Alcatel-Lucent 6600 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 654 Seiten
- 9.33 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Switch
Alcatel-Lucent 6850-48
34 Seiten 1.38 mb -
Switch
Alcatel-Lucent 6850-P24X
34 Seiten 1.38 mb -
Switch
Alcatel-Lucent 6850-24
34 Seiten 1.38 mb -
Switch
Alcatel-Lucent OmniSwitch 6850-48
34 Seiten 1.45 mb -
Switch
Alcatel-Lucent 4604
4 Seiten 0.15 mb -
Switch
Alcatel-Lucent OMNISWITCH 6800
134 Seiten 0.5 mb -
Switch
Alcatel-Lucent 1655 AMU
12 Seiten 0.83 mb -
Switch
Alcatel-Lucent 1850 TSS-3
8 Seiten 0.74 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Alcatel-Lucent 6600 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Alcatel-Lucent 6600, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Alcatel-Lucent 6600 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Alcatel-Lucent 6600. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung Alcatel-Lucent 6600 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Alcatel-Lucent 6600
- Den Namen des Produzenten und das Produktionsjahr des Geräts Alcatel-Lucent 6600
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Alcatel-Lucent 6600
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Alcatel-Lucent 6600 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Alcatel-Lucent 6600 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Alcatel-Lucent finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Alcatel-Lucent 6600 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Alcatel-Lucent 6600, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Alcatel-Lucent 6600 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
Part No. 060179-10, Rev. F April 2006 OmniSwitch 6600 Family Network Configuration Guide www.alcatel.com[...]
-
Seite 2
i i O mniSw i t ch 6 6 00 Fa m ily Network Co n f igu r ation Gui d e Ap r il 2 0 06 This user guide docume nts release 5.4 of the OmniSwitch 6600 Family Ne twork Configuration Guide. The functionality described in this guid e is subject to change without notice. Copyright © 2006 by Alcatel Internet working, Inc. All rights reserved . This documen[...]
-
Seite 3
OmniSwitch 6600 Family Network Configurati on Guide April 2006 iii Contents About This Guide ...................... ................ ................ ................... ................ .............. xxv Supported Platforms ................... ............... .................... ............... .................... .............. xxv Who Should [...]
-
Seite 4
Contents iv OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting Interface Line Sp eed .......... ................ ................... ................ ................... 15-16 Configuring Duplex Mode ............. ................ ................... ................ ................... 15-17 Enabling and Disabling Interfaces ..[...]
-
Seite 5
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 v Configuring the Number of MAC Addresses Allowed .................... .................... ......... 17-8 Configuring Authorized MAC Addresses ......... ................ ................... ................ ......... 17-8 Configuring an Auth orized MAC Address Range ..........[...]
-
Seite 6
Contents vi OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Spanning Tree Operating Modes .............................. ............... .................... ................ . 19-9 Using the Flat Spanning Tree Mode .......... ................ ................... ................ ......... 19-9 Using 1x1 Spanning Tree Mode ..........[...]
-
Seite 7
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 vii MST Interoperability and Migration ..................... ................... ................ ................... 20-12 Migrating from Flat Mode STP/RSTP to Flat Mode MSTP ................. ............... 20-12 Migrating from 1x1 Mode to Flat Mode MSTP ....................[...]
-
Seite 8
Contents viii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Custom (User Defined) Rules ................. ................... ................ .................... . 22-7 Port Rules ................. ................... ................ ................... ................ ................. 22-7 Understanding VLAN Rule Precedence .[...]
-
Seite 9
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 ix Chapter 10 Using Interswitch Protocols ............... ................ ................... ................ ................ . 24-1 In This Chapter ....... ................ ................... ................ ............... .................... ................ . 2 4-1 AI[...]
-
Seite 10
Contents x OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Adding Ports to a Static Aggregate Gr oup .. ................... ................ ................. 26-9 Removing Ports from a Static Aggregat e Group ................ .................... ....... 26-14 Modifying Static Aggregatio n Group Parameters ..........................[...]
-
Seite 11
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xi Modifying the Partner Port System ID ....................... .................... ............... 27-30 Modifying the Partne r Port System Priority ........ ................... ................ ....... 27-31 Modifying the Partne r Port Administrative Status .................[...]
-
Seite 12
Contents xii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying UDP Information ..... .................... ................... ................ ................... 28-24 Verifying the IP Configuration ............. .................... ............... .................... ............... 28-24 Chapter 15 Configuring IPv6 ....[...]
-
Seite 13
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xiii RIP Options .................... ............... .................... ................ ................... ................ ......... 30-9 Configuring the RIP Forced Hold-down Interval ...... ............... .................... ......... 30-9 Enabling a RIP Host Route ...[...]
-
Seite 14
Contents xiv OmniSwi tch 6600 Family Network Configuration Guid e April 2006 DHCP Relay Overview ................. .................... ................ ................... ................ ......... 32-5 DHCP .............. .................... ............... ................ ................... ................ ................ . 32-5 DHCP and t[...]
-
Seite 15
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xv VRRP Tracking ............... ............... ............ .... ................... ................ ................ ..... 3 3-7 Interaction With Othe r Feature s .................... ................ ............... .................... ............. 33-7 Configuration Ove[...]
-
Seite 16
Contents xvi O mniSwitch 6600 Family Network Configuration Guid e April 2006 Retrieving Directory Search Results ....................... ............... .................... ... 34-18 Directory Modificat ions .............. ................ ................... ................ ............... 34-18 Directory Compare and Sort ................ ......[...]
-
Seite 17
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xvii Configuring the Server Aut hority Mode ........... .................... ............... .................... ... 35-32 Configuring Single Mode ............... .................... ............... .................... ............... 35-32 Configuring Multiple Mode ....... [...]
-
Seite 18
Contents xviii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Modifying Policy Servers ...... ............... .................... ................... ................ ................. 37-4 Modifying LDAP Policy Server Parameters .................. ................... .................... . 37-4 Disabling the Policy Server From Dow[...]
-
Seite 19
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xi x Returning the Global Configuration to Defaults .... ....................... ................ ....... 38-18 Verifying Global Settings ............................... ................... ................ ................... 38-19 QoS Ports and Queues ........................[...]
-
Seite 20
Contents xx O mniSwitch 6600 Family Network Configuration Guid e April 2006 Policy Applications ............................... ................ ................... ................ ................... 38-49 Basic QoS Policies ...... ................... ................ ................ ................... ................ ... 38-49 Basic Commands [...]
-
Seite 21
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xx i Chapter 26 Configuring IP Multicast Switching ..................... ............... ................ ................ . 40-1 In This Chapter ....... ................ ................... ................ ............... .................... ................ . 4 0-1 IPMS Spe[...]
-
Seite 22
Contents xxii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Chapter 27 Diagnosing Switch Problems ................ ................ ............... .................... ............. 41-1 In This Chapter ....... ................ ................... ................ ............... .................... ................ . 4 1-1 Port [...]
-
Seite 23
Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xxiii Enabling or Disabling RMON Probes ........................ ................... ................ ....... 41-27 Displaying RMON Tables .......................... ................ ................... ................ ....... 41-28 Displaying a List of RMON Probes ...........[...]
-
Seite 24
Contents xxiv O mniSwitch 6600 Family Network Configuration Guide April 2006 Configuring Debug Memory Commands ...................... ............... .................... ............. 43-4 Enabling/Disabl ing Memory Monitoring Function s ...... ............... ................ ......... 43-4 Displaying the Memory Monitor Log ......................[...]
-
Seite 25
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxv About This Guide This OmniSwitch 6600 F amily Network Con figuration Guid e describes how to set up and moni tor soft- ware features that will allow your sw itch to operate in a live network envi ronment. The so ftware feat ures described in this manual are shipped stan dard wi[...]
-
Seite 26
Who Should Read this Manual? About This Guide page xxvi OmniSwitch 6600 Family Network Configuration Guide April 2006 Unsupported Platforms The information i n this guide d oes not app ly to the fo llowing prod ucts: • OmniSwitch (original version with no numeric model name) • OmniSwitch 6800-24 • OmniSwitch 6800-48 • OmniSwitch 6800-U 24 ?[...]
-
Seite 27
About This Guide What is in this Manual? OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxvii What is in this Manual? This configuration guide includes informatio n about config uring the followi ng features: • VLANs, VLAN router ports, mob ile ports, and VLAN rules. • Basic Layer 2 functi ons, such as Ethern et port para m[...]
-
Seite 28
What is Not in this Manual? About This Guide page xxviii OmniSwitch 6600 Family Network Configuration Guide April 2006 What is Not in this Manual? The configuration p rocedures in this manual use Command Line Interface (CLI) commands in all exam- ples. CLI commands are text-based commands used to manage the swit ch through serial (console port) con[...]
-
Seite 29
About This Guide Documentation Roadmap OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxix Documentation Roadmap The OmniSwitch user document ation suite was designed to supply you with in formation at severa l critical junctures of t he configuration p rocess. The followi ng section outlines a roadma p of the manuals t hat wil[...]
-
Seite 30
Documentation Roadmap About This Guide page xxx OmniSwitch 6600 Family Network Configuration Guide April 2006 Stage 3: Integrating the Switch Into a Network Pertinent Documentation: OmniSw itch 6600 Family Netw ork Configur ation Guide OmniSwitch 66 00 Family Adv anced Rout ing Configura tion Guide When you are ready to conn ect your switch to the [...]
-
Seite 31
About This Guide Related Documentation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxxi Related Documentation The following are the titl es an d descript ions of all the OmniSwitch 660 0 Family user ma nuals: • OmniSwitch 66 00 Family Getti ng Started Guid e Describes the hardware and software pro cedures for getti ng an O[...]
-
Seite 32
Related Documentation About This Guide page xxxii OmniSwitch 6600 Family Network Configuration Guide April 2006 • OmniSwitch 66 00 Family Advanced Routing Config uration Gu ide Includes network configuration p rocedures and d escri ptive informa tion on all the software f eatures and protocols included in the advan ced routing softwa re package O[...]
-
Seite 33
About This Guide User Manuals Web Site OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxxiii User Manuals W eb Site All related use r guides for the Omn iSwitch 6600 Fa mily can be found on ou r web site at http://www.alca tel.com/enterprise/e n/resource_lib rary/user_manuals.h tml All documenta tion on the Us er Manual web si [...]
-
Seite 34
Technical Support About This Guide page xxxiv OmniSwitch 660 0 Family Network Configuration Guide April 2006[...]
-
Seite 35
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-1 1 Configuring Ethernet Por ts The Ethernet software is re sponsible for a variety of funct ions that suppor t the Ethernet an d Gigabit Eth er- net ports on OmniSwitch 6600 Family switches. These functions include diagnostics, so ftware load ing, initializatio n, configuratio n[...]
-
Seite 36
Ethernet Specifications Configuring Ethernet Ports page 1-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Ethernet Specifications IEEE Standards Supported 802.3 Carrier Sense Multiple Acce ss with Collision Detection (CSMA/CD) Ports Supported Ethernet (10 Mbps) Fast Ethernet (100 Mbps) Gigabit Ether net (1 Gb/1000 Mbps) . 2-Port Gi[...]
-
Seite 37
Configuring Ethernet Ports Ethernet Port Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-3 Ethernet Por t Defaults The following ta ble shows Ethern et port defa ult values. Parameter Description Comma nd Default V alue/Comments T rap Port Link Messages trap port link Disabled Flow Control flow Disabled Flow Control W[...]
-
Seite 38
Configuring Ethernet Ports Tutorial Configuring Ethernet Ports page 1-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Ethernet Por ts T utorial This tutoria l describes typic al steps involv ed in conf iguring an Ethern et port. This example pres umes that slot (switch) 1 , port 1 is an Ethernet po rt. 1 This step co nf[...]
-
Seite 39
Configuring Ethernet Ports Configuring Ethernet Ports Tutorial OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-5 Note. Optional. To verify the Ethe rnet port co nfiguration, use the show interfaces command. The display is similar to the one shown belo w, and provides additi onal statistics ab out received and transmi tted byte[...]
-
Seite 40
Ethernet Ports Overview Configuring Ethernet Ports page 1-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Ethernet Por ts Over view This chapter descri bes the Ethernet software CLI command s used for configuring and monitoring your switch’s Ethern et port paramete rs. These commands all ow you to ha ndle administ rative or port-[...]
-
Seite 41
Configuring Ethernet Ports Et hernet Ports Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-7 OmniSwitch 6624 The OmniSwitch 6624 provi des 24 10/100 Mb ps ports and two expansi on slots. The expansion slot s are empty by default. Opt ionally, they can hold eit her four Gigabit Ethernet ports or two Gigabit Ethernet po[...]
-
Seite 42
Ethernet Ports Overview Configuring Ethernet Ports page 1-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6600-P24 The OmniSwi tch 6600-P24 provides 24 10/1 00 Mbps Power over Ethernet (PoE ) ports and t wo expansion slots. The expa nsion slots are empt y by defa ult. Optiona lly, they can hold either four Gigabit Ethern[...]
-
Seite 43
Configuring Ethernet Ports Et hernet Ports Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-9 OmniSwitch 6602-48 The OmniSwi tch 6602-48 p rovides 48 10/1 00 Mbps po rts, two Gigabit M iniGBIC ports, and two stack - ing ports. Port number s 1 through 48 suppor t both 10 Mbps Ethernet and 100 Mbps Fast Eth ernet inter- [...]
-
Seite 44
Ethernet Ports Overview Configuring Ethernet Ports page 1-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 V alid Port Settings This table below lists valid sp eed, duplex, an d auto nego tiation settings for the different O mniSwitch 66 00 Family port types. Chassis T ype (Port Nos.) Port T ype User -Specified Port Speed (Mbps) S[...]
-
Seite 45
Configuring Ethernet Ports Et hernet Ports Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-11 OmniSwit ch 6600-U24 (ports 1–24) 100 Mbps fiber SFP ports 100 full/half Y es OmniSwit ch 6600-U24 (ports 25–26) W ire-rate when an OS6600- GNI-U2 is installed us ing LC fiber SFPs or copper 1000Base-T SFPs. 1000 full Y e[...]
-
Seite 46
Ethernet Ports Overview Configuring Ethernet Ports page 1-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 OmniSwit ch 6602-24 (ports 1–24) Copper twisted pair (RJ-45) auto/10/100 auto/full/half Y es OmniSwit ch 6602-24 (ports 25–26) W ire-rate when an LC fiber SFP or copper 1000Base-T SFP is installed. 1000 full Y es (fiber) [...]
-
Seite 47
Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-13 Setting Ethernet Por t Parameters When using CLI command s to set Ethernet port parameters, keep in mind tha t Ethernet and Fast Eth ernet are supporte d only on ports 1 through 48 on the OmniSwitch 6648 and OmniSw i[...]
-
Seite 48
Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Setting Flow Contr ol The flow command can be used to enable or di sable (the de fault) flow control on a specific port, a ra nge of ports, or all po rts on an enti re switch (slot). Wh en th e buffers on a receiving[...]
-
Seite 49
Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-15 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example to disable flow co ntrol on the interface on slot 2 port 3 and document the [...]
-
Seite 50
Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Restoring the Flow Control W ait Time To restore the fl ow control wait time (i.e., set it back to 0) fo r an entire switch , enter flow followed by the slot number an d no wait . For exam ple, to resto re the flow c[...]
-
Seite 51
Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-17 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example, to configure th e line speed o n slot 2 port 3 at 10 0 Mbps and docu- ment [...]
-
Seite 52
Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling and Disabling Inter faces The interfaces a dmin command is used to enable (the default) or disable a specific po rt, a range of ports, or all ports on an ent ire switch (slot). To enable or disable an entire[...]
-
Seite 53
Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-19 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example, to set the inter-f rame gap value o n port 52 on slot 2 to 10 bytes and doc[...]
-
Seite 54
Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Flood Rates The following su bsections descri be how to en able the maximum floo d rate (see “Enab ling the Maximum Flood Rate” on page 1-20 ), enab le the m aximu m flood rate for multicast traffic ([...]
-
Seite 55
Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-21 Configuring Flood Rate V alues By default, the flood rate is 42 Mbp s on 10/100 ports and 49 6 Mbps on Gigabit po rts. The interfaces flood rate command can be used to configur e the peak flood ra te value on a spe c[...]
-
Seite 56
Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-22 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Auto Negotiation, Crossover , and Flow Contr ol Settings The following su bsections desc ribe how to enable and disab le auto negot iation (see “Enabling and Disabling Aut o Negotiatio n” on page 1-2 [...]
-
Seite 57
Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-23 Configuring Crossover Settings To configure crossover settings on a single po rt, a range of ports, or an entire slot u se the interfaces crossover command. If au to negotiatio n is disabled, fl ow control, au to spe[...]
-
Seite 58
Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-24 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example, to enable flow control on port 3 on sl ot 2 and document the port as Fast E[...]
-
Seite 59
Configuring Ethernet Ports Verifying Ethernet Port Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-25 V erifying Ethernet Por t Configuration To display information abo ut Ethernet port configurat ion settings, use the show commands listed in the following t able. These commands can be quite useful in troubl esho[...]
-
Seite 60
Verifying Ethernet Port Configuration Configuring Ethernet Ports page 1-26 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]
-
Seite 61
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-1 2 Managing Source Learning Transparent b ridging rel ies on a proces s referred to as source learning to handle traffic flow. Netwo rk devices communicate by sending and receiving data pa ckets that e ach contain a source MAC address and a destination MAC address. When pack ets[...]
-
Seite 62
Source Learning Specifications Managing Source Learning page 2-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Source Learning Specifications Source Learning Defaults Sample MAC Address T able Configuration The following ste ps provide a quick tutorial that will create a static MAC a ddress and change the MAC address aging timer fo[...]
-
Seite 63
Managing Source Learning Sample MAC Address Table Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-3 2 Assign switch ports 2 t hrough 5 on slot 3 to VLAN 200--if they are not alread y assoc iated with VLAN 200--using the fol lowing command: -> vlan 200 port default 3/2-5 3 Create a static MAC address entry usin[...]
-
Seite 64
MAC Address Table Overview Managing Source Learning page 2-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 MAC Address T able Over view Source learning bu ilds and maintains the MAC ad dress table on each swit ch. New MAC address table entries are created in one of two ways: they are dynamically learne d or statically assigned. Dyn[...]
-
Seite 65
Managing Source Learning Using Static MAC Addresses OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-5 • There are two type s of static MAC address beh avior supported: bridging (default) or filtering . Enter filtering to set up a denial of service to block potential hostile attacks. Traffic sent to or from a filtered MAC add[...]
-
Seite 66
Using Static Multicast MAC Addresses Managing Source Learning page 2-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Static MAC Addresses on Link Aggregate Ports Static MAC Addresses are not assigned to ph ysical ports th at belong to a link aggregate. Inste ad, they are assigned to a link aggregate ID that represent s a collection[...]
-
Seite 67
Managing Source Learning Configuring MAC Address Table Aging Time OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-7 Use the no form of the mac-address-table static-multicast command to delete static multi cast MAC address en tries. For example, the following co mmand deletes a static multic ast address that is a ssigned to por[...]
-
Seite 68
Configuring MAC Address Table Aging Time Managing Source Learning page 2-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The MAC address table aging time is also use d as the t imeout value for t he Address Reso lution Protocol (ARP) table. Th is timeout value dete rmin es how long the switch re tains dynamically lea rned ARP[...]
-
Seite 69
Managing Source Learning Displayi ng MAC Address Table Information OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-9 Displaying MAC Address T able Information To display MAC Address Tabl e entries, statistics, and aging time values, use the show commands listed below: For more information about the resulting di splays from the[...]
-
Seite 70
Displaying MAC Address Table Info rmation Managing Source Learning page 2-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]
-
Seite 71
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-1 3 Configuring Learned Por t Security Learned Port Security (LPS) pr ovides a mechanis m for authorizing source lear ning of MAC addresses on Ethernet and Gigabi t Ethernet ports. The o nly types of Ethernet port s that LP S does not support are link aggregate and tagged (t runk[...]
-
Seite 72
Learned Port Security Specifications Configuring Learned Port Security page 3-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Learned Por t Security Specifications Learned Por t Security Defaults RFCs supported Not applicable at this time. IEEE Standards supported Not applicable at this time. Ports eligible for Le arned Port Securi[...]
-
Seite 73
Configuring Learned Port Securi ty Sample Learned Port Security Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-3 Sample Learned Por t Security Configuration This section provides a quick tutoria l that demonstrates the fo llowing tasks: • Enabling LPS on a se t of switch ports. • Defining the maximum num ber[...]
-
Seite 74
Learned Port Security Overview Configuring Learned Port Security page 3-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Learned Por t Security Over view Learned Port Security (LPS) provides a mecha nism for controlling network de vice access on one or more switch ports. Co nfigurable LPS para meters allow the user to restrict the s[...]
-
Seite 75
Configuring Learned Por t Security Learned Port Security Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-5 How LPS Authorizes Source MAC Addresses When a packet is received on a port that has LPS enabled, switc h software checks t he following crite ria to determine if the sourc e MAC address contained in the packe t [...]
-
Seite 76
Learned Port Security Overview Configuring Learned Port Security page 3-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Static Configuration of Authorized MAC Addresses It is also possible to st atically configure aut horized source MAC a ddress entries into the LPS table. This type of entry behaves the same way as dynamically conf[...]
-
Seite 77
Configuring Learned Port Security Enabling/Disabling Learned Port Security OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-7 Enabling/Disabling Learned Por t Security By default, LPS is disabled on all switch po rts. To enable LPS on a port, use the port-security command. For example, the followi ng command enab les LPS on por[...]
-
Seite 78
Configuring the Number of MAC Addresses A llowed Configuring Learned Port Security page 3-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring the Number of MAC Addresses Allowed By default, one MAC address is allowed on an LPS port . To change this number, e nter port-security followed by the port’s slot /port designation[...]
-
Seite 79
Configuring Learned Por t Security Config uring an Authorized MAC Address Range OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-9 Configuring an Authorized MAC Address Range By default, each LPS port is set to a range of 00:0 0:00:00:00:00–ff:ff:ff:ff:ff:ff , which includes all MAC addresses. If this defaul t is not changed,[...]
-
Seite 80
Selecting the Security Violation Mode Configuring Learned Port Security page 3-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Selecting the Security V iolation Mode By default, the se curity violation mode for an LPS port is set to restr ict . In this mode, when an unautho- rized source MAC address is receive d on an LPS po rt, [...]
-
Seite 81
Configuring Learned Port Securi ty Displaying Learned Port Security Informatio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-11 Displaying Learned Por t Security Information To display LPS port and tab le informatio n, use the show commands listed bel ow: For more information abou t the resulting display from th ese comman[...]
-
Seite 82
Displaying Learned Port Security Inform ation Configuring Learned Port Security page 3-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]
-
Seite 83
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-1 4 Configuring VLANs In a flat bridged network, a broa dcast domain is c o nfined to a sing le LAN segment or even a spec ific physical loca tion, such as a department or bui lding floor. In a switch-based network, such as one comprised of Alcatel switching system s, a broadcast[...]
-
Seite 84
VLAN Specifications Configuring VLANs page 4-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Specifications VLAN Defaults RFCs Supported 2674 - Definitions of Managed Ob jects for Bridges with Traffic Classes, Multic ast Filtering and Virtual LAN Extensions IEEE Standards Supported 802.1Q - Virtual Bridged Local Area Networks [...]
-
Seite 85
Configuring VLANs Sample VLAN Configuratio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-3 Sample VLAN Configuration The following steps p rovide a quick tutorial that will create VLAN 255 on a stack config uration that includes four switc hes. Also includ ed are steps to define a VLA N desc ription, IP router interface, a[...]
-
Seite 86
Sample VLAN Configuration Configuring VLANs page 4-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To verify that ports 3/2 -4 were assigned t o VLAN 255, use the show vlan port command. For example: -> show vlan 255 port port type status --------+---------+-------------- 3/2 default inactive 3/3 default inactive 3/4 default ina[...]
-
Seite 87
Configuring VLANs VLAN Management Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-5 VLAN Management Over view One of the main benefi ts of using VLANs to segment network traffic, is that VLAN configuration and port assignment is han dled throu gh switch softwa re. This elimi nates the need to physically change a netwo[...]
-
Seite 88
Creating/Modifying VL ANs Configuring VLANs page 4-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating/Modifying VLANs The initial con figuration fo r all Alcatel switche s consists of a defaul t VLAN 1 and all swit ch ports are initially assigne d to this VLAN. When a switching mo dule is added to the switch, th e module’s [...]
-
Seite 89
Configuring VLANs Defining VLAN Port Assignments OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-7 Enabling/Disabling the VLAN Administrative Status To enable or disable the administrative status for an existing VLAN, enter vlan followed by a n existing VLAN ID and either enable or disable . -> vlan 755 disable -> vlan 2[...]
-
Seite 90
Defining VLAN Port Assignments Configuring VLANs page 4-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Changing the Default VLAN Assignment for a Por t To assign a switch port to a new default VLAN, enter vlan followed by an existi ng VLAN ID number, port default , then the slot/port design ation. For exa mple, the foll owing comm[...]
-
Seite 91
Configuring VLANs Defining VLAN Port Assignments OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-9 Configuring VLAN Ru le Classificati on VLAN rule classifi cation triggers dynamic VLAN po rt assignment when t raffic received on a mobile port matches the criteri a defined in a VLAN rule. Differen t rule types are avail able fo[...]
-
Seite 92
Defining VLAN Port Assignments Configuring VLANs page 4-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling/Disabling VLAN M obile T ag Classification Use the vlan mobile-tag command to enable or disable the cla ssi fication of mo bile port packets b ased on 802.1Q VLAN ID tag. For example, the fo llowing commands enable the[...]
-
Seite 93
Configuring VLANs Enabling/Disabling Span ning Tree for a VLAN OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-11 Enabling/Disabling Spanning T ree for a VLAN When a VLAN is created, an 802.1D standard Spanning Tree Al gorithm and Prot ocol (STP) instance is enabled for the VLAN by default. The span ning tr ee operating mode s[...]
-
Seite 94
Enabling/Disabling VLAN Authentication Configuring VLANs page 4-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling/Disabling VLAN Authentication Layer 2 authentication uses VLAN membership to gr ant access to network re sources. Authentica ted VLANs control membership through a log-in process; th is is sometimes called user[...]
-
Seite 95
Configuring VLANs Bridging VLANs Across Multiple Switches OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-13 Bridging VLANs Acr oss Multiple Switches To create a VLAN brid ging domai n that extends across multiple swi tches: 1 Create a VLAN on each switch wit h the same VLAN ID number (e.g., VL AN 10). 2 If using mobile ports [...]
-
Seite 96
Verifying the VLAN Configuration Configuring VLANs page 4-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The connection between Stack C and D is shown with a brok en line because the ports tha t provide this connection are in a bl ocking state. Spanning Tree is active by default on all stacks, VLANs and port s. The Spanning Tree[...]
-
Seite 97
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-1 5 Configuring Spanning T ree Parameters The Spanning Tree Algorith m and Protocol (STP) is a self-configuring algorith m that maintains a loop- free topology while pr oviding data path redundancy and network scalabi lity. Based on the IEEE 802.1D standard, the Alcate l STP impl[...]
-
Seite 98
Spanning Tree Specifications Conf iguring Spanning Tree Parameters page 5-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Spanning T ree Specifications Spanning T ree Bridge Parameter Defaults IEEE Standards supported 802.1D– Media Acce ss Control (MAC) Bridges 802.1w– Rapid Reconfigurati on (802.1D Am endment 2 ) 802.1Q– Vir[...]
-
Seite 99
Configuring Spanning Tree Parameters Sp anning Tree Port Parameter Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-3 Spanning T ree Por t Parameter Defaults Multiple Spanning T ree (MST) Region Defaults Although the following parameter values are specific to the MSTP (802.1s), they are configurab le re gard- less of w[...]
-
Seite 100
Spanning Tree Overview Configuring Spanning Tree Parameters page 5-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Spanning T ree Over view Alcatel switches sup port the use of the 802.1D Sp anning Tree Algorith m and Protocol (STP), th e 802.1w Rapid Spanning Tree Algo rithm and Protocol (RSTP), and the 802.1s Multiple Spanni ng T[...]
-
Seite 101
Configuring Spanning Tree Parameters Spanning Tree Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-5 Note. The distinction between a backup port and an alternate port was introduced with the IEEE 802.1w standard to he lp define rapid transi tion of an alte rnate port to a root port. The role a port plays or may poten [...]
-
Seite 102
Spanning Tree Overview Configuring Spanning Tree Parameters page 5-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The sending and receiv ing of Configuratio n BPDU between switches part icipating in the b ridged network is how the roo t bridge is e lected and the best path to t he root is determin ed and then a dvertised to th e r[...]
-
Seite 103
Configuring Spanning Tree Parameters Spanning Tree Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-7 2 The best root path cost. 3 If root path costs are equal, t he bridge ID of the bridge sendin g the BPDU. 4 If the previous three values ti e, then the port ID (lowest priority value , th en lowest port number). When [...]
-
Seite 104
Spanning Tree Overview Configuring Spanning Tree Parameters page 5-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following d iagram shows the l ogical connectiv ity of the sa me physical to pology as det ermined by the Spanning Tree Algo rithm. Active Spanning T ree T opology Example In the above active Spanning Tree to polog[...]
-
Seite 105
Configuring Spanning Tr ee Parame ters Spanning Tree Operating Modes OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-9 Spanning T ree Operating Modes The switch can operate in one o f two Spanning Tree modes: flat and 1x1 . Both modes apply to th e entire switch and determi ne whether a sin gle Spanning Tree insta nce is appli[...]
-
Seite 106
Spanning Tree Operating Modes Confi guring Spanning Tree Parameters page 5-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Flat Spanning T ree Example In the above example , if port 8/3 co nnects to another switch and port 10/5 connects to th at same switch, the Spanni ng Tree Algo rithm woul d detect a re dundant p a th and tran[...]
-
Seite 107
Configuring Spanning Tr ee Parame ters Spanning Tree Operating Modes OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-11 The following diagram shows a switch runn ing in the 1x1 Spanning Tree mode and sh ows Spanning Tree participation for bo th fixed and tagged ports. 1x1 (single and 802.1Q) Spanning T ree Example In the above[...]
-
Seite 108
Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Spanning T ree Bridge Parameters The Spanning Tree software is active on all swi tches by defau lt and uses defau lt bridge and port parame- ter values to calculate a loop free topol[...]
-
Seite 109
Configuring Spanning Tr ee Parameters Conf iguring Spanning Tree Bridge Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-13 Note that exp licit command s using the cist and msti keywords are required to define an MSTP (802.1s) configuration . Implicit commands are only allowed for defining STP or RSTP con figurations[...]
-
Seite 110
Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The following sec tions provide i nformation and pr ocedures fo r using implicit bridge configurat ion commands and also includes explicit comma nd examples. Note . When a snapshot is t aken of [...]
-
Seite 111
Configuring Spanning Tr ee Parameters Conf iguring Spanning Tree Bridge Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-15 Note. Configurin g a Spanning Tree bridge instance with a priority value that will cause the instance to become the ro ot is recomme nded, instead o f relying on the comparis on of switch ba se [...]
-
Seite 112
Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note that lowering t he hello time i nterval improv es the robu stness of the Spanning Tree algorithm. Increasing the hell o time interval l owers the overhead of Spanning Tree processing. If th[...]
-
Seite 113
Configuring Spanning Tr ee Parameters Conf iguring Spanning Tree Bridge Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-17 The explicit bridge 1x1 max age command configures the max age t i me for a VLAN instance when the switch is running in either mode (1x1 o r flat). Fo r example, the following comma nd performs [...]
-
Seite 114
Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 -> bridge forward delay 10 -> bridge cist forward delay 10 As in previous releases, it is possible to configure the flat mode instance wit h the bridge forward delay command by specifying [...]
-
Seite 115
Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-19 Configuring Spanning T ree Por t Parameters The following sectio ns provide informat ion and procedures for using CLI commands to configure STP port parameters. These parameters de termine the beh[...]
-
Seite 116
Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The following is a summary of Spanning Tree port configuratio n commands. For more information ab out these comman ds, see the Omn iSwitch CLI Reference Gu ide. Commands T ype Used for ... bridge [...]
-
Seite 117
Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-21 The following sec tions provide i nformation and proced ures for usi ng implicit Sp anning Tree po rt configu- ration command s and also inc lud es explicit command examples. Note . When a snapsho[...]
-
Seite 118
Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-22 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 To enable or disable the Spanning Tree status for a li nk aggreg ate, use the bridge slot/port commands described above but specify a link aggregate control nu mber instead of a slot an d port. Fo[...]
-
Seite 119
Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-23 STP or RSTP protocols are in use. See Chapter 6, “Using 802.1s Multiple Spanni ng Tree,” for more infor- mation. Port Priority on Li nk Aggregate Por ts Physical ports that belong to a link ag[...]
-
Seite 120
Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-24 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 By default, Span ning Tree is enab led on a port and the path cost is set to zero. If the switch i s running in the 1x1 Spannin g Tree mode, th en th e port pa th cost applies to the sp ecifi ed V[...]
-
Seite 121
Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-25 Path Cost for Link Aggregate Ports Physical ports that belong to a link aggregate do no t participate in the Span ning Tree Algorithm. Inste ad, the algorithm is applied to the aggreg ate logi cal[...]
-
Seite 122
Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-26 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 To change the path cost value for a link aggregate, use the bridge slot/port path cost commands described above, but specify a link aggregate cont ro l number instead of a slot and port. Fo r exam[...]
-
Seite 123
Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-27 Mode for Link Aggregate Ports Physical ports that belong to a link aggregate do no t participate in the Span ning Tree Algorithm. Inste ad, the algorithm is applied to the aggreg ate logi cal link[...]
-
Seite 124
Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-28 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 To change the port connection type for a VLAN insta nce, specify a VL AN ID with the bridge slot/port connection command when th e switch is runnin g in the 1x1 mode. For exam ple, the follow ing [...]
-
Seite 125
Configuring Spanning Tr ee Parameters Sample Spanning Tree Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-29 Sample Spanning T ree Configuration This section provid es an example network configurati on in which Spanni ng Tree has calculated a loop - free topology. In a ddition, a tu torial is al so included that[...]
-
Seite 126
Sample Spanning Tree Configuration C onfiguring Spanning Tree Parameters page 5-30 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • Ports 2/1-3, 2 /8-10, 3/1-3, an d 3/8-10 provid e connection s to other swi tches and are all assigned to VLAN 255 on their respective switch es. The Spanning Tree administrati ve status for each por[...]
-
Seite 127
Configuring Spanning Tr ee Parameters Sample Spanning Tree Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-31 -> bridge 255 priority 10 VLAN 255 on Switch D will ha ve the lowest Bri dge ID priority value of all four switches, whi ch will qualify it as the Spanni ng Tree root VLAN for the VLAN 255 broadcast do[...]
-
Seite 128
Verifying the Spanning Tree Configurat ion Configuring Spanning Tree Parameters page 5-32 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 V erifying the Spanning T ree Configuration To display information abo ut the Spanning Tree configuration on the switch, use the show commands listed below: For more information about the resultin[...]
-
Seite 129
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-1 6 Using 802.1s Multiple Spanning T ree The Alcatel Multiple Spanning Tree (M ST) implementation provides su pport for the IEEE 802.1s Multi- ple Spanni ng Tree Protocol (MSTP). In add ition to the 802.1D Span ning Tree Algo rithm and Prot ocol (STP) and the 802.1w Rap id Spanni[...]
-
Seite 130
MST Specifications Using 802.1s Multiple Spanning Tree page 6-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 MST Specifications Spanning T ree Bridge Parameter Defaults IEEE Standards supported 802.1D– Media Acce ss Control (MAC) Bridges 802.1w– Rapid Reconfigurati on (802.1D Am endment 2 ) 802.1Q– Virtual Bridged Local Area[...]
-
Seite 131
Using 802.1s Multiple Spanning T ree Spanning Tree Port Parameter Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-3 Spanning T ree Por t Parameter Defaults MST Region Defaults Although the following parameter values are specific to the MSTP (802.1s), they are configurab le re gard- less of which mode (flat or 1x1) o r[...]
-
Seite 132
MST General Overview Using 802 .1s Multiple Spanning Tree page 6-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 MST General Over view The Multiple Span ning Tr ee (M ST) featur e allows fo r the mapping of one or more VLANs to a single Spanning Tree instance , referred to as a Multip le Spanning Tree Instance (MST I), when the swi[...]
-
Seite 133
Using 802.1s Multiple Spanning T ree MST General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-5 1x1 Mode STP/RSTP In the above 1x 1 mode example: • Both switches are running in the 1x1 mo de (one Spanning Tree inst ance per VLAN). • VLAN 100 and VLAN 200 are each associated with their own Spanning Tree instan c[...]
-
Seite 134
MST General Overview Using 802 .1s Multiple Spanning Tree page 6-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Flat Mode MSTP (802.1s) In the above flat mode MSTP example: • Both switches are running in the flat mode and using MSTP. • VLANs 100 and 150 are no t associated with an MSTI. By defaul t they are con trolled by the [...]
-
Seite 135
Using 802.1s Multiple Spanning T ree MST General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-7 Comparing MSTP with STP and RSTP Using MSTP (802.1s) has the foll owing items in common wit h STP (802.1D) and RSTP (802.1 w) proto- cols: • Each protocol ensures one data pa th between any two switches within the netw[...]
-
Seite 136
MST General Overview Using 802 .1s Multiple Spanning Tree page 6-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 What is a Multiple Spanning T ree Region A Multiple Sp anning Tree regio n re presents a group of 802.1s switches. An MST regio n appears as a single, flat mode instance to switc hes outside the region. A switch can belo[...]
-
Seite 137
Using 802.1s Multiple Spanning T ree MST General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-9 number of hops for the region, however, i s not one o f the attribut es that define s whether or not a switch is a member of a re gion. See “Quick Steps for Config uring an MST Reg ion” on page 6-14 for a tutori al o[...]
-
Seite 138
MST Configuration Overvi ew Using 802.1s Multiple Spanning Tree page 6-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 MST Configuration Over view The following g eneral step s are requir ed to set up a Multiple Span ning Tree (MST) config uration: • Select the flat Spanning Tree mode. By default, each switch ru ns in the 1x1 m[...]
-
Seite 139
Using 802.1s Multiple Spanning T ree MST Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-11 Implicit commands resemble previously implemen ted Spanning Tree co mmands, but appl y to the appro- priate instance based on t he current mode and protocol that is active on the switch. For example, if the 1x1 mo[...]
-
Seite 140
MST Interoperability and Mi gration U sing 802.1s Multiple Spanning Tree page 6-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 MST Inter operability and Migration Connecting an MSTP (802.1s) swit ch to a non-MSTP flat mode switch is supp orted. Since the Common and Internal Span ning Tree (CIST) con trols the flat mode instance [...]
-
Seite 141
Using 802.1s Multiple Spanning T ree MST Interoperability and Migratio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-13 Migrating fr om 1x1 Mode to Flat Mode MSTP As previously described, the 1x1 mo de is an Alcatel propri etary implementation th at applies one Span - ning Tree instance to each VLAN. For example, if five V[...]
-
Seite 142
Quick Steps for Configuring an MST Reg ion Using 802.1s Multiple Spanning Tree page 6-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring an MST Region An MST region ident ifies a group of MSTP (80 2.1s) swit ches that is seen as a si ngle, flat mode instance by other regions and/ or non-MSTP switche s. A [...]
-
Seite 143
Using 802.1s Multiple Spanning T ree Quick Step s for Configuring an MST Region OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-15 3 Map VLANs 100 and 200 to MSTI 2 and VLAN s 300 and 400 to MSTI 4 using t he bridge msti vl an command to define the con figuration digest. For exampl e: -> bridge msti 2 vlan 100 200 -> bri[...]
-
Seite 144
Quick Steps for Configuring MSTIs Usi ng 802.1s Multiple Spanning Tree page 6-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring MSTIs By default the Spa nning Tree software is a ctive on all swit ches and op erating in the 1x1 mode using the standard 802.1D STP. As a result, a loop-free netw ork topology[...]
-
Seite 145
Using 802.1s Multiple Spanning T ree Quick Steps for Configuring MSTIs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-17 The follow ing commands assign ports 2/1, 5/1 , 5/2, and 3/ 6 to VLANs 10 0, 150, 200 , and 250 o n Switch B: -> vlan 100 port default 2/1 -> vlan 150 port default 5/1 -> vlan 200 port default 5/2 [...]
-
Seite 146
Quick Steps for Configuring MSTIs Usi ng 802.1s Multiple Spanning Tree page 6-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note that of the two data paths a vailable to MSTI 1 VLANs, one is still b locked because i t is seen as redundant for that instance. In a ddition, the CIST data path st ill remains availa ble for CIST VLA[...]
-
Seite 147
Using 802.1s Multiple Spanning T r ee Verifying the MST Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-19 V erifying the MST Configuration To display information abo ut the MST configurati on on the switch, use the show commands listed be low: For more information about the resulting di splays from these c omman[...]
-
Seite 148
Verifying the MST Configuration Using 802 .1s Multiple Spanning Tree page 6-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]
-
Seite 149
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-1 7 Assigning Por ts to VLANs Initially all switch ports are no n-mobile and are assigned to VLAN 1, which is also their configured default VLAN. When additional VLANs ar e created on the switch, ports a re assigned to the VLANs so that traffi c from device s connected to these p[...]
-
Seite 150
Port Assignment Specific ations Assigning Ports to VLANs page 7-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Assignment Specifications Por t Assignment Defaults IEEE Standards Supported 802.1Q– Virtual Bridged Local Area Networks 802.1D– Media Access Control Bridges Maximum VLANs per switch 4094 (inclu ding default VLA[...]
-
Seite 151
Assigning Ports to VLANs Sample VLAN Port Assignment OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-3 Sample VLAN Por t Assignment The following ste ps provide a qu ick tutorial th at will creat e a VLAN, statical ly assign ports to the VLAN, and configure mo bility on some of the VLAN p orts: 1 Create VLAN 255 with a descrip[...]
-
Seite 152
Statically Assigning Ports to VLANs Assigning Ports to VLANs page 7-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Statically Assigning Por ts to VLANs The vlan port default command is used to static ally assign bot h mobile and non -mobile port s to another VLAN. When the assignment is made, the port drop s the previous VLAN assi[...]
-
Seite 153
Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-5 How Dynamic Por t Assignment W orks Traffic received on mobile ports is classi fied using one of the following met hods: • Packet is ta gged with a VLAN ID that match es the ID of anot her VLAN that ha s mobile ta[...]
-
Seite 154
Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 In the initial VLAN port assignment configuration shown below, • All three port s have worksta tions that ar e configured to se nd packets wi th an 802. 1Q VLAN ID tag fo r three differ ent VLANs (VLAN 2, 3, and 4)[...]
-
Seite 155
Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-7 T agged Mobile Port T raffic T r iggers Dynamic VLAN Assignment OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch Port 2 VLAN 2 VLAN 1 VLAN 4 IP Network 130.0.0.0 Default VLAN IP Network 140[...]
-
Seite 156
Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Rule Classification VLAN rule classifi cation triggers dynamic VLAN po rt assignment when t raffic received on a mobile port matches the criteri a defined in a VLAN rule. Differen t rule types are avail able for[...]
-
Seite 157
Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-9 VLAN Rule Cla ssification : Initial Configuratio n As soon as the workstations start se nding traffic, swi tch so ftware checks the source subnet of the frames and looks for a matc h with any configure d IP network [...]
-
Seite 158
Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Mobile Port T raffic T rigge rs Dynamic VLAN Assignment Configuring Dynamic VLAN Por t Assignment Dynamic VLAN port assignment requires the following co nfiguration steps: 1 Use the vlan port mobile command to enab[...]
-
Seite 159
Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-11 Enabling/Disabling Por t Mobility To enable mo bility on a port , use the vlan por t mobile command. For example, the following command enables mobility o n port 1 of slot 4: -> vlan port mobile 4/1 To enable mo[...]
-
Seite 160
Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 When BPDU ignore is enabled and the mobile port r eceive s a BPDU, the following occurs: • The port reta ins its mobi le status and remai ns eligible fo r dynamic VLAN assignme nt. • The port is n ot included i[...]
-
Seite 161
Assigning Ports to VLANs Underst anding Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-13 Understanding Mobile Por t Pr oper ties Dynamic assignme nt of mobile ports occurs witho ut user interve ntion when mo bile port traffic matches VLAN criteria. When ports a re dynamically assi gned, howeve r, the f[...]
-
Seite 162
Understanding Mobile Port Prop erties Assigning Ports to VLANs page 7-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 VLAN Management software on each switch tracks VPAs . When a mobile po rt link is disa bled and then enabled, all secondary VLAN assignments for that port are automa tically droppe d and the po rt’s original con[...]
-
Seite 163
Assigning Ports to VLANs Underst anding Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-15 How Mobile Port VLAN Assignments Age OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 [...]
-
Seite 164
Understanding Mobile Port Prop erties Assigning Ports to VLANs page 7-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Mobile Por t Properties Mobile port pr operties indicat e mobile port status a nd affect port beh avior when the port is dynamically assigned to one or more VLANs. For e xample, mobile p ort properties[...]
-
Seite 165
Assigning Ports to VLANs Underst anding Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-17 Enable/Disable De fault VLAN Restore To enable or disable defa ult VLAN restore, enter vlan port followed by the port’s slot/port designation then default vlan restore followed by enable or disable . For example,[...]
-
Seite 166
Understanding Mobile Port Prop erties Assigning Ports to VLANs page 7-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enable/Disable 802.1X Por t -Based Access Contr ol To enable or disab le 802.1X on a mobile port, enter vlan port followed by the port’s slot/port designa- tion then 802.1 x followed by enable or disable. For ex[...]
-
Seite 167
Assigning Ports to VLANs Verifying VLAN Po rt Associations and Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-19 V erifying VLAN Por t Associations and Mobile Por t Properties To display a list of VLAN port assi gnments or the status of mobile port properties, use the show commands list ed below: Unders[...]
-
Seite 168
Verifying VLAN Port Associations and Mobile Port Properties Assigning Ports to VLANs page 7-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The following ex ample uses the show vlan po rt command to display VP A in formation for all ports in VLAN 200: -> show vlan 200 port port type status --------+---------+-------------- 3/2[...]
-
Seite 169
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-1 8 Defining VLAN Rules VLAN rules are used to classify mo bile port traffic for dy namic VLAN port assign ment. Rules are defi ned by specifying a port, MAC address, protoc ol, network address, user-defined, binding, or DHCP cr iteria to capture certain types of network device t[...]
-
Seite 170
VLAN Rules Specifications Defining VLAN Rules page 8-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Rules Specifications VLAN Rules Defaults IEEE Standards Supported 802.1Q– Virtual Bridged Local Area Networks 802.1v– VLAN Classification by Prot ocol and P ort 802.1D– Media Access Control Bridges Maximum number of VLANs[...]
-
Seite 171
Defining VLAN Rules Sample VLAN Rule Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-3 Sample VLAN Rule Configuration The following steps p rovide a qu ick tutorial that wi ll create a n IP network address and DHCP MAC range rule for VLAN 255, an IPX pro tocol rule for VLAN 355, an d a MAC-IP-port bindi ng rule f[...]
-
Seite 172
VLAN Rules Overview Defining VLAN Rules page 8-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Rules Over view The mobile po rt feature availa ble on the swi tch allows dy namic VLAN po rt assignment ba sed on VLAN rules that are applied to mobile port traffic.When a port is defined as a mob ile port, switch softwa re compares[...]
-
Seite 173
Defining VLAN Rules VLAN Rules Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-5 DHCP Rules Dynamic Host Config uration Protocol (DH CP) frames ar e sent from client workstations to request an IP address from a DHC P server. The serv er respond s with the same type of frames, whic h contain an IP address for t he clie[...]
-
Seite 174
VLAN Rules Overview Defining VLAN Rules page 8-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Binding Rules Binding rules restrict VLAN a ssignme nt to specifi c devices by requiring that devic e traffic match all crite- ria specified in the rule. As a result, a separate binding rule is required for each devic e. An unlimite d num[...]
-
Seite 175
Defining VLAN Rules VLAN Rules Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-7 IP protocol rules also c apture DHCP traffic, i f no other DHCP rule exists that would classify the DHCP traffic into anot her VLAN. Therefore, it is not necessary to c ombine DHCP rules with IP protoco l rules for the same VLAN. Custom ([...]
-
Seite 176
VLAN Rules Overview Defining VLAN Rules page 8-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Understanding VLAN Rule Precedence In addition to configurable VLAN rule types, there are t wo internal rule types fo r processing mobile port frames. One is referred to as frame typ e and is used to identify Dyna mic Host Configuration P[...]
-
Seite 177
Defining VLAN Rules VLAN Rules Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-9 Prece dence S tep/Rule T ype Condition Result 1. Frame T ype Frame is a DHCP frame. Frame is not a DHCP frame. Go to Step 2. Skip Steps 2, 3, 4, and 5. 2. DHCP MAC DHCP frame contains a matching source MAC address. Frame source is as si g[...]
-
Seite 178
VLAN Rules Overview Defining VLAN Rules page 8-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 8. MAC-Port Bi nding Frame contains a matching sou rce MAC address and source port. Frame only contains a matching source MAC address; port does not match. Frame only contains a matching port; source MAC address does not match. Frame so[...]
-
Seite 179
Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-11 Configuring VLAN Rule Definitions Consider the followin g when config uring rule s for a VLAN: • The VLAN must already exist. Use t he vlan command to create a new VLAN or the sho w vlan command to verify a VLAN is alread[...]
-
Seite 180
Configuring VLAN Rule Definitions Defining VLAN Rules page 8-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Refer to the following sections (liste d in the order of rule precedenc e) for instructions on h ow to define each type of VLAN rule: To display a list of VLAN rules already configured on the switch, use the show v lan rul[...]
-
Seite 181
Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-13 Defining DHCP MAC Range Rules A DHCP MAC rang e rule is similar t o a DHCP MAC ad dress rule, but allows the user to specify a ra nge of MAC addresses. This is useful when it is necessary to de fine rules for a large number[...]
-
Seite 182
Configuring VLAN Rule Definitions Defining VLAN Rules page 8-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Defining DHCP Generic Rules DHCP generic rules capture all DHCP traffic t hat does no t match an existing DHCP MAC or DHCP port rule. If none of th ese other rules exist, t hen all DHCP frames are captured regardle ss of t[...]
-
Seite 183
Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-15 How to Define a MAC-Por t-IP Address Binding Rule To define a MAC-po rt-IP address binding ru le, enter vlan followed by an exis ting VLAN ID then binding mac-ip-port followed by a valid MA C ad dress, IP address, and a slo[...]
-
Seite 184
Configuring VLAN Rule Definitions Defining VLAN Rules page 8-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 How to Define a MA C-Por t Binding Rule To define a MAC-port binding rule, enter vlan followed by a n existing VLAN ID then bind ing mac-po rt followed by a valid MAC address and a slot/port designat ion. For example, the [...]
-
Seite 185
Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-17 How to Define a Por t -Pro tocol Binding Rule To define a port- protocol bind ing rule, enter vlan followed by an existi ng VLAN ID then binding port-protocol followed by a va lid MAC address, a slot/port designation and a [...]
-
Seite 186
Configuring VLAN Rule Definitions Defining VLAN Rules page 8-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Defining MAC Range Rules A MAC range rule is simi lar to a MAC address rul e, but allows th e user to specify a ran ge of MAC addresses. Th is is useful wh en it is necessary t o define rules for a large nu mber of sequent[...]
-
Seite 187
Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-19 Use the no form of the vlan ip command to remove an IP network addr ess rule. -> vlan 1200 no ip 134.10.0.0 Defining IPX Network Address Rules IPX network addre ss rules capture frames tha t contain an IPX network addres[...]
-
Seite 188
Configuring VLAN Rule Definitions Defining VLAN Rules page 8-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Defining Protocol Rules Protocol rules cap ture frames that contain a prot ocol type that matches the protocol value specified in the rule. There are several generic protoc ol parameter valu es to select from; IP Et hernet[...]
-
Seite 189
Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-21 Defining Custom (User) Rules A custom rule captures mobile port fra mes that contai n a specified pattern of data at a specified location. Custom rules require the u ser to specify the fo llowing parameter values: To define[...]
-
Seite 190
Application Example: DHCP Rules Defining VLAN Rules page 8-22 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Application Example: DHCP Rules This application example shows how Dynamic Host Co nfiguration Protocol (D HCP) port an d MAC address rules are used in a DHCP-ba s ed netwo rk. DHCP is buil t on a client-serve r model in whi[...]
-
Seite 191
Defining VLAN Rules Applica tion Example: DHCP Rules OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-23 The following tabl e summarizes th e VLAN architectu re and rules fo r all devices in this network co nfigu- ration. The di agram on the follo wing page il lustrates th is network configurat ion. Device VLAN Membership Rule [...]
-
Seite 192
Application Example: DHCP Rules Defining VLAN Rules page 8-24 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 DHCP Port and MAC Rule Application Example OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch Client 1 DHCP Port Rule Client 2 DHCP Port Rule Client 3 DHCP Port Rule Client 4 DHCP Port Rule Client 5 D[...]
-
Seite 193
Defining VLAN Rules Verifying VLAN Rule Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-25 V erifying VLAN Rule Configuration To display info rmation about VLAN rules co nfigured on t he switch, use the show commands li sted below: For more information abou t the resulting display from th is command, see t he Om[...]
-
Seite 194
Verifying VLAN Rule Configuration Defining VLAN Rules page 8-26 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]
-
Seite 195
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 9-1 9 Configuring Por t Mapping Port Mapping is a security feature, which controls communic ation betwee n p eer users. Each session comprises a session ID, a set of user ports, and/or a set of network ports. The user port s within a session cannot communicate with eac h othe r and[...]
-
Seite 196
Port Mapping Specifications Configuring Port Mapping page 9-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Mapping Specifications Por t Mapping Defaults The following ta ble shows port ma pping default values. Quick Steps for Configuring Por t Mapping Follow the step s below for a quick tutori al on configur ing port mapping[...]
-
Seite 197
Configuring Port Mappin g Creating/ Deleting a Port Mapping Session OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 9-3 Creating/Deleting a Por t Mapping Session Before port mapping can be used, it is necessary to creat e a port mapping session. The following subsec- tions describe how to cr eate and dele te a port mapping sessi[...]
-
Seite 198
Enabling/Disabling a Port Mapping Session Configuring Port Mapping page 9-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Enabling/Disabling a Por t Mapping Session By default, the port mapping session will be disabl ed. The following subsections descri be how to enable and disable the port mapping sessi on with the port mapping co[...]
-
Seite 199
Configuring Port Mappin g Sample Port Mapping Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 9-5 Sample Por t Mapping Configuration This section provi des an example port mapping netwo rk configuratio n. In addition , a tutorial is also included that provides steps on how to config ure the example port mappi ng se[...]
-
Seite 200
Verifying the Port Mapping Configuration Configuring Port Mapping page 9-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Example Por t Mapping Configuration Steps The following ste ps provide a quick tutorial that configures t he port mapping sessi on shown in the diagram on page 9-5 . 1 Create two port mappin g sessions on Switch [...]
-
Seite 201
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-1 10 Using Interswitch Pr otocols Alcatel Interswitch Proto col s (AIP) are used to di scover adja cent switches and retain mobile port informa- tion across switches. The foll owing protoco l is supported: • Alcatel Mapping Adjacency Prot ocol (AMAP), which is used to discover[...]
-
Seite 202
AIP Specifications Using Interswitch Protocols page 10-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 AIP Specifications AMAP Defaults Sta ndards Not applica ble at this time. AM AP is Alcatel pro pri- etary protocol. Maximum number of IP addr esses propagated by AMAP 255 Parameter Description Command Default AMAP status amap Ena[...]
-
Seite 203
Using Interswitch Protocols AMAP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-3 AMAP Over view The Alcatel Mapping Adjacency Prot ocol (AMAP) is used to discover the topology of Om niSwitches or Omni S/Rs in a particul ar installation. Using this protocol, each switch determines which Om niSwitches or Omni S/Rs ar[...]
-
Seite 204
AMAP Overview Using Interswitch Protocols page 10-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The transmission states are illu strated here. Discover y T r ansmission State When AMAP is active, at startup al l act ive switch ports are in the discov ery transmission state. In this state, ports send out Hello pack ets and wait f[...]
-
Seite 205
Using Interswitch Protocols Config uring A MAP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-5 Common T ransmission and Remote Switches If an AMAP switch is connected to multiple AM AP switches via a h u b, the switch sends and receives Hello traffic to and from t he remote switc hes throug h the same port . If one of the r[...]
-
Seite 206
Configuring AMAP Using Interswitch Protocols page 10-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring the AMAP Common Timeout Inter val The common timeout in terval is used on ly in the common transmission state to det ermine the time int er- val between sending Hell o update packets. A switch se nds an update for a por[...]
-
Seite 207
Using Interswitch Protocols Config uring A MAP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-7 Displaying AMAP Information Use the show amap command to view a list of adjacent sw itches and the ir associated MAC addresses, interfaces, VLANs, and IP addresses. For remote switc hes that stop sending He llo packets a nd that a[...]
-
Seite 208
Configuring AMAP Using Interswitch Protocols page 10-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 A simplified vi sual illustrati on of these conn ections is show n here for exampl e purposes only: See the OmniSwitch CLI Reference Guide for informatio n about the show amap command. OmniSwitch 7800 Remo te Sw it ch B 0020da:032c[...]
-
Seite 209
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-1 11 Configuring 802.1Q 802.1Q is the IEEE standard for se gmenting networks into VLANs. 80 2.1Q segmentation is done by adding a specific tag to a packet. In this Chapter This chapter describ es the basic components of 802.1 Q VLANs and how to configur e them through the Comman[...]
-
Seite 210
802.1Q Specifications Configuring 802.1Q page 11-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 802.1Q Specifications Note. Up to 4093 V LANs can be assigned to a tagged port or link aggregation group. However, each assignment coun ts as a sing le VL AN port associ ation. Once the maxi mum number of VLAN port associa- tions is re[...]
-
Seite 211
Configuring 802.1Q 802.1Q Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-3 802.1Q Over view Alcatel’s 802.1Q is an IEEE sta ndard for sending fra mes through the network ta gged with VL AN identifi - cation. This chap ter details procedure s for configuring and mon itoring 802.1Q tag ging on a single port in a swi[...]
-
Seite 212
802.1Q Overview Configuring 802.1Q page 11-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The port can only be assigned to one unta gged VLAN (in every case, this w ill be the defa ult VLAN). In the example above the de fault VLA N is VLAN 1. The po rt can be assigned to as many 802.1Q VLANs as necessary, up to 4093 per port or 3[...]
-
Seite 213
Configuring 802.1Q Configuring an 802.1Q VLAN OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-5 Configuring an 802.1Q VLAN The following sec tions detail p rocedures for crea ting 802.1Q V LANs and assigni ng ports to 802.1Q VLANs. Enabling T agging on a Port To set a port to be a tagged port, yo u must specify a VLAN identi [...]
-
Seite 214
Configuring an 802.1Q VLAN Configuring 802.1Q page 11-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling T agging with Link Aggregation To enable tag ging on link a ggregation g roups, enter t he link aggr egation group identification number in place of the slot and port number, as shown: -> vlan 5 802.1q 8 (For further i[...]
-
Seite 215
Configuring 802.1Q Configuring an 802.1Q VLAN OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-7 Configuring the Frame T ype Once a port has been set to receive and send tagged fra mes, it will be able to receive or send tagged or untagged traffic. Tagged traffic wi l l be subject to 802.1Q rules, wh ile untagged traffic will [...]
-
Seite 216
Configuring an 802.1Q VLAN Configuring 802.1Q page 11-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Show 802.1Q Information After configur ing a port or link aggregation group to be a tagged port, y ou can view the settings by using the show 802.1q command, as demonstrated: -> show 802.1q 3/4 Acceptable Frame Type : Any Frame[...]
-
Seite 217
Configuring 802.1Q Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-9 Application Example In this section the steps to create 8 02. 1Q conne ctions between switches are show n. The following d iagram shows a simple n etwork employing 802.1Q on both regular ports and li nk aggrega- tion groups. The following[...]
-
Seite 218
Application Example Configuring 802.1Q page 11-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following steps apply to Stack 2. They wil l attach port 2/1 to VLAN 2, and set the port to accept 802.1Q tagged traf fic only: 1 Create VLAN 2 by enteri ng vlan 2 as shown below (VLAN 1 is the defa ult VLAN for the switch): -> vl[...]
-
Seite 219
Configuring 802.1Q Verifying 802.1Q Configuratio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-11 The following steps ap ply to Stack 3. They will at tach ports 4/1 and 4/2 as link aggregation gro up 5 to VLAN 3. 1 Configure stati c link aggregation grou p 5 by entering th e following: -> static linkagg 5 size 2 2 Assi[...]
-
Seite 220
Verifying 802.1Q Configuration Configuring 802.1Q page 11-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 221
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-1 12 Configuring Static Link Aggregation Alcatel’s static link aggregation software allows yo u to combine several physi cal links into one lar ge virtual link know n as a link aggregation gro up . Using link aggregation can provide th e following b enefits: • Scalability . [...]
-
Seite 222
Static Link Aggregation Specifications Configuring Static Link Aggregation page 12-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Static Link Aggregation Specifications The table below lists specifi cations for stat ic groups. Static Link Aggregation Default V alues The table belo w lists default values and th e comman ds to modi[...]
-
Seite 223
Configuring Static Link Aggregati on Quick Steps for Configuring Static L ink Aggregation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-3 Quick Steps for Configuring Static Link Aggregation Follow the steps belo w for a quick tutorial on conf iguring a static aggregate link betwe en two switches. Additional informat ion on [...]
-
Seite 224
Quick Steps for Configuring Static Link Aggr egation Configuring Static Link Aggregation page 12-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note. Optional . You can verify your static link aggregation settin gs with the show linkagg command. For example: -> show linkagg 1 Static Aggregate SNMP Id : 400000 01, Aggregate Num[...]
-
Seite 225
Configuring Static Link Aggregation Static Link Aggregation Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-5 Static Link Aggregation Over view Link aggregati on allows yo u to combine 2, 4 , or 8 physic al connection s on a single sw itch or 2, 4, 8, or 16 links in a stac k into large vi rtual connecti ons known as [...]
-
Seite 226
Static Link Aggregation Overview Co nfiguring Static Link Aggregation page 12-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Relationship to Other Features Link aggregat ion groups are supported by other switch software featu res. The fo llowing fe atures have C LI commands or comma nd parameters that support lin k aggregation : [...]
-
Seite 227
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-7 Configuring Static Link Aggregation Gr oups This section describes how t o use Alcatel’s Command Line Interface (CLI) comman ds t o configure static link aggregate groups. See “Configuring Manda[...]
-
Seite 228
Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Creating and Deleting a Static Link Aggregate Gr oup The following subsections desc ribe how to create and dele te static lin k aggregate groups with th e static linkagg size command. Creating a S[...]
-
Seite 229
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-9 Adding and Deleting Por ts in a Static Aggregate Group The following su bsections desc ribe how to add and dele te ports in a static agg regate group with the static agg agg num command. Adding Por [...]
-
Seite 230
Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6624/660 0-U24/6600-P24 V alid Port Assignme nt Locations Number of Links (Aggregate Size) OmniSwitch 6624/6600-U24 /6600-P24 Maximum V ali d Port Assignme nt (Port Spee d) 2 1–2 (10/[...]
-
Seite 231
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-11 OmniSwitch 66 48 V alid Port Assi gnment Locations Number of Links (Aggregate Size) OmniSwitch 6648 Maximum V alid Port Assignment (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–18 (10/10 0) [...]
-
Seite 232
Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6624/660 0-U24/6600 -P24 V alid Port Con figuration Locations Number of Links (Aggregate Size) OmniSwitch 6602-24 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10[...]
-
Seite 233
Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-13 OmniSwitch 66 02-48 V alid Port Config uration Locations Number of Links (Aggregate Size) OmniSwitch 6602-48 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–1[...]
-
Seite 234
Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 On an OmniSwitch 66 24 or 6600-U24 you must install either an OS6600 -GNI-C2 or OS6600-GNI- U2 expansion module in th e left-hand expansi on slot before you can use ports 25 and 26 for link aggreg[...]
-
Seite 235
Configuring Static Link Aggregati on Modif ying Static Aggregation Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-15 Modifying Static Aggregation Gr oup Parameters This section describes how to modify the follo wing static aggregat e group parameters: • Static aggregate group name (see “M odifying the St[...]
-
Seite 236
Application Example Configuring Static L ink Aggregation page 12-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Application Example Static link aggregation groups are tr eated by the switch’s software the same way it treat s individual physi - cal ports. Th is section demo nstrates this b y providing a sample network co nfigura[...]
-
Seite 237
Configuring Static Link Aggregati on Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-17 5 Repeat steps 1 through 4 on Switch B. All the co mmands wou ld be the same except yo u would substi - tute the appropriat e port numbers. Note. Optional . Use the sho w 802.1q command to display 802.1Q confi gurations[...]
-
Seite 238
Displaying Static Link Aggregation Con figuration and Statistics Configuring Static Link Aggregation page 12-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Static Link Aggregation Configuration and Statistics You can use Command Line Interface (CLI) show commands to display the current configuration and statistics of l[...]
-
Seite 239
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-1 13 Configuring Dynamic Link Aggregation Alcatel’s dynamic l ink aggregation software allows you to combine severa l physical link s into one large virtual link know n as a link aggregation gro up . Using link aggregation can provide th e following b enefits: • Scalability [...]
-
Seite 240
Dynamic Link Aggregation Specifications C onfiguring Dynamic Link Aggregation page 13-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Dynamic Link Aggregation Specifications The table below lists specifications for dynami c aggregation gr oups and ports: IEEE Specifications Su pported 802.3ad — Ag gregation of Multi ple Link Seg[...]
-
Seite 241
Configuring Dynamic Link Aggregation Dy namic Link Aggregation Default Values OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-3 Dynamic Link Aggregation Default V alues The table below lists default values fo r dynamic aggregate groups. Parameter Description Command Default V alue/Comments Group Admi nistrative S tat e lacp l[...]
-
Seite 242
Quick Steps for Configuring Dynamic Lin k Aggr egation Configuring Dynamic Link Aggregation page 13-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring Dynamic Link Aggregation Follow the steps below for a quic k tutorial o n configurin g a dynamic aggregate link between two switches. Additional informat io[...]
-
Seite 243
Configuring Dynamic Link Aggregation Quick Step s for Configur ing Dynamic Link Aggregation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-5 Note. As an option, you can verify your dynamic aggregat ion group settings with the show linkagg command on ei ther the act or or partner switch. For ex ample: -> show linkagg 2 Dyn[...]
-
Seite 244
Quick Steps for Configuring Dynamic Lin k Aggr egation Configuring Dynamic Link Aggregation page 13-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 An example of what these commands look like entered sequentiall y on the command line on the partner switch: -> lacp linkagg 2 size 8 admin key 5 -> lacp agg 2/9 actor admin key [...]
-
Seite 245
Configuring Dynamic Link Aggregation Dynamic Link Aggregation Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-7 Dynamic Link Aggregation Over view Link aggregati on allows yo u to combine 2, 4 , or 8 physic al connection s on a single sw itch or 2, 4, 8, or 16 links in a stac k into large vi rtual connecti ons known [...]
-
Seite 246
Dynamic Link Aggregation Overview Co nfiguring Dynamic Link Aggregation page 13-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Example of a Dyna mic Aggr egate Gr oup Network Dynamic aggregate groups can be creat ed between tw o OmniSwitc h 6600 Family switches, between an OmniSwitch 6600 Family swi tch and an OmniSwitch 7700 /78[...]
-
Seite 247
Configuring Dynamic Link Aggregation Dynamic Link Aggregation Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-9 Relationship to Other Features Link aggregation groups are supp orted by other switch software features. For ex ampl e, you can co nfigure 802.1Q tag ging on link aggregation g roups in additi on to configu[...]
-
Seite 248
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Dynamic Link Aggregate Gr oups This section describes how t o use Alcatel’s Command Line Inte rface (CLI) commands to create, modi fy, and delete dynamic aggregate g roups. See “Con[...]
-
Seite 249
Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-11 Creating and Deleting a Dynamic Aggregate Group The following su bsections descri be how to crea te and delete dynamic aggregat e groups with t he lacp linkagg size command. Creating a Dynamic Ag[...]
-
Seite 250
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Por ts to Join and Removing Ports in a Dynamic Aggregate Group The following subsec tions describe how to co nfigure ports with the same admi nistrative key (which al lows them to be ag[...]
-
Seite 251
Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-13 OmniSwitch 6624 /6600-U24/660 0-P24 V alid Port Configuratio n Locations Number of Links (Aggregate Size) OmniSwitch 66 24/6600-U24/6600-P24 Maximum V alid Port Configur ation (Port Spee d) 2 1?[...]
-
Seite 252
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6648 V alid Port Configuratio n Location s Number of Links (Aggregate Size) OmniSwitch 6648 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–18 (10/[...]
-
Seite 253
Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-15 OmniSwitch 6624 /6600-U24/660 0-P24 V alid Port Configuratio n Locations Number of Links (Aggregate Size) OmniSwitch 6602-24 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–1[...]
-
Seite 254
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6602-48 V alid Port Configur ation Locations Number of Links (Aggregate Size) OmniSwitch 6602-48 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–18[...]
-
Seite 255
Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-17 On an OmniSwitch 6624, 6600-U24 , or 6600-P24 yo u must install either an OS6 600-GNI-C2 or OS66 00- GNI-U2 expan sion module in the left-han d expansion sl ot before y ou can use port s 25 and 2[...]
-
Seite 256
Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 As an option, you can use the ethernet , fastethernet , and gigaethernet keywords before the slot and port number to document t he interface type or make the command look consiste nt with early-ge [...]
-
Seite 257
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-19 Modifying Dynamic Link Aggregate Gr oup Parameters The table on page 13 -3 lists default group and port settings fo r Alcatel’s dynamic link aggregation soft- ware. These paramet ers en[...]
-
Seite 258
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 For example, to n ame dynamic aggregat e group 4 “Eng ineering” you w ould enter: -> lacp linkagg 4 name Engineering Note. If you want to spec ify spaces within a name, t he name mu[...]
-
Seite 259
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-21 Deleting a Dynamic Aggregate Actor Administrative Key To remove an act or switch administ rative key from a dynamic aggrega te group’s configu ration use the no form of the lacp linkagg[...]
-
Seite 260
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Restoring the Dynamic Aggre gate Gr oup Actor System ID To remove the use r-configured a ctor switch system ID from a dynamic aggregate grou p’s configuration use the no form of the lacp[...]
-
Seite 261
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-23 For example, to reset t he partner system priority of dynamic agg regate group 4 to its default value you would enter: -> lacp linkagg 4 no partner syste m priority Modifying the Dynam[...]
-
Seite 262
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. A port may belong to only one aggregate grou p. In addition, mobile ports cann ot be aggregated. See Chapter 7, “Assi gning Ports to VLANs,” for more informatio n on mobile ports[...]
-
Seite 263
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-25 Note. Specifying none remove s all administrativ e states from the LACPDU co nfigurat ion. For example: -> lacp agg 5/49 actor admin state none For exampl e, to set bits 0 ( active ) a[...]
-
Seite 264
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 For exampl e, to modify the system ID of dyn amic aggr egate actor po rt 3 in slot 7 to 00:20:da:06:ba:d3 you would enter: -> lacp agg 7/3 actor system id 00 :20:da:06:ba:d3 As an optio[...]
-
Seite 265
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-27 Modifying the Actor Port Priority By default, the actor port priority (used to converge dynamic key changes) is 0. The follow ing subsec- tions describe how to confi gure a user-specified[...]
-
Seite 266
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Modifying Dynamic Aggregat e Par tner Por t Parameters This section describ es how to modify the following d ynamic aggregate partner po rt parameters: • Partner port system admi nistrat[...]
-
Seite 267
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-29 Note. Specifying none remove s all administrativ e states from the LACPDU co nfigurat ion. For example: -> lacp agg 7/49 partner admin sta te none For exampl e, to set bits 0 ( active [...]
-
Seite 268
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. Since indivi dual bits with the LACPDU frame are set with the lac p agg partner admin state command you can set some bits on and restore other bits to de fault values wi thin the sam[...]
-
Seite 269
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-31 Configuring the Partner Por t System ID You can configure the part ner port system ID by entering la cp agg , the slot numbe r, a slash ( / ), the port number, partner admin system id , a[...]
-
Seite 270
Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Restoring the Partner Por t System Priority To remove a user-c onfigured syste m priority from a dyna mic aggregate grou p partner port’s con figuration use the no form of the lacp agg p[...]
-
Seite 271
Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-33 For example, to modify the port priority o f dynamic aggregat e partner port 3 in sl ot 4 to 100 you would enter: -> lacp agg 4/3 partner admin port priority 100 As an option, you can [...]
-
Seite 272
Application Examples Configuring Dynamic Link Aggregation page 13-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Application Examples Dynamic link aggregatio n groups are treated by the switch’s software th e same way it tr eats individu al physical ports.Th is section demonstrates this feature by providing sample netwo rk conf[...]
-
Seite 273
Configuring Dynamic Link A ggregation Application Examples OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-35 Link Aggregation and Spanning T ree Example As shown in the figu re on page 13-34 , VLAN 10, which uses the Spanning Tree Protocol (S TP) with a priority of 15, has been configu red to use dynamic aggrega te group 7. [...]
-
Seite 274
Application Examples Configuring Dynamic Link Aggregation page 13-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Link Aggregation and QoS Example As shown in the figu re on page 13-34 , VLAN 12, wh ich uses 802 .1Q frame tagg ing and 802. 1p prioritiza- tion, has bee n configured to use dynami c aggregate group 7. The actual phys[...]
-
Seite 275
Configuring Dynamic Link A ggregation Application Examples OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-37 10 Repeat steps 1 through 9 on Switch C. All the co mmands wou ld be the same except yo u would substi - tute the appropriat e port numbers. Note. If you do not use t he qos apply command any QoS policies yo u configu[...]
-
Seite 276
Displaying Dynamic Link Aggregation Configuration a nd Statistics Configuring Dynamic Link Aggregatio n page 13-38 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Dynamic Link Aggregation Configuration and Statistics You can use Command Line Interface (CLI) show commands to display the current configuration and statistics [...]
-
Seite 277
Configuring Dynamic Link Aggregat ion Displaying Dynami c Link Aggregation Configuration and Statistics OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-39 A screen similar to the follow ing would be display ed: Dynamic Aggregable Port SNMP Id : 2001, Slot/Port : 2/1, Administrative State : ENABLED, Operational State : DOWN, P[...]
-
Seite 278
Displaying Dynamic Link Aggregation Configuration a nd Statistics Configuring Dynamic Link Aggregatio n page 13-40 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 279
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-1 14 Configuring IP Internet Protocol (IP) is primarily a ne twork-layer (La yer 3) protoco l that contain s addressing and control information that en ables packets to be forwarded. Al ong with Transmi ssion Contro l Protocol (TCP), IP represents the heart of the Internet proto[...]
-
Seite 280
IP Specifications Configuring IP page 14-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • Managing IP – “Internet Control M essage Protocol (ICMP)” on page 14-19 – “Using the Ping Command” on page 14-23 – “Tracing an IP Route” on page 14 -23 – “Displayin g TCP Information” o n page 14-23 – “Displayin[...]
-
Seite 281
Configuring IP Quick Steps for Configuring IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-3 Quick Steps for Configuring IP For warding Using only IP, which is always enabled on the switch, devi ces connected to ports on the same VLAN are able to commun icate at Laye r 2. The initi al configur ation for all Alca[...]
-
Seite 282
IP Overview Configuring IP page 14-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IP Over view IP is a network-layer (Laye r 3) protocol t hat contains add ressing and control information t hat enables packets to be forwarded on a netwo rk. IP is the prim ary network-layer pro tocol in t he Internet protocol suite. Along with TC [...]
-
Seite 283
Configuring IP IP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-5 Additional IP Protocols There are several additional IP-relate d protocols that may be used with IP forwarding. These protocols are included as part of the base code. • Address Resolution Prot ocol (ARP)—Used to matc h the IP address of a device [...]
-
Seite 284
IP Forwarding Configuring IP page 14-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IP For warding Network device traffic is br idged (switched) at the Layer 2 level between ports that are assig ned to the same VLAN. However, if a devic e n eeds to communicate with another de vice that belongs to a different VLAN, then Layer 3 ro[...]
-
Seite 285
Configuring IP IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-7 Configuring an IP Router Inter face IP is enabled by de fault. Using IP, devices connec ted to ports on the same VLAN are able to communi- cate. Howe ver, to forwa rd packets to a different VLA N, you must cr eate an IP route r interface on each VL[...]
-
Seite 286
IP Forwarding Configuring IP page 14-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note. Assign only ports to th e VLAN th at are ca pable of handling t he MTU size restrictions configured for the IP interface(s) asso ciated with the VLAN. For example, if an interface MTU size is gre ater than 1500, do not assign 10/100 Ethernet[...]
-
Seite 287
Configuring IP IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-9 Creating a Static Route Static routes are user-def in ed and carry a hi gher priority tha n routes created b y dynamic routing proto- cols.That is, stat ic routes always ha ve priority over dyn amic routes regardless o f the metric val ue. Static r[...]
-
Seite 288
IP Forwarding Configuring IP page 14-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Address Resolution Protocol (ARP) To send packets on a locally connect ed network, the switch use s ARP to matc h the IP address of a devi ce with its physical (MAC) address. To send a data packet to a dev ice with whic h it has not p [...]
-
Seite 289
Configuring IP IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-11 Note. You can also use the no arp command to delete a dynami c entry from the table. Clearing Dynamic ARP Entries Dynamic entries can be cleared using t he clear arp-cache command. This command c lears all dynamic entries. Permanent entrie s must [...]
-
Seite 290
IP Forwarding Configuring IP page 14-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 • An IP mask (e. g. 255.0.0.0 ) used to identi fy which pa rt of the ARP pa cket IP address is compa red to the filter IP address. • An optional VLAN ID to specify tha t the filter is only app lied to ARP packets from t hat VLAN. • Which ARP[...]
-
Seite 291
Configuring IP IP Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-13 IP Configuration IP is enabled on the switch by de fault and th ere are few option s that can, or ne ed to be, c onfigured. This section provides instruct ions for some basic IP configurat ion options. Configuring the Router Primar y Address Th[...]
-
Seite 292
IP Configuration Configuring IP page 14-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 IP-Directed Broadcasts An IP directed broadcast is an IP datagram th at has al l zeroes or a ll 1’s in the ho st portion of the destina- tion IP address. The packet is sent t o the broadcast add ress of a subnet to which t he sender is not di[...]
-
Seite 293
Configuring IP IP Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-15 • Trap generation . If the total penalty v alue exceeds th e set port scan p enalty value threshold, a tra p is generated to alert the administrator tha t a port scan may be in progress. For example, imagine that a switch is se t so that TCP [...]
-
Seite 294
IP Configuration Configuring IP page 14-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 In the next minute, 10 more T CP and UDP closed po rt packets are rec eived, along with 200 UDP open port packets. Th is would bring the total penalty valu e to 4300, as sh own with th e following eq uation: (100 previous minute value) + (10 TC[...]
-
Seite 295
Configuring IP IP Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-17 Setting the Port Scan Penalty V alue Threshold The port scan pena lty value t hreshold is the h ighest point a the total pe nalty value for t he switch can reach before a trap is generated in forming the administrator that a port scan is in pro[...]
-
Seite 296
IP Configuration Configuring IP page 14-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following ta ble lists ip servic e command options for specifying TCP/ UDP services and also includes the well-known port number a ssociated with each service: service port ftp 21 ssh 22 telnet 23 http 80 secure-http 44 3 avlan-http 260 avl[...]
-
Seite 297
Configuring IP Managing IP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-19 Managing IP The following sec tions descri be IP commands th at can be used t o monitor and trouble shoot IP forward ing on the switch. Internet Control Message Pr otocol (ICMP) ICMP is a network layer protocol with in the IP protocol suite that pro[...]
-
Seite 298
Managing IP Configuring IP page 14-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Activating ICMP Contr ol Messages ICMP messages are ident ified by a type and a code . This number pa ir speci fies an ICMP message. For example, ICMP type 4, code 0, speci fies the source quench ICMP message. To enable or disable an IC MP message, [...]
-
Seite 299
Configuring IP Managing IP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-21 In additi on to th e icmp type command, several common ly used ICMP messages have been separate CLI commands for co nvenience . These comman ds are listed below with th e ICMP messag e name, type, and code: These commands are entered as the icmp typ[...]
-
Seite 300
Managing IP Configuring IP page 14-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting the Minimum Packet Gap The minimum packet g ap is the time required between se nding messages of a like type. For instan ce, if the minimum packet gap for Ad dress Mask request messa ges is 40 microseconds, and an Address Mask message is sen[...]
-
Seite 301
Configuring IP Managing IP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-23 Using the Ping Command The ping command is used to test whethe r an IP destination can be reach ed from the loc al switch. This command sends an ICMP e cho request to a destination an d then waits for a reply. To p ing a destination , enter the ping[...]
-
Seite 302
Verifying the IP Configuration Configuring IP page 14-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying UDP Information UDP is a secondary transport-laye r pr otocol that uses IP for del ivery. UDP is not connection-o riented and does not prov ide reliable end-to-end de livery of data grams. But some appl ications can saf[...]
-
Seite 303
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-1 15 Configuring IPv6 Internet Protocol version 6 (IPv6) is the ne xt generation of Internet Pr otocol version 4 (IPv4 ). Both versions are support ed along with the abilit y to tunnel IPv6 traffic over IPv4 . Implementing IPv6 solves the limited address problem currently fac in[...]
-
Seite 304
IPv6 Specifications Configur ing IPv6 page 15-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IPv6 Specifications IPv6 Defaults The following ta ble lists the de faults for IPv6 confi guration thro ugh the ip command. RFCs Supported 2460– Inte rnet Protoc ol, Version 6 (IPv6) Specifica tion 2461– Neighbor Discovery for IP Vers[...]
-
Seite 305
Configuring IPv6 Quick Steps for Configuring IPv6 Routing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-3 Quick Steps for Configuring IPv6 Routing The following tuto rial assumes that VLAN 200 and VLAN 300 already exist in the switch conf iguration. For information abo ut how to configure VLANs, see Chapter 4, “Configurin[...]
-
Seite 306
IPv6 Overview Configur ing IPv6 page 15-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IPv6 Over view IPv6 provides the b asic functiona lity that i s offered with IPv4 but includes the fol lowing enhance ments and features not available with IPv4: • Increased IP address size —IPv6 uses a 128-bit address, a subs tantial incre[...]
-
Seite 307
Configuring IPv6 IPv6 Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-5 IPv6 Addressing One of the main differences between IP v6 and IPv4 is that the address si ze increased from 32 bits to 128 bits. Going to a 128-bit addre ss also increases th e si ze of the address space to the point wher e runnin g out of IPv6 a[...]
-
Seite 308
IPv6 Overview Configur ing IPv6 page 15-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Since the last four words of the ab ove a ddress are uncompressed values, th e double colo n indicates tha t the first four words of the address all conta in zeros. Note that using the double colon is only allowed once within a single address. [...]
-
Seite 309
Configuring IPv6 IPv6 Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-7 Stateless autoconfig uration is not a vailable for a ssigning a global unicast or an ycast address to an IPv6 interface. In other words, manu al configuratio n is required to a ssign a non-li nk-local add ress to an inte r- face. See “Assign in[...]
-
Seite 310
IPv6 Overview Configur ing IPv6 page 15-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 6to4 Site to 6to4 Site over IPv4 Domain In this scenario, isolated IPv6 sites have connecti vity over an IPv4 network through 6to4 bor der routers. An IPv6 6to4 tunn el interface is configur ed on each border router an d assigned an IPv6 addr e[...]
-
Seite 311
Configuring IPv6 IPv6 Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-9 In the above diagram: 1 6to4 relay router ad vertises a route to 2002:: /16 on its IPv6 router interface. 2 IPv6 host traffic received by the relay route r that has a n ext hop address that mat ches 2002::/16 i s routed to the 6to4 tunnel interfa[...]
-
Seite 312
Configuring an IPv6 Interface Configuring IPv6 page 15-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring an IPv6 Inter face The ipv6 interface command is used t o create an IPv6 interfac e for a VLAN or a tunn el. Note the fo llow- ing when configuring an IPv6 interface: • A unique inte rface name is re quired for b ot[...]
-
Seite 313
Configuring IPv6 Configuring an IPv6 Interface OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-11 Use the show ipv6 interf ace command to verify t he interface configu ration for the swit ch. For more info r- mation about this command, see the OmniSwitch CLI Reference Guide. Modifying an IPv6 Inter face The ipv6 interface com[...]
-
Seite 314
Assigning IPv6 Addresses Configur ing IPv6 page 15-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Assigning IPv6 Addresses As was previously mentione d, when an IPv6 interface is crea ted for a VLAN or a configured tunnel, an IPv6 link-local a ddress is automatical ly created for that interface. This is also true when a devic e, [...]
-
Seite 315
Configuring IPv6 Assigning IPv6 Addresses OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-13 Removing an IPv6 Address To remove an IPv6 address from an interfac e, use the no form of the ipv6 address command. -> no ipv6 address 4100:1000::20/6 4 v6if-v200 Note that the subnet router a nycas t address is automat ically dele[...]
-
Seite 316
Configuring IPv6 Tunnel Interfaces Configuring IPv6 page 15-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring IPv6 T unnel Inter faces There are two type s of tunnels supp orted: 6to4 and conf igured . Both types fa cilitate the interaction of IPv6 with IPv4 networks by pr oviding a mechanism for car r ying IPv6 traffic [...]
-
Seite 317
Configuring IPv6 Verifying the IPv6 Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-15 V erifying the IPv6 Configuration A summary of the show command s used for veri fying the IPv 6 configuration is given h ere: For more information abou t the display s that resu lt from these co mmands, see the OmniSwitch CLI [...]
-
Seite 318
Verifying the IPv6 Configuration Configuring IPv6 page 15-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 319
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-1 16 Configuring RIP Routing Information Prot ocol (RIP) is a widely used Interior G ateway Protocol (IGP) th at uses hop count as its routin g metric. RIP-enab led routers update neighbo ring routers by transmitting a copy of their own routing table. The RIP rout ing table uses[...]
-
Seite 320
RIP Specifications Configuring RIP page 16-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RIP Specifications RIP Defaults The following table list s the defaults for RI P configuratio n through the ip ri p command. RFCs Supported RFC 1058–RIP v1 RFC 2453–RIP v2 RFC 1722–RIP v2 Prot ocol Applica bility S tatement RFC 1724–[...]
-
Seite 321
Configuring RIP Quick Steps for Configuring RIP R outing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-3 Quick Steps for Configuring RIP Routing To forward packets to a devic e on a different VLAN , you must create a router port on each VLAN. To route packets u sing RIP, you must en able RIP and create a RIP interface on th[...]
-
Seite 322
RIP Overview Configuring RIP page 16-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 14 Use the ip rip redist-filter command to redistribute all local routes. For example: -> ip rip redist-filter local 0.0. 0.0 0.0.0.0 15 Enable RIP redistri bution using the ip rip redist status command. For example: -> ip rip redist status [...]
-
Seite 323
Configuring RIP RIP Routing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-5 RIP deletes rout es from the database if th e next switch to that destinati on says the route co ntains more than 15 hops. In addition, all ro utes through a gateway are delete d by RIP if no updates are received from that gateway for a specified ti[...]
-
Seite 324
RIP Routing Configuring RIP page 16-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RIP Routing Loading RIP When the switch i s initially co nfigured, RIP must be l oaded into switc h memory. Use th e ip load rip command to load RIP. To remove RIP from switch memo ry, you must manually ed it the boot.cfg file. The boot.cfg file is[...]
-
Seite 325
Configuring RIP RIP Routing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-7 Creating a RIP Inter face You must create a RIP interfa ce on a VLAN’s IP router p ort to enable RI P routing. Ente r the ip rip inter- face command followed by the IP ad dress of the VLAN ro uter port. For example, to create a RIP i nter- face on[...]
-
Seite 326
RIP Routing Configuring RIP page 16-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring the RIP In terface Receive Option The RIP receive option defi nes the type(s) of RIP packets that the interface wi ll accept. Using thi s command will overri de RIP default behavior. Other de vices must be able to inte rpret the info rm[...]
-
Seite 327
Configuring RIP RIP Opti ons OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-9 RIP Options The following sec tions detail p rocedures for config uring RIP option s. RIP must be load ed and enabled o n the switch before you can configu re any of the RIP configurati on options. Configuring the RIP Forced Hold-down Inter val The[...]
-
Seite 328
RIP Redistribution Configuring RIP page 16-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 3 Configuring a RIP Redistribut ion Filter – Creating a Filter – Configuri ng a Redistributio n Filter Action (o ptional) – Configuri ng a Redistribut ion Metric (opti onal). Enabling RIP Redistribution Use the ip rip redist status com[...]
-
Seite 329
Configuring RIP RIP Redistribution OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-11 Configuring a Redistribution Metric When redist ributing routes into RIP, th e metric for th e redistributed route is calcula ted as a summation of the route’s met ric and the corre sponding metric in the redistrib ution polic y. This is t[...]
-
Seite 330
RIP Redistribution Configuring RIP page 16-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating a Redistribution Filter Use the ip rip redist-filter command to create a RIP redist ribution fi lter. Enter the command, the ro ute type, and destin ation IP address and mask of the traffic you w ant to redi stribute. Only ro utes m[...]
-
Seite 331
Configuring RIP RIP Redistribution OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-13 Configuring a Redistribu tion Filter Metric You can priori tize redistribu tion of route ty pes to a net work by assig ning a metric val ue to a route t ype(s). The default re distribution filter met ric is 1. How ever, you can low er the pr[...]
-
Seite 332
RIP Security Configuring RIP page 16-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 RIP Security By default, th ere is no authen tication u sed for a RIP. Ho wever, you can configure a password for a RIP interface. To c onfigure a pa ssword, you must first select the authentication type (simple or MD5), then configure a passwo rd[...]
-
Seite 333
Configuring RIP Verifying the RIP Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-15 Configuring Passwords If you configure si mple or MD5 aut hentication y ou must configure a t ext string that will be used a s the password for the R IP interface. If a pa ssword is used, all switches tha t are intend ed to com[...]
-
Seite 334
Verifying the RIP Configuration Configuring RIP page 16-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 335
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-1 17 Configuring RDP The Router Discov ery Protocol (RDP) is an extensio n of ICMP that allows end hosts to dis cover routers on their networks. Th is implementation of R DP suppor ts th e router requ irements as defi ned in RFC 12 56. In This Chapter This chapter describes the [...]
-
Seite 336
RDP Specifications Configuring RDP page 17-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RDP Specifications RDP Defaults RFCs Supported RFC 1256–ICMP Route r Discovery Messages Router advertisem ents Supported Host solicitations Only responses to solicita tions support ed in this release. Maximum number of RDP interfaces per s[...]
-
Seite 337
Configuring RDP Quick Steps for Configuring RDP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-3 Quick Steps for Configuring RDP Configuring RDP i nvolves enabling RDP operation on the switch and creating RDP interfa ces to adver- tise VLAN route r IP addres ses on the LAN. Ther e is no ord er of config uration involved. F o[...]
-
Seite 338
Quick Steps for Configuring RDP Configuring RDP page 17-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 -> show ip router-discovery interface Marketing Name = Marketing, IP Address = 11.255.4.1, IP Mask = 255.0.0.0, IP Interface status = Enabled, RDP Interface status = Enabled, VRRP Interface status = Disabled, Advertisement ad[...]
-
Seite 339
Configuring RDP RDP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-5 RDP Over view End hosts (clients) sen ding traffic to other n etworks need to forward their traffic to a router. In order to do this, hosts need t o find out if one or more ro uters ex ist o n their LAN and learn th eir IP addresses. One way to dis[...]
-
Seite 340
RDP Overview Configuring RDP page 17-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RDP Inter face s An RDP interface is created by enabling RDP on an IP router interface. Onc e en abled, the RDP interface becomes active and joins the all -ro uters IP mult icast group (224.0 .0.2). The interface then transmits 3 initial router ad[...]
-
Seite 341
Configuring RDP RDP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-7 Security Concerns ICMP RDP packets are not authenticated, whic h ma kes th em vulnerable to th e following attac ks: • Passive monitoring —Attackers can use RDP to re-route traffi c from vulnerable sy stems through the attacker’s sy stem. Thi[...]
-
Seite 342
Enabling/Disabling RDP Configuring RDP page 17-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling/Disabling RDP RDP is included in t he base softwa re and is av ailable when th e switch starts up . However, by defa ult this feature is no t operationa l until it is enab led on the swit ch. To enable RDP operatio n on the swit[...]
-
Seite 343
Configuring RDP Creating an RDP Interface OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-9 When an RDP interface is created, it is automatical ly config ured with the following defau lt paramete r values: It is only necessary t o change the abo ve parameter value s if the defa ult value is no t sufficient . The follow- ing s[...]
-
Seite 344
Creating an RDP Interface Configuring RDP page 17-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting the Maximum Advertisement Inter val To set the maximum amo unt of time, in secon ds, that RDP wi ll allow between adv ertisements, use the ip router-discovery interfa ce max-advertisement-interval command. Fo r example , the f[...]
-
Seite 345
Configuring RDP Verifying the RDP Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-11 Setting the Preference Levels for Router IP Addresses A preferen ce level is a ssigned to ea ch router IP ad dress contai ned within a n advertise ment pack et. Hosts will select the IP ad dress with th is highest prefere nce l[...]
-
Seite 346
Verifying the RDP Configuration Configuring RDP page 17-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 347
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-1 18 Configuring DHCP Relay The User Datagram Protocol (UDP) is a conn ectionless transpo rt protocol that runs on top of IP ne tworks. The DHCP Relay allows you to use nonroutable protocols (such as UDP) in a routing envir onment. UDP is used for applications that do not requir[...]
-
Seite 348
DHCP Relay Specifications Configuring DHCP Relay page 18-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 DHCP Relay Specifications The following ta ble lists specifica tions for th e DHCP Relay. RFCs Supported 0951–Bootstrap Protocol 1534–Inter operation Between DHCP an d BOOTP 1541–Dynami c Host Configur ation Protoco l 154[...]
-
Seite 349
Configuring DHCP Relay DHCP Relay Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-3 DHCP Relay Defaults The following tabl e describes the defa ult values of th e DHCP Relay parameters. Parameter Description Comma nd Default V alue/Comments Default UDP service. ip udp relay BOOTP/DHCP Forward delay time value for DHC[...]
-
Seite 350
Quick Steps for Setting Up DHCP Relay Configuring DHCP Relay page 18-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Setting Up DHCP Relay You should config ure DHCP Relay on switches wh ere packets are rout ed between IP ne tworks. There is no separat e command for enabl ing or disabling t he relay servic e. DHCP [...]
-
Seite 351
Configuring DHCP Relay DHCP Relay Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-5 DHCP Relay Over view The DHCP Relay service, its correspond ing port numbers, and con figurable options are as follows: • DHCP Relay Service: BOOTP/DHCP • UDP Port Numbers 6 7/68 for Request/ Response • Configurable opti ons: DH[...]
-
Seite 352
DHCP Relay Overview Configuring DHCP Relay page 18-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 DHCP and the OmniSwitch The unique characteristi cs of the DHCP protocol requ ire a good plan be fore setting up the switch in a DHCP environment. Since DHCP clients initially have no IP address, placeme nt of these clients in a VLAN[...]
-
Seite 353
Configuring DHCP Relay DHCP Relay Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-7 External DHCP Relay Application The DHCP Relay may be configured on a router that is external to the switch. In this app licati on exampl e the switched ne twork has a single VLAN configured with mu ltiple segments. A ll of the n etwo[...]
-
Seite 354
DHCP Relay Overview Configuring DHCP Relay page 18-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Internal DH CP Relay The intern al DHCP R elay is configur ed using the UDP forwarding feature in the switch, avail able through the ip helper address command. For more information, see “DHCP Relay Imple mentation” o n page 18-9 [...]
-
Seite 355
Configuring DHCP Relay DHCP Relay Implementation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-9 DHCP Relay Implementation The OmniSwitch allows you t o configure the DHCP Re lay feature in one of tw o ways. You can set up a global DHCP request or you can set up the DHCP Re lay based on the VLAN of the DHCP request. Bo th o[...]
-
Seite 356
DHCP Relay Implementation Configuring DHCP Relay page 18-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Per-VLAN DHCP For the Per-VLAN DHCP service , you must identif y the number of the VLAN th at makes the relay request. Identifying the VLAN You may enter one or more server IP addresses to which p ackets will be sent from a spe[...]
-
Seite 357
Configuring DHCP Relay DHCP Relay Implementation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-11 Setting the For ward Delay Forward Delay is a time period that gives the local se rver a chance to respond to a client before the relay forwards it further out in the netw ork. The UDP packet that t he client sends contains the[...]
-
Seite 358
Using Automatic IP Configuratio n Configuring DHCP Relay page 18-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using Automatic IP Configuration An additional functio n of the DHCP Relay feature enables a switch to broadc ast a BootP or DHCP request packet at boot time to ob tain an IP address for default VLAN 1. Th is function i[...]
-
Seite 359
Configuring DHCP Relay Configuring UDP Port Relay OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-13 Configuring UDP Por t Relay In addition to configuring a relay operatio n for BOOTP/DHCP traf fic on the switc h, it is also possi ble to configure rel ay for generic UD P se rvice ports (i.e., NBN S/NBDD, othe r well-known UD[...]
-
Seite 360
Configuring UDP Port Relay Configuring DHCP Relay page 18-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Enabling/Disabling UDP Por t Relay By default, a global relay operation i s enabled for BOOTP/DHCP relay well-known ports 67 and 68, which becomes active when an IP network host addre ss for a DHCP server is sp ecified. To ena[...]
-
Seite 361
Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-15 Configuring DHCP Security Features There are two DHCP security features avai lable: DHCP re lay agent info rmation optio n (Optio n-82) and DHCP Snooping. The DHCP Opti on-82 feature enables th e relay agent to insert [...]
-
Seite 362
Configuring DHCP Security Features Configuring DHCP Relay page 18-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 How the Relay Agent Processes DHCP Packets fr om the Client The following table describes how th e relay agent processes DHCP packet s received from client s when the Option-82 feature is e nabled for the switch: How t[...]
-
Seite 363
Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-17 Enabling the Relay Agent Information Option-82 Use the ip helper a gent-infor mation command to enable the DHCP Opti on-82 feature for the switch. For example: -> ip helper agent-information ena ble This same comman[...]
-
Seite 364
Configuring DHCP Security Features Configuring DHCP Relay page 18-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 When DHCP Snooping is fi rst enabled, all ports are con sidered untr usted. It is important to then config ure ports connected to a DHCP server inside the network as a truste d port. See “Configuring th e Port Trust [...]
-
Seite 365
Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-19 • Make sure th at Option-8 2 data insert ion is alway s enabled a t the switch o r VLAN level. See “Enabling DHCP Snooping” on page 18-19 for more information. • The DHCP sever must su pport the Option-82 featu[...]
-
Seite 366
Configuring DHCP Security Features Configuring DHCP Relay page 18-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN-Level DHCP Snooping To enable DHCP Snooping at the VLAN level, use the ip helper dhcp-snooping vlan command. For example, the following command enables DHCP Snooping for VLAN 200: -> ip helper dhcp-snooping vla[...]
-
Seite 367
Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-21 Note it is necessa ry to configure po rts that are connected to DHCP serv ers within the network and/or fire- wall as truste d ports so that necessary DHCP tr affic to /from the server is not bloc ked. Configurin g the[...]
-
Seite 368
Configuring DHCP Security Features Configuring DHCP Relay page 18-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Synchronizing the Binding T able To synchronize the contents of t he dhcpBinding.db file with the bi nding table contents that resi des in memory, use the ip helper dhcp-snoo ping b inding action command. This command [...]
-
Seite 369
Configuring DHCP Relay Verifying the DHCP Relay Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-23 V erifying the DHCP Relay Configuration To display information about the DHCP Relay and BOOTP/DHCP, use the show commands listed below. For more information about the resulting di splays from these c ommands, see [...]
-
Seite 370
Verifying the DHCP Relay Configuration Configuring DHCP Relay page 18-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 371
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-1 19 Configuring VRRP The Virtual Route r Redundancy Pro tocol (VRRP) is a standard router redu ndancy protoco l supported in IP version 4. It is based on RFC 2338 an d provides redundancy by eliminating the single poi nt of failure inherent in a default route environment. In Th[...]
-
Seite 372
VRRP Specifications Configuring VRRP page 19-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 VRRP Specifications VRRP Defaults The following ta ble lists the de faults for VRRP con figuration th rough the vrrp command and the rele vant command keywords: In addition, other defa ults fo r VRRP include: RFCs Supported RFC 2338–V ir[...]
-
Seite 373
Configuring VRRP Quick Steps for Creating a Virtual Router OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-3 Quick Steps for Creating a V ir tual Router 1 Create a virtual router. Specify a virtual ro uter ID (VRID) and a VLAN ID. For example: -> vrrp 6 4 The VLAN must alre ady be created o n the switch. Fo r information a[...]
-
Seite 374
VRRP Overview Configuring VRRP page 19-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 VRRP Over view VRRP allows rou ters on a LAN to ba ck up a defau lt route. VRRP dyn amically assi gns responsibi lity for a virtual router to a physical router (VRRP ro uter) on th e LAN. The virtual router is associated with an IP address (or s[...]
-
Seite 375
Configuring VRRP VRRP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-5 If OmniSwitch A becomes unavai lable, Omn iSwitch B beco mes the master r outer. OmniSwit ch B will then respond to ARP requests for IP addre ss A using the virtual router’s MAC address (00:00:5E:00:01 :01). It will also forward p ackets for IP[...]
-
Seite 376
VRRP Overview Configuring VRRP page 19-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 If backup routers are configured with priori ty values th at are close in value, there may be a ti ming confli ct, and the first backup to take over may not be the one wi th the highest priority; a back up with a high er prior- ity will then pre[...]
-
Seite 377
Configuring VRRP Interaction With Other Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-7 VRRP T racking A virtual router’s prior ity may be conditionally modified to prevent ano ther router from ta king over as master. Tracking policies are used to condit ionally modify the priority setting whenever a VLAN, slot/ [...]
-
Seite 378
Configuration Overview Configuring VRRP page 19-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuration Over view VRRP is part of the base software . At startup, VRRP is loaded onto the switch and is enabled. Virtual routers must first be configured and enabled as desc ribed in the sections . Since VRRP is implemen ted on mu[...]
-
Seite 379
Configuring VRRP Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-9 • Preempt mode . By default, p reempt mode is e nabled. Use no preempt to turn it off, and preempt to turn it back on. For more informati on about the p reempt mode, see “Setting Preemp tion for Virtua l Routers” on page 19-11 . ?[...]
-
Seite 380
Configuration Overview Configuring VRRP page 19-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring the Adver tisement Inter val The advertisement interval is c onfigurable, b ut all vi rtual routers with the same VR ID should be confi g- ured with the same va lue. Mismatched values will create network problems. If you cha[...]
-
Seite 381
Configuring VRRP Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-11 In the above example, virtual router 6 is disabled. (If you are modi fying an existi ng virtual ro uter, the virtual router m ust be disabled b efore it m ay be modified.) The virtual ro uter priority is then set to 50. The priority val[...]
-
Seite 382
Configuration Overview Configuring VRRP page 19-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 A virtual router must be disabled before it may be modified. Use the vrrp command to disable the virtual router first; then use the command agai n to modify the parameters. For example: -> vrrp 7 3 disable -> vrrp 7 3 priority 200[...]
-
Seite 383
Configuring VRRP Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-13 Creating T racking Policies To create a tracking poli cy, use the vrr p track command and specify the amou nt to decrease a virt ual router’s priority an d the slot/port, IP address, or IP int erface name to b e tracked. For ex ample:[...]
-
Seite 384
Verifying the VRRP Configuration Configuring VRRP page 19-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying the VRRP Configuration A summary of the show commands used for verifying the VRRP co nfiguration is given h ere: For more information abou t the displays that result fro m these command s, see the OmniSwitch CLI Ref[...]
-
Seite 385
Configuring VRRP VRRP Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-15 VRRP Application Example In addition to pro viding redund ancy, VRRP can assist in load balan cing outgoin g traffic. The figu re below shows two virtual rou ters with th eir hosts splitting traffic between t hem. Half of the hosts ar[...]
-
Seite 386
VRRP Application Example Configuring VRRP page 19-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The same VRRP configuration mu st be set up on each OmniSwitch 6600 stack. The VRRP router that contains, or owns, the IP address will automatica lly become the ma ster for that virtua l router. If the IP address is a virtual a [...]
-
Seite 387
Configuring VRRP VRRP Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-17 VRRP T racking Example The figure below sh ows two VRRP routers with two virtu al routers backing up one IP address on each VRRP router respectivel y. Virtual router 1 serves as the defau lt gateway on Om niSwitch A for clien ts 1 and[...]
-
Seite 388
VRRP Application Example Configuring VRRP page 19-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The preempt o ption must be enabled on virtual r outer 1; otherwise the origi nal master will not be able to take over. See “Setting Preemption for Virtual Routers” on page 19 -11 for more information about enabling preempti[...]
-
Seite 389
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-1 20 Managing Authentication Ser vers This chapter desc ribes authent ication servers a nd how th ey are used with t he swit ch. The types of servers described include Remote Authent ication Dial-In Us er Service (RADIUS), Lightweight Directory Access Protocol (LDAP), and SecurI[...]
-
Seite 390
Authentication Server Specification s Managing Authentication Servers page 20-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Authentication Ser ver Specifications RADIUS RFCs Supported RFC 2865–Remote Authenticatio n Dial In User Service (RADIUS) RFC 2866–RADIUS Acco unting RFC 2867–RADI US Accounting Mo difications for T u[...]
-
Seite 391
Managing Authentication Servers Server Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-3 Ser ver Defaults The defaults for authentica tion server configuration on the swit ch are listed in the t ables in the n ext sections. RADIUS Authentication Ser vers Defaults for the aaa radius-server co mmand are as follo ws: * [...]
-
Seite 392
Quick Steps For Configuring Authentication Servers Managing Auth entication Servers page 20-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps For Configuring Authentication Ser vers 1 For RADIUS or LDAP servers, config ure user attribute informati on on the servers. See “RADIUS Servers” on page 20-9 and “LDAP Serve[...]
-
Seite 393
Managing Authentication Servers Se rver Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-5 Ser ver Over view Authentication servers are somet imes referred to as AAA servers (authenti cation, authorization, and accounting). These servers ar e us ed for storing informat ion about use rs who want to manage the swit ch ([...]
-
Seite 394
Server Overview Managing Authentication Servers page 20-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 A RADIUS server supporting the chall enge and response mechanism as defined in RADIUS RFC 2865 may access an ACE/Server for authentication purposes. The ACE/Server i s then used for user authenti ca- tion, and the RADIUS server [...]
-
Seite 395
Managing Authentication Servers Se rver Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-7 Por t-Based Network Access Contro l (802.1X) For devices authenticati ng on an 802.1X port on the switch, only RADIUS authenticati on servers are supported. The RADIUS server contains a database of user names and password s, and[...]
-
Seite 396
ACE/Server Managing Authentication Servers page 20-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACE/Ser ver An external ACE/Server may be used for authenticat ed switch access. It cannot be used for Layer 2 authentication or for policy management. Attributes ar e not supported on ACE/Servers. These valu es must be configu red o[...]
-
Seite 397
Managing Authentication Servers RADIUS Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-9 RADIUS Ser vers RADIUS is a st andard authent ication and accounting protocol de fined in RFC 2865 and RFC 286 6. A built-in RADIUS client is available in th e switch . A RADIUS server th at supports Vend or Specific Attributes (V[...]
-
Seite 398
RADIUS Servers Managing Authentication Servers page 20-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 19 20 21 22 23 Callbac k-Num ber Callback-Id Unassigned Frame-Route Framed-IPX-Network Not supported. These attr ibutes are used fo r dial-up sessions; not applicab le to the RADIUS c lient in the sw itch. 24 State Sent in challe[...]
-
Seite 399
Managing Authentication Servers RADIUS Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-11 V endor-Specific Attributes for RADIUS The Alcatel RADIUS c lient supports at tribute 26, wh ich includes a vendor ID and some a dditional sub - attributes call ed subtypes. The vendor ID and t he subtypes colle ctively are call [...]
-
Seite 400
RADIUS Servers Managing Authentication Servers page 20-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Functional Pr ivileges on the Ser ver Configuring t he functional pr ivileges attribu tes ( Alcatel-Acce-Priv-F- x ) can be cumbersome because it requires using read and write bitmas ks for command families on the swi[...]
-
Seite 401
Managing Authentication Servers RADIUS Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-13 RADIUS Accounting Serv er Attributes The following tabl e lists the standard a ttributes supp orted for RADIU S accounting serv ers. The attributes in the radius.ini file may be modified if necessary. Num. S tandard Attribute Des[...]
-
Seite 402
RADIUS Servers Managing Authentication Servers page 20-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following table lists the VSAs supported for RADIUS accounting servers. Th e attributes in the radius.ini file may be modifi ed if ne cessary. Configuring the RADIUS Client Use the aaa radius-server command to co nfigure RADI[...]
-
Seite 403
Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-15 LDAP Ser vers Lightweight Direct ory Access Protocol (LDAP) is a st an dard directory server protocol. The LDAP client in the switch is based on several RFCs: 179 8, 2247, 2251, 2252, 2253, 2254, 2255, and 22 56. The prot o- col wa[...]
-
Seite 404
LDAP Servers Managing Au thentication Servers page 20-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 LDAP servers are a lso able to im port and expo rt di rectory dat abases using LDIF (LDAP Data Interchange Format). LDIF File Structure LDIF is used to transfer data to LDAP servers in order to build directories or modi fy LDAP da[...]
-
Seite 405
Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-17 uid: yname ou: people description: <list of option al attributes> . . . Directory Entries Directory entries are used to store d ata in directory servers. LDAP–e nabled directory entries contain infor- mation about an object[...]
-
Seite 406
LDAP Servers Managing Au thentication Servers page 20-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Directory Searches DNs are always the starting poi nt for searches un less indicate d otherwise in the directory schema. Searches involve the use of various criteria including scopes and filt ers which must be predefined, and util[...]
-
Seite 407
Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-19 Modified attribute values ar e replaced with other giv en values by su bmitting repla ce requests to the se rver, which then translates an d pe rforms the requests. Directory Compare and Sor t LDAP will compare d irectory entries w[...]
-
Seite 408
LDAP Servers Managing Au thentication Servers page 20-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Password Policies an d Directory Ser vers Password policies applied to user accounts va ry slightly from o ne director y server to ano ther. Normally, only the pa ssword ch anging poli cies can be set by users through the director[...]
-
Seite 409
Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-21 Director y Ser ver Schema for LDAP Authentication Object classes and attribute s will need to be modifi ed according ly to include LDAP authentication in the network (object classes and att ributes are used specific all y here to m[...]
-
Seite 410
LDAP Servers Managing Au thentication Servers page 20-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 For more information about configur ing users on the switch, see t he Switch Security chapter of the OmniSwitch 6600 Family Switch Ma nagement Guide . Configuring Authentication Key Attributes The alp2key tool is prov ided on the [...]
-
Seite 411
Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-23 • Switch VLAN number cli ent joins in mu ltiple authorit y mode (0=single authority; 2=mu ltiple author- ity); variabl e-length d igits. • Switch slot number to wh ich client connects: n n • Switch port number to wh ich clien[...]
-
Seite 412
LDAP Servers Managing Au thentication Servers page 20-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Dynamic Logging Dynamic loggin g may be performed by an LDAP-e nabled directory serve r if an LDAP server i s config- ured first in the list of auth entication servers configur ed through the aaa accounting vlan or aaa account- in[...]
-
Seite 413
Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-25 For exampl e: “ASA 0 : CONSOLE IP 65.97.233.108 Jones” Configuring the LDAP Authentication Client Use the aaa ldap-server command to configure LD AP authenticati on parameters on the switch. The server name, host name or IP add[...]
-
Seite 414
LDAP Servers Managing Au thentication Servers page 20-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The distingu ished name must be di fferent from the searchbase name. Modifying an LDAP Authentication Server To modify an LDAP auth entication server, use the aaa ldap-se rver command wi th the server name; or, if you have j[...]
-
Seite 415
Managing Authentication Servers Verifying the Authentication Server Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-27 V erifying the Authentication Ser ver Configuration To display information abo u t authenticat ion servers, use the following comman d: An example of the out put for this command i s given in ?[...]
-
Seite 416
Verifying the Authentication Server Configuration Managing Authentication Servers page 20-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 417
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-1 21 Configuring Authenticated VLANs Authenticated VLANs control user access to network resources based on VLAN assignmen t and a user log-in process; the process is someti mes called user authenticat ion or Layer 2 Authe ntication. (Anot her type of security is device authent i[...]
-
Seite 418
Authenticated Network Overview Co nfiguring Authenticated VLANs page 21-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Authenticated Network Over view An authenticat ed network invo lves several comp onents as show n in this illust ration. This chapter describes all o f these compon ents in deta il, except the external a uthentic[...]
-
Seite 419
Configuring Authenticated VLANs A uthenticated Network Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-3 • Web browser client . Any standard Web browser may be used (Netscape or Internet Explorer). An IP address is required prio r to authenticatio n. See “Web Browser Authe ntication Client” on page 21-7 for mor[...]
-
Seite 420
AVLAN Configuration Overview Configuring Authenticated VLANs page 21-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 A VLAN Configuration Over view Configuring authent icated VLANs requires several majo r steps. The steps are ou tlined here and descri bed throughout th is chapter. See “Sample AVLAN Configuration ” on page 21-5[...]
-
Seite 421
Configuring Authenticated VLANs AVLAN Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-5 Sample A VLAN Configuration 1 Enable at lea st one authent icated VLAN: -> vlan 2 authentication enable Note that this command does not create a VLAN; th e VLAN must already be created. For information about creat[...]
-
Seite 422
AVLAN Configuration Overview Configuring Authenticated VLANs page 21-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 6 Enable authe ntication by specifying the authentication mo de (single mode o r multiple mod e) and the server. Use the R ADIUS or LDAP serv er name(s) co nfigured in step 5. For exam ple: -> aaa authentication [...]
-
Seite 423
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-7 Setting Up Authentication Clients The following sec tions describe the Telnet aut hentication c lient, Web bro wser authenticat ion client , and Alcatel’s proprietary AV-Client. For informa tion about removing[...]
-
Seite 424
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 with one authenticated VLAN. The addres s may be a ssigned dynamically if a DHCP server is located in the netwo rk. DHCP is requir ed in netw orks with mul tiple authe nticated VL ANs. • Configure a DHCP serv[...]
-
Seite 425
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-9 Installing Files for Mac OS 9.x Clients 1 In the browser URL command line, enter the au thentication DNS name (con figured through the aaa avlan dns command). The au thentication page displa ys. 2 Click on the l[...]
-
Seite 426
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To set root access: 1 Open the NetInfo from t he HardDisk/Applica tion/Utilities fol der. 2 Select Domain > Security > Authentic ate. Enter the admi nistrator’s password if req uired. 3 Select Domain &g[...]
-
Seite 427
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-11 SSL for W eb Browser Clients A Secure Socket Layer (SSL) is used to authent icate Web browser clie nts. A certificate fro m a Certifica- tion Author ity (CA) or a self-si gned (private ) certificat e must be in[...]
-
Seite 428
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Installing the A V -Client The AV-Client is a proprietary Windo ws-based applicat ion that i s installed on c lient end st ations. The installati on instructi ons are prov ided in this chapter. The AV-Client do[...]
-
Seite 429
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-13 Windows 95 Install the 32-bit DLC pr otocol program and the update patch from the Microsoft FTP site (ftp.microsoft.com). Fro m the FTP site, download the MSDLC32.EXE an d DLC32UPD.EXE files (or the latest DLC [...]
-
Seite 430
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 3 We recommend that you foll ow the instructions on the screen regarding closing all Wi ndows programs before proceedin g with the instal lation. Click on the Ne xt button. Th e following w indow displays.[...]
-
Seite 431
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-15 4 From this window you may install the cl ient at the de fault destinat ion folder shown o n the screen or you may click the Brow se button to select a different directory. Clic k on the Next button. The softwa[...]
-
Seite 432
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Windows 95 and Windows 98 1 Download the AV-Cl ient from the Alc atel website on to the Windows deskt op. 2 Double-click the AV-Client icon . The installation routine begin s and the followin g window displ ays[...]
-
Seite 433
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-17 4 From this window you may install the cl ient at the de fault destinat ion folder shown o n the screen or you may click the Brow se button to select a different directory. Clic k on the Next button. The softwa[...]
-
Seite 434
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting the A V -Client as Primar y Network Login Windows 95 and Windows 98 If your operating system is Windo ws 95 or Windows 98, yo u must configure the AV-C lient as the primary network logi n. This is do ne[...]
-
Seite 435
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-19 Selecting a Dialog Mode The AV-Client has two dialo g modes, basic and extended . In basic dia log mode, the clie nt prompts the user for a username and a password onl y. In extended mode, which is requ ired fo[...]
-
Seite 436
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Viewing A V -Client Components The configuration u tility includes a screen that lists each component, version and build date for the AV- Client. To vi ew this screen, click on the Ve rsion tab and a screen sim[...]
-
Seite 437
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-21 Logging Into the Network Through an A V -Client Once the AV-Client softwa re has been loaded on a user’s PC workstat ion , an AV-Clien t icon will be created on the Windows deskto p in the task b ar. Follow t[...]
-
Seite 438
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Logging Off the A V - Client 1 To log off the AV -Client, point yo ur mouse to the A V-Client icon in your Windows syst em tray and execute a right-cl ick to select Logo ff. The fo llowing scre en displays. 2 T[...]
-
Seite 439
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-23 Configuring the A V -Client for DHCP For an AV-Client , DHCP configuratio n is not re quired. AV-Clients do not require an IP address t o authen- ticate, but they may want an IP address fo r IP communication i [...]
-
Seite 440
Setting Up Authentication Clients Configuring Authenticated VLANs page 21-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 1 To configure the DHCP p arameters, access the AV-Client configu ration utility and select the DHCP tab. The following screen di splays: 2 Click the box ne xt to “Enable DHCP Operations ”. Several optio ns[...]
-
Seite 441
Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-25 4 To apply the change, click the Apply button. Wh en you clic k the OK button, the screen will close and the change will take effect. If you decide no t to impleme nt the ch ange, cli ck the Cancel button and t[...]
-
Seite 442
Configuring Authenticated VLANs Configuring Authenticated VLANs page 21-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Authenticated VLANs At least one authenticat ed VLAN must be configured on the switch. For more informati on about VLANs in general, see Chapter 4, “Confi guring VLA Ns.” To configure an authent i[...]
-
Seite 443
Configuring Authenticated VLANs Configuring Authenticated VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-27 Configuring Authentication IP Addresses Authentication c lients connect to an IP address on the switch for authen tication. (Web bro wser clients ma y enter a DNS name rather th an the IP address; see “Setting [...]
-
Seite 444
Configuring Authenticated Ports Configuring Authenticated VLANs page 21-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Binding and Authenticated VLANs By default, au thenticated VLANs d o not support po rt binding rules. Th ese rules are used for assigning devices to authenticated VLANs when devic e traffic co ming in on an[...]
-
Seite 445
Configuring Authenticated VLANs Setting Up a DNS Path OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-29 Setting Up a DNS Path A Domain Name Server (DNS) name may be configured so that Web browser clients may enter a URL on the browser co mmand line in stead of an au thentica tion IP address. A Domain Name Server must be set [...]
-
Seite 446
Setting Up the DHCP Server Configuring Authenticated VLANs page 21-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Before Authentication Normally, authentic ation clients c annot traffic in th e default VLAN, so authenticati on clients do not belong to any VLAN whe n they connect to the switch. Eve n if DHCP relay is enable d, the[...]
-
Seite 447
Configuring Authenticated VLANs Setting Up the DHCP Server OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-31 When this command is specified, the switch will act as a relay for aut hentication DHCP pack ets only; non- authentica tion DHCP pa ckets will not b e relayed. For more information about using t he ip helper avla n on[...]
-
Seite 448
Configuring the Server Authority Mo de Configuring Authenticated VLANs page 21-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring the Ser ver Authority Mode Authenticatio n servers for Layer 2 authentication are configured in one of two mod es: single authorit y or multiple authorit y. Single authority mode uses a single [...]
-
Seite 449
Configuring Authenticated VLANs Configuring the Server Authority Mode OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-33 To configure au thentication in single mode, use the aaa authentication vlan command with the single-mode keyword and name(s) of the relevant server an d any backups. At leas t one server must be specified;[...]
-
Seite 450
Configuring the Server Authority Mo de Configuring Authenticated VLANs page 21-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Multiple Mode Multiple autho rity mode assoc iates different serve rs with particu lar VLANs. This mode is typically us ed when one party is pro viding the network and another is prov iding the[...]
-
Seite 451
Configuring Authenticated VLANs Specifying Accounting Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-35 To configure au thentication in multiple mode, use the aaa authentication vlan command with the multiple-mode keyword, the relevant VLAN ID, an d the names of the servers. The VLAN ID is required, and at least one [...]
-
Seite 452
Verifying the AVLAN Configuration C onfiguring Au thenticated VLANs page 21-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying the A VLAN Configuration To verify the authenticated VLAN configuration, use the following show commands: For more information about these commands, see the OmniSwitch CLI Reference Guide . show aa[...]
-
Seite 453
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-1 22 Configuring 802.1X Physical devices attached to a LAN port on the swit ch throu gh a point- to-point LAN c onnection may be authentica ted through the switch thro ugh port-base d network acc ess control. Th is control is available through the IEEE 802.1X stan dard implement[...]
-
Seite 454
802.1X Specifications Conf iguring 802.1X page 22-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 802.1X Specifications 802.1X Defaults The following table lists the defaults for 802 .1X port co nfiguration con figuration th rough the 802.1x command and the relevant command keywords: Note. By default, accounti ng is disabled for 8[...]
-
Seite 455
Configuring 802.1X Quick Steps for Configuring 802 .1X OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-3 Quick Steps for Configuring 802.1X 1 Configure the port as a mobi le port and an 802.1X port usin g the following vlan port commands: -> vlan port mobile 3/1 -> vlan port 3/1 802.1x enable The port is set up automati[...]
-
Seite 456
Quick Steps for Configuring 802.1X Configuring 802.1X page 22-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Optional. To display the number of 802.1x users on the switch, use the show 802.1x users command: ->show 802.1x users Slot MAC Port User Port Address State Name -----+------------------+--------- -----------+-----------[...]
-
Seite 457
Configuring 802.1X 802.1X Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-5 802.1X Over view The 802.1X standard defines port-based network access controls, and provides th e structure for authe nti- cating physi cal devices atta ched to a LAN. It uses the Extensib le Authentica tion Protocol (EAP). There are three c[...]
-
Seite 458
802.1X Overview Configuring 802.1X page 22-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • If the authentication server doe s not return a VLAN ID, then the supplicant is classified according t o any device cla ssification policies tha t are configured for the port. See “Using Access Guardian Poli- cies” on pag e 22-8 for [...]
-
Seite 459
Configuring 802.1X 802.1X Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-7 802.1X ports may also be init ialized if there a pro blem on the port. Init ializing a port dro ps connectivity to the port and requ ires the port to be re-authenticated. See “Initializing an 802.1X Port” on page 22 -13 . 802.1X Accountin[...]
-
Seite 460
Using Access Guardian Po licies Configuring 802.1X page 22-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Using Access Guardian Policies In addition to the authent ication and VLAN classi fica tion of 802.1x clients (supplicants), the Access Guardian exten ds this type of functional ity to no n-802.1x cli ents (non-supplican ts).[...]
-
Seite 461
Configuring 802.1X Using Access Guardian Poli cies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-9 The order in which policies are applied to cl ient traf fic i s determined by the order in which t he policy wa s configured. For example, if a comp ound non-supplicant poli cy is conf igured by specify ing MA C authenti- cati[...]
-
Seite 462
Setting Up Port-Based Network A ccess Control Configu ring 802.1X page 22-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting Up Por t-Based Network Access Contro l For port-based network access cont rol, 802.1X must be enabl ed for the switch and the switch must know which servers to use for authent icating 802.1X supplicants[...]
-
Seite 463
Configuring 802.1X Setting Up Port-Based Network Access Control OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-11 Configuring 802.1X Por t Parameters By default, when 802.1X is enabled o n a port, the po rt is configured for bidir ectional cont rol, automa tic authorization, a nd re-authentica tion. In additi on, there are s[...]
-
Seite 464
Setting Up Port-Based Network A ccess Control Configu ring 802.1X page 22-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The authentication server timeout ma y also be configured (with th e server-timeout keyword) but the value is always superseded by the va l ue set for the RADIUS server th rough the aaa radius-server comm[...]
-
Seite 465
Configuring 802.1X Setting Up Port-Based Network Access Control OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-13 Initializing an 802.1X Por t An 802.1X port may be reinitializ ed. This is useful i f there is a pro blem on the port. The reinitializat ion process drop s connectivit y with the sup plicant an d forces the sup p[...]
-
Seite 466
Configuring Access Guardian Policies Configuring 802.1X page 22-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Access Guardian Policies The Access Guardian provides fu nctionality that allows the confi guration of 802.1x device classification policies for supplicants (8 02.1x clients) and non-supplicants (n on-802.1x [...]
-
Seite 467
Configuring 802.1X Configuring Access Guardian Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-15 Configuring Supplicant Policies Supplicant policies are used to cl assify 802. 1x devices c onnected to 802 .1x-enabled switc h ports when 802.1x authen tication does not return a VLAN ID o r authenticatio n fails. To co[...]
-
Seite 468
Configuring Access Guardian Policies Configuring 802.1X page 22-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Non-supplicant Policies Non-supplicant policies are used to classify non-802.1x devices connected to 802.1x-enabl ed switch ports. There are two types of no n-suppli cant policies. One type uses MAC auth enti[...]
-
Seite 469
Configuring 802.1X Configuring Access Guardian Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-17 Note that this type of policy d oes not use 802.1x or MAC authentication. As a re sul t, all of the avail able policy keywords restrict the assignment of the non-supplican t device to only those VLANs t hat are non- auth[...]
-
Seite 470
Configuring Access Guardian Policies Configuring 802.1X page 22-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 802.1x 2/10 non-sup plicant policy aut hentication pass vlan 10 blo ck fail group-mob ility default-vl an If the MAC authentication process is successful but does not return a VLAN ID for the device, then the following o[...]
-
Seite 471
Configuring 802.1X Verifying the 802.1X Port Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-19 V erifying the 802.1X Por t Configuration A summary of the show commands used for verifying the 80 2.1X port configuration is g iven here: For more information abou t the display s that resu lt from these co mmands, s[...]
-
Seite 472
Verifying the 802.1X Port Configuration Configuring 802.1X page 22-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 473
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-1 23 Managing Policy Ser vers Quality of Service (QoS) policies that are configur ed through Alcatel’s PolicyView networ k management application are stored on a Lightweight Director y Access Protoco l (LDAP) server. PolicyV iew is an OmniVista application t hat runs on an att[...]
-
Seite 474
Policy Server Specification s Managing Policy Servers page 23-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Policy Ser ver Specifications The following ta bles lists import ant information ab out LDAP policy serve rs: Policy Ser ver Defaults Defaults for the policy server command are as follows: LDAP Policy Se rvers RFCs Support[...]
-
Seite 475
Managing Policy Servers Policy Server Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-3 Policy Server Over view The Lightweigh t Directory Acce ss Protocol (LDA P) is a stand ard directory server prot ocol. The LDAP policy server client in the sw itch is based on RFC 2251. Currently, only LDA P servers are supported [...]
-
Seite 476
Modifying Policy Servers Managing Policy Ser vers page 23-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Modifying Policy Ser vers Policy servers are automatically conf igured when the server is installe d; however, policy server parame- ters may be modified i f necessary. Note. SSL configuratio n must be done manually throug h t[...]
-
Seite 477
Managing Policy Servers Modifying Policy Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-5 Modifying the Por t Number To modify the port, enter the policy server command with the port keyword an d the releva nt port number. -> policy server 10.10.2.3 port 50 00 Note that th e port numbe r must ma tch the port numbe[...]
-
Seite 478
Modifying Policy Servers Managing Policy Ser vers page 23-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring a Secure Socket Layer for a Policy Ser ver A Secure Socket Layer (SSL) may be configured be tween the polic y server an d the swit ch. If SSL is enabled, the PolicyVi ew applica tion can no longer write polici es t[...]
-
Seite 479
Managing Policy Servers Verifying the Policy Server Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-7 Interaction With CLI Policies Policies configured via PolicyView can only be modi fied through PolicyView. Th ey cannot be modified through the CLI. Any policy management do ne throug h the CLI only affects poli[...]
-
Seite 480
Verifying the Policy Server Conf iguration Managing Policy Servers page 23-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]
-
Seite 481
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-1 24 Configuring QoS Alcatel’s QoS software prov ides a way to manipulate flows coming th rough the switch based on user- configur ed policie s. The flow man ipu lation (generally referred to as Quali ty of Service or QoS ) may be as simple as allowi ng/denying traffic, or as [...]
-
Seite 482
QoS Specifications Configuring QoS page 24-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 QoS Specifications Maximum number of po licy rules 128 Limits for Layer 3 rules with particular action s: ACL (Filter rules) Priority rules Bandwidth/ T o S rules 802.1p rules 62 30 64 29 Maximum number of poli cy condition s 2048 Maximum nu[...]
-
Seite 483
Configuring QoS QoS General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-3 QoS General Over view Quality of Service (QoS) refers to transmission quality and available service that is measured an d some- times guaranteed in advance for a particular ty pe of traffic in a network. QoS le nds itself to ci rcuit- switc[...]
-
Seite 484
QoS Policy Overview Configuring QoS page 24-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 QoS Policy Over view A policy (or a policy rule ) is made up of a condition and an actio n. The condition specifi es pa rameters that the switch will examine in inc oming flows, such as destination address or Type of Serv ice (ToS) bits. Th[...]
-
Seite 485
Configuring QoS Interaction With Other Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-5 It is possible to configure a vali d QoS rule that is ac tive on the swit ch, however the swit ch is not able to enforce the rule b ecause some ot her switch function (for example, rout ing) is disa bled. See the condition and co[...]
-
Seite 486
Condition Combinations Configuring QoS page 24-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Condition Combinations The CLI prevents you from configuring in valid condition combinations that are never allowed; ho wever, it does allow you to create combinat ions that are supporte d in some scenario. For example, you might configu[...]
-
Seite 487
Configuring QoS Condition /Action Combinations OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-7 Condition/Action Combinations Conditions and acti ons are combined in policy rules. The CLI prevents you fro m configurin g invalid condition/acti on combinations t hat are never allo wed; however, it doe s allow you to create com[...]
-
Seite 488
Condition/Action Combinations Configuring QoS page 24-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 destination IP address or network group destination TCP/UDP port IP protocol 802.1p routing/bridging when qos classifyl3 bridged is enabled source MAC or MAC group source VLAN disposition priority bridging source VLAN maximum band[...]
-
Seite 489
Configuring QoS QoS Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-9 QoS Defaults The following ta bles list the defa ults for global QoS p a rameters, individual port settin gs, policy rules, and default policy rules. Global QoS Defaults Use the qos reset command is to reset gl obal values to their defaults. Descri[...]
-
Seite 490
QoS Defaults Configuring QoS page 24-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 QoS Por t Defaults Use the qos port reset command to reset port settings to the defaults. Policy Rule Defaults The following are default s for the poli cy rule command: * However, policy rules co nfigured with s ource and dest ination condit ions [...]
-
Seite 491
Configuring QoS QoS Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-11 Policy Action Defaults The following are defaults for t he poli cy action command: Note that in the current software release, the deny and dr op options produce the same effect that is, the traffic is si lently drop ped. Note. There are no default[...]
-
Seite 492
QoS Configuration Overview Configuring QoS page 24-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 QoS Configuration Over view QoS configuratio n involves the following general steps: 1 Configuring Global Par ameters . In addit ion to enabling/ disabling QoS, g lobal configurat ion includes settings such a s global po rt parameter[...]
-
Seite 493
Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-13 Configuring Global QoS Parameters This section describes the glob al QoS configurat ion, which includes enabling and disabl ing QoS, apply- ing and acti vating the co nfiguration, controlling th e QoS log d isplay, and co nfi[...]
-
Seite 494
Configuring Global QoS Parameters Configuring QoS page 24-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using the QoS Log The QoS software in the switch creates its own log for QoS-spe cific eve nts. You may modi fy the number of lines in the log or change the level of detail given in the log. Th e PolicyView app lication, which[...]
-
Seite 495
Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-15 Note. If you change the number of log l ines, the QoS log may be comp letely cleare d. To chang e the log lines without c learing the log, set the lo g lines in the boot.c fg file; the log will be set to the speci fied number[...]
-
Seite 496
Configuring Global QoS Parameters Configuring QoS page 24-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying the QoS Log To view the QoS log, use the show qos log command. The displa y is similar to the following: **QOS Log** Insert rule 0 Rule index at 0 Insert rule 1 Rule index at 1 Insert rule 2 Rule index at 2 Enable r[...]
-
Seite 497
Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-17 To change the flow timeout, enter the qos flow timeout com i mand with the desired number of seconds. For exampl e: -> qos flow timeout 100 The timeout will no t be active on the switch u ntil you enter th e qos apply comm[...]
-
Seite 498
Configuring Global QoS Parameters Configuring QoS page 24-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Classifying Bridged T raffic as Layer 3 In some network configurati ons you may want to force the switch to cla ssify bridged traffic as routed (Layer 3) traffic. Typically this op tion is used for QoS filtering. See Chapter 2[...]
-
Seite 499
Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-19 V erifying Global Settings To display information abo ut the glob al configuration, use the following show commands: For more information abo ut the syntax and di splays of these comman ds, see the OmniSwitch CLI Refer- ence [...]
-
Seite 500
QoS Ports and Queues Configuring QoS page 24-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 QoS Por ts and Queues Queue para meters may be mo dified on a port basis. Fo ur default queues are creat ed for each port on t he switch at start up. When a flow coming into the switch matches a policy , it is queued based on: • Paramete[...]
-
Seite 501
Configuring QoS QoS Ports and Queues OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-21 To configure th e global settin g on the switch , use the qos trust ports command. For exampl e: -> qos trust ports To configure indivi dual ports as truste d, use the qos port trusted command with the desired sl ot/port number. For ex [...]
-
Seite 502
Creating Policies Configuring QoS page 24-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating Policies This section describ es how to create polic ies in general. Fo r information about configuri ng specific types of policies, see “Policy Applications” on pa ge 24-49 . Basic commands for creating policies are as foll ows:[...]
-
Seite 503
Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-23 4 Use the qos apply command to apply the po licy to the configuration. For example: -> qos apply Note. ( Optional ) To verify that the rule has been configured, use the show policy rule command. The display is similar to the following : -&[...]
-
Seite 504
Creating Policies Configuring QoS page 24-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating Policy Conditions This section describ es how to create po licy condition s in general. C reating policy co nditions for partic ular types of network sit uations is described late r in this chapter. Note. Policy condition confi gurat[...]
-
Seite 505
Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-25 Note. You cannot remove al l parameters from a polic y cond ition. A condition must be configured with at least one parameter. Deleting Policy Conditions To remove a policy condition, use the no form of the command. For example: -> no poli[...]
-
Seite 506
Creating Policies Configuring QoS page 24-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. If you combine priority with 802.1p , dscp , tos , or map , in an action, the priority value is use d to prioritiz e the flow. Removing Action Parameters To remove an action parame ter or return the parame ter to its defau lt, use no wi[...]
-
Seite 507
Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-27 In addition, a policy rule may be admi nistratively disabled or re-enabled using the policy rule command. By default rules are enab led. Fo r a list of rule defaults, see “Policy Rule Defaults” on page 24-10 . Information abo ut using the[...]
-
Seite 508
Creating Policies Configuring QoS page 24-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Layer 3 Rules With Compatible Ac tions More than one rule may have the same co ndition. Fo r example, two La yer 3 rules may h ave the same IP address con dition but differen t actions. If the a ctions are comp atible, both rules wil l be app[...]
-
Seite 509
Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-29 Saving Rules The save option marks the policy rule so that the rule will be captured in an ASCII text fil e (using the configuration snapshot command) and saved t o the working director y (using the write m emory command or copy running-confi[...]
-
Seite 510
Creating Policies Configuring QoS page 24-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying Policy Configuration To view information ab out policy rules, conditions, a nd actions confi gured on the swit ch, use the follo w- ing commands: When the command is used to show output for all pending and applied poli cy configura[...]
-
Seite 511
Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-31 In this example, the rule my_rule does not displa y because it is inactive . Rules are i nactive if they are administratively di sabled through the policy rule command, or if the rule cannot be enforced by the current h ardware. Alth ough my_[...]
-
Seite 512
Creating Policies Configuring QoS page 24-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 T esting Conditions Before applying poli cies to the configuration thro ugh the qos apply command, you may want to see how the policies will be used to classify traffic. Or you ma y want to see how t heoretical traffic would be classi- fied b[...]
-
Seite 513
Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-33 To test a theo retical con dition again st the set of applied policies, enter the command with the applied keyword. The switch will display info rmation ab out the pote ntial traffic and attempt to match it to a pol icy (applied policies only[...]
-
Seite 514
Using Condition Groups in Policies Configuring QoS page 24-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using Condition Gr oups in Policies Condition groups ar e made up of multiple IP addre sses, MAC addresses, servic es, or ports to which you want to apply the same action or poli cy rule. Instead of crea ting a separa te cond[...]
-
Seite 515
Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-35 3 Attach the condi tion to a polic y rule. (For more i nformation about co nfiguring rule s, see “Creati ng Policy Rules” on page 24 -26 .) In this example, actio n act4 has alre ady been co nfigured. For example: -> p[...]
-
Seite 516
Using Condition Groups in Policies Configuring QoS page 24-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To remove addresses from a network group, use no and the rel evant address(es) . For example: -> policy network group netgroup3 no 173.21.4.39 This command deletes the 173.21 .4.39 address from netgroup3 af ter the next qo[...]
-
Seite 517
Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-37 In this example, a policy service calle d telnet1 is created with the TCP protocol number ( 6 ) and the well- known Telnet destination por t number ( 23 ). -> policy service telnet1 protocol 6 destination ip port 23 A shor[...]
-
Seite 518
Using Condition Groups in Policies Configuring QoS page 24-38 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 This command conf igures a conditi on called c6 with service grou p serv_group . All of the service s speci- fied in the service group will be included i n the condit ion. (For more informati on about con figuring c ondi- tio[...]
-
Seite 519
Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-39 Note. MAC group configuration is not acti ve until the qos apply command is entered. To delete addresses from a MAC group, use no and the relevant address(es): -> policy mac group macgrp2 no 08: 00:20:00:00:00 This command[...]
-
Seite 520
Using Condition Groups in Policies Configuring QoS page 24-40 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 This command specifies tha t port 2/1 will be d eleted from the techpubs port group at the next qos apply . To delete a port group, use the no form of the policy port gro up command with the relev ant port group name. The por[...]
-
Seite 521
Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-41 -> policy action MaxBw maximum ban dwidth 10k -> policy rule PortRule condition Ports action MaxBw In this example, if both ports 1 and 2 are active p orts, 10000 bps is distrib uted over the two p orts. If one of the p[...]
-
Seite 522
Using Condition Groups in Policies Configuring QoS page 24-42 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying Condition Gr oup Configuration To display information abo ut condition gro ups, use the following show commands: See the OmniSwitch CLI Reference Guide for more information about th e syntax and output for t hese c[...]
-
Seite 523
Configuring QoS Using Map Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-43 Using Map Gr oups Map groups are u sed to map 802. 1p, ToS, or DSCP va lues to different values. On the Om niSwitch 6600 , the followi ng mapping sc enarios are su pported: • 802.1p to 802. 1p • ToS or DSCP to 802.1p (the reve rse is not s[...]
-
Seite 524
Using Map Groups Configuring QoS page 24-44 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 How Map Groups W ork When mapping from 802.1p to 802.1p, the acti on will result in remapping the sp ecified values. Any values that are not specified in th e map gr oup are preser ved. In this example, a map grou p is created for 802 .1p bits[...]
-
Seite 525
Configuring QoS Using Map Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-45 To delete a map group, use the no form of the policy map group command. The map grou p must not be associated with a policy action. For example: -> no policy map group tosGroup If tosGroup is currently associated with an actio n, an error m[...]
-
Seite 526
Applying the Configuration Configuring QoS page 24-46 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Applying the Configuration Configuratio n for policy rules and many global QoS pa rameters must sp ecifically be ap plied to the config- uration with the qos apply command. Any parameters config ured without thi s command are mainta [...]
-
Seite 527
Configuring QoS Applying the Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-47 Deleting the Pending Configuration Policy settings that have been configured but not applied thro ugh the qos apply command may be returned to the la st applied se ttings through the qos revert command. For example: -> qos revert [...]
-
Seite 528
Applying the Configuration Configuring QoS page 24-48 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Interaction W ith LDAP Policies The qos apply , qos revert , and qos flush commands do not af fect policies created thro ugh the Policy- View application . Separate commands are use d for loading an d flushing LDAP policies on th e s[...]
-
Seite 529
Configuring QoS Policy Applications OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-49 Policy Applications Policies are used to classify incoming flows and treat the relevant outgoing flows. There are many ways to classify the traffic and many ways to apply QoS parameters to the traffic. Classifying tr affic may be a s simple[...]
-
Seite 530
Policy Applications Configuring QoS page 24-50 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. If multiple addresses, services, or po rts should be gi ven the same prio rity, use a policy condi tion group to specify the group and associat e the group wit h the condit ion. See “Using Condition Groups in Policies” on page 24-[...]
-
Seite 531
Configuring QoS Policy Applications OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-51 -> policy condition ip_traffic2 so urce ip 10.10.5.3 -> policy action flowShape maximum bandwidth 1k -> policy rule rule2 condition tra ffic2 action flowShape Note that the bandwidth may be specified in abbreviated units, in this c[...]
-
Seite 532
Policy Applications Configuring QoS page 24-52 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 -> policy condition my_condition s ource ip 10.10.3.0 mask 255.255.2 55.0 -> policy action my_action 802.1p 5 -> policy rule marking condition m y_condition action my_action In the next example, the policy map group command specifi[...]
-
Seite 533
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-1 25 Configuring ACLs Access Control L ists (ACLs) are Quality o f Service (Qo S) policies used to control wh ether or not packets are allo wed or denied at the swit ch or router interf ace. ACLs are sometimes referred to as filtering lists. ACLs are distin guished by th e kind [...]
-
Seite 534
ACL Specifications Configuring ACLs page 25-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACL Specifications These specifications are t he same as those for QoS in general: ACL Defaults The following ta ble shows the defaults for ACLs: Note that in the current software release, the deny and dr op options produce the same effect;[...]
-
Seite 535
Configuring ACLs Quick Steps for Creating ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-3 Quick Steps for Creating ACLs 1 Set the global disposi tion for bridged or rout ed traffic. By default, all flow s that do match any pol icies are allowed on t he switch. Typica lly, you may wan t to deny traffic fo r all Layer 3 [...]
-
Seite 536
ACL Overview Configuring ACLs page 25-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACL Over view ACLs provide mo derate security bet ween networks. The following il lustration sho ws how ACLs may be used to filter sub network traffic throug h a private net work, func tioning like an internal fi rewall for LANs. When traffic arr[...]
-
Seite 537
Configuring ACLs ACL Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-5 Rule Precedence The switch attempts to classify fl ows c oming into the switc h according to pre cedence. For Lay er 2 flows, the rule wi th the highe st precedence will be appli ed to the flow . For Layer 3 flow s, all rules that mat ch the flow [...]
-
Seite 538
ACL Overview Configuring ACLs page 25-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Example: Layer 3 Rules With Compatible Actions More than one rule may have the same co ndition. Fo r example, two La yer 3 rules may h ave the same IP address con dition but differen t actions. If the a ctions are comp atible, both rules wil l be[...]
-
Seite 539
Configuring ACLs ACL Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-7 Interaction With Other Features • IP Routing —IP routing must b e enabled on th e switch for Layer 3 ACLs. See Chapter 14, “Configur- ing IP,” for more information about setting up ro uting. • Routing Protocols —Layer 3 filtering is co[...]
-
Seite 540
ACL Configuration Overview Configuring ACLs page 25-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACL Configuration Over view This section describes the QoS CLI commands used spec ifically to configure ACLs. ACLs are basically a type of QoS policy, and the commands used to co nfigure ACLs are a subset of the switch’s QoS comma[...]
-
Seite 541
Configuring ACLs Setting the Global Disposition OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-9 Important. If you set the glob al bridged d isposition (u sing the q os defaul t bridge d dispos ition command) to deny or drop , it will result in droppi ng all Layer 2 t raffic from the switch that does not match any policy to [...]
-
Seite 542
Creating Condition Groups For ACLs Configuring ACLs page 25-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating Condition Gr oups For ACLs Condition grou ps for ACLs are ma de up of multipl e IP addresses, MAC addresses, services, or IP ports to which you wan t to apply the sa me disposition . Instead of creating a separate c[...]
-
Seite 543
Configuring ACLs Configuring ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-11 For exampl e: -> policy port group pgroup1 3/1-2 4/3 5/4 -> policy condition c2 source port group pgroup1 In this example, a Layer 2 condition ( c2 ) specifies that traffic matche s the ports incl uded of the pgroup1 port group. The con[...]
-
Seite 544
Configuring ACLs Configuring ACLs page 25-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 rule7 will take precedence over the other rules. (For more information about precedence, se e “Rule Prece- dence” on page 25-5 .) The action config ured for the rule, a1 , allows traffic from 10.10.4. 8, so the flow will be accepted on th[...]
-
Seite 545
Configuring ACLs Configuring ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-13 Layer 2 ACL: Example 1 In this example, the default bridge d disposition i s accept (the default). Since the default is accept , the qos default bridged disposition command would only need to be entered if the disposition had previously been [...]
-
Seite 546
Configuring ACLs Configuring ACLs page 25-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Layer 3 ACLs The QoS software in the switch fi lters routed traffic at Layer 3. For Lay er 3 filters, ty pically IP routing must be enabled; however, the switc h may be configured to filt er Layer 3 headers in bridged traffic. Use the qos cla[...]
-
Seite 547
Configuring ACLs Configuring ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-15 Layer 3 ACL: Example 2 This example uses condition gro ups to combine mult iple IP addre sses in a single co ndition. The default disposition is set to deny . -> qos default routed disposition deny -> policy network group GroupA 192 .60[...]
-
Seite 548
Configuring ACLs Configuring ACLs page 25-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To filter multicast cli ents, specify the mul ticast IP ad dre ss, which is the add ress of the multic ast group or stream, and sp ecify the cli ent IP address, VL AN, MAC address, or slot/port . For example: -> qos default multicast dispo[...]
-
Seite 549
Configuring ACLs Using ACL Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-17 Using ACL Security Features The following ad ditional AC L features are available for improvi ng network security and prev enting mali- cious activit y on the network: • UserPorts —A port group that identi fies its members as u[...]
-
Seite 550
Using ACL Security Features Configuring ACLs page 25-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring a DisablePor ts ACL An additional met hod for dealing with spoofed IP traffic is t o create a Disabl ePorts ACL that will adminis- tratively disab le ports that rece ive this type of traffic. To achieve this result, a p[...]
-
Seite 551
Configuring ACLs Using ACL Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-19 5 Create a rule that denies all source IP addres ses rece iv ed on the port group defi ned in Step 1 a nd spec- ify a precedence for t his rule. For example: -> policy rule noSpoof condition d enyip action badDisablePorts prec e[...]
-
Seite 552
Using ACL Security Features Configuring ACLs page 25-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 2 Add the services c reated in St ep 1 to a se rvice group ca lled DropServices using the policy service group command. For example: -> policy service group DropServices tcp135 tcp445 udp137 udp138 udp445 Note that the DropServi[...]
-
Seite 553
Configuring ACLs Using ACL Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-21 Configuring ICMP Dr op Rules Combining a L ayer 2 condi tion for sour ce VLAN with a Layer 3 condition fo r IP protocol is supported. Use these two cond itions togeth er in a policy t o block ICMP echo req uest and reply p ackets w[...]
-
Seite 554
Verifying the ACL Configuration Configuring ACLs page 25-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying the ACL Configuration To display information abo ut ACLs, use the same show commands that are used for displaying any QoS policies. These commands include: When a show command is used t o display out put for all pe n[...]
-
Seite 555
Configuring ACLs Verifying the ACL Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-23 To display only policy rules th at are active (enabled) on the switch, use th e show active policy rule command. For example: -> show active policy rule Policy From Prec Enab Inact Refl Log Save Matches +my_rule5 cli 0 Yes N[...]
-
Seite 556
ACL Application Exa mple Configuring ACLs page 25-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 ACL Application Example In this applica tion for IP filt ering, a policy is created to deny Telnet traffic from the outside world to an engineering group in a private network. Set up a polic y rule called outside to de ny Telnet traff[...]
-
Seite 557
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-1 26 Configuring IP Multicast Switching IP Multicast Switc hing is a on e-to-many commu nication tech nique employ ed by emerging a pplications such as video distribution , news feeds, con ferencing, net casting, and resour ce discovery (OSPF, RIP2, BOOTP). Unlike unicast , whic[...]
-
Seite 558
IPMS Specifications Configuring IP Multicast Switching page 26-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IPMS Specifications The table below lists specifications for Alcatel’s IPMS software. IPMS Default V alues The table below lists default valu es for Alcatel’ s IPMS software. RFCs Supported RFC 2236 — Internet Gr ou[...]
-
Seite 559
Configuring IP Multicast Switching IPMS Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-3 IPMS Over view A multicast group is defined by a multi cast group address, wh ich is a Class D IP address in the range 224.0.0.0 to 239.255.25 5.255. (Addresses in the ra nge 239.0.0.0 to 239 .255.255. 255 are reserved for bound[...]
-
Seite 560
IPMS Overview Configuring IP Multicast Switching page 26-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Reserved Multicast Addresses The Internet Assigned Numbers Au thority (IANA) created the range fo r multicast addr esses, which is 224.0.0.0 to 239.25 5.255.255. Howe ver, as the table below shows, certain addresse s ar e reser[...]
-
Seite 561
Configuring IP Multicast Switching Configuring IPMS on a Switch OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-5 Configuring IPMS on a Switch This section describes how to use Command Line Interface (CLI) commands to enable and disable IP Multicast Switchi ng (IPMS) switch wi de (see “ Enabling and Disabling IPMS on a Swit[...]
-
Seite 562
Configuring IPMS on a Switch Configuring IP Multicast Switching page 26-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring a Static Neighbor You can configure a port as an IPMS static neighb or port by entering ip multicast static-neighbor followed by the VLAN num ber (which must be between 0 and 4095), a space, the slot [...]
-
Seite 563
Configuring IP Multicast Switching Configuring IPMS on a Switch OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-7 Removing a Static Querier To reset the port so th at it is no longer an IPMS static que rier port you use the no form of the ip multic ast static-querier command b y enterin g ip multicast no static-queri er follo[...]
-
Seite 564
Modifying IPMS Parameters Configuring IP Multicast Switching page 26-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Modifying IPMS Parameters The table in “IPMS Default Values” on page 26-2 lists defa ult values for IPMS parameters. The fo llowing sections descri be how to use CLI commands to modi fy these parameters. Modifyi[...]
-
Seite 565
Configuring IP Multicast Switch ing Modifying IPMS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-9 Configuring the Membership Timeout You can modify the IPMS membership timeout from 0 to 42949672 95 seconds by entering ip multicast membership-timeout followed by the new value. For example, to set the membership t[...]
-
Seite 566
Modifying IPMS Parameters Configuring IP Multicast Switching page 26-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Restoring the Querier Timeout To restore the neighbor querier to its default (i.e., 260 seconds) val ue you use the no form of the ip multicast querier-timeout command by entering: -> ip multicast no querier-time[...]
-
Seite 567
Configuring IP Multicast Switching IPMS Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-11 IPMS Application Example The figure below shows a samp le network with the sw itch sending multicast video. A client attached to Port 5 needs to be configured as a static neighbor an d another client att ached to Por[...]
-
Seite 568
IPMS Application Example C onfiguring IP Multicast Switching page 26-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 5 Modify the leave timeout from its default value of 10 seconds to 120 seco nds by entering: -> ip multicast leave-timeout 120 An example of what these commands look like entered sequenti ally on the co mmand lin[...]
-
Seite 569
Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-13 Displaying IPMS Configurations and Statistics Alcatel’s IP Multicast Switching (IPMS ) show commands provide t ools to moni tor IPMS traf fic and settings and to t roubleshoot problems. These c[...]
-
Seite 570
Displaying IPMS Configurations and Statis tics Configuring IP Multicast Switching page 26-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 571
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-1 27 Diagnosing Switch Pr oblems Several tools are available for diagn osing problems that may occur with the switch. These t ools include • Port Mi rroring • Port Moni toring • Remote Monitoring (RMON) probes • Switch Heal th Monito ring Port mirroring cop ies all incom[...]
-
Seite 572
In This Chapter Diagnosing Switch Problems page 27-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • Deleting a Po rt Monitoring Session —see “Deleting a Port Monito ring Sessio n” on page 27-21 . • Pausing a Port Mo nitoring Session —see “Pausing a Port Monitoring Session” on page 27-21 . • Configuring th e pers[...]
-
Seite 573
Diagnosing Switch Problems Port Mirroring Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-3 Por t Mirroring Overview The following sectio ns detail the specificatio ns, defaults, a nd quick set u p steps for the po rt mirroring feature. Detaile d procedur es are found in “Port Mirroring” on page 27 -12 . Note. A [...]
-
Seite 574
Port Mirroring Overview Diagnosing Switch Problems page 27-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Por t Mirroring Defaults The following table shows port mir roring default values. Global Port Mirr oring Defa ults Parameter Description CLI Co mmand Default V alue/Comments Mirroring Session Creation port mirroring sourc e [...]
-
Seite 575
Diagnosing Switch Problems Port Mirroring Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-5 Quick Steps for Configuring Port Mirroring 1 Create a port mirrori ng session . Be sure to sp ecify the p ort mirror ing session ID , source (mirrored) and destination (mirroring) slot/ports, and unblock ed VLAN ID ( op tional[...]
-
Seite 576
Port Monitoring Overview Diagnosing Switch Problems page 27-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Por t Monitoring Over view The following sec tions detail the specifica tions, defa ults, and quick se t up steps for the port mirroring feature. Detaile d procedur es are found in “Port Moni toring Overview ” on page 27[...]
-
Seite 577
Diagnosing Switch Problems Port Monitoring Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-7 Quick Steps for Configuring Port Monitoring 1 To create a port monitori ng session use the port monitoring source command by entering port monitoring , followed by the port monitoring session ID, source , and the slot and por[...]
-
Seite 578
Remote Monitoring (RMON) Overview Diagnosing Switch Problems page 27-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Remote Monitoring (RMON) Over view The following sec tions detail th e specifica tions, defaul ts, and quick set u p steps for the RMON feat ure. Detailed proc edures are found in “Remote Monitoring (RMON)” on p[...]
-
Seite 579
Diagnosing Switch Problems Remote Monitoring (RMON) Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-9 RMON Probe Defaults The following ta ble shows Remote Network Moni toring defaul t values. Global RMON Probe Defaults Quick Steps for Enabling/Disabling RMON Probes 1 Enable an inactive (or disable an active) RMON pr[...]
-
Seite 580
Switch Health Overview Di agnosing Switch Problems page 27-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Switch Health Over view The following sec tions detail the specifica tions, defa ults, and quick se t up steps for the switch health feature. Detaile d procedur es are found in “Monitoring Switch Hea lth” on page 27-32 . [...]
-
Seite 581
Diagnosing Switch Problems Switch Health Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-11 Switch Health Defaults The following tabl e shows Switch Health d efault values. Global Swi tch Health D efaults Quick Steps for Configuring Switch Health 1 Display the heal th threshold li mits, health sampli ng interval sett[...]
-
Seite 582
Port Mirroring Diagnosing Switch Problems page 27-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Mirroring You can set u p port mirroring for any pair of Et hernet port s within the same switch chassi s. Ethernet port s supporting port mirro ring include 10BaseT/100BaseTX (RJ-45) and 1000BaseLX (LC) M iniGBIC connectors. Wh[...]
-
Seite 583
Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-13 How Por t Mirroring W orks When a frame is received on a mirrored port, it is copied and sent to the mi rroring port. The received frame is actually t ransmitted twice across t he switch backpl ane–once fo r normal bridging and t he[...]
-
Seite 584
Port Mirroring Diagnosing Switch Problems page 27-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using Por t Mirr oring with External RMON Pr obes Port mirroring is a help ful monitoring tool when used in co njunction with an external RMON probe. Once you set up port mirror ing, the probe can collect all relevant RMON statistics [...]
-
Seite 585
Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-15 Creating a Mirroring Session Before port mirroring can be used, it is nece ssary to create a port mirro ring session. The port mirroring source destina tion CLI command can be used to create a mirro ring session between a mirror ed (a[...]
-
Seite 586
Port Mirroring Diagnosing Switch Problems page 27-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 This command line specifies mir roring session 6, with the source (m irrored) port located in slot 2/po rt 3, and the destination (mi rroring) port located in slot 2/port 4. The mirroring port on VLAN 750 is prot ected from Spanning T[...]
-
Seite 587
Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-17 In this example the command specifies port mirroring sessi on 6, with the mirro red (active) port locat ed in slot 2/port 3, and th e mirroring port l ocated in slot 6/port 4. The mi rroring status is di sabled (i.e., port mirroring i[...]
-
Seite 588
Port Mirroring Diagnosing Switch Problems page 27-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Enabling or Disabling a Por t Mirroring Session (Shorthand) Once a port mirroring sessi on configuration has been created, th is command is useful fo r enabling or disabling it (tur ning port mirrorin g on or off) without having to re[...]
-
Seite 589
Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-19 Deleting A Mirr oring Session The no form of the port mirroring command can be used to delete a previously created mirro ring session configuratio n between a mi rrored port and a mirroring po rt. To delete a mirroring session, enter [...]
-
Seite 590
Port Monitoring Diagnosin g Switch Problems page 27-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Monitoring An essential tool of the network engineer is a net work packet capture device. A packet capture device i s usually a PC-based comput er, such as the Sniffer ® , tha t provides a me ans for unde rstanding an d measu[...]
-
Seite 591
Diagnosing Switch Problems Port Monitoring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-21 In addition, you can also sp ecify optional parameters sh own in the t able below. These parameters mu st be entered af ter the slot and port numbe r. For example, t o configure port monitoring session 6 on port 2/3 and admini strati[...]
-
Seite 592
Port Monitoring Diagnosin g Switch Problems page 27-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Por t Monitoring Session Persistence By default, a p ort monitoring sessi on will neve r be disabled . To modify the le ngth of time befo re a port monitoring sessi on is disabled fro m 0 (the default, wh ere the session[...]
-
Seite 593
Diagnosing Switch Problems Port Monitoring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-23 For example, to c onfigure port mo nitoring session 6 o n port 2/3 with a data fil e called “use r_port” in th e /flash directory enter that will no t overwrite older packets if th e fil e size is exceeded e nter: -> port moni[...]
-
Seite 594
Port Monitoring Diagnosin g Switch Problems page 27-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Por t Monitoring Status and Data A summary of the sho w commands used for displaying po rt monitoring sta tus and po rt monitoring d ata are given here: For example, to disp lay port monitoring data use the show port moni[...]
-
Seite 595
Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-25 Remote Monitoring (RMON) Remote Network Monit oring (RMON) is an SNMP protocol used to manage networks remo tely. RMON probes can be used to collect , interpret and forward statis tical data about network traffic from design[...]
-
Seite 596
Remote Monitoring (RMON) Diagnosing Switch Pro blems page 27-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 RMON probes can be enabled or disabled via CLI commands. Configuratio n of Alarm threshold valu es for RMON traps is a function reserv ed for RMON-monitoring NMS stations. This feature support s basic RMON 4 group impl emen[...]
-
Seite 597
Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-27 Enabling or Disabling RMON Pr obes To enable or disable an indi vidual RMON probe, enter the rmon probes CLI command. Be sure to spec- ify the type of probe ( stats / history / alarm ), followed by the e ntry number (optiona[...]
-
Seite 598
Remote Monitoring (RMON) Diagnosing Switch Pro blems page 27-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying RMON T ables Two separate commands can be used to retrieve and vi ew Remote Monitoring data: show rmon probes and show rmon events . The retrieved statistics appear in a table format (a coll ection of re lated da[...]
-
Seite 599
Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-29 Displaying Statistics for a Particular RMON Probe To view statistics for a particul ar current RMON probe, e nter the show rmon probes command, specifying an entry number for a particular probe, such as: -> show rmon prob[...]
-
Seite 600
Remote Monitoring (RMON) Diagnosing Switch Pro blems page 27-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Sample Display fo r Histor y Probe The display shown here identifies RMON Pro be 10325’s Owner descri ption and interfac e location (Analyzer-p:12 8.251.18.166 on slot 1, por t 35), the total number of Hi story Control Bu[...]
-
Seite 601
Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-31 Displaying a List of RMON Events RMON Events are actions that occur based on Alarm co nditions detect ed by an RMON probe. To view a list of logged RMON Events, ent er the show rmon events co mmand without sp ecifying an en [...]
-
Seite 602
Monitoring Switch Health Diagnosing Switch Problems page 27-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Monitoring Switch Health To monitor resource availability, the NMS (Netwo rk Manageme nt System) nee ds to collect si gnificant amounts of data from each switch. As the nu mber of ports per switch (and the n umber of switche[...]
-
Seite 603
Diagnosing Switch Problems Monitoring Switch Health OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-33 The following sections incl ude a discussion of CLI command s that can be used to conf igure resource parameters and monito r or reset statistics for switch resources. Thes e commands include: • health threshold —Configu[...]
-
Seite 604
Monitoring Switch Health Diagnosing Switch Problems page 27-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Resource and T emperature Thresholds Health Monito ring software monitors threshold levels for the switch’s consumable resources— bandwidth, RAM memory, and CPU capacity —as well as the ambient chassis te m[...]
-
Seite 605
Diagnosing Switch Problems Monitoring Switch Health OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-35 Displaying Health Threshold Limits The show health threshold command is used to view all current heal th thresholds on the switch, as well as individual th resholds for input t raffic (RX), output/input tr affic (TX/RX), mem[...]
-
Seite 606
Monitoring Switch Health Diagnosing Switch Problems page 27-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Sampling Intervals The sampling interval is the period of time be tween polls of the switch’s consumable reso urces to moni- tor performance vis-a-vis previ o usly specified thresholds. The health interval comm[...]
-
Seite 607
Diagnosing Switch Problems Monitoring Switch Health OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-37 V iewing Health Statistics for the Switch The show health command can be used t o display health statistics for the switch. To display he alth statistics, en ter the show health command, followed by the slot/port l ocation a[...]
-
Seite 608
Monitoring Switch Health Diagnosing Switch Problems page 27-38 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V iewing Health Statistics for a Specific Inter face To view health statistics fo r slot 4/port 3, ente r the show health command, followed by the approp riate slot and port numbers. A scre en similar to the following examp [...]
-
Seite 609
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-1 28 Using Switch Logging Switch logging is a n event logg ing utility t hat is useful in ma intaining an d servicing th e switch. Switch logging uses a formatted string mech anism to either reco rd or discard ev ent data from switc h applications. The log records are copied to [...]
-
Seite 610
Switch Logging Specifications Using Switch Logging page 28-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Switch Logging Specifications Functionality Sup ported High-level event logging mechanism that for- wards requests from applications to enabled logging devic es. Functionality Not Supported Not intended fo r debugging indi vi[...]
-
Seite 611
Using Switch Logging Switch Logging Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-3 Switch Logging Defaults The following ta ble shows switch l ogging default v alues. Global Switch Logging Defaults Parameter Description CLI Co mmand Default V alue/Comments Enabling/Di sabling switch lo gging swlog Enabled Switch l[...]
-
Seite 612
Quick Steps for Configuring Switc h Logging Using Switch Logging page 28-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring Switch Logging 1 Enable switch lo gging by usi ng the following c ommand: -> swlog 2 Specify the ID of the appl ication to be logged al ong with the logging se verity le vel. ->[...]
-
Seite 613
Using Switch Logging Switch Logging Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-5 Switch Logging Over view Switch logging uses a format ted string me chanism to proc ess log requests fro m switch application s. When a log request i s received, swi tch logging co mpares the severity l evel included with the reques[...]
-
Seite 614
Switch Logging Commands Overview Using Switch Logging page 28-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Switch Logging Commands Over view This section describ es the switch lo gging CLI comma nds, for enabling or disabling switc h logging, displaying th e current status of the switch logging feature, and di splaying stored l[...]
-
Seite 615
Using Switch Logging Switch Logging Commands Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-7 STP 11 APPID_SP ANNI NG TREE LINKAGG 12 APPID_LINKAGG REGA TION QOS 13 APPID_QOS RSVP 14 APPID_RSVP IP 15 APPID_IP IPMS 17 APPID_IP MS AMAP 18 APPID_XMAP GMAP 19 APPID_GMAP AAA 20 APPID_ AAA IPC-MON 21 APPID_ IPC_MON IP-HEL[...]
-
Seite 616
Switch Logging Commands Overview Using Switch Logging page 28-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The level keywor d assigns the error-type severity level to the specified applica tion IDs. Values range from 2 (highest seve rity) to 9 (low est severity). The values are defined in t he following table: Specifying the Se[...]
-
Seite 617
Using Switch Logging Switch Logging Commands Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-9 Removing the Severity Level To remove the switch l ogging severity l evel, enter the no swlog appid level command, including the application ID and severity-level values. The following is a t ypical example: -> no swlog [...]
-
Seite 618
Switch Logging Commands Overview Using Switch Logging page 28-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Disabling an IP Address from Receiving Switch Logging Output To disable a partic ular IP address from rec eiving switch logg ing output, ent er the followin g command: -> no swlog output socket No confirmation message w[...]
-
Seite 619
Using Switch Logging Switch Logging Commands Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-11 Configuring the Switch Logging File Size By default, th e size of the switch logging file i s 128000 byt es. To configure the size of the switch loggin g file use the swlog output flash file- size command. To use this comm[...]
-
Seite 620
Switch Logging Commands Overview Using Switch Logging page 28-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Switch Logging Records The show log swlog command can produce a display showin g all switch logging informatio n or you can display information ac cording to session , timestamp, appl ication ID or severi ty lev[...]
-
Seite 621
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-1 29 Monitoring Memor y Debug memory mo nitor commands ca n monitor memory allocation an d free memory (such as detect ion of invalid free addresses and maintena nce of size statis tics). These commands are useful for monitoring logging of even ts, leak detect ion, classificat i[...]
-
Seite 622
Memory Monitoring Specifications Monitoring Memory page 29-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Memor y Monitoring Specifications The following ta ble shows Memory Mo nitoring specific ations: Memor y Monitoring Defaults The following table shows M emory Monitoring default valu es: Functionality Supported Fence Post/ Ba[...]
-
Seite 623
Monitoring Memory Quick Steps for Configuring Memory Monitoring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-3 Quick Steps for Configuring Memor y Monitoring 1 Use the following com mands to enable Memory Mo nitoring. (Memory Monit oring is factory disabl ed by default.) For example: -> debug memory monitor enable 2 To [...]
-
Seite 624
Debug Memory Commands Overview Monitoring Memory page 29-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Debug Memor y Commands Over view The Debug Memory Commands prov ide monitoring of memory allocat ion and free memory. By provid- ing a method to enable/di sable memory mon itoring and display memor y usage reports, these comman[...]
-
Seite 625
Monitoring Memory Configuring Debug Memory Commands OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-5 Displaying the Memor y Monitor Log The debug memory monitor show log command displays memo ry monitoring lo g information. By enter- ing this command, a display similar to t he following will appear onscre en: -> debug mem[...]
-
Seite 626
Configuring Debug Memory Commands Monitoring Memory page 29-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Displaying the Memor y Monitor Global Statistics The debug memory monitor show log global command can display memory monito ring global statis- tics. By specifyi ng the global varia ble to view global statistics, a display s[...]
-
Seite 627
Monitoring Memory Configuring Debug Memory Commands OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-7 Displaying the Memor y Monitor T ask Statistics The debug memory monitor show log task command can disp lay memory monitoring task statistics. B y specifying the task variable to view task statisti cs, a display simil ar to t[...]
-
Seite 628
Configuring Debug Memory Commands Monitoring Memory page 29-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Task Name Current Cumulative -------------+-------------+-------- --------- TrapMgr 4548 63976 Elpc 2336 2392 VlanMgr 208 149672 PortMgr 804 75424 Gateway 84 140 CfgMgr 228 897491 tCS_HSM 1240 2500 tCS_CMS 188 328 tCS_PRB 31[...]
-
Seite 629
Monitoring Memory Configuring Debug Memory Commands OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-9 Displaying the Memor y Monitor Size Statistics The debug memory moni tor show log size command can display memory monitoring size st atistics. By entering the size variable to view si ze statistics, a display simil ar to the [...]
-
Seite 630
Configuring Debug Memory Commands Monitoring Memory page 29-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]
-
Seite 631
OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-1 A Software License and Copyright Statements This appendix co ntains Alcate l and third-pa rty software ven dor license and copyright st atements. Alcatel License Agreement ALCA TEL INTERNETWORKING, INC. (“AII”) SOF TW ARE LICENSE AGREEMENT IMPORTANT. Please re ad the terms [...]
-
Seite 632
Alcatel License Agreement Software License and Copyright Statements page A-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 3. Confidentiality. AII considers the Licensed File s to contain valuable t rade secrets of AII, t he unautho- rized disclosure of which could cause irrepa rable harm to AII. Except as expressly set forth here[...]
-
Seite 633
Software License and Copyright St atements Alcatel License Agreement OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-3 10. Governing Law. This License Agreement shall be constr ued and governed in accordance with the laws of the Sta te of Califo rnia. 11. Severabil ity. Should a ny term of this Li cense Agreement be declared v[...]
-
Seite 634
Third Party Licenses and Notices Software License and Copyright Statements page A-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Third Par ty Licenses and Notices The licenses and notices related only to su ch third party software are set forth below: A. Booting and Debugging Non-Proprietary Software A small, separate software po[...]
-
Seite 635
Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-5 C. Linux Linux is wri tten and distrib uted under the GNU General Public License w hich means th at its source co de is freely- distrib uted and ava ilable to the general public. D. GNU GENERAL PUBLIC LI[...]
-
Seite 636
Third Party Licenses and Notices Software License and Copyright Statements page A-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 verbatim or with mod ifications and/or t ranslated into another language. (Hereinafter , translation is included wi thout limitati on in the term “mo difi cation”. ) Each licensee is a ddressed as ?[...]
-
Seite 637
Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-7 b Accompany it wi th a written of fer, valid for at least three yea rs, to give any th ird party, for a charg e no more than your cost of physi cally performing source distri bution, a complete machine-r[...]
-
Seite 638
Third Party Licenses and Notices Software License and Copyright Statements page A-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 consistent application o f that syste m; it is up to th e author/do nor to decide i f he or she is willing to dist rib- ute software throug h any other system an d a licensee cannot impose t hat choice.[...]
-
Seite 639
Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-9 Appendix: How to Apply These T erms to Y our New Programs If you develop a new program, and you w ant it to be of th e greatest possible u se to the publ ic, the best way to achieve this is to make it fr[...]
-
Seite 640
Third Party Licenses and Notices Software License and Copyright Statements page A-10 OmniSwitch 6600 Family Network Con figuration Guide April 2006 Material copyright Li nux Online Inc. Design and compilation copyright (c)1994-200 2 Linux Online Inc. Linux is a regist ered trad emark of Linus Torvalds Tux the Penguin, featured in our logo, wa s cre[...]
-
Seite 641
Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-11 H. Apptitude, Inc. Provided with th is product is certai n network moni toring software (“Me terWorks/RMON”) licensed from Apptitude, Inc., wh ose copyright notice is as follo ws: Copyright (C) 1 99[...]
-
Seite 642
Third Party Licenses and Notices Software License and Copyright Statements page A-12 OmniSwitch 6600 Family Network Con figuration Guide April 2006 L. Wind River Systems, Inc. Provided with th is product is certain software (“ Run-Time Module”) licensed from Wind River Sy stems, Inc. Licensee is prohibited from: (i) copying the Ru n-Time Module[...]
-
Seite 643
OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-1 Index Numerics 802.1p trusted ports 38-20 802.1Q 25-1 application examples 25-9 defaults 25-2 enabling tagging 25-5, 25-6 frame type 25-7 overview 25-3 specifications 25-2 trusted ports 38-5, 38-20 verify information about 25-11 802.1Q ports trusted 38-20 802.1X 36-1 Access Guar[...]
-
Seite 644
Index Index-2 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 policies 38-49 policy map groups 38-43 Port Mapping 23-2 port mirroring 41-5 port monitoring 41-7 QoS 38-22, 38-49 RIP 30-3 RMON 41-9 source learning 16-2 Spanning Tree Algorithm and Protocol 19-7, 19-29 static link aggreg ation 26-3, 26-16 switch health 41-11 switch log[...]
-
Seite 645
Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-3 dynamic link aggregation 27-3 ethernet port 15-3 IP 28-2, 29-2 IPMS 40-2 memory monitoring 43-2 mobile ports 21-2 policy servers 37-2 Port Mapping 23-2 port mirroring 41-4 port monitoring 41-6 QoS 38-9 RDP 31-2 RDP interface 31-9 RIP 30-2 RMON 41-9 source learning 16-2, 17[...]
-
Seite 646
Index Index-4 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 F Fast Spanning Tree 19-4 filtering lists see ACLs flow command 15-14 flow control 15-14, 15-23 flow control wait time 15-15 flow wait time command 15-15 fragments built-in policies 38-1 1 classifying 38-17 frame type 25-7 H health interval command 41-36 health statistic[...]
-
Seite 647
Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-5 ip multicast switc hing command 40-5 ip rip force-holddowntimer command 30-9 ip rip host-route command 30-9 ip rip interface au th-key command 30-15 ip rip interf ace auth- type command 30-14 ip rip interface command 30-7 ip rip interface me tric command 30-8 ip rip interf[...]
-
Seite 648
Index Index-6 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 LDAP servers see policy servers used for QoS policies 37-3 Lightweight Director y Access Protocol see LDAP servers line speed 15-16 link aggregation 802.1Q 25-6 dynamic link aggregation 27-1 enabling tagging 25-6 Spanning Tree parameters 19-21, 19-23, 19-25, 19-27, 19-28[...]
-
Seite 649
Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-7 policy server flush command 37-6 compared to qos flush command 37-7 policy server load command 37-6 policy servers defaults 37-2 downloading policies 37-6 installing 37-3 SSL 37-6 policy service command 39-10 policy service group command 38-34, 39-10 policy service groups [...]
-
Seite 650
Index Index-8 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 qos stats interval command 38-18 qos trust ports command 38-21 Quality of Service see QoS queues shared 38-20 R RADIUS accounting servers standard attributes 34- 13 used for 802.1X 36-13 used for authenticated VLANs 35-35 VSAs 34-14 RADIUS authentic ation servers 34-9 fu[...]
-
Seite 651
Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-9 show 802.1q command 25-8, 25-11 show 802.1x command 36-3 show aaa accounting vlan command 35-6 show aaa authentication alvan command 35-6 show amap command 24-7 show arp command 28-10 show avlan user command 35-26 show health command 41-37 show health interval command 41-3[...]
-
Seite 652
Index Index-10 OmniSwi tch 6600 Family Network Configuration Guid e Apr il 2006 static VLAN port assignment 21-4 STP see Spanning Tree Algor ithm and Protocol subnet mask 28-9 switch health application examples 41-11 defaults 41-11 monitoring 41-32 specifications 41-10 switch health statistics resetting 41-38 viewing 41-37 switch logging applicatio[...]
-
Seite 653
Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-11 VLANs 18-1, 18-6 802.1Q 25-3 administrative st atus 1 8-7 application examples 18-3, 18-13, 21-3 authentication 18-12 default VLAN 21-1, 21-13 defaults 18-2 description 18-7 enabling tagging 25-3 IP router ports 28-7 MAC address aging time 16-7 operational status 18-6 por[...]
-
Seite 654
Index Index-12 OmniSwi tch 6600 Family Network Configuration Guid e Apr il 2006[...]