTP client and server.
2 Network Time Protocol Version 4 (NTPv4) The specific mode that you should set for each of your networking devices depends primarily on the role that you want them to assume as a timekeeping device (server or client) and the device's proximity to a stratum 1 timekeeping server. A networking device engages in polling when it is operating as a client or a host in the client mode or when it is acting as a peer in the symmetric active mode.
Network Time Protocol Version 4 (NTPv4) 2 VLAN and NTP When VLAN is configured, • NTP time servers should be reachable through the interfaces which belong to the configured VLAN. Otherwise, NTP packets are not transmitted. This is applicable to both the unicast and the broadcast server/client. • NTP broadcast packets are sent only on the interface which belongs to the configured VLAN.
2 Network Time Protocol Version 4 (NTPv4) If the serve keyword is specified, then NTP will not serve the time to downstream devices. The serve keyword disables the NTP server mode functionalities. If the serve keyword is not specified, then both NTP client mode and NTP server mode functionalities are disabled. Use the no form of the command to enable NTP client and server mode. To enable the client mode, use the no disable command. To enable the client and server mode, use the no disable serve command.
Network Time Protocol Version 4 (NTPv4) 2 Brocade(config-ntp)# source-interface ethernet 1/3/1 Syntax: [no] source-interface ethernet port | loopback num | ve num Specify the port parameter in the format stack-unit/slotnum/portnum. The loopback num parameter specifies the loopback interface number. The ve num parameter specifies the virtual port number. Enable or disable the VLAN containment for NTP To enable or disable the VLAN containment for NTP, use the access-control vlan command.
2 Network Time Protocol Version 4 (NTPv4) Configuring the master To configure the FastIron device as a Network Time Protocol (NTP) master clock to which peers synchronize themselves when an external NTP source is not available, use the master command. The master clock is disabled by default. To disable the master clock function, use the no form of this command. NOTE This command is not effective, if the NTP is enabled in client-only mode.
Network Time Protocol Version 4 (NTPv4) 2 NOTE When the NTP server/peer is configured, the master command is not configured; on configuring the clock set command the system clock is not synchronized. When the master command is configured, on configuring the clock set command the system clock is synchronized and the reference time will be the local clock. To have active peers at both the ends, you need to disable NTP, configure the peers and enable the NTP using the no disable command.
2 Network Time Protocol Version 4 (NTPv4) NOTE This command is not effective, if the NTP server is disabled. Brocade(config)#int m1 Brocade(config-if-mgmt-1)#ip address 10.20.99.173/24 Brocade(config-if-mgmt-1)#ntp Brocade(config-ntp)#ntp-interface m1 Brocade(config-ntp -mgmt-1)# broadcast destination 10.20.99.0 key 2 Syntax: [no] broadcast destination ip-address [key key-id] [version num] The ip-address parameter is the IPv4 subnet address of the device to send NTP broadcast messages to.
Network Time Protocol Version 4 (NTPv4) TABLE 6 2 NTP status command output descriptions Field Description peer dispersion Dispersion of root path. system poll interval Poll interval of the local system. last update Time the router last updated its NTP information. server mode Status of the NTP server mode for this device. client mode Status of the NTP client mode for this device. master Status of the master mode.
2 Network Time Protocol Version 4 (NTPv4) TABLE 7 NTP associations command output descriptions Field Description when Time, in seconds, since last NTP packet was received from peer. poll Polling interval (seconds). reach Peer reachability (bit string, in octal). delay Round-trip delay to peer, in milliseconds. offset Relative time difference between a peer clock and a local clock, in milliseconds. disp Dispersion.
Network Time Protocol Version 4 (NTPv4) 2 Table 7 show ntp associations detail command output descriptions TABLE 8 NTP associations detail command output descriptions Field Description server Indicates server is statically configured. symmetric active peer Indicates peer is statically configured. symmetric passive peer Indicates peer is dynamically configured. sys_peer This peer is the system peer candidate This peer is chosen as candidate in the combine algorithm.
2 Network Time Protocol Version 4 (NTPv4) Configuration Examples The following sections list configuration examples to configure the Brocade device. NTP server and client mode configuration Sample CLI commands to configure the Brocade device in NTP server and client modes. Brocade(config-ntp)# Brocade(config-ntp)# Brocade(config-ntp)# Brocade(config-ntp)# Brocade(config-ntp)# Brocade(config-ntp)# server 10.1.2.3 minpoll 5 maxpoll 10 server 11::1/64 peer 10.100.12.18 peer 10.100.12.20 peer 10.100.12.
Basic port parameter configuration 2 NTP broadcast client configuration Sample CLI commands to configure the NTP broadcast client.
2 Basic port parameter configuration Specifying a management port The management port number is always 1. This example shows how to specify the management port: Brocade (config) # interface management 1 ICX 6610 Specifying a data port The port address format is is stack unit/slot/port, where: • stack unit—Specifies the stack unit ID. Range is from 1 to 8. If the device is not part of a stack, the stack unit ID is 1. • slot—Specifies the slot number. Can be 1 or 3.
Basic port parameter configuration 2 Specifying a stacking port The port address format is stack unit/slot/port, where: • stack unit—Specifies the stack unit ID. Range is from 1 to 8. • slot—Specifies the slot number. Default stacking ports are in slot 2 (FCX S/S-F) and slot3 (FCX E/I). • port—Specifies the port number in the slot. Default stacking ports in slot 2 and slot 3 are ports 1 and 2.
2 Basic port parameter configuration Syntax: port-name text The text parameter is an alphanumeric string. The name can be up to 255 characters long. The name can contain blanks. You do not need to use quotation marks around the string, even when it contains blanks. The port name can contain special characers as well, but the percentage character (%), if it appears at the end of the port name, is dropped.
Basic port parameter configuration 2 The ethernet stack-unit/slot/port parameter specifies the Ethernet port for which you want to display the interface information. The loopback option specifies the loopback port for which you want to display the interface information. The management option specifies the management port for which you want to display the interface information. The slot option specifies all the ports in a slot for which you want to display the interface information.
2 Basic port parameter configuration NOTE You can modify the port speed of copper ports only; this feature does not apply to fiber ports. NOTE For optimal link operation, copper ports on devices that do not support 803.3u must be configured with like parameters, such as speed (10,100,1000), duplex (half, full), MDI/MDIX, and Flow Control.
Basic port parameter configuration 2 Maximum Port speed advertisement is an enhancement to the auto-negotiation feature, a mechanism for accommodating multi-speed network devices by automatically configuring the highest performance mode of inter-operation between two connected devices. Maximum port speed advertisement enables you to configure an auto-negotiation maximum speed that Gbps copper ports on the Brocade device will advertise to the connected device.
2 Basic port parameter configuration Modifying port duplex mode You can manually configure a 10/100 Mbps port to accept either full-duplex (bi-directional) or half-duplex (uni-directional) traffic. NOTE You can modify the port duplex mode of copper ports only. This feature does not apply to fiber ports. Port duplex mode and port speed are modified by the same command.
Basic port parameter configuration 2 MDI and MDIX configuration syntax The auto MDI/MDIX detection feature is enabled on all Gbps copper ports by default. For each port, you can disable auto MDI/MDIX, designate the port as an MDI port, or designate the port as an MDIX port. To turn off automatic MDI/MDIX detection and define a port as an MDI only port. Brocade(config-if-e1000-2)# mdi-mdix mdi To turn off automatic MDI/MDIX detection and define a port as an MDIX only port.
2 Basic port parameter configuration All FastIron devices support asymmetric flow control, meaning they can receive PAUSE frames but cannot transmit them. In addition, FCX and ICX devices also support symmetric flow control, meaning they can both receive and transmit 802.3x PAUSE frames. For details about symmetric flow control, refer to “Symmetric flow control on FCX and ICX devices” on page 50.
Basic port parameter configuration 2 • flow-control [default] - Enable flow control, flow control negotiation, and advertise flow control • no flow-control neg-on - Disable flow control negotiation • no flow-control - Disable flow control, flow control negotiation, and advertising of flow control After flow control negotiation is enabled using the flow-control neg-on command option, flow control is enabled or disabled depending on the peer advertisement.
2 Basic port parameter configuration Brocade# show interface ethernet 18/1 GigabitEthernet18/1 is up, line protocol is up Port up for 50 seconds Hardware is GigabitEthernet, address is 0000.0028.0600 (bia 0000.0028.
Basic port parameter configuration 2 About XON and XOFF thresholds An 802.3x PAUSE frame is generated when the buffer limit at the ingress port reaches or exceeds the port’s upper watermark threshold (XOFF limit). The PAUSE frame requests that the sender stop transmitting traffic for a period of time. The time allotted enables the egress and ingress queues to be cleared. When the ingress queue falls below the port’s lower watermark threshold (XON limit), an 802.
2 Basic port parameter configuration NOTE Although the above QoS features are not supported with symmetric flow control, the CLI will still accept these commands. The last command issued will be the one placed into effect on the device. For example, if trust dscp is enabled after symmetric-flow-control is enabled, symmetric flow control will be disabled and trust dscp will be placed into effect. Make sure you do not enable incompatible QoS features when symmetric flow control is enabled on the device.
Basic port parameter configuration 2 For xoff %, the % minimum value is 60% and the maximum value is 95%. For xon %, the % minimum value is 50% and the maximum value is 90%. Use the show symmetric command to view the default or configured XON and XOFF thresholds. Refer to “Displaying symmetric flow control status” on page 53. Changing the total buffer limits This section describes how to change the total buffer limits described in “About XON and XOFF thresholds” on page 51.
2 Basic port parameter configuration PHY FIFO Rx and Tx depth configuration PHY devices on Brocade devices contain transmit and receive synchronizing FIFOs to adjust for frequency differences between clocks. The phy-fifo-depth command allows you to configure the depth of the transmit and receive FIFOs. There are 4 settings (0-3) with 0 as the default. A higher setting indicates a deeper FIFO. The default setting works for most connections.
Basic port parameter configuration 2 Configuring IPG on a Gbps Ethernet port On a Gbps Ethernet port, you can configure IPG for 10/100 mode and for Gbps Ethernet mode. 10/100M mode To configure IPG on a Gbps Ethernet port for 10/100M mode, enter the following command. Brocade(config)# interface ethernet 7/1 Brocade(config-if-e1000-7/1)# ipg-mii 120 IPG 120(120) has been successfully configured for ports 7/1 to 7/12 Syntax: [no] ipg-mii bit time Enter 12-124 for bit time. The default is 96 bit time.
2 Basic port parameter configuration IPG configuration notes • The CLI syntax for IPG differs on FastIron Stackable devices compared to FastIron X Series devices. This section describes the configuration procedures for FastIron Stackable devices. For FastIron X Series devices, refer to “Interpacket Gap (IPG) on a FastIron X Series switch” on page 54. • When an IPG is applied to a trunk group, it applies to all ports in the trunk group.
Basic port parameter configuration 2 Enabling and disabling support for 100BaseTX For FastIron X Series devices, you can configure a 1000Base-TX SFP (part number E1MG-TX) to operate at a speed of 100 Mbps. To do so, enter the 100-tx command at the Interface level of the CLI. Brocade(config-if-e1000-11)# 100-tx After the link is up, it will be in 100M/full-duplex mode, as shown in the following example.
2 Basic port parameter configuration Enabling and disabling 100BaseFX on Chassis-based and stackable devices NOTE The following procedure applies to Stackable devices and to Chassis-based 100/1000 Fiber interface modules only. The CLI syntax for enabling and disabling 100BaseFX support on these devices differs than on a Compact device. Make sure you refer to the appropriate procedures. These are not supported on ICX 6430 and ICX 6450 devices.
Basic port parameter configuration 2 • Negotiation-off – The port does not try to perform a handshake. Instead, the port uses configuration information manually configured by an administrator. To change the mode for individual ports, enter commands such as the following. Brocade(config)# interface ethernet 1 to 4 Brocade(config-mif-1-4)# gig-default auto-gig This command overrides the global setting and sets the negotiation mode to auto-Gbps for ports 1 – 4.
2 Basic port parameter configuration • Automatic configuration of a VoIP phone will not work if one of the following applies: - You do not configure a voice VLAN ID for a port with a VoIP phone - You remove the configured voice VLAN ID from a port without configuring a new one - You remove the port from the voice VLAN • Make sure the port is able to intercept CDP packets (cdp run command). • Some VoIP phones may require a reboot after configuring or re-configuring a voice VLAN ID.
Basic port parameter configuration 2 Port flap dampening configuration Port Flap Dampening increases the resilience and availability of the network by limiting the number of port state transitions on an interface. If the port link state toggles from up to down for a specified number of times within a specified period, the interface is physically disabled for the specified wait period. Once the wait period expires, the port link state is re-enabled.
2 Basic port parameter configuration Re-enabling a port disabled by port flap dampening A port disabled by port flap dampening is automatically re-enabled once the wait period expires; however, if the wait period is set to zero (0) seconds, you must re-enable the port by entering the following command on the disabled port.
Basic port parameter configuration TABLE 11 2 Output of show link-error-disable (Continued) Column Description Shutoff-Time The number of seconds the port will remain disabled (down) before it becomes enabled. A zero (0) indicates that the port will stay down until an administrative override occurs. State The port state can be one of the following: Idle – The link is normal and no link state toggles have been detected or sampled.
2 Basic port parameter configuration NOTE If a port name is longer than five characters, the port name is truncated in the output of the show interface brief command. Syslog messages for port flap dampening The following Syslog messages are generated for port flap dampening. • If the threshold for the number of times that a port link toggles from “up” to “down” then “down” to “up” has been exceeded, the following Syslog message is displayed.
Basic port parameter configuration 2 • With Loose Mode, two ports of a loop are disabled. • Different VLANs may disable different ports. A disabled port affects every VLAN using it. • Loose Mode floods test packets to the entire VLAN. This can impact system performance if too many VLANs are configured for Loose Mode loop detection. NOTE Brocade recommends that you limit the use of Loose Mode.
2 Basic port parameter configuration This command sets the loop-detection interval to 5 seconds (50 x 0.1). To revert to the default global loop detection interval of 10, enter one of the following. Brocade(config)# loop-detection-interval 10 OR Brocade(config)# no loop-detection-interval 50 Syntax: [no] loop-detection-interval number where number is a value from 1 to 100. The system multiplies your entry by 0.1 to calculate the interval at which test packets will be sent.
Basic port parameter configuration 2 Clearing loop-detection To clear loop detection statistics and re-enable all ports that are in Err-Disable state because of a loop detection, enter the clear loop-detection command. Brocade# clear loop-detection Displaying loop-detection information Use the show loop-detection status command to display loop detection status, as shown. Brocade# show loop-detection status loop detection packets interval: 10 (unit 0.
2 Basic port parameter configuration Displaying loop detection resource information Use the show loop-detection resource command to display the hardware and software resource information on loop detection.
Basic port parameter configuration 2 171319 packets input, 12272674 bytes, 0 no buffer Received 0 broadcasts, 63650 multicasts, 107669 unicasts 0 input errors, 0 CRC, 0 frame, 0 ignored 0 runts, 0 giants 51094 packets output, 3925313 bytes, 0 underruns Transmitted 2 broadcasts, 42830 multicasts, 8262 unicasts 0 output errors, 0 collisions Relay Agent Information option: Disabled Syslog message due to disabled port in loop detection The following message is logged when a port is disabled due to loop detec
2 70 Basic port parameter configuration FastIron Ethernet Switch Administration Guide 53-1002637-02
Chapter 3 Operations, Administration, and Maintenance Table 13 lists the individual Brocade FastIron switches and the operations, administration, and maintenance (OAM) features they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
3 OAM Overview • Software reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 • Displaying the boot preference. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 • Loading and saving configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 • Loading and saving configuration files with IPv6 . . . . . . . . . . . . . . . . . . . . . 88 • System reload scheduling. . . . . . . . . . . . . . . . . . . . . . . .
Software versions installed and running on a device 3 Compact devices To determine the flash image version running on a Compact device, enter the show version command at any level of the CLI. The following shows an example output. Brocade#show version Copyright (c) 1996-2012 Brocade Communications Systems, Inc. All rights reserved. UNIT 1: compiled on Mar 2 2012 at 12:38:17 labeled as ICX64S07400 (10360844 bytes) from Primary ICX64S07400.bin SW: Version 07.4.
3 Software versions installed and running on a device Serial #: BQKxxxxxxxx P-ASIC 0: type C341, rev 00 subrev 00 ========================================================================== SL 2: SX-FI-24GPP 24-port Gig Copper + PoE+ Serial #: BTUxxxxxxxx P-ASIC 2: type C300, rev 00 subrev 00 ========================================================================== SL 8: SX-FI-48GPP 48-port Gig Copper + PoE+ Serial #: BFVxxxxxxxx P-ASIC 14: type C300, rev 00 subrev 00 =====================================
Software versions installed and running on a device 3 Displaying the image versions installed in flash memory Enter the show flash command to display the boot and flash images installed on the device. An example of the command output is shown in “Displaying the boot image version running on the device” on page 74: • The “Compressed Pri Code size” line lists the flash code version installed in the primary flash area.
3 Image file types Brocade#verify md5 secondary Brocade#.........................Done Size = 2044830, MD5 01c410d6d153189a4a5d36c955653862 To generate a SHA-1 hash value for the secondary image, enter the following command. Brocade#verify sha secondary Brocade#.........................Done Size = 2044830, SHA1 49d12d26552072337f7f5fcaef4cf4b742a9f525 To generate a CRC32 hash value for the secondary image, enter the following command. Brocade#verify crc32 secondary Brocade#.........................
Software upgrades TABLE 14 3 Software image files (Continued) Product Boot image1 Flash image FCX ICX 6610 grzxxxxxx.bin FCXSxxxxx.bin (Layer 2) or FCXRxxxxx.bin (Layer 3) ICX 6430 ICX 6450 kxzxxxxx.bin ICX64Sxxxxx.bin (Layer 2) or ICX64Rxxxxx.bin (Layer 3 - ICX 6450 only) 1. These images are applicable to these devices only and are not interchangeable. For example, you cannot load FCX boot or flash images on a FSX device, and vice versa.
3 Viewing the contents of flash files • For FCX devices, enter the show dir command at any level of the CLI, or enter the dir command at the monitor mode. • For ICX devices, enter the show files command at the device configuration prompt. The following shows an example command output. Brocade#show dir 133 [38f4] boot-parameter 0 [ffff] bootrom 3802772 [0000] primary 4867691 [0000] secondary 163 [dd8e] stacking.boot 1773 [0d2d] startup-config 1808 [acfa] startup-config.
Viewing the contents of flash files Brocade#copy flash console startup-config.backup ver 07.0.
3 Using SNMP to upgrade software Using SNMP to upgrade software You can use a third-party SNMP management application such as HP OpenView to upgrade software on a Brocade device. NOTE The syntax shown in this section assumes that you have installed HP OpenView in the “/usr” directory. NOTE Brocade recommends that you make a backup copy of the startup-config file before you upgrade the software. If you need to run an older release, you will need to use the backup copy of the startup-config file. 1.
Software reboot 3 Software reboot You can use boot commands to immediately initiate software boots from a software image stored in primary or secondary flash on a Brocade device or from a BootP or TFTP server. You can test new versions of code on a Brocade device or choose the preferred boot source from the console boot prompt without requiring a system reset. NOTE It is very important that you verify a successful TFTP transfer of the boot code before you reset the system.
3 Loading and saving configuration files Brocade#show boot-preference Boot system preference(Configured): Boot system tftp 10.1.1.1 FCXR08000.bin Boot system flash primary Boot system preference(Default): Boot system flash primary Boot system flash secondary Syntax: show boot-preference The results of the show run command for the configured example above appear as follows. Brocade#show run Current configuration: ! ver 08.0.
Loading and saving configuration files 3 When you load the startup-config file, the CLI parses the file three times. 1. During the first pass, the parser searches for system-max commands. A system-max command changes the size of statically configured memory. 2. During the second pass, the parser implements the system-max commands if present and also implements trunk configuration commands (trunk command) if present. 3. During the third pass, the parser implements the remaining commands.
3 Loading and saving configuration files Replacing the startup configuration with the running configuration After you make configuration changes to the active system, you can save those changes by writing them to flash memory. When you write configuration changes to flash memory, you replace the startup configuration with the running configuration. To replace the startup configuration with the running configuration, enter the following command at any Enable or CONFIG command prompt.
Loading and saving configuration files 3 • copy startup-config tftp tftp-ip-addr filename – Use this command to upload a copy of the startup configuration file from the Layer 2 Switch or Layer 3 Switch to a TFTP server. • copy running-config tftp tftp-ip-addr filename – Use this command to upload a copy of the running configuration file from the Layer 2 Switch or Layer 3 Switch to a TFTP server.
3 Loading and saving configuration files • The file can contain global CONFIG commands or configuration commands for interfaces, routing protocols, and so on. You cannot enter User EXEC or Privileged EXEC commands. • The default CLI configuration level in a configuration file is the global CONFIG level. Thus, the first command in the file must be a global CONFIG command or “ ! ”. The ! (exclamation point) character means “return to the global CONFIG level”.
Loading and saving configuration files 3 interface ethernet 11 no ip address 10.20.20.69/24 ip address 10.10.10.69/24 This time, the CLI accepts the command, and no error message is displayed. Brocade(config)#interface ethernet 11 Brocade(config-if-e1000-11)#no ip add 10.20.20.69/24 Brocade(config-if-e1000-111)#ip add 10.10.10.69/24 Brocade(config-if-e1000-11) • Always use the end command at the end of the file. The end command must appear on the last line of the file, by itself.
3 Loading and saving configuration files with IPv6 • ncopy startup-config tftp ip-addr from-name Loading and saving configuration files with IPv6 This section describes the IPv6 copy and ncopy commands.
Loading and saving configuration files with IPv6 3 Specify the running-config keyword to copy the running configuration file to the specified IPv6 TFTP server. Specify the startup-config keyword to copy the startup configuration file to the specified IPv6 TFTP server. The tftp ipv6-address parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373.
3 Loading and saving configuration files with IPv6 Specify the running-config keyword to copy the running configuration from the specified IPv6 TFTP server. The ipv6-address parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. The source-file-name parameter specifies the name of the file that is copied from the IPv6 TFTP server.
Loading and saving configuration files with IPv6 3 Specify the running-config keyword to copy the device running configuration or the startup-config keyword to copy the device startup configuration. The tftp ipv6-address parameter specifies the address of the TFTP server. You must specify this address in hexadecimal using 16-bit values between colons as documented in RFC 2373. The destination-file-name parameter specifies the name of the running configuration that is copied to the IPv6 TFTP server.
3 Loading and saving configuration files with IPv6 Specify the running-config keyword to upload the specified file from the IPv6 TFTP server to the device. The device copies the specified file into the current running configuration but does not overwrite the current configuration. Specify the startup-config keyword to upload the specified file from the IPv6 TFTP server to the device.
System reload scheduling 3 21 – Download a startup-config file from a TFTP server to the flash memory of the Brocade device. 22 – Upload the running-config from the flash memory of the Brocade device to the TFTP server. 23 – Download a configuration file from a TFTP server into the running-config of the Brocade device. NOTE Option 23 adds configuration information to the running-config on the device, and does not replace commands.
3 Diagnostic error codes and remedies for TFTP transfers Reloading after a specific amount of time To schedule a system reload to occur after a specific amount of time has passed on the system clock, use reload after command. For example, to schedule a system reload from the secondary flash one day and 12 hours later, enter the following command at the global CONFIG level of the CLI.
Diagnostic error codes and remedies for TFTP transfers 3 Error code Message Explanation and action 6 TFTP out of buffer space. The file is larger than the amount of room on the device or TFTP server. If you are copying an image file to flash, first copy the other image to your TFTP server, then delete it from flash. (Use the erase flash... CLI command at the Privileged EXEC level to erase the image in the flash.
3 Network connectivity testing Message Explanation and action Firmware type cannot be detected from the firmware content. Each PoE firmware file delivered by Brocade is meant to be used on the specific platform and the specific PoE controller on the specified module. If the file is used for a platform for which it is meant, but the PoE controller is not same then this error message will display. Download the correct file, then retry the transfer. TFTP File not Valid for PoE Controller Type.
Network connectivity testing 3 The ttl num parameter specifies the maximum number of hops. You can specify a TTL from 1 – 255. The default is 64. The size byte parameter specifies the size of the ICMP data portion of the packet. This is the payload and does not include the header. You can specify from 0 – 10000. The default is 16. The no-fragment parameter turns on the “don’t fragment” bit in the IP header of the ping packet. This option is disabled by default.
3 Hitless management on the FSX 800 and FSX 1600 Tracing an IPv4 route NOTE This section describes the IPv4 traceroute command. For details about IPv6 traceroute, refer to the FastIron Ethernet Switch Layer 3 Routing Configuration Guide. Use the traceroute command to determine the path through which a Brocade device can reach another device. Enter the command at any level of the CLI. The CLI displays trace route information for each hop as soon as the information is received.
Hitless management on the FSX 800 and FSX 1600 3 Hitless Failover – An automatic, forced switchover of the active and standby management modules because of a failure or abnormal termination of the active management module. In the event of a failover, the active management module abruptly leaves and the standby management module immediately assumes the active role. Like a switchover, a failover occurs without any packet loss to hitless-supported services and protocols.
3 Hitless management on the FSX 800 and FSX 1600 Benefits of hitless management The benefits of Hitless management include the following: • The standby management module (the module that takes over the active role) and all interface modules in the chassis are not reset • • • • Existing data traffic flows continue uninterrupted with no traffic loss Port link states remain UP for the duration of the hitless management event System configurations applied through Console/SNMP/HTTP interfaces remain intact
Hitless management on the FSX 800 and FSX 1600 TABLE 15 3 Hitless-supported services and protocols – FSX 800 and FSX 1600 Traffic type Supported protocols and services Impact Layer 2 switched traffic, including unicast and multicast + System-level + Layer 4 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • 802.1p and 802.1Q 802.3ad – LACP 802.3af – PoE 802.3at – PoE+ DSCP honoring and Diffserv Dual-mode VLAN IGMP v1, v2, and v3 snooping IPv4 ACLs IPv6 ACLs Layer 2 switching (VLAN and 802.
3 Hitless management on the FSX 800 and FSX 1600 TABLE 15 Hitless-supported services and protocols – FSX 800 and FSX 1600 Traffic type Supported protocols and services Impact Layer 3 IPv6 routed traffic • • • • • • • Layer 3 routed traffic for supported protocols is not impacted during a Hitless management event. Traffic will converge to normalcy after the new active module becomes operational.
Hitless management on the FSX 800 and FSX 1600 3 Hitless management configuration notes and feature limitations The following limitations apply to hitless management support. • All traffic going through Ethernet interfaces (if present) on the management modules will be interrupted during a hitless OS upgrade. This is because both management modules must be reloaded with the new image. This applies to hitless OS upgrade only.
3 Hitless management on the FSX 800 and FSX 1600 Separate data and control planes The FSX 800 and FSX 1600 management modules have separate data and control planes. The data plane forwards traffic between the switch fabric modules and all of the Interface modules in the chassis. The control plane carries traffic that is destined for the CPU of the active management module.
Hitless management on the FSX 800 and FSX 1600 3 When control protocols are synchronized and protocol synchronization timers expire, the standby management module will be in hot-standby mode, meaning the standby module is ready to take over as the active management module. In the event of a switchover, the standby module will pick up where the active module left off, without interrupting data traffic.
3 Hitless management on the FSX 800 and FSX 1600 NOTE Hitless OS upgrade is not impacted by this option and is supported whether or not hitless failover is enabled. NOTE Synchronization between the active management module and standby management module will occur whether or not hitless failover is enabled. To enable hitless failover, enter the following command at the Global CONFIG level of the CLI: Brocade(config)#hitless-failover enable The command takes effect immediately.
Hitless management on the FSX 800 and FSX 1600 3 Hitless OS upgrade on the FSX 800 and FSX 1600 Hitless Operating System (OS) Upgrade enables an operating system upgrade and switchover without any packet loss to the services and protocols that are supported by Hitless management. What happens during a Hitless OS upgrade The following steps describe the internal events that occur during a hitless OS upgrade. 1.
3 Hitless management on the FSX 800 and FSX 1600 Hitless OS upgrade considerations Consider the following when using the hitless OS upgrade feature: • Hitless OS upgrade allows for upgrading the software in a system between two releases of the OS that support this functionality and have compatible data structures. A hitless O/S downgrade may also be supported if the current and target code releases have compatible data structures.
Hitless management on the FSX 800 and FSX 1600 3 Hitless OS upgrade configuration steps The following is a summary of the configuration steps for a hitless OS software upgrade. 1. Copy the software image that supports hitless software upgrade from a TFTP server to the FastIron switch. Refer to “Loading the software onto the switch”. 2. Install the software image in flash memory on the active and standby management modules. 3. Enter the hitless-reload command on the active management module.
3 Hitless management on the FSX 800 and FSX 1600 Displaying diagnostic information Use the following commands to display diagnostic information for a hitless switchover or failover.
Displaying management redundancy information 3 Displaying management redundancy information Enter the following command at any level of the CLI, to view the redundancy parameter settings and statistics.
3 Layer 3 hitless route purge Setting the IPv4 hitless purge timer on the non-default VRF 1. Enter the VRF configuration mode using the vrf command. 2. Configure route distinguisher using the rd command. 3. Enter IPv4 address family configuration mode using the address-family ipv4 command. 4. Configure the router purge timer using the ip hitless-route-purge-timer command.
Commands 3 Commands The following commands supports the features described in this chapter: • ip hitless-route-purge-timer • ipv6 hitless-route-purge-timer FastIron Ethernet Switch Administration Guide 53-1002637-02 113
3 ip hitless-route-purge-timer ip hitless-route-purge-timer Configures the maximum time before stale routes are purged from the routing information base (RIB) after a switchover, failover, or OS upgrade. The no form of this command sets the purge timer time to its default value. Syntax ip hitless-route-purge-timer seconds no ip hitless-route-purge-timer seconds Command Default Parameters By default, the hitless purge timer is set. seconds Maximum time, in seconds, before stale routes are purged.
ipv6 hitless-route-purge-timer 3 ipv6 hitless-route-purge-timer Configures the maximum time before stale routes are purged from the routing information base (RIB) after a switchover, failover, or OS upgrade. The no form of this command sets the purge timer time to its default value. Syntax ipv6 hitless-route-purge-timer seconds no ipv6 hitless-route-purge-timer seconds Command Default Parameters By default, the hitless purge timer is set.
3 116 ipv6 hitless-route-purge-timer FastIron Ethernet Switch Administration Guide 53-1002637-02
Chapter 4 Software-based Licensing Table 16 lists the individual Brocade FastIron switches and the software licensing features they support. TABLE 16 Supported software licensing features Feature FSX 800 FSX 1600 FCX ICX 6610 ICX 6450 Software-based licensing Yes Yes Yes Yes License generation License query Deleting a license This chapter contains the following section: • Software-based licensing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4 Software-based licensing overview • Transaction key – A unique key, along with the LID, used to generate a software license from the Brocade software portal. The transaction key is issued by Brocade when a license is purchased. The transaction key is delivered according to the method specified when the order is placed: - Paper-pack – The transaction key is recorded on an entitlement certificate, which is mailed to the customer.
Software-based licensing overview 4 • For FCX and ICX devices, the license unlocks the licensed feature and it becomes available immediately. There is no need to reload the software. • For FSX devices, the license unlocks the ability to upload the software image (for example, Premium Layer 3) onto the device. Once the software image is installed and the software is reloaded, the license unlocks the licensed feature.
4 Non-licensed features Non-licensed features Table 17 lists the FastIron software images that do not require a license to run on the device. TABLE 17 = Software image files that do not require a license Product Image filename FSX 800 FSX 1600 SXSxxxxx.bin SXLxxxxx.bin (base Layer 3) SXLSxxxxx.bin FCX ICX 6610 FCXSxxxxx.bin (Layer 2) FCXRxxxxx.bin (Layer 3) ICX 6430 ICX 6450 ICX64Sxxxxx.bin (Layer 2) ICX64Rxxxxx.
Licensed features and part numbers TABLE 18 4 Licensed features and part numbers (Continued) Product Licensed feature or feature set Image filename Part numbers for software license only Part numbers for hardware with pre-installed software license ICX 6610 Software-based licensing is only supported on ICX 6610 devices.
4 Licensed features and part numbers TABLE 18 Licensed features and part numbers (Continued) Product Licensed feature or feature set Image filename Part numbers for software license only Part numbers for hardware with pre-installed software license FSX 800 and FSX 1600 IPv4 PREM Layer 3 for IPv4 management modules1: • 6,000 active host routes • Anycast RP • BGP4 • DVMRP V2 • IGMP V1, V2, and V3 • ICMP redirect messages • IGMP V3 fast leave (for routing) • MSDP • OSPF V2 • PIM-DM • PIM-SM • PIM pas
Licensing rules 4 Table 19 lists the supported software packages.
4 Licensing rules Licensing rules for FCX and ICX 6610 devices The following licensing rules apply to FCX and ICX 6610 devices for software-based licensing. To describe the behavior for running software-based licensing in an FCX traditional stack, the FCX-ADV-LIC-SW license is used as an example. NOTE For FCX and ICX 6610 devices, the behavior for running software-based licensing with different licenses (Premium, Advance, or Upgrade licenses) is the same.
Licensing for Ports on Demand 4 • If BGP is not enabled on the Active controller, a stack unit is operational whether or not the Active controller or the stack units have the FCX-ADV-LIC-SW license. This implies that in a stack where all units (Active controller, Standby controller, and member units) have the FCX-ADV-LIC-SW license, a stack can be formed whether or not BGP is enabled.
4 Licensing for Ports on Demand 3. Enter the speed-duplex 10g-full command on a single, multiple, or interface range on ICX 6610 devices only, as shown in the example below. Brocade(config)# interface ethernet 1/3/1 Brocade(config-if-e10000-1/3/1)# speed-duplex 10g-full NOTE You do not need to enter the speed-duplex 10g-full command on ICX 6450 devices when configuring PoD on an interface. 4. Enter the write memory command to save the configuration.
Licensing for Ports on Demand 4 3. Enable the 10 Gbps port speed for the upper four PoD ports by entering the following command.
4 Licensing for Ports on Demand The unit id parameter specifies the unit ID number of the PoD you want to display. Table 20 describes the information displayed in the output of the show pod unit command. TABLE 20 Output from the show pod unit command Field Description Unit-Id The unit ID number of the PoD. PoD license capacity The port capacity of the PoD license that is purchased. For ICX 6610 devices, the port capacity can be four or eight 10 Gbps ports.
Upgrading or downgrading configuration considerations for PoD 4 For a description of the fields in the show pod and show pod [unit id] command outputs, refer to Table 20 on page 128. Upgrading or downgrading configuration considerations for PoD Consider the following when upgrading or downgrading PoD ports for ICX 6610 or ICX 6450 devices: • When a single ICX6610-10G-LIC-POD license is downloaded onto the device, you can upgrade the first four or the last four PoD ports to 10 Gbps port speed.
4 Upgrading or downgrading configuration considerations for PoD • When the speed-duplex 10g-full command is configured for a port or multiple ports on an interface, and there is no license or an insufficient license in the stack upon bootup or hot swap of a stack unit, the port is configured to 10 Gbps port speed. However, the port is in ERROR_DISABLED state until you install the correct license in the stack.
Upgrading or downgrading configuration considerations for PoD 4 Brocade#show interface ethernet 3/2/2 10GigabitEthernet6/2/2 is up, line protocol is up Hardware is 10GigabitEthernet, address is 0000.0082.f872 (bia 0000.0082.
4 Software licensing configuration tasks Software licensing configuration tasks This section describes the configuration tasks for generating and obtaining a software license, and then installing it on the Brocade device. Perform the tasks in the order listed in Table 21. TABLE 21 Configuration tasks for software licensing Configuration task Reference... 1 Order the desired license.
Software licensing configuration tasks 4 Figure 2 shows the Software Portal Login window.
4 Software licensing configuration tasks From the License Management menu, select Brocade IP/ADP > License Generation with Transaction key. The IP/ADP License Generation dialog box displays.
Software licensing configuration tasks 4 Figure 4 shows the IP/ADP License Generation dialog box for generating a license using a transaction key and LID. FIGURE 4 IP/ADP License Generation window IP/ADP Licence Generation Enter the required information. • For a description of the field, move the pointer over the field. • An asterisk next to a field indicates that the information is required. NOTE You can generate more than one license at a time.
4 Software licensing configuration tasks Click the Generate button to generate the license. Figure 5 shows the results window, which displays an order summary and the results of the license request. • If the license request is successful, the Status field shows “Success” and the License File field contains a hyperlink to the generated license file. The license file is automatically sent by e-mail to the specified customer e-mail address.
Installing a license file 4 Installing a license file Once you obtain a license file, place it on a TFTP or SCP server to which the Brocade device has access, and then use TFTP or SCP to copy the file to the license database of the Brocade device.
4 Deleting a license file The scp license_file_on_host user@IP_address:license command is supported on SX 800 and SX 1600 devices. To copy a license file from an SCP-enabled client to the license database of the Brocade device, enter a command such as the following on the SCP-enabled client: c:\scp c:\license\license101 terry@10.1.1.
Using a trial license 4 The index_number variable is a valid license index number. The license index number can be retrieved from the show license command output. For more information, refer to “Viewing information about software licenses” on page 144. NOTE When removing a license on an FSX device running a release 08.0.00a image, we recommend an immediate reboot.
4 Viewing software license information from the Brocade software portal What happens when a trial license expires A trial license expires when it exceeds the specified expiration time or date. The countdown starts when the trial license is generated. When the license expires, the CLI commands related to the licensed feature will no longer be available from the CLI.
Viewing software license information from the Brocade software portal • • • • 4 Transaction key LID Feature name Product line From the License Management menu, select Brocade IP/ADP > License Query. The License Query window displays. (Refer to Figure 6).
4 Viewing software license information from the Brocade software portal FIGURE 6 License Query window • To view software license information for a particular unit, enter the LID in the Unit ID field and click Search. • To view software license information for a particular transaction key, enter the unique number in the Transaction key field and click Search. Figure 7 shows an example of the license query results.
Transferring a license 4 Transferring a license A license can be transferred between Brocade devices if both the following conditions are true: • The device is under an active support contract. • The license is being transferred between two similar models (for example, from a 24-port model to another 24-port model or from a 48-port model to another 48-port model).
4 Syslog messages and trap information Syslog messages and trap information Table 22 lists the syslog messages and traps that are supported for software-based licensing. TABLE 22 Syslog messages Message level Message Explanation Informational License: Package package_name with LID LID_number is added The license package has been added. Informational License: Package package_name with LID LID_number is removed The license package has been deleted.
Viewing information about software licenses 4 HW: Stackable FCX648S ========================================================================== UNIT 1: SL 1: FCX-48GS POE 48-port Management Module Serial #: BCYxxxxxxxx License: FCX_ADV_ROUTER_SOFT_PACKAGE (LID: deaHHKIgFro) P-ENGINE 0: type DB90, rev 01 P-ENGINE 1: type DB90, rev 01 PROM-TYPE: FCX-ADV-U ========================================================================== UNIT 1: SL 2: FCX-2XGC 2-port 16G Module (2-CX4) ===============================
4 Viewing information about software licenses Brocade#show license Index License Name Capacity Stack unit 3: 1 FCX-ADV-LIC-SW Stack unit 4: 1 FCX-ADV-LIC-SW Stack unit 5: 1 FCX-ADV-LIC-SW Lid License Type Status License Period License deaHHKIgFrN Normal Active Unlimited 1 dexHHIIgFFd Normal Active Unlimited 1 writcfgMFMH Normal Active Unlimited 1 Syntax: show license Viewing the license database NOTE The show license command can be used to display software license information for the
4 Viewing information about software licenses To display software license information on an ICX 6430 device, enter the following command. In the example below, the premium and PoD licenses are installed on stack unit 1, and on stack unit 2 only the premium license is installed.
4 Viewing information about software licenses TABLE 23 Output from the show license unit command Field Description Index The index number specifies the software license file for a specific stack The index number is generated by the member unit. License Name The name of license installed for the license index number on the stack unit. Lid The license ID. This number is embedded in the Brocade device. License Type Indicates whether the license is normal (permanent) or trial (temporary).
Viewing information about software licenses TABLE 24 4 Output from the show license command Field Description +license name The name of the license installed on the unit. +lid The license ID. This number is embedded in the Brocade device. +license type Indicates whether the license is normal (permanent) or trial (temporary).
4 Viewing information about software licenses P-ENGINE 1: type DB90, rev 01 PROM-TYPE: FCX-ADV-U ========================================================================== UNIT 1: SL 2: FCX-2XGC 2-port 16G Module (2-CX4) ========================================================== =============== UNIT 1: SL 3: FCX-2XG 2-port 10G Module (2-XFP) ========================================================================== UNIT 2: SL 1: FCX-48GS POE 48-port Management Module Serial #: upgrade7072 License: FCX_FUL
Chapter 5 IPv6 Table 1 lists the individual Brocade FastIron switches and the IPv6 features they support. These features are supported with premium IPv6 devices running the full Layer 3 software image. TABLE 1 Supported IPv6 features Feature FSX 800 FSX 1600 FCX ICX 6610 ICX 6450 ICX 6430 Static IPv6 Routing Yes a Yes Yes Yes No IPv6 over IPv4 tunnels Yes Yes Yes No No ECMP load sharing Yes Yes Yes Yes No a. Third generation modules.
5 Static IPv6 route configuration Syntax: ipv6 route dest-ipv6-prefix/prefix-length next-hop-ipv6-address [metric] [distance number] To configure a static IPv6 route for a destination network with the prefix 2001:DB8::0/32 and a next-hop gateway with the link-local address fe80::1 that the Layer 3 switch can access through Ethernet interface 1/3/1, enter the following command.
Static IPv6 route configuration TABLE 2 5 Static IPv6 route parameters Parameter Configuration details Status The IPv6 prefix and prefix length of the route’s destination network. You must specify the dest-ipv6-prefix parameter in hexadecimal using 16-bit values between colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow the ipv6-prefix parameter and precede the prefix-length parameter. Mandatory for all static IPv6 routes.
5 IPv6 over IPv4 tunnels Configuring a static route in a non-default VRF or User VRF To configure a static IPv6 route for a destination network with the prefix 2001:DB8::0/32, a next-hop gateway with the global address 2001:DB8:0:ee44::1, in the non-default VRF named “blue”, enter the following at the general configuration prompt.
IPv6 over IPv4 tunnels 5 IPv6 over IPv4 tunnel configuration notes • The local tunnel configuration must include both source and destination addresses. • The remote side of the tunnel must have the opposite source/destination pair. • A tunnel interface supports static and dynamic IPv6 configuration settings and routing protocols. • Duplicate Address Detection (DAD) is not currently supported with IPv6 tunnels. Make sure tunnel endpoints do not have duplicate IP addresses.
5 IPv6 over IPv4 tunnels Syntax: ipv6 enable The ipv6 enable command enables the tunnel. Alternatively, you could specify an IPv6 address, which would also enable the tunnel. Syntax: ipv6 address ipv6-prefix/prefix-length [eui-64] The ipv6 address command enables the tunnel. Alternatively, you could enter ipv6 enable, which would also enable the tunnel. Specify the ipv6-prefix parameter in hexadecimal format using 16-bit values between colons as documented in RFC 2373.
IPv6 over IPv4 tunnels TABLE 3 5 IPv6 tunnel summary information Field Description Tunnel The tunnel interface number. Mode The tunnel mode. Possible modes include the following: configured – Indicates a manually configured tunnel. • Packet Received The number of packets received by a tunnel interface. Note that this is the number of packets received by the CPU. It does not include the number of packets processed in hardware. Packet Sent The number of packets sent by a tunnel interface.
5 IPv6 over IPv4 tunnels TABLE 4 IPv6 tunnel interface information (Continued) Field Description Tunnel mode The tunnel mode can be the following: • ipv6ip – indicates a manually configured tunnel Port name The port name configured for the tunnel interface. MTU The setting of the IPv6 maximum transmission unit (MTU). Displaying interface level IPv6 settings To display Interface level IPv6 settings for tunnel interface 1, enter the following command at any level of the CLI.
ECMP load sharing for IPv6 TABLE 5 5 Interface level IPv6 tunnel information Field Interface Tunnel status Line protocol status Description The status of the tunnel interface can be one of the following: up – IPv4 connectivity is established. down – The tunnel mode is not set. administratively down – The tunnel interface was disabled with the disable command. • • • The status of the line protocol can be one of the following: up – IPv6 is enabled through the ipv6 enable or ipv6 address command.
5 ECMP load sharing for IPv6 If you want to re-enable the feature after disabling it, you must specify the number of load-sharing paths. The maximum number of paths the device supports is a value from 2–8. By entering a command such as the following, iPv6 load-sharing will be re-enabled. Brocade(config)#ipv6 load-sharing 4 Syntax: [no] ipv6 load-sharing num The num parameter specifies the number of paths and can be from 2–8. The default is 4.
Chapter 6 SNMP Access Table 6 lists individual Brocade switches and the SNMP access methods they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
6 SNMP community strings This chapter presents additional methods for securing SNMP access to Brocade devices. It contains the following sections: • • • • • • “SNMP community strings” “User-based security model” “SNMP v3 configuration examples” “SNMP version 3 traps” “Displaying SNMP Information” “SNMP v3 configuration examples” Restricting SNMP access using ACL, VLAN, or a specific IP address constitute the first level of defense when the packet arrives at a Brocade device.
SNMP community strings 6 To add an encrypted community string, enter commands such as the following. Brocade(config)#snmp-server community private rw Brocade(config)#write memory Syntax: snmp-server community [0 | 1] string ro | rw [view viewname] [standard-ACL-name | standard-ACL-id] The string parameter specifies the community string name. The string can be up to 32 characters long. The ro | rw parameter specifies whether the string is read-only (ro) or read-write (rw).
6 SNMP community strings The command in this example adds the string “private” in the clear, which means the string is displayed in the clear. When you save the new community string to the startup-config file, the software adds the following command to the file. snmp-server community 0 private rw The view viewname parameter is optional. It allows you to associate a view to the members of this community string. Enter up to 32 alphanumeric characters.
User-based security model Brocade#show snmp server Contact: Marshall Location: Copy Center Community(ro): public Community(rw): private Traps Cold start: Link up: Link down: Authentication: Locked address violation: Power supply failure: Fan failure: Temperature warning: STP new root: STP topology change: ospf: 6 Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Enable Total Trap-Receiver Entries: 4 Trap-Receiver IP Address Community 1 10.95.6.211 2 10.95.5.
6 User-based security model Configuring your NMS In order to use the SNMP version 3 features. 1. Make sure that your Network Manager System (NMS) supports SNMP version 3. 2. Configure your NMS agent with the necessary users. 3. Configure the SNMP version 3 features in Brocade devices. Configuring SNMP version 3 on Brocade devices Follow the steps given below to configure SNMP version 3 on Brocade devices. 1.
User-based security model 6 The hex-string variable consists of 11 octets, entered as hexadecimal values. There are two hexadecimal characters in each octet. There should be an even number of hexadecimal characters in an engine ID. The default engine ID has a maximum of 11 octets: • Octets 1 through 4 represent the agent's SNMP management private enterprise number as assigned by the Internet Assigned Numbers Authority (IANA). The most significant bit of Octet 1 is "1".
6 User-based security model The viewstring variable is the name of the view to which the SNMP group members have access. If no view is specified, then the group has no access to the MIB. The value of viewstring is defined using the snmp-server view command. The SNMP agent comes with the "all" default view, which provides access to the entire MIB; however, it must be specified when creating the group. The "all" view also allows SNMP version 3 to be backwards compatibility with SNMP version 1 and version 2.
Defining SNMP views 6 NOTE The ACL specified in a user account overrides the ACL assigned to the group to which the user is mapped. If no ACL is entered for the user account, then the ACL configured for the group will be used to filter packets. The encrypted parameter means that the MD5 or SHA password will be a digest value. MD5 has 16 octets in the digest. SHA has 20. The digest string has to be entered as a hexadecimal string. In this case, the agent need not generate any explicit digest.
6 SNMP version 3 traps Brocade(config)#snmp-server view Maynes system included Brocade(config)#snmp-server view Maynes system.2 excluded Brocade(config)#snmp-server view Maynes 2.3.*.6 included Brocade(config)#write mem NOTE The snmp-server view command supports the MIB objects as defined in RFC 1445. Syntax: [no] snmp-server view name mib_tree included | excluded The name parameter can be any alphanumeric name you choose to identify the view. The names cannot contain spaces.
SNMP version 3 traps 6 To configure an SNMP user group, first configure SNMPv3 views using the snmp-server view command. Refer to “SNMP v3 configuration examples” on page 176. Then enter a command such as the following.
6 SNMP version 3 traps NOTE If the configured version is v2c, then the notification is sent out in SMIv2 format, using the community string, but in cleartext mode. To send the SMIv2 notification in SNMPv3 packet format, configure v3 with auth or privacy parameters, or both, by specifying a security name. The actual authorization and privacy values are obtained from the security name. For SNMP version 2c, enter v2 and the name of the community string. This string is encrypted within the system.
SNMP version 3 traps 6 Restricting SNMP Access to an IPv6 Node You can restrict SNMP access so that the Brocade device can only be accessed by the IPv6 host address that you specify. To do so, enter a command such as the following . Brocade(config)#snmp-client ipv6 2001:DB8:89::23 Syntax: snmp-client ipv6 ipv6-address The ipv6-address must be in hexadecimal format using 16-bit values between colons as documented in RFC 2373.
6 Displaying SNMP Information Displaying SNMP Information This section lists the commands for viewing SNMP-related information. Displaying the Engine ID To display the engine ID of a management module, enter a command such as the following. Brocade#show snmp engineid Local SNMP Engine ID: 800007c70300e05290ab60 Engine Boots: 3 Engine time: 5 Syntax: show snmp engineid The engine ID identifies the source or destination of the packet.
Displaying SNMP Information 6 Displaying SNMP groups To display the definition of an SNMP group, enter a command such as the following. Brocade#show snmp group groupname = exceptifgrp security model = v3 security level = authNoPriv ACL id = 2 readview = exceptif writeview = none Syntax: show snmp group The value for security level can be one of the following. Security level Authentication none If the security model shows v1 or v2, then security level is blank.
6 SNMP v3 configuration examples Varbind object Identifier Description 1. 3. 6. 1. 6. 3. 15. 1. 1. 2. 0 Not in time packet. 1. 3. 6. 1. 6. 3. 15. 1. 1. 3. 0 Unknown user name. This varbind may also be generated: If the configured ACL for this user filters out this packet. If the group associated with the user is unknown. • • 1. 3. 6. 1. 6. 3. 15. 1. 1. 4. 0 Unknown engine ID. The value of this varbind would be the correct authoritative engineID that should be used. 1. 3. 6. 1. 6. 3. 15. 1. 1. 5.
Chapter 7 Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets Table 7 lists individual Brocade switches and the discovery protocols they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
7 FDP Overview FDP configuration The following sections describe how to enable Foundry Discovery Protocol (FDP) and how to change the FDP update and hold timers. Enabling FDP globally To enable a Brocade device to globally send FDP packets, enter the following command at the global CONFIG level of the CLI. Brocade(config)# fdp run Syntax: [no] fdp run The feature is disabled by default.
FDP Overview 7 To change the FDP update timer, enter a command such as the following at the global CONFIG level of the CLI. Brocade(config)# fdp timer 120 Syntax: [no] fdp timer secs The secs parameter specifies the number of seconds between updates and can be from 5 – 900 seconds. The default is 60 seconds. Changing the FDP hold time By default, a Brocade device that receives an FDP update holds the information until one of the following events occurs: • The device receives a new update.
7 FDP Overview Brocade# show fdp neighbor Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater (*) indicates a CDP device Device ID Local Int Holdtm Capability Platform Port ID -------------- ------------ ------ ---------- ----------- ------------FastIronB Eth 2/9 178 Router FastIron Rou Eth 2/9 Syntax: show fdp neighbor [ethernet port] [detail] The ethernet port parameter lists the information for updates received on the specified port.
FDP Overview TABLE 9 7 Detailed FDP and CDP neighbor information Parameter Definition Device ID The hostname of the neighbor. In addition, this line lists the VLAN memberships and other VLAN information for the neighbor port that sent the update to this device. Entry address(es) The Layer 3 protocol addresses configured on the neighbor port that sent the update to this device. If the neighbor is a Layer 2 Switch, this field lists the management IP address.
7 FDP Overview This example shows information for Ethernet port 2/3. The port sends FDP updates every 5 seconds. Neighbors that receive the updates can hold them for up to 180 seconds before discarding them. Syntax: show fdp interface [ethernet port] The ethernet port parameter lists the information only for the specified interface. Displaying FDP and CDP statistics To display FDP and CDP packet statistics, enter the following command.
CDP packets 7 CDP packets Cisco Discovery Protocol (CDP) packets are used by Cisco devices to advertise themselves to other Cisco devices. By default, Brocade devices forward these packets without examining their contents. You can configure a Brocade device to intercept and display the contents of CDP packets. This feature is useful for learning device and interface information for Cisco devices in the network. Brocade devices support intercepting and interpreting CDP version 1 and version 2 packets.
7 CDP packets Displaying neighbors To display the Cisco neighbors the Brocade device has learned from CDP packets, enter the show fdp neighbors command.
CDP packets 7 Displaying CDP entries To display CDP entries for all neighbors, enter the show fdp entry command. Brocade# show fdp entry * Device ID: Router Entry address(es): IP address: 10.95.6.143 Platform: cisco RSP4, Capabilities: Router Interface: Eth 1/1, Port ID (outgoing port): FastEthernet5/0/0 Holdtime : 124 seconds Version : Cisco Internetwork Operating System Software IOS (tm) RSP Software (RSP-JSV-M), Version 12.0(5)T1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-1999 by cisco Systems, Inc.
7 CDP packets To clear the Cisco neighbor information, enter the clear fdp table command. Brocade# clear fdp table Syntax: clear fdp table To clear CDP statistics, enter the following command.
Chapter 8 LLDP and LLDP-MED Table 10 lists the individual Brocade FastIron switches and the Link Layer Discovery Protocol (LLDP) features they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
8 LLDP terms used in this chapter • LLDP-MED attributes advertised by the Brocade device . . . . . . . . . . . . . . 223 • Resetting LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 This chapter describes how to configure the following protocols: Link layer discovery protocol (LLDP) – The Layer 2 network discovery protocol described in the IEEE 802.1AB standard, Station and Media Access Control Connectivity Discovery.
LLDP terms used in this chapter 8 TLV (Type-Length-Value) – An information element in an LLDPDU that describes the type of information being sent, the length of the information string, and the value (actual information) that will be transmitted. TTL (Time-to-Live) – Specifies the length of time that the receiving device should maintain the information acquired through LLDP in its MIB.
8 LLDP overview LLDP overview LLDP enables a station attached to an IEEE 802 LAN/MAN to advertise its capabilities to, and to discover, other stations in the same 802 LAN segments. The information distributed by LLDP (the advertisement) is stored by the receiving device in a standard Management Information Base (MIB), accessible by a Network Management System (NMS) using a management protocol such as the Simple Network Management Protocol (SNMP).
LLDP-MED overview 8 Benefits of LLDP LLDP provides the following benefits: • Network Management: • Simplifies the use of and enhances the ability of network management tools in multi-vendor environments • Enables discovery of accurate physical network topologies such as which devices are neighbors and through which ports they connect • Enables discovery of stations in multi-vendor environments • Network Inventory Data: • Supports optional system name, system description, system capabilities and managem
8 LLDP-MED overview FIGURE 3 LLDP-MED connectivity LLDP-MED Network Connectivity Devices (e.g., L2/L3 switch, bridge, etc.) provide IEEE 802 network access to LLDP-MED endpoints LLDP-MED Generic Endpoints (Class I) act as basic participants in LLDP-MED. Example Class I device: Communications controller IP Network Infrastructure (IEEE 802 LAN) LLDP-MED Media Endpoints (Class II) support IP media streams.
General LLDP operating principles 8 LLDP-MED class An LLDP-MED class specifies an Endpoint type and its capabilities. An Endpoint can belong to one of three LLDP-MED class types: • Class 1 (Generic endpoint) – A Class 1 Endpoint requires basic LLDP discovery services, but does not support IP media nor does it act as an end-user communication appliance. A Class 1 Endpoint can be an IP communications controller, other communication-related server, or other device requiring basic LLDP discovery services.
8 General LLDP operating principles An LLDP agent initiates the transmission of LLDP packets whenever the transmit countdown timing counter expires, or whenever LLDP information has changed. When a transmit cycle is initiated, the LLDP manager extracts the MIB objects and formats this information into TLVs. The TLVs are inserted into an LLDPDU, addressing parameters are prepended to the LLDPDU, and the information is sent out LLDP-enabled ports to adjacent LLDP-enabled devices.
General LLDP operating principles 8 TLV support This section lists the LLDP and LLDP-MED TLV support. LLDP TLVs There are two types of LLDP TLVs, as specified in the IEEE 802.3AB standard: • Basic management TLVs consist of both optional general system information TLVs as well as mandatory TLVs. Mandatory TLVs cannot be manually configured. They are always the first three TLVs in the LLDPDU, and are part of the packet header.
8 General LLDP operating principles LLDP-MED TLVs Brocade devices honor and send the following LLDP-MED TLVs, as defined in the TIA-1057 standard: • • • • LLDP-MED capabilities Network policy Location identification Extended power-via-MDI Mandatory TLVs When an LLDP agent transmits LLDP packets to other agents in the same 802 LAN segments, the following mandatory TLVs are always included: • Chassis ID • Port ID • Time to Live (TTL) This section describes the above TLVs in detail.
General LLDP operating principles 8 Port ID The Port ID identifies the port from which LLDP packets were sent. There are several ways in which a port may be identified, as shown in Figure 12. A port ID subtype, included in the TLV, indicates how the port is being referenced in the Port ID field.
8 MIB support If the TTL field value is zero, the receiving LLDP agent is notified that all system information associated with the LLDP agent/port is to be deleted. This TLV may be used, for example, to signal that the sending port has initiated a port shutdown procedure. The LLDPDU format is shown in “LLDPDU packet format” on page 194. The TTL TLV format is shown below.
LLDP configuration 8 LLDP configuration This section describes how to enable and configure LLDP. Table 13 lists the LLDP global-level tasks and the default behavior/value for each task.
8 LLDP configuration Enabling and disabling LLDP LLDP is enabled by default on individual ports. However, to run LLDP, you must first enable it on a global basis (on the entire device). To enable LLDP globally, enter the following command at the global CONFIG level of the CLI. Brocade(config)#lldp run Syntax: [no] lldp run Enabling support for tagged LLDP packets By default, Brocade devices do not accept tagged LLDP packets from other vendors’ devices.
LLDP configuration 8 Use the [no] form of the command to disable the receipt and transmission of LLDP packets on a port. NOTE When a port is configured to both receive and transmit LLDP packets and the MED capabilities TLV is enabled, LLDP-MED is enabled as well. LLDP-MED is not enabled if the operating mode is set to receive only or transmit only.
8 LLDP configuration The above commands change the LLDP operating mode on ports 2/7 and 2/8 from receive only mode to transmit only mode. Any incoming LLDP packets will be dropped in software. Note that if you do not disable receive only mode, you will configure the port to both receive and transmit LLDP packets. NOTE LLDP-MED is not enabled when you enable the transmit only operating mode. To enable LLDP-MED, you must configure the port to both receive and transmit LLDP packets.
LLDP configuration 8 Maximum number of LLDP neighbors You can change the limit of the number of LLDP neighbors for which LLDP data will be retained, per device as well as per port. Specifying the maximum number of LLDP neighbors per device You can change the maximum number of neighbors for which LLDP data will be retained for the entire system. For example, to change the maximum number of LLDP neighbors for the entire device to 26, enter the following command.
8 LLDP configuration LLDP SNMP notifications and corresponding Syslog messages are disabled by default. To enable them, enter a command such as the following at the Global CONFIG level of the CLI. Brocade(config)#lldp enable snmp notifications ports e 4/2 to 4/6 The above command enables SNMP notifications and corresponding Syslog messages on ports 4/2 and 4/6. By default, the device will send no more than one SNMP notification and Syslog message within a five second period.
LLDP configuration 8 Brocade(config)#lldp transmit-delay 7 The above command causes the LLDP agent to wait a minimum of seven seconds after transmitting an LLDP frame and before sending another LLDP frame. Syntax: [no] lldp transmit-delay seconds where seconds is a value between 1 and 8192. The default is two seconds. Note that this value must not be greater than one quarter of the LLDP transmission interval (CLI command lldp transmit-interval).
8 LLDP configuration NOTE Setting the transmit interval or transmit holdtime multiplier, or both, to inappropriate values can cause the LLDP agent to transmit LLDPDUs with TTL values that are excessively high. This in turn can affect how long a receiving device will retain the information if it is not refreshed.
LLDP configuration 8 NOTE The system description, VLAN name, and power-via-MDI information TLVs are not automatically enabled. The following sections show how to enable these advertisements.
8 LLDP configuration To support an IPv6 management address, there is a similar command that has equivalent behavior as the IPv4 command.
LLDP configuration 8 Brocade(config)#no lldp advertise system-capabilities ports e 2/4 to 2/12 The system capabilities will appear similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info).
8 LLDP configuration • Untagged VLAN ID VLAN name The VLAN name TLV contains the name and VLAN ID of a VLAN configured on a port. An LLDPDU may include multiple instances of this TLV, each for a different VLAN. To advertise the VLAN name, enter a command such as the following. Brocade(config)#lldp advertise vlan-name vlan 99 ports e 2/4 to 2/12 The VLAN name will appear similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info).
LLDP configuration 8 By default, link-aggregation information is automatically advertised when LLDP is enabled on a global basis. To disable this advertisement, enter a command such as the following. Brocade(config)#no lldp advertise link-aggregation ports e 2/12 Syntax: [no] lldp advertise link-aggregation ports ethernet port-list | all The link aggregation advertisement will appear similar to the following on the remote device, and in the CLI display output on the Brocade device (show lldp local-info).
8 LLDP-MED configuration NOTE On 48GC modules in non-jumbo mode, the maximum size of ping packets is 1486 bytes and the maximum frame size of tagged traffic is no larger than 1581 bytes. By default, the maximum frame size is automatically advertised when LLDP is enabled on a global basis. To disable this advertisement, enter a command such as the following.
LLDP-MED configuration TABLE 14 8 LLDP-MED configuration tasks and default behavior / value Task Default behavior / value Global CONFIG-level tasks Enabling LLDP-MED on a global basis Disabled Enabling SNMP notifications and Syslog messages for LLDP-MED topology change Disabled Changing the Fast Start Repeat Count The system automatically sets the fast start repeat count to 3 when a Network Connectivity Device receives an LLDP packet from an Endpoint that is newly connected to the network.
8 LLDP-MED configuration Changing the fast start repeat count The fast start feature enables a Network Connectivity Device to initially advertise itself at a faster rate for a limited time when an LLDP-MED Endpoint has been newly detected or connected to the network. This feature is important within a VoIP network, for example, where rapid availability is crucial for applications such as emergency call service location (E911).
LLDP-MED configuration 8 To configure a coordinate-based location for an Endpoint device, enter a command such as the following at the Global CONFIG level of the CLI. Brocade(config)#lldp med location-id coordinate-based latitude -78.303 resolution 20 longitude 34.
8 LLDP-MED configuration Example coordinate-based location configuration The following shows an example coordinate-based location configuration for the Sears Tower, at the following location. 103rd Floor 233 South Wacker Drive Chicago, IL 60606 Brocade(config)#lldp med location-id coordinate-based latitude 41.87884 resolution 18 longitude 87.63602 resolution 18 altitude floors 103 resolution 30 wgs84 The above configuration shows the following: • Latitude is 41.87884 degrees north (or 41.87884 degrees).
LLDP-MED configuration 8 • client • dhcp-server • network-element where dhcp-server or network-element should only be used if it is known that the Endpoint is in close physical proximity to the DHCP server or network element. country code is the two-letter ISO 3166 country code in capital ASCII letters. Example • • • • • CA – Canada DE – Germany JP – Japan KR – Korea US – United States CA type is a value from 0 – 255, that describes the civic address element.
8 LLDP-MED configuration TABLE 15 218 Elements used with civic address (Continued) Civic Address (CA) type Description Acceptable values / examples 4 City division, borough, city district, ward, or chou (JP) Examples: Canada – N/A Germany – District Japan – Town Korea – Urban district United States – N/A 5 Neighborhood or block Examples: Canada – N/A Germany – N/A Japan – City district Korea – Neighborhood United States – N/A 6 Street Examples: Canada – Street Germany – Street Japan – Block
LLDP-MED configuration TABLE 15 8 Elements used with civic address (Continued) Civic Address (CA) type Description Acceptable values / examples 26 Unit (apartment, suite) The name or number of a part of a structure where there are separate administrative units, owners, or tenants, such as separate companies or families who occupy that structure. Common examples include suite or apartment designations.
8 LLDP-MED configuration + MED Location Data Format: Location of: Country : CA Type : CA Value : CA Type : CA Value : CA Type : CA Value : CA Type : CA Value : CA Type : CA Value : CA Type : CA Value : CA Type : CA Value : CA Type : CA Value : ID Civic Address Client "US" 1 "CA" 3 "Santa Clara" 6 "4980 Great America Pkwy.
LLDP-MED configuration 8 NOTE This feature applies to applications that have specific real-time network policy requirements, such as interactive voice or video services. It is not intended to run on links other than between Network Connectivity devices and Endpoints, and therefore does not advertise the multitude of network policies that frequently run on an aggregated link. To define an LLDP-MED network policy for an Endpoint, enter a command such as the following.
8 LLDP-MED configuration LLDP-MED network policy configuration syntax The CLI syntax for defining an LLDP-MED network policy differs for tagged, untagged, and priority tagged traffic. Refer to the appropriate syntax, below.
LLDP-MED attributes advertised by the Brocade device 8 • dscp 0 – 63 specifies the Layer 3 Differentiated Service codepoint priority value to be used for the specified application type. Enter 0 to use the default priority.
8 LLDP-MED attributes advertised by the Brocade device Extended power-via-MDI information The extended Power-via-MDI TLV enables advanced power management between LLDP-MED Endpoints and Network Connectivity Devices. This TLV provides significantly more information than the 802.1AB Power-via-MDI TLV referenced in “Power-via-MDI” on page 212.
LLDP-MED attributes advertised by the Brocade device TABLE 16 8 802.3af power classes Power class Minimum power level output at the PSE Maximum power levels at the PD 2 7.0 watts 3.84 – 6.49 watts 3 15.4 watts 6.49 – 12.95 watts For a PD (Endpoint device), the power level represents the maximum power it can consume during normal operations in its current configuration, even if its actual power draw at that instance is less than the advertised power draw.
8 LLDP-MED attributes advertised by the Brocade device Brocade#show lldp LLDP transmit interval LLDP transmit hold multiplier LLDP transmit delay LLDP SNMP notification interval LLDP reinitialize delay LLDP-MED fast start repeat count : : : : : : LLDP maximum neighbors LLDP maximum neighbors per port : 392 : 4 10 seconds 4 (transmit TTL: 40 seconds) 1 seconds 5 seconds 1 seconds 3 Syntax: show lldp The following table describes the information displayed by the show lldp statistics command.
LLDP-MED attributes advertised by the Brocade device 8 Brocade#show lldp statistics Last neighbor change time: 23 hours 50 minutes 40 seconds ago Neighbor Neighbor Neighbor Neighbor entries added entries deleted entries aged out advertisements dropped Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Tx Pkts Total 60963 0 60963 60963 0 0 0 0 0 60974 0 0 0 0 Rx Pkts Total 75179 0 60963 121925 0 0 0 0 0 0 0 0 0 0 : : : : 14 5 4 0 Rx Pkts Rx Pkts Rx TLVs Rx TLVs Neighbors w/Errors Discarded Unrecognz Discarded Ag
8 LLDP-MED attributes advertised by the Brocade device Field Description Rx Pkts w/Errors The number of LLDP packets the port received that have one or more detectable errors. Rx Pkts Discarded The number of LLDP packets the port received then discarded. Rx TLVs Unrecognz The number of TLVs the port received that were not recognized by the LLDP local agent.
LLDP-MED attributes advertised by the Brocade device 8 Displaying LLDP neighbors detail The show lldp neighbors detail command displays the LLDP advertisements received from LLDP neighbors. The following shows an example show lldp neighbors detail report. NOTE The show lldp neighbors detail output will vary depending on the data received. Also, values that are not recognized or do not have a recognizable format, may be displayed in hexadecimal binary form.
8 LLDP-MED attributes advertised by the Brocade device Field Description Neighbor The source MAC address from which the packet was received, and the remaining TTL for the neighbor entry. Syntax: show lldp neighbors detail [ports ethernet port-list | all] If you do not specify any ports or use the keyword all, by default, the report will show the LLDP neighbor details for all ports.
Resetting LLDP statistics 8 Latitude Resolution : 20 bits Latitude Value : -78.303 degrees Longitude Resolution : 18 bits Longitude Value : 34.27 degrees Altitude Resolution : 16 bits Altitude Value : 50. meters Datum : WGS 84 + MED Location ID Data Format: Civic Address Location of: Client Country : "US" CA Type : 1 CA Value : "CA" CA Type : 3 CA Value : "Santa Clara" CA Type : 6 CA Value : "4980 Great America Pkwy.
8 Clearing cached LLDP neighbor information Brocade#clear lldp statistics Syntax: clear lldp statistics [ports ethernet port-list | all] If you do not specify any ports or use the keyword all, by default, the system will clear lldp statistics on all ports. Clearing cached LLDP neighbor information The Brocade device clears cached LLDP neighbor information after a port becomes disabled and the LLDP neighbor information ages out.
Chapter 9 Hardware Component Monitoring Table 17 lists the individual Brocade FastIron switches and the hardware monitoring features they support. These features are supported in the Layer 2 and Layer 3 software images. TABLE 17 Supported hardware monitoring features Feature FSX 800 FSX 1600 FCX ICX 6610 ICX 6430 ICX 6450 Virtual cable testing (VCT) Yes Yes No No No Digital optical monitoring Yes Yes Yes Yes Yes This chapter contains the following sections: • Virtual cable testing.
9 Virtual cable testing • If the remote pair is set to forced 100 Mbps, any change in MDI/MDIX may cause the device to interpret the Multilevel Threshold-3 (MLT-3) as a reflected pulse, in which case, the device will report a faulty condition. In this scenario, it is recommended that you run the TDR test a few times for accurate results.
Virtual cable testing 9 Virtual cable testing command syntax To diagnose a cable using TDR, enter commands such as the following at the Privileged EXEC level of the CLI. Brocade#phy cable-diag tdr 1 The above command diagnoses the cable attached to port 1. When you issue the phy-cable-diag command, the command brings the port down for a second or two, then immediately brings the port back up.
9 Virtual cable testing FIGURE 7 T568A pin/pair assignment Pair 2 Orange Pair 3 Green Pair 1 Blue Pair 4 Brown STRAIGHT-THRU PC HUB TX+ 1 1 RX+ TX- 2 2 RX- RX+ 3 3 TX+ 4 4 5 5 6 TX- RX- 6 RJ-45 JACK T568A STANDARD 7 7 8 8 Syntax: show cable-diag tdr port Table 19 defines the fields shown in the command output. TABLE 19 236 Cable statistics This line... Displays... Port The port that was tested. Speed The port current line speed. Local pair The local link name.
Digital optical monitoring 9 Digital optical monitoring You can configure your Brocade device to monitor optical transceivers in the system, either globally or by specified ports. When this feature is enabled, the system will monitor the temperature and signal power levels for the optical transceivers in the specified ports. Console messages and Syslog messages are sent when optical operating conditions fall below or rise above the XFP, SFP, and SFP+ manufacturer recommended thresholds.
9 Digital optical monitoring Displaying information about installed media Use the show media, show media slot, and show media ethernet commands to obtain information about the media devices installed per device, per slot, and per port. The results displayed from these commands provide the Type, Vendor, Part number, Version and Serial number of the SFP, SFP+, or XFP optical device installed in the port.
Digital optical monitoring Port Port Port Port Port Port 1/8: 1/9: 1/10: 1/11: 1/12: 1/13: Vendor: Part# : Type : Type : Vendor: Part# : Type : Type : Vendor: Part# : Type : Type : Vendor: Part# : Brocade Communications, Inc. Version: FTLF1323P1BTR-FD Serial#: UCT000T EMPTY 100M M-FX-LR(SFP) Brocade Communications, Inc. Version: FTLF1323P1BTL-FD Serial#: UD3085J EMPTY 100M M-FX-SR(SFP) Brocade Communications, Inc.
9 Digital optical monitoring Use the show optic slot slot-number on a FastIron X Series chassis to view information about all qualified XFPs, SFPs, and SFP+ in a particular slot. The following shows example output. Brocade>show optic slot 4 Port Temperature Tx Power Rx Power Tx Bias Current +----+-----------+----------+------------+-------------------+ 4/1 30.8242 C -001.8822 dBm -002.5908 dBm 41.790 mA Normal Normal Normal Normal 4/2 31.7070 C -001.4116 dBm -006.4092 dBm 41.
Digital optical monitoring TABLE 21 9 Alarm status value description Status value Description Low-Alarm Monitored level has dropped below the "low-alarm" threshold set by the manufacturer of the optical transceiver. Low-Warn Monitored level has dropped below the "low-warn" threshold set by the manufacturer of the optical transceiver. Normal Monitored level is within the "normal" range set by the manufacturer of the optical transceiver.
9 Digital optical monitoring • The temperature, supply voltage, TX Bias, TX power, or TX power value goes above or below the high or low warning or alarm threshold set by the manufacturer. • The optical transceiver does not support digital optical monitoring. • The optical transceiver is not qualified, and therefore not supported by Brocade. For details about the above Syslog messages, refer to Appendix A, “Syslog messages”.
Chapter 10 Syslog Table 22 lists individual Brocade switches and the Syslog features they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
10 About Syslog messages About Syslog messages Brocade software can write syslog messages to provide information at the following severity levels: • • • • • • • • Emergencies Alerts Critical Errors Warnings Notifications Informational Debugging The device writes the messages to a local buffer. You also can specify the IP address or host name of up to six Syslog servers. When you specify a Syslog server, the Brocade device writes the messages both to the system log and to the Syslog server.
Displaying Syslog messages 10 Dynamic Log Buffer (50 entries): Dec 15 18:46:17:I:Interface ethernet 4, state up Dec 15 18:45:21:I:Bridge topology change, vlan 4095, interface 4, changed state to forwarding Dec 15 18:45:15:I:Warm start For information about the Syslog configuration information, time stamps, and dynamic and static buffers, refer to “Displaying the Syslog configuration” on page 246.
10 Syslog service configuration Displaying real-time Syslog messages Any terminal logged on to a Brocade switch can receive real-time Syslog messages when the terminal monitor command is issued. Syslog service configuration The procedures in this section describe how to perform the following Syslog configuration tasks: • Specify a Syslog server. You can configure the Brocade device to use up to six Syslog servers. (Use of a Syslog server is optional.
Syslog service configuration TABLE 23 10 CLI display of Syslog buffer configuration Field Definition Syslog logging The state (enabled or disabled) of the Syslog buffer. messages dropped The number of Syslog messages dropped due to user-configured filters. By default, the software logs messages for all Syslog levels. You can disable individual Syslog levels, in which case the software filters out messages at those levels. Refer to “Disabling logging of a message level” on page 251.
10 Syslog service configuration Brocade#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 3 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: Dec 15 19:04:14:A:Fan 1, fan on right connector, failed Dec 15 19:00:14:A:Fan 2, fan on left connector, failed Dynamic Log Buffer (50 entries): Dec 15 18:46:17:I:Interface ethernet 4, state up Dec 15 18:45:21:I:Bridg
Syslog service configuration 10 • If you have not set the time and date on the onboard system clock, the time stamp shows the amount of time that has passed since the device was booted, in the following format. num d num h num m num s where • • • • num d – day num h – hours num m – minutes num s – seconds For example, “188d1h01m00s” means the device had been running for 188 days, 11 hours, one minute, and zero seconds when the Syslog entry with this time stamp was generated.
10 Syslog service configuration Brocade#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 38 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Static Log Buffer: Dynamic Log Buffer (50 entries): 21d07h02m40s:warning:list 101 denied 0000.001f.77ed) -> 10.99.4.69(http), 19d07h03m30s:warning:list 101 denied 0000.001f.77ed) -> 10.99.4.
Syslog service configuration 10 Disabling logging of a message level To change the message level, disable logging of specific message levels. You must disable the message levels on an individual basis. For example, to disable logging of debugging and informational messages, enter the following commands.
10 Syslog service configuration Changing the log facility The Syslog daemon on the Syslog server uses a facility to determine where to log the messages from the Brocade device. The default facility for messages the Brocade device sends to the Syslog server is “user”. You can change the facility using the following command. NOTE You can specify only one facility. If you configure the Brocade device to use two Syslog servers, the device uses the same facility on both servers.
Syslog service configuration 10 Displaying interface names in Syslog messages By default, an interface slot number (if applicable) and port number are displayed when you display Syslog messages. If you want to display the name of the interface instead of its number, enter the following command: FastIron(config)# ip show-portname This command is applied globally to all interfaces on Layer 2 Switches and Layer 3 Switches.
10 Syslog service configuration Retaining Syslog messages after a soft reboot You can configure the device to save the System log (Syslog) after a soft reboot (reload command). Syslog reboot configuration considerations • If the Syslog buffer size was set to a different value using the CLI command logging buffered, the System log will be cleared after a soft reboot, even when this feature (logging persistence) is in effect.
Syslog service configuration 10 Brocade>#show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 3 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning Dynamic Log Buffer (50 lines): 0d00h00m27s:I:System: Interface ethernet mgmt1, state up 0d00h00m26s:N:powered On switch Fabric 0d00h00m17s:N:powered On switch Fabric 0d00h00m08s:I:System: Warm start 0d00h00m08s:I:SNMP: read-only commu
10 256 Syslog service configuration FastIron Ethernet Switch Administration Guide 53-1002637-02
Chapter 11 Network Monitoring Table 24 lists the individual FastIron switches and the network monitoring features they support. These features are supported in the Layer 2 and Layer 3 software images, except where explicitly noted.
11 Basic system management Brocade#show version ========================================================================== Active Management CPU [Slot-9]: SW: Version 04.3.00b17T3e3 Copyright (c) 1996-2008 Brocade Communications, Inc., Inc. Compiled on Sep 25 2008 at 04:09:20 labeled as SXR04300b17 (4031365 bytes) from Secondary sxr04300b17.bin BootROM: Version 04.0.
Basic system management 11 To determine the available show commands for the system or a specific level of the CLI, enter the following command. Brocade#show ? Syntax: show option You also can enter “show” at the command prompt, then press the TAB key. Viewing port statistics Port statistics are polled by default every 10 seconds.
11 Basic system management TABLE 25 Port statistics (Continued) Parameter Description Dupl The mode (full-duplex or half-duplex). Speed The port speed (10M, 100M, or 1000M). Trunk The trunk group number, if the port is a member of a trunk group. Tag Whether the port is a tagged member of a VLAN. Priori The QoS forwarding priority of the port (level0 – level7). MAC The MAC address of the port. Name The name of the port, if you assigned a name.
Basic system management TABLE 25 11 Port statistics (Continued) Parameter Description InGiantPkts The total number of packets for which all of the following was true: • The data length was longer than the maximum allowable frame size. • No Rx Error was detected. NOTE: Packets are counted for this statistic regardless of whether the CRC is valid or invalid. InShortPkts The total number of packets received for which all of the following was true: The data length was less than 64 bytes.
11 Basic system management Clearing statistics You can clear statistics for many parameters using the clear command. To determine the available clear commands for the system, enter the clear command at the Privileged EXEC level of the CLI. Brocade#clear ? Syntax: clear option You also can enter “clear” at the command prompt, then press the TAB key.
Basic system management 11 • Unknown unicast and unregistered multicast packets are filtered. Traffic counters configuration syntax This section provides the syntax and configuration examples for enhanced traffic counters. Example To configure traffic counters for outbound traffic on a specific port, enter a command such as the following. Brocade(config)#transmit-counter 4 port 18 only vlan 1 prio 7 enable The above command creates and enables traffic counter 4 on port 18.
11 Basic system management Displaying enhanced traffic counter statistics To display the traffic counters for outbound traffic, enter the show transmit-counter profiles command. NOTE Once the enhanced traffic counters are displayed, the counters are cleared (reset to zero). The following shows an example output.
Basic system management TABLE 26 11 Outbound traffic counter statistics (Continued) This line... Displays... Bridge Egress Filtered The number of bridged outbound packets that were filtered and dropped. This number includes the number of packets that were dropped because of any one of the following conditions: • The port was disabled or the link was down. • The port or port region does not belong to the VLAN specified in the transmit counter configuration. • A Layer 2 protocol (e.g.
11 Basic system management Viewing egress queue counters on ICX 6610 and FCX devices The show interface command displays the number of packets on a port that were queued for each QoS priority (traffic class) and dropped because of congestion. NOTE These counters do not include traffic on management ports or for a stack member unit that is down. The egress queue counters display at the end of the show interface command output as shown in the following example.
RMON support TABLE 27 11 Egress queue statistics Parameter Description Queue counters The QoS traffic class. Queued packets The number of packets queued on the port for the given traffic class. Dropped packets The number of packets for the given traffic class that were dropped because of congestion. Clearing the egress queue counters You can clear egress queue statistics (reset them to zero), using the clear statistics and clear statistics ethernet port command.
11 RMON support where value can be: • 1536 – 32768 for FSX 800 and FSX 1600 devices Statistics (RMON group 1) Count information on multicast and broadcast packets, total packets sent, undersized and oversized packets, CRC alignment errors, jabbers, collision, fragments and dropped events is collected for each port on a Brocade Layer 2 Switch or Layer 3 Switch. The statistics group collects statistics on promiscuous traffic across an interface.
RMON support TABLE 28 11 Export configuration and statistics Parameter Definition Octets The total number of octets of data received on the network. This number includes octets in bad packets. This number does not include framing bits but does include Frame Check Sequence (FCS) octets. Drop events Indicates an overrun at the port. The port logic could not receive the traffic at full line rate and had to drop some packets as a result.
11 RMON support TABLE 28 Export configuration and statistics (Continued) Parameter Definition 65 to 127 octets pkts The total number of packets received that were 65 – 127 octets long. This number includes bad packets. This number does not include framing bits but does include FCS octets. 128 to 255 octets pkts The total number of packets received that were 128 – 255 octets long. This number includes bad packets. This number does not include framing bits but does include FCS octets.
sFlow 11 An alarm event is reported each time that a threshold is exceeded. The alarm entry also indicates the action (event) to be taken if the threshold be exceeded. A sample CLI alarm entry and its syntax is shown below. Brocade(config)#rmon alarm 1 ifInOctets.6 10 delta rising-threshold 100 1 falling threshold 50 1 owner nyc02 Syntax: rmon alarm entry-number MIB-object.
11 sFlow sFlow version 5 sFlow version 5 enhances and modifies the format of the data sent to the sFlow collector. sFlow version 5 introduces several new sFlow features and also defines a new datagram syntax used by the sFlow agent to report flow samples and interface counters to the sFlow collector.
sFlow 11 • The source IP Autonomous System of the route • The source peer Autonomous System for the route • The Autonomous System patch to the destination NOTE Autonomous System communities and local preferences are not included in the sampled packets. To obtain extended gateway information, use “struct extended_gateway” as described in RFC 3176. IPv6 packet sampling IPv6 sampling is performed by the packet processor.
11 sFlow • On a Layer 3 Switch with IPv6 interfaces only, sFlow looks for an IPv6 address in the following order, and uses the first address found: • The first IPv6 address on the lowest-numbered loopback interface • The first IPv6 address on the lowest-numbered VE interface • The first IPv6 address on any interface • On a Layer 3 Switch with both IPv4 and IPv6 interfaces, or with IPv4 interfaces only, sFlow looks for an IP address in the following order, and uses the first address found: • • • • The I
sFlow 11 • FastIron X Series devices support port monitoring and sFlow together on the same device. The caveat is that these features cannot be configured together within the same port region on non-third generation modules. The following third-generation SX modules support sFlow and mirroring on the same port: - SX-FI48GPP SX-FI-24GPP SX-FI-24HF SX-FI-2XG SX-FI-8XG Configuring and enabling sFlow NOTE The commands in this section apply to sFlow version 2 and sFlow version 5.
11 sFlow Syntax: [no] sflow destination ip-addr [dest-udp-port | vrf] The ip-addr parameter specifies the IP address of the collector. The dest-udp-port parameter specifies the UDP port on which the sFlow collector will be listening for exported sFlow data. The default port number is 6343. For information on VRF parameter, see the FastIron Layer 3 Routing Configuration Guide. The sampled sFlow data sent to the collectors includes an agent_address field. This field identifies the device that sent the data.
sFlow 11 Specifying an sFlow collector on IPv6 devices To specify an sFlow collector on an IPv6 device, enter a command such as the following. Brocade(config)#sflow destination ipv6 2001:DB8:0::0b:02a This command specifies a collector with IPv6 address 2001:DB8::0b:02a, listening for sFlow data on UDP port 6343. Syntax: [no] sflow destination ipv6 ip-addr [dest-udp-port] The ip-addr parameter specifies the IP address of the collector.
11 sFlow Configuration considerations The sampling rate is a fraction in the form 1/N, meaning that, on average, one out of every N packets will be sampled. The sflow sample command at the global level or port level specifies N, the denominator of the fraction. Thus a higher number for the denominator means a lower sampling rate since fewer packets are sampled. Likewise, a lower number for the denominator means a higher sampling rate because more packets are sampled.
sFlow 11 When you enable sFlow on a port, the port's sampling rate is set to the global default sampling rate. This also applies to ports on which you disable and then re-enable sFlow. The port does not retain the sampling rate it had when you disabled sFlow on the port, even if you had explicitly set the sampling rate on the port. Changing the default sampling rate To change the default (global) sampling rate, enter a command such as the following at the global CONFIG level of the CLI.
11 sFlow To change the sampling rate on an individual port, enter a command such as the following at the configuration level for the port. Brocade(config-if-1/1)#sflow sample 8192 Syntax: [no] sflow sample num The num parameter specifies the average number of packets from which each sample will be taken. The software rounds the value you enter up to the next odd power of 2. The actual sampling rate becomes one of the values listed in “Changing the default sampling rate”.
sFlow 11 Changing the sFlow source port By default, sFlow sends data to the collector using UDP source port 8888, but you can change the source UDP port to any port number in the range 1025-65535. To change the source UDP port, enter a command such as the following: Brocade(config)#sflow source-port 8000 Syntax: [no] sflow source-port num The num parameter specifies the sFlow source port. Enabling sFlow forwarding sFlow exports data only for the interfaces on which you enable sFlow forwarding.
11 sFlow Brocade(config)#sflow enable Brocade(config)#interface ethernet 1/1 to 1/8 Brocade(config-mif-1/1-1/8)#sflow forwarding These commands globally enable sFlow, then enable sFlow forwarding on Ethernet ports 1/1 – 1/8. You must use both the sflow enable and sflow forwarding commands to enable the feature. Syntax: [no] sflow enable Syntax: [no] sflow forwarding Enabling sFlow forwarding on individual trunk ports This feature is supported on individual ports of a static trunk group.
sFlow 11 Egress interface ID for sampled broadcast and multicast packets For broadcast and multicast traffic, the egress interface ID for sampled traffic is always 0x80000000. When broadcast and multicast packets are sampled, they are usually forwarded to more than one port. However, the output port field in an sFlow datagram supports the display of one egress interface ID only.
11 sFlow Specifying the maximum flow sample size With sFlow version 5, you can specify the maximum size of the flow sample sent to the sFlow collector. If a packet is larger than the specified maximum size, then only the contents of the packet up to the specified maximum number of bytes is exported. If the size of the packet is smaller than the specified maximum, then the entire packet is exported. For example, to specify 1024 bytes as the maximum flow sample size, enter the following command.
sFlow 11 Enabling the sFlow agent to export CPU-directed data To enable the sFlow agent on a Brocade device to export data destined to the CPU to the sFlow collector, enter the following command. Brocade(config)# sflow export cpu-traffic Syntax: [no] sflow export cpu-traffic By default, this feature is disabled. The sFlow agent does not send data destined to the CPU to the sFlow collector.
11 sFlow Brocade#show sflow sFlow version:5 sFlow services are enabled. sFlow agent IP address: 10.123.123.1 4 collector destinations configured: Collector IP 192.168.4.204, UDP 6343 Collector IP 192.168.4.200, UDP 6333 Collector IP 192.168.4.202, UDP 6355 Collector IP 192.168.4.203, UDP 6565 Configured UDP source port: 33333 Polling interval is 0 seconds.
sFlow 11 ...continued from previous page...
11 Utilization list for an uplink port TABLE 29 sFlow information (Continued) Parameter Definition exporting system-info Indicates whether or not the sFlow agent is configured to export information about CPU and memory usage to the sFlow collector: • enabled • disabled exporting system-info polling interval Specifies the interval, in seconds, that sFlow data is sent to the sFlow collector. UDP packets exported The number of sFlow export packets the Brocade device has sent.
Utilization list for an uplink port 11 Each uplink utilization list consists of the following: • Utilization list number (1, 2, 3, or 4) • One or more uplink ports • One or more downlink ports Each list displays the uplink port and the percentage of that port bandwidth that was utilized by the downlink ports over the most recent 30-second interval. You can configure up to four bandwidth utilization lists.
11 Utilization list for an uplink port NOTE The example above represents a pure configuration in which traffic is exchanged only by ports 1/2 and 1/1, and by ports 1/3 and 1/1. For this reason, the percentages for the two downlink ports equal 100%. In some cases, the percentages do not always equal 100%. This is true in cases where the ports exchange some traffic with other ports in the system or when the downlink ports are configured together in a port-based VLAN.
Chapter 12 Power over Ethernet Table 30 lists the individual Brocade FastIron switches and the Power over Ethernet (PoE) features they support. These features are supported in the Layer 2 and Layer 3 software images, except where noted. TABLE 30 SXS Supported PoE features Feature FSX 800 FSX 1600 PoE interface modules1 FCX PoE+ models only ICX 6610 PoE models only ICX 6430 PoE models only ICX 6450 PoE models only PoE+ (802.
12 Power over Ethernet overview Power over Ethernet overview This section provides an overview of the requirements for delivering power over the LAN, as defined by the Institute of Electrical and Electronics Engineers Inc. (IEEE) in the 802.3af (PoE) and 802.3at (PoE+) specifications. Brocade PoE devices provide Power over Ethernet, compliant with the standards described in the IEEE 802.3af specification for delivering inline power. Brocade PoE+ devices are compliant with both the 802.3af and 802.
Power over Ethernet overview 12 NOTE All 802.3af- and 802.3at-compliant power consuming devices are required to support both application methods defined in the 802.3af and 802.3at specification. PoE endspan method The PoE Endspan method uses the Ethernet switch ports on power sourcing equipment, such as a Brocade FastIron PoE switch, which has embedded PoE technology to deliver power over the network. With the Endspan solution, there are two supported methods of delivering power.
12 Power over Ethernet overview FIGURE 9 PoE Midspan delivery method PoE Midspan Delivery Method 1 POWER PS1 PS2 49C CONSOLE 50C 49F LINK 2 3 4 5 6 7 8 9 10 11 12 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 48 Switch 50F ACT FastIron Edge 4802 POE Intermed
Power over Ethernet overview TABLE 31 12 Power classes for PDs Class Usage Power (watts) from Power Sourcing Device Standard PoE PoE+ 0 default 15.4 30 1 optional 4 4 2 optional 7 7 3 optional 15.4 15.4 4 optional 15.4 30 Power specifications The 802.3af (PoE) standard limits power to 15.4 watts (44 to 50 volts) from the power sourcing device, in compliance with safety standards and existing wiring limitations. Though limited by the 802.3af standard, 15.
12 Power over Ethernet overview • When a PoE power supply is removed from the chassis These events are described in detail in the following sections. NOTE A PoE power supply upgrade does not persist beyond a single power cycle. Therefore, an upgrade will occur automatically each time a power supply is re-inserted in the chassis. You can use the show inline power detail command to display detailed information about the PoE power supplies installed in a FastIron PoE device.
Power over Ethernet overview 12 Brocade(config)# Power supply 1 (from left when facing front side) detected. Power supply 1 (from left when facing front side) is up. Shutting down power supply in slot 1 because it is not compatible with the existing PoE power supplies. Please remove and replace. When the system is next reloaded, the power supply voltage will be selected as described in the section “Voltage selection during bootup” on page 296.
12 Power over Ethernet overview been developed to take a voice signal, which originates as an analog signal, and transport it within a digital medium. This is done by devices, such as VoIP telephones, which receive the originating tones and place them in UDP packets, the size and frequency of which is dependant on the coding / decoding (CODEC) technology that has been implemented in the VoIP telephone or device. The VoIP control packets use the TCP/IP format.
Power over Ethernet overview 12 Stack-unit refers to the unit-id of the switch. If the switch is not a part of the stack, the unit number will be the default value. The default value for stack-unit is 1. ip-address refers to the IP address of the tftp server. Filename refers to the name of the file, including the pathname. If you want to install firmware on a stack, you need to install firmware on one switch at a time with the above command.
12 Enabling and disabling Power over Ethernet PoE Info: FW Download on slot 1 module 1...programming firmware...takes ~ 10 minutes.... PoE PoE PoE PoE PoE PoE PoE PoE PoE PoE PoE Info: Info: Info: Info: Info: Info: Info: Info: Info: Info: Info: Firmware Download on slot 1.....10 percent completed. Firmware Download on slot 1.....20 percent completed. Firmware Download on slot 1.....30 percent completed. Firmware Download on slot 1.....40 percent completed. Firmware Download on slot 1.....
Disabling support for PoE legacy power-consuming devices 12 Brocade(config-if-e1000-1/1)#PoE Info: Power enabled on port 1/1. Syntax: [no] inline power Use the no form of the command to disable the port from receiving inline power. NOTE Inline power should not be configured between two switches as it may cause unexpected behavior. NOTE FastIron PoE and PoE+ devices can automatically detect whether or not a power consuming device is 802.3af- or 802.3at-compliant.
12 Enabling the detection of PoE power requirements advertised through CDP Enabling the detection of PoE power requirements advertised through CDP Many power consuming devices, such as Cisco VoIP phones and other vendors’ devices, use the Cisco Discovery Protocol (CDP) to advertise their power requirements to power sourcing devices, such as Brocade PoE devices.
Setting the maximum power level for a PoE power- consuming device 12 • There are two ways to configure the power level for a PoE or PoE+ power consuming device. The first method is discussed in this section. The other method is provided in the section “Setting the power class for a PoE power- consuming device” on page 304. For each PoE port, you can configure either a maximum power level or a power class. You cannot configure both.
12 Setting the power class for a PoE power- consuming device Setting the power class for a PoE powerconsuming device A power class specifies the maximum amount of power that a Brocade PoE or PoE+ device will supply to a power consuming device. Table 33 shows the different power classes and their respective maximum power allocations. TABLE 33 Class Power classes for PDs Usage Power (watts) from Power Sourcing Device Standard PoE PoE+ 0 default 15.
Setting the power budget for a PoE interface module 12 Syntax: inline power power-by-class class value The class value variable is the power class. Enter a value between 0 and 4. The default is 0. Table 33 shows the different power classes and their respective maximum power allocations. NOTE Do not configure a class value of 4 on a PoE+ port on which a standard PoE PD is connected. Standard PoE PDs support a maximum of 15.4 watts. Setting the power class value to 4 (30 watts) could damage the PD.
12 Setting the inline power priority for a PoE port PoE port 1/11 should receive power before PoE port 2/1. However, if PoE port 1/11 needs 12 watts of power and PoE port 2/1 needs 10 watts of power, and 11 watts of power become available on the device, the FastIron PoE device will allocate the power to port 2/1 because it does not have sufficient power for port 1/11.
Resetting PoE parameters 12 Resetting PoE parameters NOTE Resetting PoE parameters applies to the FastIron X Series PoE chassis. You can override or reset PoE port parameters including power priority, power class, and maximum power level. To do so, you must specify each PoE parameter in the CLI command line. This section provides some CLI examples.
12 Displaying Power over Ethernet information Brocade#show inline power Power Capacity: Total is 2160000 mWatts. Current Free is 18800 mWatts. Power Allocations: Requests Honored 769 times ... some lines omitted for brevity... Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/ State State Consumed Allocated Error -------------------------------------------------------------------------4/1 On On 5070 9500 802.3af n/a 3 n/a 4/2 On On 1784 9500 Legacy n/a 3 n/a 4/3 On On 2347 9500 802.
Displaying Power over Ethernet information 12 Table 34 provides definitions for the show inline power command. TABLE 34 Field definitions for the show inline power command Column Definition Power Capacity The total PoE power supply capacity and the amount of available power (current free) for PoE power consuming devices. Both values are shown in milliwatts. Power Allocations The number of times the FSX fulfilled PoE requests for power. Port The slot number and port number.
12 Displaying Power over Ethernet information TABLE 34 Field definitions for the show inline power command (Continued) Column Definition Fault/Error If applicable, this is the fault or error that occurred on the port. This value can be one of the following: • critical temperature – The PoE chip temperature limit rose above the safe operating level, thereby powering down the port.
Displaying Power over Ethernet information 12 To following is an example of the show inline power detail command output on an FCX POE+ switch. Brocade#FCX#show inline power detail Power Supply Data On stack 1: ++++++++++++++++++ Power Supply #1: Max Curr: 7.5 Amps Voltage: 54.0 Volts Capacity: 410 Watts POE Details Info. On Stack 1 : General PoE Data: +++++++++++++++++ Firmware Version -------02.1.
12 Displaying Power over Ethernet information ... continued from previous page...
Displaying Power over Ethernet information 12 To following is an example of the show inline power detail command output on a FastIron X Series PoE switch. Brocade#show inline power detail Power Supply Data: ++++++++++++++++++ PoE+ Max Operating Voltage: 54 V Power Supply #1: Model Number: Serial Number: Firmware Ver: Test Date: H/W Status: Max Curr: Voltage: Capacity: PoE Capacity: Consumption: 32004000 093786124716 1.6 9/12/09 (mm/dd/yy) 807 50.0 Amps 54.
12 Displaying Power over Ethernet information ... continued from previous page... Cumulative Port Power Data: +++++++++++++++++++++++++++ Slot #Ports #Ports #Ports Power Power Power Pri: 1 Pri: 2 Pri: 3 Consumption Allocation Budget -----------------------------------------------------------------3 0 0 48 513.90 W 739.200 W 65535.0 W 4 0 0 48 1346.497 W 1440.0 W 65535.0 W 6 0 0 24 0.0 W 0.0 W 65535.0 W 7 0 0 48 43.72 W 61.600 W 65535.0 W 8 0 0 24 0.0 W 0.0 W 65535.
Displaying Power over Ethernet information TABLE 35 12 Field definitions for the show inline power detail command (Continued) Column Definition Firmware Version The Interface module / slot number firmware version. Cumulative port state data NOTE: When you enable a port using the CLI, it may take 12 or more seconds before the operational state of that port is displayed correctly in the show inline power output. Slot The Interface module / slot number.
12 316 Displaying Power over Ethernet information FastIron Ethernet Switch Administration Guide 53-1002637-02
Chapter 13 System Monitoring Table 36 lists the system monitoring (sysmon) features supported on Brocade FastIron devices. These features are supported in the Layer 2 and full Layer 3 software images, except where explicitly noted.
Configure system monitoring Sysmon starts the timer based on the specified timer setting, with the default value as three minutes. After the interval specified by the timer, the utility checks the hardware error registers. If the sysmon utility detects an error in a hardware error register, it increments the relevant error count by 1. Otherwise, it restarts the timer and waits for the given interval. Hardware error registers are cleared when read, so after Sysmon reads the value, they are reset to zero.
Configure system monitoring • enable system-monitoring all • sysmon timer In addition, you can enable or disable system monitoring for each event type from the CLI, with each event type having separate threshold and log back off values.
disable system-monitoring all disable system-monitoring all Disables system monitoring at the global level for all types. Syntax disable system-monitoring all Command Default By default, system monitoring is enabled. Command Modes Privileged EXEC mode. Usage Guidelines Disabling sysmon at the global level disables any individually configured and enabled sysmon tasks as well. However, any sysmon configuration that is made, including global and event-specific configuration are retained.
enable system-monitoring all enable system-monitoring all Enables system monitoring at the global level for all event types. Syntax enable system-monitoring all Command Default By default, system monitoring is enabled. Command Modes Privileged EXEC mode. Usage Guidelines This command enables system monitoring globally, and covers all event-specific system monitoring configuration as well. If specific configuration is not made for different types, default values defined at the global level are used.
sysmon timer sysmon timer Configures the global system monitoring timer. Syntax Command Default Parameters sysmon timer minutes By default, the system monitoring timer is set to three minutes. minutes Specifies the system monitoring timer in minutes. The range of values is 1 through 60. The default value is 3. Command Modes Global configuration mode.
sysmon log-backoff sysmon log-backoff Defines the number of times to skip logging an event before logging again at the global level. The no form of this command resets the parameter to default value. Syntax sysmon log-backoff number no sysmon log-backoff Parameters number Specifies the number of times to skip an event logging before logging again. Command Modes Global configuration mode.
sysmon threshold sysmon threshold Defines the threshold for errors at the global level. The no form of this command resets the threshold configuration to default values. Syntax sysmon threshold events polling-interval no sysmon threshold Parameters events Specifies the threshold in terms of the number of events. Valid values are 1 through 10. When expressed in the command, the default value is 2. polling-interval Specifies the number of polling windows.
System monitoring on FCX and ICX devices System monitoring on FCX and ICX devices On FCX and ICX devices, system monitoring monitors the following errors: • ECC errors. • Link errors. These errors are monitored on a stack unit basis.
sysmon ecc-error sysmon ecc-error Configures how sysmon handles ECC errors. The no version of this command disables system monitoring on internal ECC errors. Syntax sysmon ecc-error-count {threshold events polling-interval | log-backoff value | action {none | syslog}} no sysmon fa error-count Command Default Parameters By default, the command takes the global values defined for threshold, log back-off, and action. threshold Defines the threshold for errors.
sysmon ecc-error Related Commands sysmon link-error, sysmon timer, sysmon threshold FastIron Ethernet Switch Administration Guide 53-1002637-02 327
sysmon link-error sysmon link-error Configures how sysmon handles link errors. The no version of this command disables system monitoring on link errors. Syntax sysmon link-error {threshold events polling-interval | log-backoff value | action {none | syslog}} no sysmon link-error Command Default Parameters By default, the command takes the global values defined for threshold, log back-off, and action. threshold Defines the threshold for errors.
System monitoring for Fabric Adapters System monitoring for Fabric Adapters On FSX devices, system monitoring for fabric adaptors monitor errors such as the following: • End of Packet (EoP) or Start of Packet (SoP) errors • Cyclic Redundancy Check (CRC) errors • Packets dropped due to congestion In addition to the error count, sysmon also checks for connectivity of FA links. This happens at the interval defined by the sysmon-timer command generally or specifically for FA.
sysmon fa error-count sysmon fa error-count Configures how sysmon handles fabric adaptor-related errors. The no version of this command disables system monitoring on fabric adaptors. Syntax sysmon fa error-count {threshold events polling-interval | log-backoff value | action {none | syslog}} no sysmon fa error-count Command Default Parameters By default, the command takes the global values defined for threshold, log back-off, and action. threshold Defines the threshold for errors.
sysmon fa error-count Related Commands sysmon fa link, sysmon timer, sysmon threshold FastIron Ethernet Switch Administration Guide 53-1002637-02 331
sysmon fa link sysmon fa link Configures system monitoring for link errors on all or specified fabric adaptors. The no form of this command resets the parameters to default values. Syntax sysmon fa link {threshold events polling-interval | log-backoff value | action {none | syslog}} no sysmon fa link Command Default Parameters By default, the command takes the global values defined for threshold, log back-off, and action. threshold Defines the failure threshold for the fabric adapter link error event.
System monitoring for Cross Bar System monitoring for Cross Bar On FSX devices, errors typically detected in the cross bar include: • Bad (IP) headers • Bad length errors • Reformat errors Besides the error count, sysmon also checks for connectivity of SFM/XBAR links. This happens at the interval defined by the sysmon-timer command generally or specifically for cross bar.
sysmon xbar error-count sysmon xbar error-count Configures system monitoring for cross bar errors. The no form of this command resets the parameters to default values. Syntax sysmon xbar error-count {threshold events polling-interval | log-backoff value | action {none | syslog}} no sysmon xbar error-count Command Default Parameters By default, the command takes the global values defined for threshold, log back-off, and action. threshold Defines the failure threshold for the cross bar error-count event.
sysmon xbar error-count Related Commands sysmon xbar link, sysmon timer, sysmon threshold FastIron Ethernet Switch Administration Guide 53-1002637-02 335
sysmon xbar link sysmon xbar link Configures the sysmon parameters for the crossbar link. The no form of this command resets the parameters to default values. Syntax sysmon xbar link {threshold events polling-interval |log-backoff value | action {none | syslog}} no sysmon xbar link Command Default Parameters By default, the command takes the global values defined for threshold, log back-off, and action. threshold Defines the failure threshold for the fabric adapter error-count event.
System monitoring for Packet Processors System monitoring for Packet Processors On FSX devices, errors typically detected in packet processors include: • • • • • • • • • • • • • • Parity errors Error Checking Code (ECC) errors ConfigTable0 errors TCAM error TCAM action parity errors Token bucket priority parity errors State variable parity errors Link list RAM ECC errors FBUF RAM ECC errors Egress VLAN parity errors Ingress VLAN parity errors Layer 2 port isolation parity errors Layer 3 port isolation pa
sysmon pp error-count sysmon pp error-count Configures the sysmon monitoring parameters for error events in packet processors. The no form of this command resets the parameters to default values. Syntax sysmon pp error-count {threshold events polling-interval | log-backoff value | action {none | syslog}} no sysmon pp error-count Command Default Parameters By default, system monitoring on packet processors is enabled, with the global default values.
clear sysmon counters clear sysmon counters Clears sysmon counters for all or specific event types. Syntax clear sysmon counters all clear sysmon counters fa {error | link} {all | decimal} clear sysmon counters pp error {all | decimal} clear sysmon counters xbar {error | link} {all | decimal} clear sysmon counters {ecc-error | link-error} Parameters all Clears all sysmon counters. fa Clears the fabric adaptor sysmon counters. error Clears the fabric adaptor error counters.
clear sysmon counters History Related Commands 340 Release Command History 08.0.00a This command was introduced.
show sysmon logs show sysmon logs Displays the entries written to syslog for all event types if the action specified is to log them into syslog. If the action specified is none, the sysmon logs display nothing. Syntax show sysmon logs Command Default All syslog messages are displayed. Command Modes Privileged EXEC mode. Examples The following example displays the syslog entries that were made by sysmon if the action specified either at the global level or type level was to log the events to syslog.
show sysmon counters show sysmon counters Displays sysmon counters for all or specific event types. Syntax show sysmon counters type {error | link} show sysmon counters {ecc-error | link-error} Command Default Parameters All counters are displayed. type The event type for which sysmon counters are displayed. For FSX devices, the options are all, fa (fabric adapter), pp (packet processor), and xbar (cross bar). For FCX and ICX devices, the options are ecc-error and link-error. The default value is all.
show sysmon counters tail drop detect = 0 filter drop detect = 0, ecc drop detect = 0 ****PUMA Device 0 VOQUnit1 error detect Set 0 EnQ Drop detect = 0 Set 1 EnQ Drop detect = 0 Set 2 EnQ Drop detect = 0 Set 3 EnQ Drop detect = 0 tail drop detect = 0 filter drop detect = 0, ecc drop detect = 0 ****PUMA Device 0 CRX error detect CRC detect = 0, Lost SOP.
show sysmon counters ****PUMA Device 0 Control SRAM error CSU : Parity error detect = 0, ECC LPM0: Parity error detect = 0, ECC LPM1: Parity error detect = 0, ECC LPM2: Parity error detect = 0, ECC LPM3: Parity error detect = 0, ECC detect error detect error detect error detect error detect error detect = = = = = 0 0 0 0 0 The following example displays all error counter data on an FCX device: Brocade(config)#show sysmon counters all Sysmon error detected on: Stacking Unit 1 (number of times) ****Stack
show sysmon counters Sysmon error detected on: Stacking Unit 5 (number of times) ****Stacking unit 5 (FCX) Link error detect Port 24 Link error detect = 0 remote fault detect = 0 lane error detect Port 25 Link error detect = 0 remote fault detect = 0 lane error detect Port 26 Link error detect = 0 remote fault detect = 0 lane error detect Port 27 Link error detect = 0 remote fault detect = 0 lane error detect ========================== Sysmon ECC error detected on: Stacking Unit 1 (number of times) = 0 =
show sysmon config show sysmon config Displays the complete sysmon configuration, including the global configuration and the event-specific configuration. Syntax show sysmon config Command Modes User EXEC mode. Examples The following command displays the sysmon configuration an FSX device. The global configuration is displayed first, followed by the configuration for specific events. Privileged EXEC mode.
show sysmon config Sysmon Event: LINK_STATUS (Enabled) Threshold: 2/10 Log Backoff Number: 10 Action: log(internal) /syslog Sysmon Event: ECC_STATS (Enabled) Threshold: 2/10 Log Backoff Number: 10 Action: log(internal) /syslog History Related Commands Release Command History 08.0.00a This command was introduced.
show sysmon system sfm show sysmon system sfm Displays the status of the switch fabric modules. Syntax Parameters Command Modes show sysmon system sfm {all | number} all Displays the statistics for all SFMs on the device. number Specifies the SFM ID for which the statistics is to be displayed. User EXEC mode. Privileged EXEC mode. Global configuration mode. Usage Guidelines Examples This command is supported only on FSX devices.
Appendix A Syslog messages Table 1 lists all of the Syslog messages. Note that some of the messages apply only to Layer 3 switches. NOTE This chapter does not list Syslog messages that can be displayed when a debug option is enabled.
A Syslog messages TABLE 1 350 Brocade Syslog messages (Continued) Message level Message Explanation Alert MAC Authentication failed for mac-address on portnum (No VLAN Info received from RADIUS server) RADIUS authentication was successful for the specified mac-address on the specified portnum; however, dynamic VLAN assignment was enabled for the port, but the RADIUS Access-Accept message did not include VLAN information. This is treated as an authentication failure.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Alert System: Module in slot slot-num encountered PCI config read error: Bus PCI-bus-number, Dev PCI-device-number, Reg Offset PCI-config-register-offset. The module encountered a hardware configuration read error. Alert System: Module in slot slot-num encountered PCI config write error: Bus PCI-bus-number, Dev PCI-device-number, Reg Offset PCI-config-register-offset.
A Syslog messages TABLE 1 352 Brocade Syslog messages (Continued) Message level Message Explanation Critical Authentication shut down portnum due to DOS attack Denial of Service (DoS) attack protection was enabled for multi-device port authentication on the specified portnum, and the per-second rate of RADIUS authentication attempts for the port exceeded the configured limit. The Brocade device considers this to be a DoS attack and disables the port.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Informational user-name login to PRIVILEGED mode A user has logged into the Privileged EXEC mode of the CLI. The user-name is the user name. Informational user-name login to USER EXEC mode A user has logged into the USER EXEC mode of the CLI. The user-name is the user name. Informational user-name logout from PRIVILEGED mode A user has logged out of Privileged EXEC mode of the CLI.
A Syslog messages TABLE 1 354 Brocade Syslog messages (Continued) Message level Message Explanation Informational DOT1X: port portnum - MAC mac address cannot remove inbound ACL An error occurred while removing the inbound ACL. Informational DOT1X: port portnum - MAC mac address Downloading a MAC filter, but MAC filter have no effect on router port The RADIUS server returned an MAC address filter, but the portnum is a router port (it has one or more IP addresses).
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Informational DOT1X: Port portnum, AuthControlledPortStatus change: authorized The status of the interface controlled port has changed from unauthorized to authorized. Informational DOT1X: Port portnum, AuthControlledPortStatus change: unauthorized The status of the interface controlled port has changed from authorized to unauthorized.
A Syslog messages TABLE 1 356 Brocade Syslog messages (Continued) Message level Message Explanation Informational Port portnum, srcip-security max-ipaddr-per-int reached.Last IP=ipaddr The address limit specified by the srcip-security max-ipaddr-per-interface command has been reached for the port. Informational Port portnum, srcip-security max-ipaddr-per-int reached.Last IP=ipaddr The address limit specified by the srcip-security max-ipaddr-per-interface command has been reached for the port.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Informational STP: VLAN vlan id Root-Protect Port port id, Inconsistent (Received superior BPDU) The root protect feature has detected a superior BPDU and goes into the inconsistent state on {vlan-id, port-id}. Informational STP: VLAN vlan-id BPDU-guard port port-number detect (Received BPDU), putting into err-disable state STP placed a port into an errdisable state for BPDU guard.
A Syslog messages TABLE 1 358 Brocade Syslog messages (Continued) Message level Message Explanation Informational telnet | SSH| access [by username] from src IP source ip address, src MAC source MAC address rejected, n attempts There were failed SSH, or Telnet login access attempts from the specified source IP and MAC address. • [by user username] does not appear if telnet or SSH clients are specified.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Informational vlan vlan-id Bridge is RootBridge mac-address (MgmtPriChg) 802.1W changed the current bridge to be the root bridge of the given topology due to administrative change in bridge priority. Informational vlan vlan-id Bridge is RootBridge mac-address (MsgAgeExpiry) The message age expired on the Root port so 802.1W changed the current bridge to be the root bridge of the topology.
A Syslog messages TABLE 1 360 Brocade Syslog messages (Continued) Message level Message Explanation Notification Authentication Disabled on portnum The multi-device port authentication feature was disabled on the on the specified portnum. Notification Authentication Enabled on portnum The multi-device port authentication feature was enabled on the on the specified portnum. Notification BGP Peer ip-addr DOWN (IDLE) Indicates that a BGP4 neighbor has gone down.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Notification Local ICMP exceeds burst-max burst packets, stopping for lockup seconds!! The number of ICMP packets exceeds the burst-max threshold set by the ip icmp burst command. The Brocade device may be the victim of a Denial of Service (DoS) attack. All ICMP packets will be dropped for the number of seconds specified by the lockup value.
A Syslog messages TABLE 1 362 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF interface state changed, rid router-id, intf addr ip-addr, state ospf-state Indicates that the state of an OSPF interface has changed. The router-id is the router ID of the Brocade device. The ip-addr is the interface IP address.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf config error, rid router-id, intf addr ip-addr, pkt src addr src-ip-addr, error type error-type, pkt type pkt-type Indicates that an OSPF interface configuration error has occurred. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device.
A Syslog messages TABLE 1 364 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf rcvd bad pkt: Bad Checksum, rid ip-addr, intf addr ip-addr, pkt size num, checksum num, pkt src addr ip-addr, pkt type type The device received an OSPF packet that had an invalid checksum. The rid ip-addr is the Brocade router ID. The intf addr ip-addr is the IP address of the Brocade interface that received the packet. The pkt size num is the number of bytes in the packet.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF intf retransmit, rid router-id, intf addr ip-addr, nbr rid nbr-router-id, pkt type is pkt-type, LSA type lsa-type, LSA id lsa-id, LSA rid lsa-router-id An OSPF interface on the Brocade device has retransmitted a Link State Advertisement (LSA). The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device.
A Syslog messages TABLE 1 366 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF nbr state changed, rid router-id, nbr addr ip-addr, nbr rid nbr-router-Id, state ospf-state Indicates that the state of an OSPF neighbor has changed. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the neighbor. The nbr-router-id is the router ID of the neighbor.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual intf authen failure, rid router-id, intf addr ip-addr, pkt src addr src-ip-addr, error type error-type, pkt type pkt-type Indicates that an OSPF virtual routing interface authentication failure has occurred. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device.
A Syslog messages TABLE 1 368 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual intf config error, rid router-id, intf addr ip-addr, pkt src addr src-ip-addr, error type error-type, pkt type pkt-type Indicates that an OSPF virtual routing interface configuration error has occurred. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual intf retransmit, rid router-id, intf addr ip-addr, nbr rid nbr-router-id, pkt type is pkt-type, LSA type lsa-type, LSA id lsa-id, LSA rid lsa-router-id An OSPF interface on the Brocade device has retransmitted a Link State Advertisement (LSA). The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the interface on the Brocade device.
A Syslog messages TABLE 1 Brocade Syslog messages (Continued) Message level Message Explanation Notification OSPF virtual nbr state changed, rid router-id, nbr addr ip-addr, nbr rid nbr-router-id, state ospf-state Indicates that the state of an OSPF virtual neighbor has changed. The router-id is the router ID of the Brocade device. The ip-addr is the IP address of the neighbor. The nbr-router-id is the router ID of the neighbor.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Notification VRRP intf state changed, intf portnum, vrid virtual-router-id, state vrrp-state A state change has occurred in a Virtual Router Redundancy Protocol (VRRP) or VRRP-E IPv4 or IPv6 interface. The portnum is the port or interface where VRRP or VRRP-E is configured. The virtual-router-id is the virtual router ID (VRID) configured on the interface.
A Syslog messages TABLE 1 372 Brocade Syslog messages (Continued) Message level Message Explanation Warning list ACL-num denied ip-proto src-ip-addr (src-tcp/udp-port) (Ethernet portnum mac-addr) dst-ip-addr (dst-tcp/udp-port), 1 event(s) Indicates that an Access Control List (ACL) denied (dropped) packets. The ACL-num indicates the ACL number. Numbers 1 – 99 indicate standard ACLs. Numbers 100 – 199 indicate extended ACLs. The ip-proto indicates the IP protocol of the denied packets.
Syslog messages TABLE 1 A Brocade Syslog messages (Continued) Message level Message Explanation Warning No global IP! cannot send IGMP msg. The device is configured for ip multicast active but there is no configured IP address and the device cannot send out IGMP queries. Warning No of prefixes received from BGP peer ip-addr exceeds warning limit num The Layer 3 switch has received more than the allowed percentage of prefixes from the neighbor. The ip-addr is the IP address of the neighbor.
A 374 Syslog messages FastIron Ethernet Switch Administration Guide 53-1002637-02
Index Numerics 100BaseTX configuration, 57 A alarm interval, setting, 237 alarm status values, 241 B boot code synchronization, 77 boot preference, displaying, 81 buffer limits, changing, 53 C cable statistics, 236 cabling requirements for PoE, 297 CDP clearing information, 182, 185 clearing statistics, 182 displaying entries, 185 displaying information, 183 displaying neighbors, 184 displaying packet statistics, 182 displaying statistics, 185 enabling interception of packets globally, 183 enabling inte
lldp advertise system-description ports ethernet, 209 lldp advertise vlan-name vlan, 210 lldp enable ports, 200 lldp enable ports ethernet, 200 lldp enable receive ports, 201 lldp enable snmp notifications ports ethernet, 204 lldp enable transmit ports, 201 lldp enable transmit ports ethernet, 202 lldp max-neighbors-per-port, 203 lldp max-total-neighbors, 203 lldp med location-id civic-address, 216 lldp med location-id coordinate-based, 215 lldp med location-id ecs-elin, 220 lldp med network-policy applicat
show loop-detection resource, 68 show optic, 240 show pod unit, 128 show sflow, 287 show transmit-counter values, 264 commands line editing, 5 searching and filtering output, 7 configuration basic port parameter, 39 basis system parameters, 14 dynamic loading, 85 entering system information, 15 flow control, 47 hitless OS upgrade, 109 Interpacket Gap (IPG), 54 loading and saving files, 82 manual IPv6 tunnel, 155 MDI, 46 PHY FIFO Rx and Tx depth, 54 port flap dampening, 61 SNMP parameters, 15 static IPv6 rou
hitless failover description, 98 hitless failover, enabling, 103 hitless management, 98 benefits of, 100 configuration notes and feature limitations, 103 supported protocols, 100 hitless OS upgrade, 98, 107 hitless OS upgrade configuration, 109 hitless reload or switchover, 103 hitless switchover description, 98 executing, 106 I Interface 100-fx, 58 100-tx, 57 enable, 47 flow-control, 48 gig-default, 59 inline power, 301 inline power power-by-class, 305 inline power power-limit, 303 inline power priority,
specifying the maximum number of LLDP neighbors per port, 203 specifying the maximum number of neighbors per device, 203 specifying the minimum time between SNMP traps and Syslog messages, 204 Syslog messages, 198 terms used in chapter, 188 TLVs advertised by Brocade device, 206 transmit mode, 193 LLDP media endpoint devices (LLDP-MED), description of, 188 LLDP_MED benefits, 192 general operating principles, 193 overview, 191 LLDP-MED 802.
disabling support for power-consuming devices, 301 displaying information, 307 dynamic upgrade of power supplies, 295 enabling and disabling, 300 enabling the detection of power requirements, 302 endspan method, 293 installing firmware on FCX platform, 298 installing firmware on FSC platform, 298 IP surveillance cameras, 298 methods for delivery, 292 midspan method, 293 overview, 292 power class, 294 power specifications, 295 resetting parameters, 307 setting the inline power priority for a port, 305 settin
show lldp statistics, 204, 227 show lldp statisticsLLDP displaying statistics, 226 show logging, 244, 246, 247 show loop-detection resource, 68 show loop-detection status, 67 show media, 57 show media slot, 238 show optic, 239 show optic slot, 240 show optic threshold, 241 show pod, 127 show relative-utilization, 289 show rmon statistics, 268 show sflow, 278, 286 show snmp engineid, 166, 174 show snmp group, 175 show snmp server, 165, 173 show snmp user, 175 show span, 261 show stack, 127 show statistics et
disabling logging of a message level, 251 disabling or re-enabling, 250 displaying interface names in messages, 253 displaying messages, 244 displaying real-time messages, 246 displaying TCP or UDP port numbers in messages, 253 displaying the configuration, 246 enabling real-time display for a Telnet or SSH session, 245 enabling real-time display of messages, 245 message due to disabled port in loop detection, 69 message for hitless management events, 109 message types, 349 messages for CLI access, 19 messa
