Nortel Networks 42C4911 Bedienungsanleitung
- Schauen Sie die Anleitung online durch oderladen Sie diese herunter
- 260 Seiten
- 2.68 mb
Zur Seite of
Ähnliche Gebrauchsanleitungen
-
Switch
Nortel Networks 60-24T
40 Seiten 0.51 mb -
Switch
Nortel Networks 100
22 Seiten 0.12 mb -
Switch
Nortel Networks 470 Switch
252 Seiten 2.56 mb -
Switch
Nortel Networks 2500
86 Seiten 1.48 mb -
Switch
Nortel Networks 2000
405 Seiten 21.48 mb -
Switch
Nortel Networks 10396EA
70 Seiten 0.65 mb -
Switch
Nortel Networks 70 Series
56 Seiten 0.61 mb -
Switch
Nortel Networks 5625HD
78 Seiten 0.75 mb
Richtige Gebrauchsanleitung
Die Vorschriften verpflichten den Verkäufer zur Übertragung der Gebrauchsanleitung Nortel Networks 42C4911 an den Erwerber, zusammen mit der Ware. Eine fehlende Anleitung oder falsche Informationen, die dem Verbraucher übertragen werden, bilden eine Grundlage für eine Reklamation aufgrund Unstimmigkeit des Geräts mit dem Vertrag. Rechtsmäßig lässt man das Anfügen einer Gebrauchsanleitung in anderer Form als Papierform zu, was letztens sehr oft genutzt wird, indem man eine grafische oder elektronische Anleitung von Nortel Networks 42C4911, sowie Anleitungsvideos für Nutzer beifügt. Die Bedingung ist, dass ihre Form leserlich und verständlich ist.
Was ist eine Gebrauchsanleitung?
Das Wort kommt vom lateinischen „instructio”, d.h. ordnen. Demnach kann man in der Anleitung Nortel Networks 42C4911 die Beschreibung der Etappen der Vorgehensweisen finden. Das Ziel der Anleitung ist die Belehrung, Vereinfachung des Starts, der Nutzung des Geräts oder auch der Ausführung bestimmter Tätigkeiten. Die Anleitung ist eine Sammlung von Informationen über ein Gegenstand/eine Dienstleistung, ein Hinweis.
Leider widmen nicht viele Nutzer ihre Zeit der Gebrauchsanleitung Nortel Networks 42C4911. Eine gute Gebrauchsanleitung erlaubt nicht nur eine Reihe zusätzlicher Funktionen des gekauften Geräts kennenzulernen, sondern hilft dabei viele Fehler zu vermeiden.
Was sollte also eine ideale Gebrauchsanleitung beinhalten?
Die Gebrauchsanleitung Nortel Networks 42C4911 sollte vor allem folgendes enthalten:
- Informationen über technische Daten des Geräts Nortel Networks 42C4911
- Den Namen des Produzenten und das Produktionsjahr des Geräts Nortel Networks 42C4911
- Grundsätze der Bedienung, Regulierung und Wartung des Geräts Nortel Networks 42C4911
- Sicherheitszeichen und Zertifikate, die die Übereinstimmung mit entsprechenden Normen bestätigen
Warum lesen wir keine Gebrauchsanleitungen?
Der Grund dafür ist die fehlende Zeit und die Sicherheit, was die bestimmten Funktionen der gekauften Geräte angeht. Leider ist das Anschließen und Starten von Nortel Networks 42C4911 zu wenig. Eine Anleitung beinhaltet eine Reihe von Hinweisen bezüglich bestimmter Funktionen, Sicherheitsgrundsätze, Wartungsarten (sogar das, welche Mittel man benutzen sollte), eventueller Fehler von Nortel Networks 42C4911 und Lösungsarten für Probleme, die während der Nutzung auftreten könnten. Immerhin kann man in der Gebrauchsanleitung die Kontaktnummer zum Service Nortel Networks finden, wenn die vorgeschlagenen Lösungen nicht wirksam sind. Aktuell erfreuen sich Anleitungen in Form von interessanten Animationen oder Videoanleitungen an Popularität, die den Nutzer besser ansprechen als eine Broschüre. Diese Art von Anleitung gibt garantiert, dass der Nutzer sich das ganze Video anschaut, ohne die spezifizierten und komplizierten technischen Beschreibungen von Nortel Networks 42C4911 zu überspringen, wie es bei der Papierform passiert.
Warum sollte man Gebrauchsanleitungen lesen?
In der Gebrauchsanleitung finden wir vor allem die Antwort über den Bau sowie die Möglichkeiten des Geräts Nortel Networks 42C4911, über die Nutzung bestimmter Accessoires und eine Reihe von Informationen, die erlauben, jegliche Funktionen und Bequemlichkeiten zu nutzen.
Nach dem gelungenen Kauf des Geräts, sollte man einige Zeit für das Kennenlernen jedes Teils der Anleitung von Nortel Networks 42C4911 widmen. Aktuell sind sie genau vorbereitet oder übersetzt, damit sie nicht nur verständlich für die Nutzer sind, aber auch ihre grundliegende Hilfs-Informations-Funktion erfüllen.
Inhaltsverzeichnis der Gebrauchsanleitungen
-
Seite 1
2350 Mission College Blvd. Suite 600 Santa Clara, CA 95054 ww w .bladenetwork.net Alteon OS Applica tion Guide Nor tel 10Gb Ethernet Switch Module f or IBM BladeCente r ® V ersion 1.0 TM P ar t Number: 42C4911, Januar y 2007[...]
-
Seite 2
Alteon OS Application Guide 2 42C4911, January 2007 Copyright © 2007 Blade Network T echnologies, Inc., 2350 Mission College Blv d., Suite 600, Santa Clara, California, 95054, USA. All rights reserved. Part Number: 42C491 1. This document is protected by c opyright and distributed under licen se s restricting it s use, copying, distribution, and d[...]
-
Seite 3
42C4911, January 2007 3 Co n t e n t s Preface 15 Who Should Use This Guide 15 What You’ll Find in This Guide 16 Typographic Conventions 18 How to Get Help 19 Part 1: Basic Switching 21 Chapter 1: Accessing the Switch 23 Management module setup 24 Factory-Default vs. MM as signed IP Addresses 24 Default Gateway 25 Configuring management mo dule f[...]
-
Seite 4
Alteon OS Application Guide 4 42C4911, January 2007 LDAP Authentication and Authorization 53 Secure Shell and Secure Copy 55 End User Access Control 61 Chapter 2: Port-based Network Access Control 67 Extensible Authentication Prot ocol over LAN 68 802.1x Authentication Process 69 802.1x Port States 71 Supported RADIUS Attributes 72 Configu ration G[...]
-
Seite 5
Alteon OS Application Guide 5 42C4911, January 2007 Chapter 5: Spanning Tree Group 105 Overview 106 Bridge Protocol Data Units (BPDU s) 107 Determining the Path fo r Forwardi ng BPDUs 107 Spanning Tree Group configuration guidelines 108 Multiple Spanning Trees 110 Default Spanning Tree configuration 110 Why Do We Need Multiple Spanning Trees? 111 S[...]
-
Seite 6
Alteon OS Application Guide 6 42C4911, January 2007 Viewing ACL Statistics 131 ACL Configuration Examples 132 Using DSCP Values to Provide QoS 134 Differentiated Services Concepts 134 Using 802.1p Priorities to Provide QoS 139 802.1p Configuration Example 140 Queuing and Scheduling 140 Part 2: IP Routing 141 Chapter 8: Basic IP Routing 143 IP Routi[...]
-
Seite 7
Alteon OS Application Guide 7 42C4911, January 2007 Chapter 11: Bord er Gateway Prot ocol 171 Internal Routing Versus External Routing 172 Forming BGP Peer Routers 173 What is a Route Map? 174 Incoming and Outgoing Route Maps 175 Precedence 176 Configuration Overview 176 Aggregating Routes 178 Redistributing Routes 179 BGP Attributes 180 Local Pref[...]
-
Seite 8
Alteon OS Application Guide 8 42C4911, January 2007 OSPF Configuration Examples 204 Example 1: Simple OSPF Domain 205 Example 2: Virtual Links 207 Example 3: Summarizing Routes 211 Verifying OSPF Configuration 213 Part 3: High Availability Fundamentals 215 Chapter 13: High Availability 217 Layer 2 Failover 218 VLAN Monitor 218 Setting the Failover [...]
-
Seite 9
Alteon OS Application Guide 9 42C4911, January 2007 Part 4: Appendices 243 Appendix A: Troubleshooting 245 Monitoring Ports 246 Port Mirroring behavior 247 Configuring Port Mirroring 251 Appendix B: RADIUS Server Configuration Notes 253 Glossary 255 Index 257[...]
-
Seite 10
Alteon OS Application Guide 10 42C4911, January 2007[...]
-
Seite 11
42C4911, January 2007 11 Fi g u r e s Figure 1-1:Switch manage ment on the BladeCe nter management mo du le 26 Figure 1-2:BOOTP Relay Agent Configura tion 30 Figure 1-3:DHCP Relay Agent Configura tion 31 Figure 2-1:Authenticating a Port Using EAPoL 69 Figure 3-1:Default VLAN settings 81 Figure 3-2:Port-based VLAN assignment 82 Figure 3-3:802.1Q tag[...]
-
Seite 12
Alteon OS Application Guide 12 42C4911, January 2007 Figure 13-3:Two trunks, one Failover Trigge r 222 Figure 13-4:A Non-VRRP, Hot-Standby Config ura tion 227 Figure 13-5:Active-Active Redundancy 228 Figure 13-6:Hot-Standby Redundan cy 229 Figure 13-7:Active-Active High- Availability Configuration 233 Figure 13-8:Hot-Standby Configuratio n 239[...]
-
Seite 13
42C4911, January 2007 13 Ta b l e s Table 1-1: GbESM IP addresses, based on switch-module ba y numbers 24 Table 1-2: Use r Acces s Levels 47 Table 1-3: Alteon OS-proprieta ry Attributes for RADIUS 47 Table 1-4: Default TACACS+ Authorization Levels 49 Table 1-5: Alternate TACACS+ Authorization Levels 49 Table 4-1: Actor vs. Partner LACP configuratio[...]
-
Seite 14
Alteon OS Application Guide 14 42C4911, January 2007[...]
-
Seite 15
42C4911, January 2007 15 Pref a ce The Alteon OS Applica tion Guid e describes how to co nfigure and use the A lteon OS software on the 10Gb Ethernet Switch Module for IBM Bl adeCenter . For documentation on installing the switch physically , see the Installation Guide for your GbE Swit ch M odul e (GbESM). Who Should U se T his Guide This Applicat[...]
-
Seite 16
Alteon OS Application Guide 16 Preface 42C4911, January 2007 What Y ou’ll Find i n Th is G u i de This guide will help you plan, implement, and admin ister Alteon OS software. Where possible, each section provides feature overviews, usage examples, and configuration instructions. P art 1: Basic Switching Chapter 1, “Accessing the Switch[...]
-
Seite 17
Alteon OS Application Guide Preface 17 42C4911, January 2007 Chapter 1 1, “Border Gateway Protocol,” describes BGP concepts and BGP features sup- ported in Alteon O S. Chapter 12, “OSPF,” describes OSPF concepts, how OSPF i s implemented in Alteon OS, and examples of how to configure your switch for OSPF support. P art 3: High A[...]
-
Seite 18
Alteon OS Application Guide 18 Preface 42C4911, January 2007 T ypographic C onv entions The following table describes th e typog raphic styles used in this book. T able 1 T ypographic Conventions Ty p e f a c e o r Sym b ol Meaning Example AaBbCc123 This type is used for names of commands, files, and directories used within the te xt. Vi e w t [...]
-
Seite 19
Alteon OS Application Guide Preface 19 42C4911, January 2007 How to Get Help If you need help, service, or technical assistance, see the "Getting help and technical assistance" appendix in the No rtel 10Gb Ethernet Switch Module for IBM BladeCenter Installation Guid e .[...]
-
Seite 20
Alteon OS Application Guide 20 Preface 42C4911, January 2007[...]
-
Seite 21
42C4911, January 2007 P ar t 1: Basic S witching This section discusses basic switching function s. This includes how to access and manage the switch: Accessing the switch Port-Based Network Ac cess Cont rol VLANs Port Trunking Spanning Tree Protocol Rapid Spanning T ree and Protocol and Multiple Spannin g T ree Protocol [...]
-
Seite 22
Alteon OS Application Guide 22 42C4911, January 2007[...]
-
Seite 23
42C4911, January 2007 23 C HAPTER 1 A c ce ssing the S witch The Alteon OS software provides means for accessing, configuring, an d viewing information and statistics about the GbE Switch Module. This chapter discusses different methods of accessing the switch and ways to secure the switch for remote administrators: “Management module setup?[...]
-
Seite 24
Alteon OS Application Guide 24 Chapter 1: Accessing the Switch 42C4911, January 2007 Management module setup The BladeCenter GbE Switch Module is an inte gral subsystem within the overall BladeCenter system. The BladeCenter chassis includes a ma nagement module as th e central element for overall chassis management and control . Y ou can use th[...]
-
Seite 25
Alteon OS Application Guide Chapter 1: Accessing the Switch 25 42 C4911, Januar y 2007 N OTE – Before you install the GbESM in Bay 8 or Bay 10, confirm that your blade I/O Expansion adapter supports communicatio n to these I/O bays. Default Gatew ay The default Gateway IP address determines wher e packets with a destin ation address outside t[...]
-
Seite 26
Alteon OS Application Guide 26 Chapter 1: Accessing the Switch 42C4911, January 2007 Figure 1- 1 Switch management on the BladeCenter managemen t mo dule 4. Y ou can use the default IP addr esses pr ovided by the management module, or you can assign a new IP address to the switch modu le through the management mod u le. Y ou can assign this IP [...]
-
Seite 27
Alteon OS Application Guide Chapter 1: Accessing the Switch 27 42 C4911, Januar y 2007 The default value is Disabled for both features. If these f eatures are not already enabled, change the value to Enabled , then Save . N OTE – In Advanced Configuration > Adv an ced Set up , enable “Preserve new IP configura- tion on all switch resets,[...]
-
Seite 28
Alteon OS Application Guide 28 Chapter 1: Accessing the Switch 42C4911, January 2007 External management por t setup In addition to the internal management ports (MG T 1 and MG T2), th e 10Gb Ethernet Switch Module (GbESM) also has an extern al management port (EXT7) to support out-of-band management traffic. Port EXT7 allows you to perform dat[...]
-
Seite 29
Alteon OS Application Guide Chapter 1: Accessing the Switch 29 42 C4911, Januar y 2007 Us i n g T e l n et Use the management module to access the Gb E Switch Module through T elnet. Choose I/O Module T asks > Configuration from the navigation pane on the left. Select a bay number and click Advanced Configuration > S tart T elnet /W eb Se[...]
-
Seite 30
Alteon OS Application Guide 30 Chapter 1: Accessing the Switch 42C4911, January 2007 Figure 1-2 shows a basic BOOTP network example. Figure 1-2 BOOTP Relay Agent Configuration The use of two servers provide failover redundancy . The client req uest is forwarded to both BOOTP servers configured on the switch. However, no health checking is suppo[...]
-
Seite 31
Alteon OS Application Guide Chapter 1: Accessing the Switch 31 42 C4911, Januar y 2007 DHCP Relay A gent DHCP is described in RFC 2131, and the DHCP relay agent supp orted on the GbESM is described in RFC 1542. DHCP uses UDP as its tr ansport protocol. The clien t sends messages to the server on port 67 an d the server sends messages to the cli[...]
-
Seite 32
Alteon OS Application Guide 32 Chapter 1: Accessing the Switch 42C4911, January 2007 In GbESM implementation, there is no need for primary or s econdary servers. The client request is forwarded to the BO OTP servers configured on the switch. The use of t wo servers provide failover redundancy . However, no health checking is supported . Use the[...]
-
Seite 33
Alteon OS Application Guide Chapter 1: Accessing the Switch 33 42 C4911, Januar y 2007 U sing the Brow ser-Based Inter fac e Use the management module to access the GbE Switch Module through a W eb session. Choose I/O Module T asks > Configuration from the navigation pane on the left. Select a bay number and click Advanced Configuration >[...]
-
Seite 34
Alteon OS Application Guide 34 Chapter 1: Accessing the Switch 42C4911, January 2007 Accessing the BBI via HTTPS requires that you ge nerate a certificate to be used during the key exchange. A default certificate is created the fi rst time HTTPS is enabled, but you can creat e a new certificate defining the information yo u want to be used in t[...]
-
Seite 35
Alteon OS Application Guide Chapter 1: Accessing the Switch 35 42 C4911, Januar y 2007 Switch Ports – configu re each of the physical ports on the switch. Port-Based Port Mirroring – configure port mirroring and mirror port. Layer 2 – Configure Quality of Service (QoS) features for the switch. 802.1x FDB Vi r t u a[...]
-
Seite 36
Alteon OS Application Guide 36 Chapter 1: Accessing the Switch 42C4911, January 2007 U sing SNMP Alteon OS provides SNMP v 1.0 and SNMP v3.0 support for access through any network man- agement software, such as IB M Director or HP-OpenV iew . SNMP v1.0 T o access the SNMP agent on the GbESM, the read and write community strings on the SNMP mana[...]
-
Seite 37
Alteon OS Application Guide Chapter 1: Accessing the Switch 37 42 C4911, Januar y 2007 For more information on SNMP MIBs and the commands used to configu re SN MP on the switch, see the Alteon OS Comma nd Refer ence . Default configuration Alteon OS has two SNMP v3 users by default. Both of the foll owing users have access to all the MIBs suppo[...]
-
Seite 38
Alteon OS Application Guide 38 Chapter 1: Accessing the Switch 42C4911, January 2007 3. Assign the user to the user group. Use the gr oup table to link the user to a particular access group. If you want to allow user access only to certa in MIBs, see the 'V iew based Configuration' sec- tion. View based C onfigurations CLI User equiva[...]
-
Seite 39
Alteon OS Application Guide Chapter 1: Accessing the Switch 39 42 C4911, Januar y 2007 CLI oper equiva lent C onfiguring SNMP T rap Hosts SNMPv1 trap host 1. Configure a user wit h no authentication and password. 2. Configure an access gr oup an d group table entries for the user . Use the following com- mand to specify which traps can be recei[...]
-
Seite 40
Alteon OS Application Guide 40 Chapter 1: Accessing the Switch 42C4911, January 2007 In the example below the user will r eceive the traps sent by the switch . 3. Configure an entry in the notify table. 4. Specify the IP address and other trap para meters in the targetAddr and targetParam tables. Use the following command to specify the user na[...]
-
Seite 41
Alteon OS Application Guide Chapter 1: Accessing the Switch 41 42 C4911, Januar y 2007 SNMPv2 trap host configuration The SNMPv2 trap host configuration is simi lar to the SNMPv1 trap host configuration . Wherever you specify the model, use snmpv2 instead of snmpv1 . SNMPv3 trap host configuration T o configure a user for SNMPv3 tr aps, you can[...]
-
Seite 42
Alteon OS Application Guide 42 Chapter 1: Accessing the Switch 42C4911, January 2007 The following example shows how to configu re a SNMPv3 user v3trap with authentication only: /c/sys/ssnmp/snmpv3/usm 11 (Configur e user named “v3trap”) name "v3trap" auth md5 authpw v3trap /c/sys/ssnmp/snmpv3/access 11 (Define access gr oup to vi[...]
-
Seite 43
Alteon OS Application Guide Chapter 1: Accessing the Switch 43 42 C4911, Januar y 2007 Securing Ac c ess to the S witch Secure switch managem ent is needed for environm ents that perfo rm significant manag ement functions across the Internet. Th e follow ing are some of the functions for secured manage- ment: Authentication an d authorizati[...]
-
Seite 44
Alteon OS Application Guide 44 Chapter 1: Accessing the Switch 42C4911, January 2007 RADIUS Authentica tion and A uthorization Alteon OS supports the RADIUS (Remote Authentication Dial -in User Service) method to authenticate and authorize remo te administrators for managing the switch. This method is based on a client/server model. The Remote [...]
-
Seite 45
Alteon OS Application Guide Chapter 1: Accessing the Switch 45 42 C4911, Januar y 2007 1. T urn RADIUS authentication on, then configure the Pr imary and Secondary RADIUS servers. 2. Configure the RADIUS secr et. 3. If desired, you may change the default UDP port nu m ber used to list en to RADIUS. The well-known port for RADIUS is 1645. 4. Con[...]
-
Seite 46
Alteon OS Application Guide 46 Chapter 1: Accessing the Switch 42C4911, January 2007 RADIUS Authentication F eat ures in Alteo n OS Alteon OS supports the following RADIU S aut henti catio n features: Supports RADIUS client on the switch, ba sed on the protocol definitions in RFC 2138 and RFC 2866. Allows RADIUS secret password up to 32[...]
-
Seite 47
Alteon OS Application Guide Chapter 1: Accessing the Switch 47 42 C4911, Januar y 2007 Switch User Acco unt s The user accounts listed in T able 1 -2 can be defined in the RADIUS server dictionary file. RADIUS Attributes for Al teon OS User P r ivileges When the user logs in, the sw itch authenticates his/her level of access by sending the RADI[...]
-
Seite 48
Alteon OS Application Guide 48 Chapter 1: Accessing the Switch 42C4911, January 2007 T ACA CS+ Authen tication Alteon OS supports authentication and authorization wi th netw orks using the Cisco Systems T ACACS+ protocol. The GbE Switch Module func tions as the Network Access Server (NAS) by interacting wi th the remote client and initiating au[...]
-
Seite 49
Alteon OS Application Guide Chapter 1: Accessing the Switch 49 42 C4911, Januar y 2007 Authorization Authorization is the action of determ inin g a user ’ s privileges on the devi ce, and usual ly tak es place after authentication. The default mapping between T ACACS+ authorization levels and Alteon OS management access levels is shown in T a[...]
-
Seite 50
Alteon OS Application Guide 50 Chapter 1: Accessing the Switch 42C4911, January 2007 Acc ounting Accounting is the action of recording a user's act ivities on the device for the purposes of billing and/or security . It follows th e authentication and au thorization actions. If the authentication and authorization is not performed via T A C[...]
-
Seite 51
Alteon OS Application Guide Chapter 1: Accessing the Switch 51 42 C4911, Januar y 2007 The following rules apply to T ACA CS+ command authorization and logg ing : Only commands from a Console, T elnet, or SSH connectio n are sent for au thorization and logging. SNMP , BBI, or file-co py com mands (f or example, TFTP or sync) are not sent. ?[...]
-
Seite 52
Alteon OS Application Guide 52 Chapter 1: Accessing the Switch 42C4911, January 2007 Configuring T ACACS+ A uthen tication on the Switch 1. T urn T ACACS+ authentication on, then configure the Primary and Secondary T ACACS+ servers. 2. Configure the T ACACS+ secr et and second secr et. 3. If desired, you may change the default TC P port number [...]
-
Seite 53
Alteon OS Application Guide Chapter 1: Accessing the Switch 53 42 C4911, Januar y 2007 LDAP A uthentica tion and A uthorization Alteon OS supports the LDAP (Lightweig ht Directory Access Protocol) method to authenti- cate and authorize remote admini strators to manage the sw itch. LDAP is based on a client/ server model. The switch acts as a cl[...]
-
Seite 54
Alteon OS Application Guide 54 Chapter 1: Accessing the Switch 42C4911, January 2007 Configuring LD AP Authentication on the S witch 1. T urn LDAP authentication on, then configure the Primary an d Secondary LDAP servers. 2. Configure the domain name. 3. If desired, you may change the default TCP port number used to listen to LDAP . The well-kn[...]
-
Seite 55
Alteon OS Application Guide Chapter 1: Accessing the Switch 55 42 C4911, Januar y 2007 Secure Shell and Secure C opy Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages between a remote administrator and the switch. T elnet does not provide thi s level of security . The T elnet method of ma naging a GbE Sw[...]
-
Seite 56
Alteon OS Application Guide 56 Chapter 1: Accessing the Switch 42C4911, January 2007 Configuring SSH/SCP f eatures on the switch Before you can use SSH comman ds, use the follo wing commands to turn on SSH/SCP . SSH and SCP are disabled by default. T o enable or disable the SSH feature: Begin a T elnet session from the console port and enter th[...]
-
Seite 57
Alteon OS Application Guide Chapter 1: Accessing the Switch 57 42 C4911, Januar y 2007 Configuring the SCP A dministrator P assword T o configure the scpadm (SCP Administrator) password, fi rst connect to the switch via the serial console port. For security reasons, the scpadm password may only be confi gured when connected through the console [...]
-
Seite 58
Alteon OS Application Guide 58 Chapter 1: Accessing the Switch 42C4911, January 2007 T o upload the configuration to the switch: Syntax: Example: T o apply and save the configuration The ap ply and save commands are still needed a fter the last command, or use the following commands: The diff command is automatically executed at the end of [...]
-
Seite 59
Alteon OS Application Guide Chapter 1: Accessing the Switch 59 42 C4911, Januar y 2007 Generating RSA Host and Ser ver Keys for SSH Acc ess T o supp ort the SSH server feature, tw o sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the GbE Switch Module. The server key is 768 bits and is use[...]
-
Seite 60
Alteon OS Application Guide 60 Chapter 1: Accessing the Switch 42C4911, January 2007 SSH/SCP Integration with Radius Authentication SSH/SCP is integrated wi th RA DIUS authentication . After the RADIUS server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified RADIUS servers for authentica ti[...]
-
Seite 61
Alteon OS Application Guide Chapter 1: Accessing the Switch 61 42 C4911, Januar y 2007 An SCP-only administrator ’ s password is typi cally used when SecurI D is used. For exam- ple, it can be used in an automation program (in which the tokens of SecurID are not avail- able) to back up (download) the switch configur ations each day . N OTE ?[...]
-
Seite 62
Alteon OS Application Guide 62 Chapter 1: Accessing the Switch 42C4911, January 2007 Strong P asswords The administrator can require use of Strong Pa sswords for users to access the G bESM. Strong Passwords enhance security because they make password guessing more dif ficult. The following rules apply when Strong Passwords are enabled: Each[...]
-
Seite 63
Alteon OS Application Guide Chapter 1: Accessing the Switch 63 42 C4911, Januar y 2007 Defining User Names and Passwords Use the User ID menu to define user names and passwords. Defining a User ’ s Ac cess L evel The end user is by default assigned to the user access level (also known as class of s ervice, or CoS). CoS for all user accounts h[...]
-
Seite 64
Alteon OS Application Guide 64 Chapter 1: Accessing the Switch 42C4911, January 2007 Listing Curr ent Users The cur command displays defined user accounts an d whether or not each user is currently logged into the switch. Logg ing into an End User A ccount Once an end user account is confi gured and enabled, the user can login to the switch use[...]
-
Seite 65
Alteon OS Application Guide Chapter 1: Accessing the Switch 65 42 C4911, Januar y 2007[...]
-
Seite 66
Alteon OS Application Guide 66 Chapter 1: Accessing the Switch 42C4911, January 2007[...]
-
Seite 67
42C4911, January 2007 67 C HAPTER 2 P or t-based Netw ork A cc ess C ontrol Port-Based Network Access cont rol provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connectio n characteristics. It prevents access to ports that fail authentica tion and authoriza tion. This feat ure provides securit[...]
-
Seite 68
Alteon OS Application Guide 68 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007 Extensible Authentication P rot ocol o v er LAN Alteon OS can provide user-level security for its ports using the IEEE 802.1x protocol, which is a more secure alternative to other method s of port-based network access control. Any device attached [...]
-
Seite 69
Alteon OS Application Guide Chapter 2: Port-based Network Access Control 69 42C4911, January 2007 802.1x Authentica tion Process The clients and authenticators communicate using Extensible Authen tication Protocol (EA P), which was originally designed to run over PP P , and for which the IEEE 802.1x Standard has defined an encapsulation method [...]
-
Seite 70
Alteon OS Application Guide 70 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007 EAP oL Message Exchange During authentication, EAPOL messages are exchanged be tween the client and the GbESM authenticator , while RADIUS-EAP messages are exchanged between the GbESM authentica- tor and the RADIUS server . Authentication is initi[...]
-
Seite 71
Alteon OS Application Guide Chapter 2: Port-based Network Access Control 71 42C4911, January 2007 802.1x P or t States The state of the port determines whether the client is granted access to the network, as follows: Unauthorized While in this state the port discards all ingress and egress traf fic except EAP packets. Authorized When th[...]
-
Seite 72
Alteon OS Application Guide 72 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007 Suppor ted RA DIUS A ttributes The Alteon 802.1x Authenticat or rel ies on external RADIUS servers for authentication with EAP . Ta b l e 2 lists the RADIUS attributes that are supported as part of RADIUS-EAP authentication based on the guide line[...]
-
Seite 73
Alteon OS Application Guide Chapter 2: Port-based Network Access Control 73 42C4911, January 2007 C onfiguration Guidelines When configuring EAPoL, consid er the following guidelines: The 802.1x port-based authenticatio n is curren tly supported only in point -to -po int config- urations, that is, with a single suppl icant connected to an 8[...]
-
Seite 74
Alteon OS Application Guide 74 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007[...]
-
Seite 75
42C4911, January 2007 75 C HAPTER 3 VLANs This chapter describes network design and topol o gy considerations for using V i r tu al L o ca l A re a Ne tw or k s (V L AN s) . VLANs are commonly used to split up groups of network users into man- ageable broadcast domains, to create logical segm entation of workgroups, and to enforce security policies[...]
-
Seite 76
Alteon OS Application Guide 76 Chapter 3: VLANs 42C4911, January 2007 Ov ervie w Setting up virt ual LANs (VLANs) i s a way to segment n etworks to increase ne twork flexibility without changing the physical network topology . W ith network segmentation, each switch port connects to a segment that is a single broadcast domain. When a switch por[...]
-
Seite 77
Alteon OS Application Guide Chapter 3: VLANs 77 42C4911, January 2007 VLANs and P or t VL AN ID Numb ers VLAN Numbers Alteon OS supports up to 1024 VLANs per switch. Even though th e maximum number of VLANs supported at any gi ven time is 1024, each can be identified with any number between 1 and 4095. VLAN 1 is the default VLAN for the ext ern[...]
-
Seite 78
Alteon OS Application Guide 78 Chapter 3: VLANs 42C4911, January 2007 Viewing and C onfiguring PVIDs Use the following CLI commands to view PVIDs: Port info rmation: N OTE – The sample screens that appear in this document mi ght differ slightly from t he screens displayed by your system. Screen co ntent varies based on the type of Bl adeC[...]
-
Seite 79
Alteon OS Application Guide Chapter 3: VLANs 79 42C4911, January 2007 Each port on the switch can belong to one or more VLANs, and each VLAN can have any number of switch ports in its me mbership. Any po rt that belongs to multiple VLANs, however, must have VLAN tagging enabled (see “VLAN T aggin g” on page 80 ).[...]
-
Seite 80
Alteon OS Application Guide 80 Chapter 3: VLANs 42C4911, January 2007 VLAN T aggi ng Alteon OS software supports 802.1 Q VLAN tagging, providin g standards-based VLAN sup- port for Ethernet systems. T agging places the VLAN identifi er in the frame header of a packet, allowing each port to belong to multiple VLANs. When you add a port to mu lti[...]
-
Seite 81
Alteon OS Application Guide Chapter 3: VLANs 81 42C4911, January 2007 Figure 3-1 Default VLAN settings N OTE – The port numbers specified in these illustrations may not directly correspond to th e physical port configuration of your switch model. When a VLAN is configured, por ts are added as members of the VLAN, and the ports are defined as [...]
-
Seite 82
Alteon OS Application Guide 82 Chapter 3: VLANs 42C4911, January 2007 N OTE – The port assignments in the following figures are not meant to match the GbE Switch Module. Figure 3-2 Port-based VL AN assignment As shown in Figure 3-3 , the untagged packet is marked (tagge d) as it leaves the switch through port 5, which is config ured as a tagg[...]
-
Seite 83
Alteon OS Application Guide Chapter 3: VLANs 83 42C4911, January 2007 In Figure 3-4 , tagged incoming packets are assigned di rectly to VLAN 2 because of the tag assignment in the packet. Po rt 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2. Figure 3-4 802.1Q tag assig nment As shown in Fi[...]
-
Seite 84
Alteon OS Application Guide 84 Chapter 3: VLANs 42C4911, January 2007 VLAN T opologies and Design C onsiderat ions By default, the Alteon OS software is configured so that tagging is disabled on all external ports and all internal ports. By default, the Alteon OS software is configur ed so that all internal ports are members of VLAN 1. [...]
-
Seite 85
Alteon OS Application Guide Chapter 3: VLANs 85 42C4911, January 2007 Example 1: Multiple VLANs with T agging Adapters Figure 3-6 Example 1: Multiple VLANs with VL AN-T agged Gigabit Adapters The features of this VLAN are described bel o w: Component Description GbE Switch Module This switch is configured for three VLANs that represent three di[...]
-
Seite 86
Alteon OS Application Guide 86 Chapter 3: VLANs 42C4911, January 2007 N OTE – VLAN tagging is required only on ports that are connected to other GbE Switch Modules or on ports that conn ect to tag-capable end-stations , such as servers with VLAN- tagging adapters. PCs #1 and #2 These PCs are attached to a shared media hub that is then connect[...]
-
Seite 87
Alteon OS Application Guide Chapter 3: VLANs 87 42C4911, January 2007 Pr otoc ol-based VLANs Protocol-based VLANs (PVLANs) allow you to segment network traf fic according to the net- work protocols in use. T raffic generated by supported network protocols can be confined to a particular port-based VLAN. Y ou can give different priority leve ls [...]
-
Seite 88
Alteon OS Application Guide 88 Chapter 3: VLANs 42C4911, January 2007 P ort-based vs. P rot ocol-based VLANs Each VLAN supports both port-based and pro t ocol-based association , as follows: The default VLAN configu ration is port-ba se d. All data ports are members of VLAN 1, with no PVLAN association. When you add ports to a PVLAN, th[...]
-
Seite 89
Alteon OS Application Guide Chapter 3: VLANs 89 42C4911, January 2007 PVLAN C onfigura tion Guidelines Consider the following guidelin es when you con fig ure proto col-based VLANs: Each port can support up to 16 VLA N protocols. The GbESM can support up to 16 protocols simultaneously . Each PVLAN must have at least one port assigne[...]
-
Seite 90
Alteon OS Application Guide 90 Chapter 3: VLANs 42C4911, January 2007 3. Add member ports for this PVLAN. 4. Configure VLAN tagging for ports. 5. Enable the PVLAN. >> VLAN 2 Protocol 1# add int1 Port INT1 is an UNTAGGED port and it s current PVID is 1. Confirm changing PVID from 1 to 2 [y /n]: y Current ports for VLAN 2: empty Current por[...]
-
Seite 91
Alteon OS Application Guide Chapter 3: VLANs 91 42C4911, January 2007 6. V erify PVLAN operation. >> /info/l2/vlan (V iew VLAN informati on) VLAN Name Stat us Ports ---- ------------------------ ---- -- ------------------------- 1 Default VLAN ena INT1-INT14 EXT2-EXT6 2 VLAN 2 ena INT1 EXT1 4094 EXT-Mgmt VLAN ena EXT7 4095 Mgmt VLAN ena M[...]
-
Seite 92
Alteon OS Application Guide 92 Chapter 3: VLANs 42C4911, January 2007[...]
-
Seite 93
42C4911, January 2007 93 C HAPTER 4 Po r t s a n d T r u n k i n g T runk groups can provide super-bandwidth, multi-link connecti ons between GbE Switch Mod- ules or other trunk-capable devices. A t runk group is a group of ports th at act together , combin- ing their bandwidth to create a si ngle, larger virtual link. Thi s chap te r provides conf[...]
-
Seite 94
Alteon OS Application Guide 94 Chapter 4: Ports and Trunking 42C4911, January 2007 Ov ervie w When using port trunk gro ups between two switches, as shown in Figure 4-1 , you can create a virtual link between the switches, operating up to 60Gb p er second, depend ing on how man y physical ports are combined. Each GbESM sup ports up to 13 trunk [...]
-
Seite 95
Alteon OS Application Guide Chapter 4: Ports and Trunking 95 42C4911, January 2007 Statistical L oad Distribution Network traffic is statistically d istributed between the p orts in a trun k group. The Alteon OS- powered switch uses the Layer 2 MAC address information present in each transmitted frame for determining load dist ribution. Each pa[...]
-
Seite 96
Alteon OS Application Guide 96 Chapter 4: Ports and Trunking 42C4911, January 2007 T runk group configur ation rules The trunking feature operates acco rding to specific configuration rules. When creating trunks, consider the following rules th at determin e how a trunk group reacts in any network topology: All trunks must originate from on[...]
-
Seite 97
Alteon OS Application Guide Chapter 4: Ports and Trunking 97 42C4911, January 2007 Po r t T r u n k i n g E x a m p l e In the example below , three ports ar e trunked between two switches. Figure 4-2 Port T runk Group Configuration Example Prior to configuring each switch in the above ex ample, you must connect to the appropriate switch’ s C[...]
-
Seite 98
Alteon OS Application Guide 98 Chapter 4: Ports and Trunking 42C4911, January 2007 1. Connect the switch port s that will be members in the tru nk group. 2. Follow these steps on the GbESM: (a) Define a trunk group. (b)Apply and ver ify the configur ation. Examine the resultin g in formation. If an y sett ings are incorrect, make appropriate ch[...]
-
Seite 99
Alteon OS Application Guide Chapter 4: Ports and Trunking 99 42C4911, January 2007 4. Examine the trunking inf o rmation on each switch. Information about each port in each configured tru nk group is displayed. Make sure that tru nk groups consist of the expected ports and th at each port is in the expected state. The following restrictions app[...]
-
Seite 100
Alteon OS Application Guide 100 Chapter 4: Ports and Trunking 42C4911, January 2007 C onfigurable T runk Hash Algorithm This feature allows you to co nfigure the particular parameters for the GbESM Trunk Hash algorithm instead of havi ng to utilize the d efaults. Y ou can configure new default behavio r for Layer 2 traffic and Layer 3 traffic u[...]
-
Seite 101
Alteon OS Application Guide Chapter 4: Ports and Trunking 101 42C4911, January 2007 Link Aggr egation C ontrol P rotoc ol Link Aggregation Control Protocol (LACP) is an IEEE 802.3ad st andard for gro uping several physical ports into one logical port (kn own as a dynamic trunk group or Link Aggregation group) with any device that supp orts the [...]
-
Seite 102
Alteon OS Application Guide 102 Chapter 4: Ports and Trunking 42C4911, January 2007 LACP automatically determi nes which member lin ks can be aggregated and then aggregates them. It provides for the co ntrolled addition and rem oval of physical links for t he link aggrega- tion. Each port in the GbESM can have one of the following LACP modes. ?[...]
-
Seite 103
Alteon OS Application Guide Chapter 4: Ports and Trunking 103 42C4911, January 2007 C onfiguring LACP Use the following procedure to configure LACP fo r port EXT1 and port EXT2 to participate in link aggregation. 1. Set the LACP mode on port EXT1. 2. Define the admin key on port EXT1. Only ports with the same ad min key can form a LACP trunk gr[...]
-
Seite 104
Alteon OS Application Guide 104 Chapter 4: Ports and Trunking 42C4911, January 2007[...]
-
Seite 105
42C4911, January 2007 105 C HAPTER 5 Spanning T ree Gr oup When multiple paths exist on a network , Spanning Tree Group (STG) configures the network so that a switch uses only the most ef ficient pa th. The following topics are discussed in this chapter: “Overview” on page 106 “Bridge Protocol Data Units (BPDUs)” on page 107 “[...]
-
Seite 106
Alteon OS Application Guide 106 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Ov ervie w Spanning Tree Group (STG) detects and eliminates logical loops in a bridged or switched net- work. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fail s, Spanning T re[...]
-
Seite 107
Alteon OS Application Guide Chapter 5: Spanning Tree Group 107 42C4911, January 2007 Bridge Pr otoc ol Data Units (BPDU s) T o create a Spanning Tr ee, the switch generates a configuration Bridge Protocol Data Unit (BPDU), which it then forwards out of its ports. All switch es in the Layer 2 network parti cipat- ing in the Spanning Tree gather [...]
-
Seite 108
Alteon OS Application Guide 108 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Po r t Pa t h Co s t The port path cost assigns lower values to high-bandwid th po rts, such as Giga bit Ethernet , to encourage their use. The cost of a port also depend s on whether t he port operates at ful l-duplex (lower cost) or half-duplex (hi gher cost[...]
-
Seite 109
Alteon OS Application Guide Chapter 5: Spanning Tree Group 109 42C4911, January 2007 If ports are tagged, all trunked po rts can belong to multiple STGs. A port that is not a member of any VLAN can not be added to any STG . The port must be added to a VLAN, and that VLAN added to the desired STG . Rules for VLAN T agged por ts T agg[...]
-
Seite 110
Alteon OS Application Guide 110 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Multiple Spanning T rees Each GbE Switch Module supports a maximum of 128 Sp anning T ree Groups (STGs). Multi- ple STGs provide multiple data paths, whi ch can be used for load-balancing and redund ancy . Y o u enable load balancing between two Gb E Swit ch M[...]
-
Seite 111
Alteon OS Application Guide Chapter 5: Spanning Tree Group 111 42C4911, January 2007 Wh y Do W e Need Multiple Spanning T rees? Figure 5-1 shows a simple example of why we n eed multiple Spanning Trees. T w o VLANs, VLAN 1 and VLAN 100 exist between applicati on switch A and GbE Switch Module B. If you have a single Spanning Tree Group, the swi[...]
-
Seite 112
Alteon OS Application Guide 112 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Figure 5-2 Implementing M ultiple S panning T ree Groups VLAN Participation in Spanning T ree Groups The VLAN participation for each Spanning T ree Group in Figure 5-2 on page 1 12 is discussed in the following sections: VLAN 1 Participation If application[...]
-
Seite 113
Alteon OS Application Guide Chapter 5: Spanning Tree Group 113 42C4911, January 2007 VLAN 3 Participation For VLAN 3 you can have GbE Switch Mod ule B or app licati on switch C to be the root bridge. If switch B is the root bridge for VLAN 3, Spannin g Tree Group 2, then switch B transmits the BPDU out from port 18. Application switch C rec[...]
-
Seite 114
Alteon OS Application Guide 114 Chapter 5: Spanning Tree G roup 42C4911, January 2007 N OTE – Each instance of Spanning Tree Group is enabled by defaul t. 3. Configure the following on application switch C: Add port 8 to VLAN 3 and define Spanning Tree Group 3 for VLAN 3. VLAN 3 is automatically removed from Span n ing T ree Group 1 and by de[...]
-
Seite 115
Alteon OS Application Guide Chapter 5: Spanning Tree Group 115 42C4911, January 2007 P o rt F a s t F o rw a r di n g Port Fast For warding perm its a port t hat partic ipates in Spanning Tree to bypass the Listening and Learning states and enter dir ectly into the Forwarding state. While in the Forwarding state, the port listens to the BPDUs t[...]
-
Seite 116
Alteon OS Application Guide 116 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Fa s t U p l i n k C o n v e r g e n c e Fast Uplink Convergence enables the GbESM to quickly recover from the failure of the pri- mary link or trunk group in a Layer 2 network u sing Spanning Tree Protocol. Normal recovery can take as long as 50 seconds, whil[...]
-
Seite 117
42C4911, January 2007 117 C HAPTER 6 Rapid Spanning T r ee Pr otoc ol/Multiple Spanning T ree Pr otocol IEEE 802.1w Rapid Spanning T ree Protocol enha nces the Spanning Tree Pr otocol to provide rapid convergence on Spanning Tree Group 1. IEEE 802.1s Multiple Spanning Tree Protocol extends the Rapid Span ning Tr ee Protocol, to provide both rap id [...]
-
Seite 118
Alteon OS Application Guide 118 Chapter 6: Rapid Spanning Tree Protocol/M ultiple Spanning Tree Pr otocol 42C4911 , January 2007 Rapid Spanning T ree Pr otoc ol Rapid Spanning Tree Protocol (RSTP) provides rapid convergence of the spanning tree and provides for fast re-configuration critical for netw orks carrying delay-sensitive traf fic such [...]
-
Seite 119
Alteon OS Application Guide Chapter 6: Rapid Spanning Tree Protoc ol/Multiple Spanning Tree Protocol 119 42C4911, January 2007 P ort T ype and Link T ype Spanning Tree configuration includes the following parameters to support RSTP and MSTP: edge port and link type. Alth ough these paramet ers are configured for Spanning Tr ee Groups 1-128 ( /c[...]
-
Seite 120
Alteon OS Application Guide 120 Chapter 6: Rapid Spanning Tree Protocol/M ultiple Spanning Tree Pr otocol 42C4911 , January 2007 RSTP Co nfigura tion Example This section provides steps to configure Ra pid Spanning T ree on the GbE Switch Module, using the Command-Line Interface (CLI). Configur e Rapid Spanning T ree 1. Configure port an d VLAN[...]
-
Seite 121
Alteon OS Application Guide Chapter 6: Rapid Spanning Tree Protoc ol/Multiple Spanning Tree Protocol 121 42C4911, January 2007 Multiple Spanning T ree P rot ocol IEEE 802.1s Multiple Spanning T ree extends the IEEE 802.1w Rapid Spanning T ree Protocol through multiple Spannin g Tree Groups. MSTP maintains up to 32 spanning-tree instances, that [...]
-
Seite 122
Alteon OS Application Guide 122 Chapter 6: Rapid Spanning Tree Protocol/M ultiple Spanning Tree Pr otocol 42C4911 , January 2007 MSTP Co nfigura tion Guidelines This section provides important inform ation about configuri ng Mul tiple Spanning Tree Groups: When you enable MSTP , you must co nfigure the Region N ame, and a defaul t version n[...]
-
Seite 123
42C4911, January 2007 123 C HAPTER 7 Quality of Ser vice Quality of Service featur es allow you to allocat e network reso urces to mission-critical ap plica- tions at the expense of ap plications that are less sensitive to such fact ors as time del ays or net- work congestion. Y ou can configure your networ k to prioritize specifi c types of traffi[...]
-
Seite 124
Alteon OS Application Guide 124 Chapter 7: Quality of Service 42C4911, January 2007 Overview QoS helps you allocate gu aranteed bandwidth to the critical applications, and limit bandwi dth for less critical applications. Ap plications such as video and vo ice must have a certain amount of bandwidth to work correctly; u sing QoS, you can provide[...]
-
Seite 125
Alteon OS Application Guide Chapter 7: Quality of Service 125 42C4911, January 2007 The basic GbESM QoS model works as follows: Classify traffic: Read DSCP Read 802.1p Priority Match ACL filter parameters Meter traf fic: Define bandwidth and burst parameters Select actions to perform on in- profile and out-o f-p rofi[...]
-
Seite 126
Alteon OS Application Guide 126 Chapter 7: Quality of Service 42C4911, January 2007 Us i n g ACL Fi l t e r s Access Control Lists are filters that allow you to classify and segment traffic, so you can pro- vide different levels of service to different traf fic typ es. Each filter defines the conditions that must match for inclusion in the filt[...]
-
Seite 127
Alteon OS Application Guide Chapter 7: Quality of Service 127 42C4911, January 2007 Packet Format Ethernet format (eth2, SNAP , LLC) Ethernet tagging format IP format (IPv4, IPv6) Egress port packets T able 7-2 Well-Known Application Ports Number TC P/UDP Application Number TC P/UDP Application Number TC P/UDP Application 20[...]
-
Seite 128
Alteon OS Application Guide 128 Chapter 7: Quality of Service 42C4911, January 2007 Summar y of A CL Actions Actions determine how th e traffi c is treate d. The GbESM QoS actions include the following: Pass or Drop Re-mark a new Dif fServ Code Point (DSCP) Re-mark the 802.1p field Set the COS queue Understanding A CL Pr ecedenc[...]
-
Seite 129
Alteon OS Application Guide Chapter 7: Quality of Service 129 42C4911, January 2007 Usi n g ACL G ro u p s Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet header , such as the source addre ss, destination address, source port number , destina- tion port number , and others. Packet classi[...]
-
Seite 130
Alteon OS Application Guide 130 Chapter 7: Quality of Service 42C4911, January 2007 Access Control Groups An Access Control Group (ACL Group) is a collection of ACLs. For example: In the example above, each ACL defines a filter rule. ACL 3 has a higher precedence than ACL 1, based on its nu mb er . Use ACL Groups to create a traf fic profil[...]
-
Seite 131
Alteon OS Application Guide Chapter 7: Quality of Service 131 42C4911, January 2007 Meterin g QoS metering provides different levels of service to data streams th rou gh user-configurable parameters. A meter is used to measure the traf fic stream against a traf fic profile, which you create. Thus, creating meters yi elds In-Profile and Out-of-P[...]
-
Seite 132
Alteon OS Application Guide 132 Chapter 7: Quality of Service 42C4911, January 2007 A CL C onfigurat ion Examples Example 1 Use this configuration to block traffic to a specifi c host. All traf fic that ingresses on port EXT1 is denied if it is destined for the host at IP address 100.10.1.1 1. Configure an Access Control List. 2. Add ACL 1 to p[...]
-
Seite 133
Alteon OS Application Guide Chapter 7: Quality of Service 133 42C4911, January 2007 3. Apply and save the configuration. Example 3 Use this configuration to block traffic from a netw ork that is destined for a specific egress port. All traffic that ingresses port EXT1 from the ne twork 100.10.1.0/24 and is destined for port INT1 is denied. 1. C[...]
-
Seite 134
Alteon OS Application Guide 134 Chapter 7: Quality of Service 42C4911, January 2007 U sing DSCP V alues to Pro vide QoS The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP). Packets are marked with a certain value depending on the type of treatmen t the packet must receive in the network devi[...]
-
Seite 135
Alteon OS Application Guide Chapter 7: Quality of Service 135 42C4911, January 2007 The GbESM default settings are based on the following standard PHBs, as defined in the IEEE standards: Expedited Forwarding (EF)—T his PH B has the hi ghest egress priority and lowest drop precedence level. EF traffic is forwarded ahead of all other traffi[...]
-
Seite 136
Alteon OS Application Guide 136 Chapter 7: Quality of Service 42C4911, January 2007 QoS Lev els T abl e 7-5 shows the default service levels provided by the GbESM, listed from hig hest to lowest importance: T able 7-5 Default QoS Service Levels Service Level Default PHB 802.1p Priority Critical CS7 7 Network Control CS6 6 Premium EF , CS5 5 Pla[...]
-
Seite 137
Alteon OS Application Guide Chapter 7: Quality of Service 137 42C4911, January 2007 DSCP Re -mark ing and Mapping The GbESM can re-mark the DSCP value of ingress packets to a new value, and set the 802.1p priority val ue, based on the DSCP valu e. Y ou can view the default setting s by using the cfg/qos/dscp/cur command, as shown below . Use th[...]
-
Seite 138
Alteon OS Application Guide 138 Chapter 7: Quality of Service 42C4911, January 2007 DSCP Re-mark ing Confi guration Example 1. T urn DSCP re-mar king on globally , and define the DSCP -D SCP-802.1p ma pping. Y ou can use the default mapping, as shown in the cfg/qos/dscp/cur command ou tput. 2. Enable DSCP re-marking on a port. >> Main# cf[...]
-
Seite 139
Alteon OS Application Guide Chapter 7: Quality of Service 139 42C4911, January 2007 U sing 802.1p Priorities to Pr ovide QoS Alteon OS provides Quality of Service functi ons based on the priority bits in a packet’ s VLAN header . (The priority bits are defined by th e 802.1p standard with in the IEEE 802.1q VLAN header .) The 802.1p bits, if [...]
-
Seite 140
Alteon OS Application Guide 140 Chapter 7: Quality of Service 42C4911, January 2007 802.1p C onfiguration Example 1. Configure a port’ s default 802.1p priority . 2. Map the 802.1p priority value to a COS queue and set the COS queue scheduling weight. Queuing and Scheduling The GbESM has eight output Class of Service (COS) queues per port, in[...]
-
Seite 141
42C4911, January 2007 P ar t 2: IP Routing This section discusses Layer 3 switching fun ctions. In addition to swit ching traffic at near line rates, the application switch can perform multi-pro toco l routing. This section discusses basic routing and advanced routin g protocols: Basic Routing Routing Informati on Protocol (R IP ) Inter[...]
-
Seite 142
Alteon OS Application Guide 142 42C4911, January 2007[...]
-
Seite 143
42C4911, January 2007 143 C HAPTER 8 Basic IP Routing Th is c ha pt er provides configuration background and examples for using the GbE Switch Mod- ule to perform IP routing functions. Th e followi ng topics are addressed in this chapter: “IP Routing Benefits” on page 144 “Routing Between IP Subnets” on page 145 “Example of Su[...]
-
Seite 144
Alteon OS Application Guide 144 Chapter 8: Basic IP Routing 42C4911, January 2007 IP Routing Benefits The GbE Switch Module uses a combination of c onfigurable IP switch in terfaces and IP rout- ing options. The swit ch IP routing capabili ties provide th e following benefits: Connects the server IP subnets to the rest of the backbone netwo[...]
-
Seite 145
Alteon OS Application Guide Chapter 8: Basic IP Routing 145 42C4911, January 2007 Routing Betw een IP Subnets The physical layout o f most corp orate networks has evolved over time. Classi c hub/router topologies have given way to faster sw itched topologies, particularly now th at sw itches are increasingly intelligent. GbE Switch Mod ules are[...]
-
Seite 146
Alteon OS Application Guide 146 Chapter 8: Basic IP Routing 42C4911, January 2007 Routers can be slower than switches. The cro ss-subnet side trip from the switch to the router and back again adds two hops for the data , slowi ng th roughput considerabl y . T raffic to the router incr eases, increasing congestion. Even if every end-stat[...]
-
Seite 147
Alteon OS Application Guide Chapter 8: Basic IP Routing 147 42C4911, January 2007 W ithout Layer 3 IP routing on the switch, cross-subnet com munication is relayed to the default gateway (in this case, the router) for the next level of routing intel ligence. The rout er fills in the necessary address information and sends the data back to the s[...]
-
Seite 148
Alteon OS Application Guide 148 Chapter 8: Basic IP Routing 42C4911, January 2007 Example of Subnet Routing Prior to configuri ng, you must be connected to the sw itch Command Line Interface (CLI) as the administrator . N OTE – For details about accessing and using any of the menu commands described in this example, see the Alteon OS Command [...]
-
Seite 149
Alteon OS Application Guide Chapter 8: Basic IP Routing 149 42C4911, January 2007 IP interfaces are configured using the following comm ands at the CLI: 3. Set each server and workstation’ s default gatew ay to the appropriate switch IP interface (the one in the same subnet as the server or workstation). 4. Configure the default gateways t o [...]
-
Seite 150
Alteon OS Application Guide 150 Chapter 8: Basic IP Routing 42C4911, January 2007 Using VLANs to Segregat e Broadcast Domains In the previous example, devices that share a common IP network are all in the same broadcast domain. If you want to limit the broadcasts on your netwo rk, you could use VLANs to create distinct broadcast domains. For ex[...]
-
Seite 151
Alteon OS Application Guide Chapter 8: Basic IP Routing 151 42C4911, January 2007 Each time you add a port to a VLAN, you may get the follow ing prompt: Enter y to set the default Port VLAN ID (PVI D) for the port. 3. Add each IP interface to the appr opriate VLAN. Now that the ports are separated into three VL ANs, the IP interface for each su[...]
-
Seite 152
Alteon OS Application Guide 152 Chapter 8: Basic IP Routing 42C4911, January 2007 Dynamic Host C onfigura tion P rotoc ol Dynamic Host Configuration Protocol (D HCP) is a transport protocol that provides a frame- work for automatically assigning IP addresses and config urat ion informatio n to oth er IP hosts or clients in a large TCP/IP networ[...]
-
Seite 153
Alteon OS Application Guide Chapter 8: Basic IP Routing 153 42C4911, January 2007 DHCP Relay A gent DHCP is described in RFC 2131, and the DHCP relay agent supp orted on GbE Switch Mod- ules is described in RFC 1542. DHCP uses UDP as its transport protocol. The client sends messages to the server on port 67 and the server sends m e ss a ges to [...]
-
Seite 154
Alteon OS Application Guide 154 Chapter 8: Basic IP Routing 42C4911, January 2007 DHCP Relay A gent C onfigura tion T o enable the GbE Switch Module to be the BOOTP forwarder, you n eed to configure the DHCP/BOOTP server IP addresses on the switch. Y ou generally configure the IP interface on the client side to mat ch the client’ s subnet, an[...]
-
Seite 155
42C4911, January 2007 155 C HAPTER 9 Routing Informa t ion Pr otoc ol In a routed environment, rout ers communicate with one anothe r to keep track of available routes. Routers can learn about available rout es dynamically using the Ro uting Informat ion Protocol (RIP). Alteon OS software supp orts RIP version 1 (RIPv1) and RIP version 2 (RIPv2) fo[...]
-
Seite 156
Alteon OS Application Guide 156 Chapter 9: Routing Inform ation Protocol 42C4911, January 2007 Routing Updates RIP sends routing-update messages at regular in tervals and when the network topolo gy changes. Each router “advertises ” routing information by sending a rou ting informatio n update every 30 seconds. If a router doesn’t receive[...]
-
Seite 157
Alteon OS Application Guide Chapter 9: Routing Info rmation Protocol 157 42C4911, Januar y 2007 RIPv2 in RIPv1 compatibility mode Alteon OS allows you to configure RIPv2 in RIPv1com patibility mod e, for using both RIPv 2 and RIPv1 routers within a network. In this mo de, th e regular routing updates use broadcast UDP data packet to allow RIPv1[...]
-
Seite 158
Alteon OS Application Guide 158 Chapter 9: Routing Inform ation Protocol 42C4911, January 2007 Default The RIP router can listen and supply a default rout e, usually represented as 0.0.0.0 in the rout- ing table. When a router does not have an expli c it ro ute to a destination network in its routing table, it uses the default r oute to forward[...]
-
Seite 159
Alteon OS Application Guide Chapter 9: Routing Info rmation Protocol 159 42C4911, Januar y 2007 1. Add VLANs for routing interfaces. 2. Add IP interfaces to VLANs. 3. T urn on RIP globally and enable RIP for each interface. Use the /maint/route/dump command to check th e current valid routes in the routing table of the switch. For those RIP lea[...]
-
Seite 160
Alteon OS Application Guide 160 Chapter 9: Routing Inform ation Protocol 42C4911, January 2007[...]
-
Seite 161
42C4911, January 2007 161 C HAPTER 10 IGMP Internet Group Management Protocol (IGMP) is used by IP Multicast routers to learn about the existence of host group members on their direct ly attached subnet (see RFC 2236). The IP Multicast routers get this information by broa dcasting IGMP Membersh ip Queries an d listen- ing for IP hosts reporting the[...]
-
Seite 162
Alteon OS Application Guide 162 Chapter 10: IGMP 42C4911, January 2007 IGMP Snooping IGMP Snooping allows the switch to fo rward mu lticast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The switch learn s which server hosts are interested in receiving multicast traffic, an[...]
-
Seite 163
Alteon OS Application Guide Chapter 10: IGMP 163 42C4911, January 2007 IGMP Snooping Co nfigura tion Example This section provides steps to configure IGMP Snooping on the GbESM, using the Command- Line Interface (CLI). Configure IGMP Snooping 1. Configure port and VLAN membership on the switch. 2. T urn on IGMP . 3. Add VLANs to IGMP Snoopi ng [...]
-
Seite 164
Alteon OS Application Guide 164 Chapter 10: IGMP 42C4911, January 2007 These commands display information abou t IGMP Groups and Mrouters learned through IGMP Snooping. Static Multicast Router A static multicast router (Mrou t er) can be configured for a par ticular port on a particular VLAN. A static Mrouter does not have to b e learned thro u[...]
-
Seite 165
Alteon OS Application Guide Chapter 10: IGMP 165 42C4911, January 2007 IGMP Relay The GbESM can act as an IGMP Relay (or IGMP Proxy) device that relays IGMP multicast messages and traffic between an Mrouter and en d stations. IGMP Relay allows the GbESM t o participate in network multicasts with no conf igurati on of the vari ous mu lticast rou[...]
-
Seite 166
Alteon OS Application Guide 166 Chapter 10: IGMP 42C4911, January 2007 C onfigure IGMP Relay Use the following procedure to configure IGMP Relay . 1. Configure an IP interfa ce and assign VLANs. 2. T urn IGMP on. 3. Enable IGMP Relay and add VLANs to the downstr eam network. 4. Configure th e upstre am Mr outers. >> /cfg/l3/if 2 (Select I[...]
-
Seite 167
Alteon OS Application Guide Chapter 10: IGMP 167 42C4911, January 2007 5. Apply and save the configuration. >> Multicast router 2# apply (Apply the configuration) >> Multicast router 2# save (Save the configuration)[...]
-
Seite 168
Alteon OS Application Guide 168 Chapter 10: IGMP 42C4911, January 2007 A dditional IGMP F eatures The following topics are discussed in this section: “FastLeave” on page 168 “IGMP Filtering” on page 168 Fa s t L e a v e In normal IGMP opera ti on, wh en the receives an IGMPv2 leave message, it sends a Group- Specific Query to de[...]
-
Seite 169
Alteon OS Application Guide Chapter 10: IGMP 169 42C4911, January 2007 Each IGMP Filter allows you to set a st art and e nd point that defines the range of IP addresses upon which the filter takes action. Each IP address in the range must be between 224.0.1.0 and 239.255.255.255. If yo u choose any as the start point, then th e filter acts upon[...]
-
Seite 170
Alteon OS Application Guide 170 Chapter 10: IGMP 42C4911, January 2007 3. Assign the IGMP filter to a port. >> /cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >>IGMP Filter# port EXT3 (Select port E XT3) >>IGMP Port EXT3# filt ena (Enable IGMP Filtering on th e port) Current port EXT3 filtering: disable d New port EXT3 filte[...]
-
Seite 171
42C4911, January 2007 171 C HAPTER 11 Border Gate wa y Pr otocol Border Gateway Protocol (BGP) is an Internet protocol that enab les routers on a network to share and advertise routing info rmation with each other about th e segments of the IP address space they can access within their network and with routers on external networks. BGP allows you t[...]
-
Seite 172
Alteon OS Application Guide 172 Chapter 11: Border Gateway Protocol 42C4911, January 2007 Internal Routing V ersus Ex ternal Routing T o ensure effective processing of network traffi c, every router on your network needs to know how to send a packet (d irectly or i ndirectly) to any other lo catio n/destination in your net work. This is referre[...]
-
Seite 173
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 3 42C4911, January 2007 T ypically , an AS has one or more bo rd e r ro u t e r s —peer routers that exchan ge routes with other ASs—and an internal rou ting scheme that enables routers in that AS to reach every other router and destination within that AS. When you adverti[...]
-
Seite 174
Alteon OS Application Guide 174 Chapter 11: Border Gateway Protocol 42C4911, January 2007 Wha t is a Route Map? A route map is used to control and modify routing informati on. Route maps define conditio ns for redistributing routes from one rou ting protocol to an oth er or controlling routi ng informa- tion when injecting it in and out of BG P[...]
-
Seite 175
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 5 42C4911, January 2007 Figure 1 1-2 Distributing Network Filters in Access List s and Route Maps Incoming and Outgoing Route Maps Y o u can have two ty pes of route maps: incoming and outgoing. A BGP peer router can be con- figured to support up to eight rou te maps in th e i[...]
-
Seite 176
Alteon OS Application Guide 176 Chapter 11: Border Gateway Protocol 42C4911, January 2007 Prec edenc e Y o u can set a priority to a route map by specifying a precedence valu e with the following command: The smaller the value the higher the precedence. If two route maps have the same precedence value, the smaller numb er has higher precedence.[...]
-
Seite 177
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 7 42C4911, January 2007 3. (Optional) Configur e the attrib utes in the AS filter menu. 4. Set up the BGP attributes. If you want to overwrite the attributes th at the peer router is sending, then define the following BGP attributes: Specify the AS numbers that yo u want t[...]
-
Seite 178
Alteon OS Application Guide 178 Chapter 11: Border Gateway Protocol 42C4911, January 2007 A ggregating Rout es Aggregation is the process of co mbining several different routes in such a way that a single route can be advertised, which minimizes the size of the routing tabl e. Y ou can configure aggregate routes in BGP either by redistributing [...]
-
Seite 179
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 9 42C4911, January 2007 Redistributing Routes In addition to running mult iple routi ng prot ocols simu ltan eously , Alteon OS software can redistribute informatio n from one routing protocol to another . For example, you can instruct the switch to use BGP to readvertise stat[...]
-
Seite 180
Alteon OS Application Guide 180 Chapter 11: Border Gateway Protocol 42C4911, January 2007 BGP A ttributes The following two BGP attributes are discussed in this section: Local preference and metric (Multi-Exit D iscriminator). Local P refer ence A ttribute When there are multiple paths to the same destin ation, the local prefer ence attribut e [...]
-
Seite 181
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 18 1 42C4911, January 2007 Selec ting Route Pa ths in BGP BGP selects only on e path as the b est path. It does not rely on metrics attribut es to determ ine the best path. When the same network is lear ned via more than one BGP peer , BGP uses its policy for selecting the best r[...]
-
Seite 182
Alteon OS Application Guide 182 Chapter 11: Border Gateway Protocol 42C4911, January 2007 BGP F ailover C onfiguration Use the following example to create redundant default gateways for a GbE Switch Module at a W eb Host/ISP sit e, eliminating the p ossibility , should one gat eway go down, that request s will be forwarded to an upstream router[...]
-
Seite 183
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 18 3 42C4911, January 2007 1. Define the VLANs. For simplicity , both default gatew ays are configur ed in the same VLAN in this example. The gateways could be in the same VLA N or different VLANs . 2. Define the IP interfaces. The switch will need an IP interface for each defaul[...]
-
Seite 184
Alteon OS Application Guide 184 Chapter 11: Border Gateway Protocol 42C4911, January 2007 4. Configure BGP peer r outer 1 and 2. Peer 1 is the primary gateway router . Peer 2 is configured with a metric of “3.” The metric option is key to ensuring gateway traffic is directed to Peer 1, as it will make Peer 2 appear to be three router hops a[...]
-
Seite 185
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 18 5 42C4911, January 2007 Default Redistribution and Route A ggrega tion Example This example shows you how to configure the sw itch to redistribute information from one routing protocol to another and create an aggregate rou te entry in the BGP routing table to min- imize the s[...]
-
Seite 186
Alteon OS Application Guide 186 Chapter 11: Border Gateway Protocol 42C4911, January 2007 3. Configure internal peer r outer 1 and external peer router 2. 4. Configure r edistribution for Peer 1. 5. Configure aggr egation policy control. Configure the routes that you want aggregated. >> # /cfg/l3/bgp/peer 1 (Select internal peer r outer 1[...]
-
Seite 187
42C4911, January 2007 187 C HAPTER 12 OSPF Alteon OS supports the Open Shortest Path First (OSPF) routin g protocol. The Alteon OS implementation conforms to the OSPF versio n 2 specifications detailed in Internet RFC 1583. The following sections discuss OSPF support for the GbE Switch Module: “OSPF Overview” on page 188 . This section prov[...]
-
Seite 188
Alteon OS Application Guide 188 Chapter 12: OSPF 42C4911, January 2007 OSPF Over view OSPF is designed for routing traffic within a single IP domain called an Autonomou s System (AS). The AS can be divided into smaller logical units kn own as ar eas . All routing devices m aintain link in formation in their own Link State Database (LSDB ). The [...]
-
Seite 189
Alteon OS Application Guide Chapter 12: OSPF 189 42 C4911, Januar y 2007 T ransit Area—an area that allows area summ ary information to be exchanged between routing devices. Th e backbone (a rea 0), any area that contains a virtual link to connect two areas, and any area that is no t a stub area or an NSSA ar e considered transit areas. F[...]
-
Seite 190
Alteon OS Application Guide 190 Chapter 12: OSPF 42C4911, January 2007 T ypes of OSPF Routing Devices As shown in Figure 12-2 , OSPF uses the followin g types of routing devices: Internal Router (IR)—a router that has all of its inte rfaces within the same area. IRs main- tain LSDBs identical to those of other routing devices with in the [...]
-
Seite 191
Alteon OS Application Guide Chapter 12: OSPF 191 42 C4911, Januar y 2007 Neighbors and Adjac encies In areas with two or more routin g devi ces, neigh bors and adjacencies are formed. Neighbors are routing devices that ma intain information about each others’ health. T o establish neighbor relationships, routing devices periodically send he l[...]
-
Seite 192
Alteon OS Application Guide 192 Chapter 12: OSPF 42C4911, January 2007 The Shortest Path F irst T ree The routing devices use a link-state algorithm (Dijk stra’ s algori thm ) to calculate the shortest path to all known destinations, based on the cumu lati ve cost required to reach the destination. The cost of an individual interface in OSPF [...]
-
Seite 193
Alteon OS Application Guide Chapter 12: OSPF 193 42 C4911, Januar y 2007 OSPF Implementation in A lteon OS Alt eon O S supports a single instance of OSPF and up to 4 K routes on the network. The follow - ing sections describe O SPF implementation in Alte on OS: “Configurable Parameters” on page 193 “Defining Areas” on page 194 ?[...]
-
Seite 194
Alteon OS Application Guide 194 Chapter 12: OSPF 42C4911, January 2007 Defining Areas If you are configuring multiple areas in yo ur OSPF domain, one of the areas must be desig- nated as area 0, known as the backbone . The backbone is the central OSPF area and is usually physically connected to al l other areas. The areas inject rout ing i nfor[...]
-
Seite 195
Alteon OS Application Guide Chapter 12: OSPF 195 42 C4911, Januar y 2007 Using the Area ID to A ssi gn the OSPF Area Number The OSPF area number is defined in the areaid <IP addr ess> option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF net- work vendors. There are two valid [...]
-
Seite 196
Alteon OS Application Guide 196 Chapter 12: OSPF 42C4911, January 2007 Inter face C ost The OSPF link-state algorithm (Dij kstra’ s algorithm) places each ro uting device at the root of a tree and determines the cumulative cost required to reach each destination. Usually , the cost is inversely proportional to the bandwidth of the interface. [...]
-
Seite 197
Alteon OS Application Guide Chapter 12: OSPF 197 42 C4911, Januar y 2007 Default Routes When an OSPF routi ng device encounters traffic for a destin ation address it does not recog- nize, it forwards that traffic along the default r oute . T ypically , the default route leads upstream toward the backbone until it reaches th e intended area or a[...]
-
Seite 198
Alteon OS Application Guide 198 Chapter 12: OSPF 42C4911, January 2007 The OSPF default route configuration can be removed with the command: V irtual Links Usually , all areas in an OSPF AS are physical ly connected to the backbone. In some cases where this is not possible, you can use a virtual link . V irtual links are cr eated to connect one[...]
-
Seite 199
Alteon OS Application Guide Chapter 12: OSPF 199 42 C4911, Januar y 2007 Router ID Routing devices in OSPF areas are identified by a router ID. The router ID is expressed in IP address format. The IP address of the router ID is not required to be included in any IP inter- face range or in any OSPF area. The router ID can be configured in one of[...]
-
Seite 200
Alteon OS Application Guide 200 Chapter 12: OSPF 42C4911, January 2007 Figure 12-4 shows authentication config ured for area 0 with the pa ssword test. Simple authen- tication is also con figured for the virt ual link between area 2 and area 0. Area 1 is not config- ured for OSPF authentication. Figure 12-4 OSPF Authentication T o configure sim[...]
-
Seite 201
Alteon OS Application Guide Chapter 12: OSPF 201 42 C4911, Januar y 2007 3. Enable OSPF authenti ca tion for Ar ea 2 on switch 4. 4. Configure a simple t ext passwor d up to eight charac ters for the virtual link between Area 2 and Area 0 on switches 2 and 4. Use the following commands to configure MD 5 authentication on the switches shown in F[...]
-
Seite 202
Alteon OS Application Guide 202 Chapter 12: OSPF 42C4911, January 2007 6. Assign MD5 key ID to OSPF virt ual link on switches 2 and 4. Host Routes for Lo ad Balancing Alteon OS implementati on of OSPF includes host rout es. Host ro utes are used for advertising network device IP addresses to external networks, accomplishing the following goals:[...]
-
Seite 203
Alteon OS Application Guide Chapter 12: OSPF 203 42 C4911, Januar y 2007 OSPF F eatur es Not Suppor ted in This Release The following OSPF features are not supported in this release: Summarizing external routes Filtering OSPF routes Using OSPF to forward multicast routes Configuring OSPF on non-b road cast multi-acce ss networks[...]
-
Seite 204
Alteon OS Application Guide 204 Chapter 12: OSPF 42C4911, January 2007 OSPF C onfiguration Examples A summary of the basic steps for configuring OSPF on the GbE S wit ch Mod ule is listed here. Detailed instructions for each of the step s is covered in the following sections : 1. Configure IP interfaces. One IP interface is required for each de[...]
-
Seite 205
Alteon OS Application Guide Chapter 12: OSPF 205 42 C4911, Januar y 2007 Example 1: Simple OSPF Domain In this example, two OSPF areas are defined—one area is the backbone and the other is a stub area. A stub area does not allow advertisements of exte rnal routes, thus reducing the size of the database. Instead, a default summary rou te of IP[...]
-
Seite 206
Alteon OS Application Guide 206 Chapter 12: OSPF 42C4911, January 2007 3. Define the backbone. The backbone is always confi gured as a transit area using areaid 0.0.0.0 . 4. Define the stub ar ea. 5. Attach the network int e rface to the backbone. 6. Attach the network int erf ace to the stub area. 7. Apply and save the co nfiguration changes. [...]
-
Seite 207
Alteon OS Application Guide Chapter 12: OSPF 207 42 C4911, Januar y 2007 Example 2: V irtual Links In the example shown in Figure 12-6 , area 2 is not physically connect ed to the backbone as is usually required. Instead, area 2 will be connected to the backbo ne via a virtual link through area 1. The virtual link must be configured at each end[...]
-
Seite 208
Alteon OS Application Guide 208 Chapter 12: OSPF 42C4911, January 2007 4. Define the backbone. 5. Define the transit area. The area that contains the virtual link must be configured as a transit area. 6. Attach the network int e rface to the backbone. 7. Attach the network int erf ace to the transit area. 8. Configure the virtual link. The nbr [...]
-
Seite 209
Alteon OS Application Guide Chapter 12: OSPF 209 42 C4911, Januar y 2007 Configuring OSPF f or a V ir tual Link on Switch #2 1. Configure IP interfaces on each network that will be attached to OSP F areas. T wo IP interfaces are needed on Switch #2: one for the transit area ne twork on 10.10.12.0/24 and one for the stub area network on 10.10.24[...]
-
Seite 210
Alteon OS Application Guide 210 Chapter 12: OSPF 42C4911, January 2007 6. Define the stub ar ea. 7. Attach the network int e rface to the backbone. 8. Attach the network int erf ace to the transit area. 9. Configure the virtual link. The nbr router ID configured in this step mu st be the same as the router ID that was config- ured for switch #1[...]
-
Seite 211
Alteon OS Application Guide Chapter 12: OSPF 211 42 C4911, Januar y 2007 Example 3: Summarizing Routes By default, ABRs advertise all the network a ddresses from one area into another area. Route summarization can be used for consolidating advertised addres ses and reducin g the percei ved complexity of the network. If the network IP addresses [...]
-
Seite 212
Alteon OS Application Guide 212 Chapter 12: OSPF 42C4911, January 2007 Follow this procedure to config ure OSPF support as shown in Figure 12-7 : 1. Configure IP interfaces for each network which will be attached to OSPF ar eas. 2. Enable OSPF . 3. Define the backbone. 4. Define the stub ar ea. 5. Attach the network int e rface to the backbone.[...]
-
Seite 213
Alteon OS Application Guide Chapter 12: OSPF 213 42 C4911, Januar y 2007 7. Configure r oute summariza tion by specifying the starting address and mask of the range of addres ses to be summarized. 8. Use the hide command to preven t a range of addr es ses fr om advertising to the backbone. 9. Apply and save the configuration changes. V erifying[...]
-
Seite 214
Alteon OS Application Guide 214 Chapter 12: OSPF 42C4911, January 2007[...]
-
Seite 215
42C4911, January 2007 Pa r t 3 : H i g h A v a i l a b i l i t y Fu n d a m e n t a l s Internet traffic consists of my riad services and applications which use the Internet Protocol (IP) for data delivery . However , IP is not optimized for all the various application s . Hig h A vailabil ity goes beyond IP and makes intelligen t switching decisi [...]
-
Seite 216
Alteon OS Application Guide 216 42C4911, January 2007[...]
-
Seite 217
42C4911, January 2007 217 C HAPTER 13 High A vailability GbE Switch Modules support high-availabil ity network top ologies through an en hanced implementation of the V irtual Router Redund ancy Prot ocol (VRRP). The following topics are discussed in this chapter: “Layer 2 Failover” on page 218 . This section discusses trunk failover without[...]
-
Seite 218
Alteon OS Application Guide 218 Chapter 13: High Availability 42C4911, January 2007 Lay er 2 F ailov er The primary application for Layer 2 Failover is to support Network Adapter T eaming. W i th Network Adapter T eaming, the NICs on each server all share th e same IP address, and are configured into a team. One NIC is the primary link, and the[...]
-
Seite 219
Alteon OS Application Guide Chapter 13: High Availability 2 19 42C4911, January 2007 Setting the F ailover Limit The failover limit lets you specify the minimum num ber of operational links required within each trigger before the trigger initiates a failover event. Fo r example, if the limit is two ( /cfg/l2/failovr/trigger x/limit 2 ), a failo[...]
-
Seite 220
Alteon OS Application Guide 220 Chapter 13: High Availability 42C4911, January 2007 C onfiguration Guidelines This section provides important inform ation about configuri ng L2 Fai lover: A failover trigger can monitor multiple static trunks or a single LACP key , but not both. W i th VLAN Monitor on, the fo llowing addit ion al guideli[...]
-
Seite 221
Alteon OS Application Guide Chapter 13: High Availability 2 21 42C4911, January 2007 Figure 13-2 shows a configuration with two trunks, each in a di fferent Failover T r igger . GbESM 1 is the primary switch for Server 1 and Server 2. GbESM 2 is the primary switch for Server 3 and Server 4. VLAN Monitor is turned on. STP is turned off. If all l[...]
-
Seite 222
Alteon OS Application Guide 222 Chapter 13: High Availability 42C4911, January 2007 Figure 13-3 shows a config urat ion with two trunks. VLA N Moni tor is tu rned off, so only one Failover T rigger is configured on each switch. GbESM 1 is the primary s witch for Server 1 and Server 2. GbESM 2 is the prim ary switch for Se rver 3 and Server 4. S[...]
-
Seite 223
Alteon OS Application Guide Chapter 13: High Availability 2 23 42C4911, January 2007 C onfiguring T runk F ailover The following procedure pertains to example 1, as shown in Figure 1 3-1 . 1. Configure Network Adapter T eaming on the servers. 2. Define a trunk gr oup on the GbESM. 3. Configure Failov er parameters. 4. Apply and verify the confi[...]
-
Seite 224
Alteon OS Application Guide 224 Chapter 13: High Availability 42C4911, January 2007 VRRP Overview In a high-availabili ty netw ork topology , no de vice can create a si ngl e point-of-failure fo r the network or force a single point-of-failure to a ny other part of the netw ork. This means that your network will remain in service despite the fa[...]
-
Seite 225
Alteon OS Application Guide Chapter 13: High Availability 2 25 42C4911, January 2007 There is no requirement for any VRRP router to be the IP addr ess owner . Most VRRP installa- tions choose not t o implement an IP address owne r . For the purposes of this chapter , VRRP routers that are not the IP address owner are called re n t e r s . Maste[...]
-
Seite 226
Alteon OS Application Guide 226 Chapter 13: High Availability 42C4911, January 2007 VRRP Operation Only the virtual router master responds to ARP req uests. Therefore, the upst ream routers only forward packets destined to the master . The mast er also responds to ICMP ping requests. The backup does not forward any traffic, nor does it respond [...]
-
Seite 227
Alteon OS Application Guide Chapter 13: High Availability 2 27 42C4911, January 2007 Fa i l o v e r M e t h o d s W ith service availability becomi ng a major concern on the In ternet, service providers are increasingly deploying Internet traffic control devices, such as application switche s, in red un- dant configurations. T raditionally , t [...]
-
Seite 228
Alteon OS Application Guide 228 Chapter 13: High Availability 42C4911, January 2007 Active-Ac tive Redundancy In an active-active conf iguration, shown in Figur e 13-5 , two switches provide redundancy fo r each other , with both active at the same time. E ach switch processes traffic on a diff erent sub- net. When a failure occurs, the remaini[...]
-
Seite 229
Alteon OS Application Guide Chapter 13: High Availability 2 29 42C4911, January 2007 Hot-Standby Redundancy The primary application for VRRP-based hot-standby is to support Server Load Balanc ing when you have configured Network Adapter T eam ing on your server blades. With Network Adapter T eaming, the NICs on each server share the same IP add[...]
-
Seite 230
Alteon OS Application Guide 230 Chapter 13: High Availability 42C4911, January 2007 Alteon OS extensions to VRRP This section describes the following VRRP enha ncements that are implemented in Alteon OS: T racking VRRP Router Priority T racking VRRP Router Priority Alteon OS supports a tracking function that dynam ically modifies the priori[...]
-
Seite 231
Alteon OS Application Guide Chapter 13: High Availability 2 31 42C4911, January 2007 V ir tual Router Deplo yment C onsiderations Review the following issues described in this section to prevent ne twork problem s when deploying virtual routers: Assigning VRRP V irtual Router ID Configuring the Switch for Tracking Assigning VRR P V ir t[...]
-
Seite 232
Alteon OS Application Guide 232 Chapter 13: High Availability 42C4911, January 2007 The user can implement this behavior by config uri ng the swit ch for tracking as follows: 1. Set the priority for switch 1 to 101. 2. Leave the priority for switch 2 at the default value of 100. 3. On both switches, enable tracking based on ports ( ports ), int[...]
-
Seite 233
Alteon OS Application Guide Chapter 13: High Availability 2 33 42C4911, January 2007 High A vailability C onfigurat ions GbE Switch Modules offer flexibility in implementin g redundant configuratio ns. This section discusses the more useful and easily deployed configuration s : “Active-Active Confi guration” on page 233 “Hot-Stand[...]
-
Seite 234
Alteon OS Application Guide 234 Chapter 13: High Availability 42C4911, January 2007 T ask 1: Configure GbESM 1 1. Configure clien t and server interfaces. 2. Configure th e defa ult gat e ways. Each default gateway points to a Layer 3 rou t e r . /cfg/l3/if 1 (Select interf ace 1) >> IP Interface 1# addr 192.168.1.10 0 (Define IP addr ess[...]
-
Seite 235
Alteon OS Application Guide Chapter 13: High Availability 2 35 42C4911, January 2007 3. T urn on VRRP and configure tw o V irtual Interface Routers. 4. Enable tracking on ports. Set the priority of V irtual Router 1 to 101, so that it becomes the Master . 5. Configure ports . 6. T urn off Spanning T ree Protocol globally . /cfg/l3/vrrp/on (T ur[...]
-
Seite 236
Alteon OS Application Guide 236 Chapter 13: High Availability 42C4911, January 2007 T ask 2: Configure GbESM 2 1. Configure clien t and server interfaces. 2. Configure th e defa ult gat e ways. Each default gateway points to a Layer 3 rou t e r . /cfg/l3/if 1 (Select interf ace 1) >> IP Interface 1# addr 192.168.1.10 1 (Define IP addr ess[...]
-
Seite 237
Alteon OS Application Guide Chapter 13: High Availability 2 37 42C4911, January 2007 3. T urn on VRRP and configure tw o V irtual Interface Routers. 4. Enable tracking on ports. Set the priority of V irtual Router 2 to 101, so that it becomes the Master . 5. Configure ports . 6. T urn off Spanning T ree Protocol glob ally . Apply and save chang[...]
-
Seite 238
Alteon OS Application Guide 238 Chapter 13: High Availability 42C4911, January 2007 Hot-Standby C onfigura tion The primary application for VRRP-based hot-sta ndby is to support Network Adapter T eaming on your server blades. W ith Network Adapter T eaming, the NICs on each server share the same IP address, and are configured into a t eam. One [...]
-
Seite 239
Alteon OS Application Guide Chapter 13: High Availability 2 39 42C4911, January 2007 Figure 13-8 illustrates a com mon hot-standby implementat ion on a singl e blade server . Noti ce that the BladeCenter server NICs are configured into a team th at shares the same IP address across both NICs. Because only one link can be active at a time, the h[...]
-
Seite 240
Alteon OS Application Guide 240 Chapter 13: High Availability 42C4911, January 2007 2. Configure V irtual Interface Routers. 3. Enable VRRP Hot S t andby . 4. Configure VRRP Group parameters. Set the VRRP priority to 101, so that this switch is the Master . 5. T urn off Spanning T ree Protocol gl obally . Apply and save changes. /cfg/l3/vrrp/on[...]
-
Seite 241
Alteon OS Application Guide Chapter 13: High Availability 2 41 42C4911, January 2007 T ask 2: Configure GbESM 2 1. On GbESM 1, configure the int erfaces for clients (174.14.20. 1 1 1) and serv ers (10.1.1. 1 1 1 ). 2. Configure V irtual Interface Routers. 3. Enable VRRP Hot S t andby . 4. Configure VRRP Gr oup parameters. Use the defa ult VRRP [...]
-
Seite 242
Alteon OS Application Guide 242 Chapter 13: High Availability 42C4911, January 2007 5. T urn off Spanning T ree Protocol gl obally . Apply and save changes. /cfg/l2/stg 1/off (T urn off Spanning T r ee) >> Spanning Tree Group 1# apply (Apply changes) >> Spanning Tree Group 1# save[...]
-
Seite 243
42C4911, January 2007 P ar t 4: Appendices This section describes the following topi cs: T roubleshooting RADIUS Server Configuration N otes Glossary[...]
-
Seite 244
Alteon OS Application Guide 244 42C4911, January 2007[...]
-
Seite 245
42C4911, January 2007 245 A PPENDIX A T roubleshooting This section discusses some tools to help you troubleshoo t com mon problems on the GbE Switch Modul e: “Monitoring Ports” on page 246[...]
-
Seite 246
Alteon OS Application Guide 246 Appendix A: Troubles hooting 42C4911, January 2007 Monitoring P or ts The port mirroring feature in the Alteon O S allows you to attach a sniffer to a monitoring port that is configured to receive a copy of all p ackets that are forwarded from the mirrored port. Alteon OS enables you to mirror port traffic for al[...]
-
Seite 247
Alteon OS Application Guide Appendix A: Troubleshooting 247 42C4911, January 2007 N OTE – T raffic on VLAN 4095 is not mirrored to the external ports. P ort Mirroring behavior This section describes the compo sition of monitored p ackets in the GbE Switch Module, based on the configuration of the ports. If a tagged port's PVID is the sam[...]
-
Seite 248
Alteon OS Application Guide 248 Appendix A: Troubles hooting 42C4911, January 2007 Lay er 3 P ort M irroring (Monitoring Port and Egress P or t in the same GEA) In this scenario, you observe Layer 3 port mirroring on an egress port, and both the egress port and the monitoring port are in the same Gigabit Eth ernet Aggregator (GEA) unit. T o fin[...]
-
Seite 249
Alteon OS Application Guide Appendix A: Troubleshooting 249 42C4911, January 2007 Laye r 3 P or t Mirroring (Both P orts in Different GEAs) In this scenario, you ob serve Layer 3 port mirroring on an egress port, but the egress port and the monitoring port reside on different Gigabit Ethernet Aggregato r (GEA) units. T o find out which GEA unit[...]
-
Seite 250
Alteon OS Application Guide 250 Appendix A: Troubles hooting 42C4911, January 2007 Lay er 3 P ort M irroring (MP P ackets, Both P or ts in the Same GEA) MP packets are generated by the management pr ocessor , such as routing packets between direct interfaces. In this scenario, the mirrored port and the monitoring port reside on the same Gigabit[...]
-
Seite 251
Alteon OS Application Guide Appendix A: Troubleshooting 251 42C4911, January 2007 C onfiguring P or t Mirroring T o configu re port mi rrori ng for the example sho wn in Figure A-1 , 1. Specify the monitoring port. 2. Select the ports that you want to mirror . 3. Enable port mirroring. 4. Apply and save the configuration. >> # /cfg/pmirr/[...]
-
Seite 252
Alteon OS Application Guide 252 Appendix A: Troubles hooting 42C4911, January 2007 5. V iew the curr ent configuration. >> PortMirroring # cur (Display the current settings) Port mirroring is enabled Monitoring Ports Mirrored Ports INT1 none INT2 none INT3 none INT4 none INT5 none ----- ----- ----- EXT1 none EXT2 none EXT3 (EXT1, in) (EXT[...]
-
Seite 253
42C4911, January 2007 253 A PPENDIX B RADIUS S er v er C onfiguration Not es Use the following informatio n to modify your RADIUS configuration files for the Nortel Networks BaySecure Access Cont rol RADIUS server , to provide authenti cation for users of the GbE Switch Modul e. 1. Create a dictionary file called alteon.dct , with the following con[...]
-
Seite 254
Alteon OS Application Guide 254 Appendix B: RADIUS Server Configuration Notes 42C4911, January 2007 2. Open the dictiona.dcm file, and add the following line (as in the example): @alteon.dct 3. Open the vendor file ( vendor.ini ), and add th e following data to the V endor -Pr oduct identification list: vendor-product = Alteon Blade-server [...]
-
Seite 255
42C4911, January 2007 255 Glossar y DIP (Destination IP Addr ess) The destination IP address of a frame. Dport (Destination Po r t ) The destination port (applic ation socket: for example, http-80/https-443/DNS-53) NA T (Network Address T ranslation) Any time an IP address is cha nged from one source IP or dest ination IP address to another address[...]
-
Seite 256
Alteon OS Application Guide 256 Glossary 42C4911, January 2007 Vi r t u a l R o u te r A shared address between two devices utiliz ing VRRP , as defined in RFC 2338. One vir- tual router is associa ted with a n IP interfa ce. This is one of t he IP in terfaces t hat the switch is assigned. All IP interfa ces on the GbE Switch Modules must be in[...]
-
Seite 257
42C4911, January 2007 257 Inde x Symbols ............. .............. .............. .............. ............ ..... 161 [ ] ........................ ........... ............... .............. ....... 18 Numerics 802.1Q VLAN tagging ................. .............. .......... 80 A accessing the switch LDAP ............. ........... ..............[...]
-
Seite 258
Alteon OS Application Guide 258 Index 42C4911, January 2007 F Failover ......................... .............. .............. ........218 failover overview ................... .............. .............. .....227 fault tolerance port trunking .............. .............. .............. .......95 fragmenting jumbo frames ....... ............[...]
-
Seite 259
Alteon OS Application Guide Index 259 42C4911, January 2007 O OSPF area types .................... .............. .............. ... 188 authentication ...... .............. .............. ........... 199 configuration examples .................. ...... 205 to ?? default route ................... .............. .............. 197 external route[...]
-
Seite 260
Alteon OS Application Guide 260 Index 42C4911, January 2007 segments. See IP subnets. service ports ..................... .............. ........... ........127 SNMP ................ .............. .............. .............36, 193 HP-OpenView ...................... .............. ..........36 spanning tree configuration rules ...............[...]