Blade ICE G8124-E manuel d'utilisation
- Voir en ligne ou télécharger le manuel d’utilisation
- 388 pages
- 3.15 mb
Aller à la page of
Les manuels d’utilisation similaires
-
Computer Accessories
Blade ICE G8000
28 pages 0.72 mb -
Mobility Scooter
Blade ICE 831.48853
4 pages 0.27 mb -
Personal Computer
Blade ICE G8124-E
388 pages 3.15 mb -
Switch
Blade ICE BMD00178
32 pages 0.14 mb -
Switch
Blade ICE G8124
28 pages 1.26 mb -
Switch
Blade ICE G8000
145 pages 1.21 mb -
Personal Computer
Blade ICE G8124
388 pages 3.15 mb -
Switch
Blade ICE BMD00098
26 pages 0.12 mb
Un bon manuel d’utilisation
Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Blade ICE G8124-E. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Blade ICE G8124-E ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.
Qu'est ce que le manuel d’utilisation?
Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Blade ICE G8124-E décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.
Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.
Donc, ce qui devrait contenir le manuel parfait?
Tout d'abord, le manuel d’utilisation Blade ICE G8124-E devrait contenir:
- informations sur les caractéristiques techniques du dispositif Blade ICE G8124-E
- nom du fabricant et année de fabrication Blade ICE G8124-E
- instructions d'utilisation, de réglage et d’entretien de l'équipement Blade ICE G8124-E
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes
Pourquoi nous ne lisons pas les manuels d’utilisation?
Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Blade ICE G8124-E ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Blade ICE G8124-E et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Blade ICE en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Blade ICE G8124-E, comme c’est le cas pour la version papier.
Pourquoi lire le manuel d’utilisation?
Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Blade ICE G8124-E, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.
Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Blade ICE G8124-E. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.
Table des matières du manuel d’utilisation
-
Page 1
2051 Mis sio n C ollege Blv d. Santa Clar a, CA 95 05 4 www .blade networ k.net BLAD EOS ™ 6.5 Application Guide RackSwitch ™ G812 4/G8124-E Part Num ber: BMD002 20, Octobe r 2010[...]
-
Page 2
BLADEOS 6.5.2 Application Guid e 2 BMD00220 , October 2010 Copyri ght © 201 0 BLADE Netw ork T echno logies , Inc. , 2051 Mi ssion Col lege Bl vd., Sant a Clara , California , 95054, USA. All ri ghts reserved. P art Number: BMD00 220. This do cument is p rotec ted by co pyright a nd dist ributed un der lic enses re strictin g its u se, copyin g, d[...]
-
Page 3
BMD00220 , October 2010 3 Content s Preface 17 Who Should Use This Guide 17 What You’l l Find in This Guide 17 Additiona l Refer ences 20 Typograph ic Conven tions 21 How to Get Help 22 Part 1: Getting Start ed 23 Chapter 1: Switch Administ ration 25 Administr ati on Interface s 25 Command Line I nterface 2[...]
-
Page 4
BLADEOS 6.5.2 Application Guid e 4 Conte nts BMD00220 , October 2010 Chap te r 2 : Ini ti al Se tu p 41 Informati on Needed for Setup 41 Default Setup Opti ons 42 Stopping an d Restarting Setup Manually 42 Setup Part 1: Basic System Configurat ion 43 Setup Part 2: Port Configur ation 44 Setup Part 3: VLANs 46 Setup P[...]
-
Page 5
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Contents 5 Chapter 4: Authenti cati on & Authorization Protocols 65 RADIUS Authenticat ion and Authorizati on 65 How RADIUS Authentication Works 66 Configuring RADIUS on the Swi tch 66 RADIUS Authenticat io n Features in BLADEOS 67 Switch User Accounts 68 RADIU[...]
-
Page 6
BLADEOS 6.5.2 Application Guid e 6 Conte nts BMD00220 , October 2010 Part 3: Switch B asics 85 Chapter 6: VLANs 87 VLANs Overview 88 VLANs and Port VLAN ID Numbers 88 VLAN Numbers 88 PVID Numbers 89 VLAN Tagging 90 VLAN Topologies and Design Considera tions 94 VLAN Configuration Rules 94 Multiple VLANs with T[...]
-
Page 7
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Contents 7 Per-VLAN Spanning Tree Groups 117 Using Multip le STGs to Eliminate Fals e Loops 117 STP/PVST+ Default s and Guidel ines 118 Adding a VLAN to a Spanning Tree Group 118 Creating a VLAN 119 Rules for VLAN Tagged Ports 119 Adding and Removing Ports from STG[...]
-
Page 8
BLADEOS 6.5.2 Application Guid e 8 Conte nts BMD00220 , October 2010 Part 4: Advanced Switch ing Features 145 Chapter 10: Deployment Profil es 147 Available Pr ofiles 14 7 Selec ti ng Pro f ile s 149 Automatic Configur ation Changes 149 Chapter 11: Virtua li zation 151 Chapter 12: Virtua l NICs 153 Defining Serv er P[...]
-
Page 9
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Contents 9 VLAN Maps 176 VM Policy Bandwidth Control 178 VM Policy Bandwidth Control Commands 178 Bandwidth Polici es vs. Bandwi dth Shaping 179 VMready Informat ion Di splays 180 VMready Configura tion Example 184 Chapter 14: FCoE and CEE 187 Fibre Channe l ov[...]
-
Page 10
BLADEOS 6.5.2 Application Guid e 10 Content s BMD00220 , October 2010 Part 5: IP Routing 217 Chapter 15: Basic IP Rout ing 219 IP Routi ng Benefits 219 Routing Between IP Subnets 219 Example of Subnet Routing 221 Using VLANs to Segregate Broadc ast Domai ns 222 Configurati on Example 222 ECMP Static Routes 225 OS[...]
-
Page 11
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Contents 11 Chapter 18: Internet Group Management Prot ocol 249 IGMP Snooping 250 IGMP Groups 251 FastLeave 251 IGMPv3 Snooping 251 IGMP Snooping Configura ti on Example 253 Static Mult ic ast Router 254 IGMP Quer ier 255 IGMP Filteri ng 256 Chapter 19:[...]
-
Page 12
BLADEOS 6.5.2 Application Guid e 12 Content s BMD00220 , October 2010 Interf ace Cos t 281 Electing t he Designated Router and Bac kup 281 Summarizing Routes 281 Default Routes 282 Virtual Links 283 Router ID 283 Authentic ation 28 4 Configuring Plain Text OSPF Passwords 285 Configuring MD5 Auth entication 28[...]
-
Page 13
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Cont ents 13 Part 6: High Availability Fundame ntals 315 Chapter 22: Basic Redundancy 317 Trunking for Link Redundanc y 317 Hot Links 318 Forward Delay 318 Preemption 318 FDB Update 318 Configurati on Guideline s 319 Configuri ng Hot Lin ks 31 9 Active [...]
-
Page 14
BLADEOS 6.5.2 Application Guid e 14 Content s BMD00220 , October 2010 Part 7: Network Management 3 43 Chapter 25: Link Layer Discovery Proto col 345 LLDP Overview 345 Enabling or Disa bli ng LLDP 346 Global LLDP Setting 346 Transmit and Recei ve Contr ol 346 LLDP Transmit Featur es 347 Schedule d Interval 347 Min[...]
-
Page 15
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Cont ents 15 Part 8: Monitoring 367 Chapter 27: Remote Monitoring 369 RMON Overview 369 RMON Group 1—Stati stics 370 RMON Group 2—Histor y 371 History MIB Objec t ID 371 Configuring RMON History 372 RMON Group 3—Alarms 373 Alarm MIB objects 373 Co[...]
-
Page 16
BLADEOS 6.5.2 Application Guid e 16 Content s BMD00220 , October 2010[...]
-
Page 17
BMD00220 , October 2010 17 Preface The BLADEOS 6.5.2 Application Guide describes how to configu re and use the BLADEOS 6.5 software on the RackSw itch G8124 /G8124-E ( collectively r eferred to as G8124 throu ghout this document). For documentation on inst alling the switch physically , see the Installation Guid e for your G 8124. Who Should Use Th[...]
-
Page 18
BLADEOS 6.5.2 Application Guid e 18 Preface BMD 00220, Octo ber 2010 Part 2: Securing the Switch Chapter 3, “Securing Administration,” descr ibes method s for us ing Secure S hell for administration co nnections, and configuring end-us er access control. Chapter 4, “Authentication & Authorization Protocols ,” describe s diff[...]
-
Page 19
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Pr efac e 19 Part 5: IP Routing Chapter 15, “Basi c IP Rout ing,” descr ibes ho w to configur e the G812 4 for IP rou tin g us in g IP subnets, BOOTP , and DHCP Relay . Chapter 16, “Internet P rot oco l V ersio n 6,” des cribes how to confi gure the G8 124 for IPv6 host ma[...]
-
Page 20
BLADEOS 6.5.2 Application Guid e 20 Preface BMD 00220, Octo ber 2010 Part 8: Monitorin g Chapter 27, “Remote Mo nitoring,” des cribes how to configure the RMON agent on the switch, so that the switch can ex change network monitorin g data. Chapter 28, “sFLOW , described how to use the em bedded sFlo w agent for samp ling net work [...]
-
Page 21
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Pr efac e 21 T ypogr aphic Co nventio ns The following table de scribes the typographic s tyles used in this b ook. Ta b l e 1 T ypograph ic Conventi ons T y pefa ce or Symbol Meaning E xample ABC123 This type is used for names of commands, files, and directories used within the text. V i[...]
-
Page 22
BLADEOS 6.5.2 Application Guid e 22 Preface BMD 00220, Octo ber 2010 How to Get Hel p If you n eed help, service, or technical assi stance, call BLADE Network T echnologies T echnical Suppor t: US toll fr ee calls: 1-800 -414-5268 International calls: 1-408-834-7871 Y o u also can vis it our web s ite at the follo wing address: http://www.blade[...]
-
Page 23
BMD00220 , October 2010 23 Part 1: Getting S t arted[...]
-
Page 24
BLADEOS 6.5.2 Application Guid e 24 Part 1: Ge tting S t arted BMD002 20, October 2010[...]
-
Page 25
BMD00220 , October 2010 25 C HAPTER 1 Switch Administration Y o ur RackSwitch G8124 (G8124 ) is ready to per form basic s witching func tions right ou t of the box. Some of the mor e advanced features , however , require som e administrative configuration before they can be us ed eff ectively . The extensive BLADEOS switching software included in t[...]
-
Page 26
BLADEOS 6.5.2 Application Guid e 26 Chapter 1: Switch Administrati on BMD00220 , October 2010 Comma nd Line I nterf ace The BLADEOS Command Line Interface (CLI) prov ides a simple, direct method for switch administration. Us ing a basic terminal, you are presented with an or ganized hier archy of menus, each with logically-related sub- menus an[...]
-
Page 27
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 27 Est ablis hing a Con nection The f actor y def ault se tting s permit initial switch administration through only the built-in serial port. All other forms of access require additional switch configuration before they can be used. Remote access us ing [...]
-
Page 28
BLADEOS 6.5.2 Application Guid e 28 Chapter 1: Switch Administrati on BMD00220 , October 2010 3. Configure a management I P address. The switc h reserves fo ur management interfaces: Using I Pv4: IF 127 support s IPv4 m anagement po rt A and us es IPv4 defaul t gate way 3. IF 128 support s IPv4 m anagement po rt B and u ses IPv4 def[...]
-
Page 29
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 29 Using the Switch Dat a Port s Y o u also can configure in-band manage ment throug h an y of th e swi tch da ta po rts. T o allo w in- band management , use the followi ng procedure: 1. Log on to the switch. 2. Enter IP interface mod e. Note – Interf[...]
-
Page 30
BLADEOS 6.5.2 Application Guid e 30 Chapter 1: Switch Administrati on BMD00220 , October 2010 Note – IPv4 gateway 1 and 2, and IPv6 gateway 1, are used for i n-band data n etworks. I Pv4 and IPv6 g atew ays 3 an d 4 are reser ved f o r out -of-b and m a nage m ent po rts ( see “Using th e Switch Manag eme nt Por ts” on page 27 ). Once you[...]
-
Page 31
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 31 Using Sec ure Shell Although a remote networ k adminis trator can manage the configurat ion of a G8124 vi a T elnet, this method does not provide a secure con nection. The Secure Shell (SSH) pr otocol enables you to securely log into another device ov[...]
-
Page 32
BLADEOS 6.5.2 Application Guid e 32 Chapter 1: Switch Administrati on BMD00220 , October 2010 Using a Web Browser The switch pro vides a Browser -Based Interface (BBI) for access ing the common configuration, management and operatio n features of the G8124 throu gh your W eb browser . By default, BBI access via HTTP is enabled on the s witch. Y[...]
-
Page 33
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 33 3. Generate the HTTPS certificate. Accessing the BBI via HTTPS requ ires that you generate a ce rtificate to be us ed during the key exchange. A default certificate is created the first time HTTPS is enabled, but you can create a new certificate defin[...]
-
Page 34
BLADEOS 6.5.2 Application Guid e 34 Chapter 1: Switch Administrati on BMD00220 , October 2010 BBI Su mmary The BBI is or ganized at a h igh level as follows: Context butt ons —These button s allow you t o select the typ e of action y ou wish to per form. The Conf igur ation button provides access to the configu ration elements for the entire [...]
-
Page 35
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 35 Using Simple N etwork Management Protocol BLADEOS p rovides Si mple Net work Managemen t Protocol (SNMP) vers ion 1, ve rsion 2, and version 3 su pport for access through any n etwork management sof tware, such as IBM Director or HP-OpenV iew . Note ?[...]
-
Page 36
BLADEOS 6.5.2 Application Guid e 36 Chapter 1: Switch Administrati on BMD00220 , October 2010 BOOTP/DHCP Client IP Address Services For remote switch ad ministration, the client terminal device mu st have a valid IP ad dress on the same network as a switch interface. The IP add ress on the client device may be configured manually , or obtained [...]
-
Page 37
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 37 Global BOOT P Relay Agent Config uration T o enable the G8124 to be a B OOTP (or DHCP) forwarder , enable the BOOTP relay feature, configure up to four global BOOTP server IPv4 addresses on the s witch, and enable BOOTP relay on the interface(s) on wh[...]
-
Page 38
BLADEOS 6.5.2 Application Guid e 38 Chapter 1: Switch Administrati on BMD00220 , October 2010 Switch Login Levels T o enable better switch man agemen t and user accountabili ty , three levels or clas ses of user acces s have been implem ented on the G812 4. Levels of access to CL I, W eb management function s, and screens increase as needed to [...]
-
Page 39
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chap ter 1: Switch Adminis tration 39 Setup vs. the Command Li ne Once the admini strator password is v erified, you are given co mplete access to the switch. I f the switch is still set to its factory default conf igur ation, the system will ask wheth er yo u wish to run Setup (see “In[...]
-
Page 40
BLADEOS 6.5.2 Application Guid e 40 Chapter 1: Switch Administrati on BMD00220 , October 2010[...]
-
Page 41
BMD00220 , October 2010 41 C HAPTER 2 Initial Setup T o help with the initial p r ocess of configuring your switch , the BLAD EOS software includes a Setup utility . Th e Setup utility prompts y o u step-by-step to enter all the necessary information for basic configuration of the switch. Whenever y ou log in a s the system a dministrat or under th[...]
-
Page 42
BLADEOS 6.5.2 Application Guid e 42 Chapter 2: Initial Setup BMD002 20, October 2010 Default Setup Options The Setup prompt appears automatically whenever you login as the system administrator und er the factory defau lt sett ings . 1. Connect to the switch. After connecting, the login prompt will appear as shown below . 2. Enter admin as the d[...]
-
Page 43
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 2: Initia l Setup 43 Setup Part 1: Basic System Co nfiguration When Setup is started, the sy stem prompts: 1. Enter y if you will be configuring VLANs. Otherwise enter n . If you d ecide not t o configure VLAN s during thi s sessi on, you can configure them l ater usin g the conf[...]
-
Page 44
BLADEOS 6.5.2 Application Guid e 44 Chapter 2: Initial Setup BMD002 20, October 2010 6. Enter the minute of the current time at the prompt: Enter the minute as a n umber from 00 to 5 9. T o keep the current minute, press <Enter>. 7. Enter the seconds of the current time at the pro mpt: Enter the secon ds as a number from 00 to 59. T o kee[...]
-
Page 45
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 2: Initia l Setup 45 3. Configure Gigabit Ether net port fl ow parameters. The sy stem pro mpts: Enter rx to enable r eceive flow control, tx fo r transmit f low control, both to enable both , or none to turn flow control off for the por t. T o keep the current setting, press <[...]
-
Page 46
BLADEOS 6.5.2 Application Guid e 46 Chapter 2: Initial Setup BMD002 20, October 2010 Setup Part 3: VLANs If you ch ose to ski p VLANs confi guration b ack in Part 2, s kip to “Setup P art 4: IP Co nfiguration” on pa ge 47 . 1. Select the VLA N to configure, or skip VLA N configuratio n at the prom pt: If you wish to change settings for indi[...]
-
Page 47
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 2: Initia l Setup 47 Setup Part 4: IP Config uration The syst em prompts for IPv4 parameters. Although the switch supports bo th IPv4 and IPv6 netw orks, the Setup utility permits only IPv4 configuration. For IPv6 configuration, see “Internet Protocol V ersion 6” on page 229 [...]
-
Page 48
BLADEOS 6.5.2 Application Guid e 48 Chapter 2: Initial Setup BMD002 20, October 2010 4. If configur ing VLANs, specify a VLAN for the inter face. This prompt app ears if you selected to co nfigure VLANs back in Part 1 : Enter the number fo r the VLAN to which the interface belongs, or press <Enter> without specify ing a VLAN number to acc[...]
-
Page 49
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 2: Initia l Setup 49 Default Gateways 1. At the prompt, select an IP default gateway for configuration, or skip default gateway configurat ion: Enter the number for the IP defau lt gateway to be configured. T o sk ip default gateway configurat ion, press <Enter> without typ[...]
-
Page 50
BLADEOS 6.5.2 Application Guid e 50 Chapter 2: Initial Setup BMD002 20, October 2010 Setup Part 5: Final S tep s 1. When prompted, decide whether to res tart Setup or continue: Enter y to restart the Setup utility from the beginning, or n to continue. 2. When prom pted, decide wh ether you wish t o review the conf iguratio n changes: Enter y to[...]
-
Page 51
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 2: Initia l Setup 51 Optional Setup for T elnet Support Note – This step i s optional . Perform this procedure o nly if you are planning o n connectin g to the G8124 through a remote T elnet connection. 1. T elnet is enabled by default. T o chang e the setting, use the followin[...]
-
Page 52
BLADEOS 6.5.2 Application Guid e 52 Chapter 2: Initial Setup BMD002 20, October 2010[...]
-
Page 53
BMD00220 , October 2010 53 Part 2: Securing the Switch[...]
-
Page 54
BLADEOS 6.5.2 Application Guid e 54 Part 2: Secu ring the Sw itch BMD00220 , October 2010[...]
-
Page 55
BMD00220 , October 2010 55 C HAPTER 3 Securing Administration Secure swi tch managem ent is needed fo r environ ments that per form signifi cant manageme nt functions acros s the Internet. Common fu nctions for secur ed management are d escribed in the following sections: “Secure Sh ell and Secu re Copy” on page 55 “End User Access Co[...]
-
Page 56
BLADEOS 6.5.2 Application Guid e 56 Chapter 3: Securing Administrati on BMD00220 , October 2010 Although SSH and SCP are disabled by default, enab ling and using these featur es provides the following benefits: Identifying the administrator using Name/Password Authentication of re mote administrators Authorization of remote administ[...]
-
Page 57
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 3: Securing Adm inistration 57 Configuring the SCP Administrator Password T o configure the SCP-only ad ministr ator password , enter the fo llowing command (the defau lt passw ord i s admin ): Using SSH and SCP Cl ient Commands This section shows th e format for using so me clien[...]
-
Page 58
BLADEOS 6.5.2 Application Guid e 58 Chapter 3: Securing Administrati on BMD00220 , October 2010 T o Load a Switch Configur ati on File from the SCP Host Syntax: Example: T o Apply and Save the Configurat ion When loading a co nfiguration file to the switch, the apply and save commands are still req uired, in order fo r the configuration command[...]
-
Page 59
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 3: Securing Adm inistration 59 T o Copy the Switch Image and Boot Fil es to t he SCP Host Syntax : Example: T o Load Switch Config uration Fil es from th e SCP Host Syntax: Example: SSH and SCP Encryption of Management Messages The following encryptio n and authentication methods [...]
-
Page 60
BLADEOS 6.5.2 Application Guid e 60 Chapter 3: Securing Administrati on BMD00220 , October 2010 Generat ing RSA Host and Server Keys for SSH Access T o support the SSH server feature, two sets of RSA key s (host and server keys) are required . The host key i s 1024 bi ts and is us ed to identi fy the G8124 . The server k ey is 768 bi ts and is [...]
-
Page 61
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 3: Securing Adm inistration 61 SSH/SCP Integration with T ACACS+ Authentication SSH/SCP is integ rat ed with T AC ACS+ authentication. After the T ACACS+ server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified T ACACS+ server[...]
-
Page 62
BLADEOS 6.5.2 Application Guid e 62 Chapter 3: Securing Administrati on BMD00220 , October 2010 End User Acce ss Control BLADEOS allows an administ rator to define end us er accounts that permit end users to perfo rm operation tasks via the switch CLI comman ds. On ce end u ser accou nts are configured an d e nabled, the switch requires usernam[...]
-
Page 63
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 3: Securing Adm inistration 63 The administrator can choose the num ber of days allo wed before each pa ssword expires. When a strong password expires, the user is allowed to log in one last time (last time) to change the password. A warn ing provides advance notice for users to c[...]
-
Page 64
BLADEOS 6.5.2 Application Guid e 64 Chapter 3: Securing Administrati on BMD00220 , October 2010 Listing Current U sers The following co mmand displays defined u ser accounts and whethe r or not each user is cu rrently logged into the switch. Logging in to an End User Account Once an end us er account is configu red and enabled , the user can lo[...]
-
Page 65
BMD00220 , October 2010 65 C HAPTER 4 Authentication & Authorization Protocols Secure swi tch managem ent is needed fo r environ ments that per form signifi cant manageme nt functions acros s the Internet. The following are so me of the functions for secured IPv4 management and device acces s: “RADIUS A uthent ication and A uthori zation?[...]
-
Page 66
BLADEOS 6.5.2 Application Guid e 66 Chapter 4: Authenti cation & Au thorization Pro tocols BMD002 20, October 2010 How RADIUS Authentication Works 1. Remot e administ rator connects to the switch and provides user n ame and pass word. 2. Using Authentication/Author izatio n protocol, the switch sends request to authentication server . 3. Au[...]
-
Page 67
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 4: Authent ication & Autho rization Protocols 67 RADIUS Authentication Features in BLADEOS BLADEOS supports the following RADIUS authentication features: Suppor ts RADIUS clie nt on the sw itch, bas ed on the proto col defin itions in R FC 2138 and RFC 28 66. Allows RA[...]
-
Page 68
BLADEOS 6.5.2 Application Guid e 68 Chapter 4: Authenti cation & Au thorization Pro tocols BMD002 20, October 2010 Switch User Account s The user accounts listed in Ta b l e 3 can be defined in the RADIUS serv er dictionary file. RADIUS Attributes for BLADEOS User Privileges When the user lo gs in, the switch authenticates his/h er level of[...]
-
Page 69
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 4: Authent ication & Autho rization Protocols 69 T ACACS+ Authentication BLADEOS s upports au thentication a nd author ization wit h networks using the Ci sco Syst ems T ACACS+ protocol. The G8124 fun ctions as the Network Access Server (NAS) by interacting with the remote cli[...]
-
Page 70
BLADEOS 6.5.2 Application Guid e 70 Chapter 4: Authenti cation & Au thorization Pro tocols BMD002 20, October 2010 T A CACS+ Authentication Features in BLADEOS Authentication is the action of determini ng the identity of a user , and is generally done when the user first attempts to log in to a device or g ain access to its services. BLADEO[...]
-
Page 71
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 4: Authent ication & Autho rization Protocols 71 Accounti ng Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security . It follows the authentication and authorization actio ns. If the authentication an d authoriz[...]
-
Page 72
BLADEOS 6.5.2 Application Guid e 72 Chapter 4: Authenti cation & Au thorization Pro tocols BMD002 20, October 2010 Configuring T AC ACS+ Authentication on the Switch 1. Configure the IPv4 addresses of the Primary and Se condary T ACACS+ ser vers, and enable T ACACS authentication. Specify the interface port (optional). 2. Configure the T AC[...]
-
Page 73
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 4: Authent ication & Autho rization Protocols 73 LDAP Authentication and Authorization BLADEOS supports the LDAP ( Lightweight Directory Access Protoco l) method to authenticate and authorize remote ad ministrators to manage t he switch. LDAP is based on a client/serv er model[...]
-
Page 74
BLADEOS 6.5.2 Application Guid e 74 Chapter 4: Authenti cation & Au thorization Pro tocols BMD002 20, October 2010 Configuring LDAP Authenticati on on the Swi tch 1. T urn LDAP authentication o n, then configure the IPv4 addresses of the Primary and Secondary LDAP servers. Specify the interface port (optional). 2. Configure the domain n ame[...]
-
Page 75
BMD00220 , October 2010 75 C HAPTER 5 Access Control List s Access Control List s (ACLs) are filters that permit o r deny traf fic for secu rity purposes. They can also be used with Qo S to classify and segm ent traffic in order to provide d ifferent levels of service to different traffic types. Each filter defines th e conditions that must match f[...]
-
Page 76
BLADEOS 6.5.2 Application Guid e 76 Chapter 5: Access Control Lists BMD002 20, October 2010 Summary o f Packet C lassifiers ACLs allow you to clas sify packets according to a variety of content in the packet header (such as the so urce address, des tination addr ess, sour ce port number , destination port number , and others) . Once classified,[...]
-
Page 77
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 5: Access C ontrol Lis ts 77 TCP/UDP header options (f or all ACLs) TCP/UDP application source por t as show n in Ta b l e 8 TCP/UDP application destin ation po rt and mask as sho wn i n Ta b l e 8 TCP/UDP flag value as s hown in Ta b l e 9 Packet format (for r[...]
-
Page 78
BLADEOS 6.5.2 Application Guid e 78 Chapter 5: Access Control Lists BMD002 20, October 2010 Summary of ACL Actions Once classified using ACLs, the identified packet f lows can be pro cessed diff erently . For each ACL, an action can be assigned. Th e action determines how the switch tr eats packets that match the classifiers assigned to the ACL[...]
-
Page 79
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 5: Access C ontrol Lis ts 79 ACL Metering and Re-Marking Y o u can define a pr ofile for th e aggregate traf fic flo wing through t he G8124 b y configuring a QoS mete r (if de sir e d) and assign ing ACLs to port s. Note – When you add ACLs to a por t, make sure th ey are ord e[...]
-
Page 80
BLADEOS 6.5.2 Application Guid e 80 Chapter 5: Access Control Lists BMD002 20, October 2010 ACL Port Mirroring For regular ACLs an d VMaps, packets that match a n ACL on a specific po rt can be mirrored to another switch p ort for net work diagn osis and mo nitoring . The source por t for the mirr ored packets cannot b e a portchannel, but may [...]
-
Page 81
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 5: Access C ontrol Lis ts 81 ACL Conf iguration Examples ACL Example 1 Use this configu ration to bl ock traf fic to a specific host . All traf fic that ingr esses on po rt 1 is denied if it is destined for the host at IP address 100.10.1. 1 1. Configure an Access Control List. 2.[...]
-
Page 82
BLADEOS 6.5.2 Application Guid e 82 Chapter 5: Access Control Lists BMD002 20, October 2010 ACL Example 3 Use this configuration to block traf fi c from a specific IPv6 source addr ess. All traffic that ingres ses in por t 2 with sou rce IP from cl ass 2001: 0:0:5:0: 0:0:2/128 is denied. 1. Configure an Access Control List. 2. Add ACL 2 to port[...]
-
Page 83
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 5: Access C ontrol Lis ts 83 VMAPs ar e configured u sing the f ollowing ISC LI config uration comm and path: Once a VMAP filter is cr eated, it can be assigned o r removed using the following configuration commands: For a regular VLAN, use co nfig-vlan mode: For a VM gr o[...]
-
Page 84
BLADEOS 6.5.2 Application Guid e 84 Chapter 5: Access Control Lists BMD002 20, October 2010 Using S torm Control Filters The G8124 provides filters that can limit the number of the following packet types tran smitted by switch ports : Broadcast packets Multicast packets Unknown unicast packets (desti nation lookup fai lure) Broadcas[...]
-
Page 85
BMD00220 , October 2010 85 Part 3: Switch Basics This sect ion discu sses basic switching functions : VLANs Port T run king Spanning T ree Protocols (Spanning T ree Groups, Rapid Spanning T ree Protocol, and Multiple Spanning T ree Protocol) Quality of Service[...]
-
Page 86
BLADEOS 6.5.2 Application Guid e 86 Part 3: Swi tch Basics BMD00220 , October 2010[...]
-
Page 87
BMD00220 , October 2010 87 C HAPTER 6 VLANs This chapt er describe s network des ign and to pology cons iderations f or using V irtual L ocal Area Networks (VLANs). VLANs commonly are used to split up groups of network users into manageable bro adcast domains, to create logical segmentation of workgroups, an d to enforce security policies amon g lo[...]
-
Page 88
BLADEOS 6.5.2 Application Guid e 88 Chapter 6: VLANs BMD002 20, October 2010 VLANs Ov erview Setting up virtual LANs (VLANs) is a way to segment networks to increase network flexibility without changing the physical network topo logy . W ith network segmentation, each switch port connects to a segment that is a single broadcast d omain. When a [...]
-
Page 89
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 6: VLANs 89 PV I D N u m b e r s Each port in the swit ch has a conf igurable def ault VLAN number , kn own as its PVID . By default, the PVID for all non-management ports is set to 1, which correlates to the default VLAN ID. The PVID for each por t can be configur ed to any VLAN [...]
-
Page 90
BLADEOS 6.5.2 Application Guid e 90 Chapter 6: VLANs BMD002 20, October 2010 VLAN T agging BLADEOS software supp orts 802.1Q VLAN tagging, providing s tandards-bas ed VLAN sup port for Ethernet s ystems. T agging places the VLAN identifi er in the frame header o f a packet, allowing each por t to belong to multiple VLANs. When you add a port to[...]
-
Page 91
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 6: VLANs 91 Figure 1 Default VLA N settings Note – The port numbers specified in these illus trations may not directly correspond to the physical port co nfiguration of your s witch model. When a VLAN is con figured, ports are added as mem bers of the VLAN, and the ports are def[...]
-
Page 92
BLADEOS 6.5.2 Application Guid e 92 Chapter 6: VLANs BMD002 20, October 2010 Figure 2 Port-bas ed VLAN assignment As show n in Figure 3 , the untagged p acket is marked (tagged) as it leaves the s witch through port 5 , which is con figured as a tagged member of VLAN 2. The un tagged packe t re mains unch anged as it leaves the switch th rough [...]
-
Page 93
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 6: VLANs 93 Figure 4 802.1Q tag assignment As sh own in Figure 5 , the tagged pack et remains unchan ged as it leaves the switch thr ough port 5, which is configured as a tagged member of VLAN 2. However , the tagged packet is stripped (untagged) as it leaves the switch through p [...]
-
Page 94
BLADEOS 6.5.2 Application Guid e 94 Chapter 6: VLANs BMD002 20, October 2010 VLAN T opol ogies an d Design Conside rations By default, the G8124 software is configured so that tagging is d isab led on all ports. By default, the G8124 software is configu red so that all data ports are mem bers of VLAN 1. By default , the BLADEOS soft[...]
-
Page 95
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 6: VLANs 95 Multiple VL ANs with T agging Adapters Figur e 6 illustrates a network topology described in Note – and the con figuration examp le on page page 97 . Figure 6 Multipl e VLANs with VLAN -T agged Gigabit Adapte rs Server 1 VLAN 1 Server 2 VLAN 1 Server 3 VLAN 2 Server [...]
-
Page 96
BLADEOS 6.5.2 Application Guid e 96 Chapter 6: VLANs BMD002 20, October 2010 The features of this VLAN are described below: Note – VLAN tagg ing is required o nly on ports th at are connected to other switches or on ports that connect to tag-cap able end-stations, such as server s with VLAN-tagging adapters. T abl e 6-1 M ultiple VLANs Exampl[...]
-
Page 97
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 6: VLANs 97 VLAN Configuration Example Use the following procedure to configu re the example network shown in Fig ure 6 . 1. Enable VLAN tagging on server ports that support multiple VLANs. 2. Enable tagging on uplink ports that suppo rt multiple VLANs. 3. Configure the VLANs and [...]
-
Page 98
BLADEOS 6.5.2 Application Guid e 98 Chapter 6: VLANs BMD002 20, October 2010 Privat e VLANs Private VLANs provide Layer 2 isolatio n between the ports within the same broadcast domain. Private VLANs can control traf fic within a VLAN domain, and provide port-b ased security for host serve rs. Use Private VLAN s to partition a VLAN d omain into [...]
-
Page 99
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 6: VLANs 99 Configuration Gui delines The following gu idelines apply when configur ing Private VLANs: The defaul t VLAN 1 c anno t be a Privat e VLAN. The management VLAN 4095 cannot be a P rivate V LAN. The managem ent p ort cannot b e a member of a Private VLAN. IGM[...]
-
Page 100
BLADEOS 6.5.2 Application Guid e 100 Chapter 6: VLANs BMD002 20, October 2010[...]
-
Page 101
BMD00220 , October 2010 101 C HAPTER 7 Port s and T runking T runk gro ups can provid e super-b andwidth, mul ti-link connecti ons between the Rack Switch G8124 (G8124) an d other tru nk-capable d evices. A trun k group is a group of ports that a ct together , combining their bandwidth to create a single, larger virtual link. Thi s ch apt er provid[...]
-
Page 102
BLADEOS 6.5.2 Application Guid e 102 Chapter 7: Ports and T runking BMD002 20, October 2010 T runking Overvie w When using port trun k gro ups between t wo swit ches, as s hown in Figure 7 , you can create a virtual link between the switches, operating with combined throughpu t levels th at depends on how ma ny physical por ts are included. Eac[...]
-
Page 103
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 7: Port s and T runking 103 Before Y ou Configure St atic T runks When you create and enable a static trunk, the tru nk members (switch ports) take o n certain settings necessary for correct oper ation of the trunking f eature. Before you configu re your trunk , you must co nsider[...]
-
Page 104
BLADEOS 6.5.2 Application Guid e 104 Chapter 7: Ports and T runking BMD002 20, October 2010 T runk Group C onfiguratio n Rules The trunking feature operates accordin g to specific conf iguration rules. When creating trunks, consider the following rules that determine h ow a trunk group reacts in any networ k topology: All trun ks must ori g[...]
-
Page 105
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 7: Port s and T runking 105 1. Follow these steps on the G8124: a. Define a trunk grou p. b. V erify the config uration. Exam ine th e re sulting in fo r ma tion . I f an y se tti ngs are in co r r ect , make app ro pr iat e chang es. 2. Repeat the process on the other switch . 3.[...]
-
Page 106
BLADEOS 6.5.2 Application Guid e 106 Chapter 7: Ports and T runking BMD002 20, October 2010 Configurable T runk Hash Algorithm T r af f ic in a tr unk group is statistically distributed among member ports using a hash process where various address and attribute bits from each transmitted frame are recombined to specify the particul ar trunk por[...]
-
Page 107
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 7: Port s and T runking 107 Link Agg regatio n Control Protocol Link Aggregation Co ntrol Protocol ( LACP) is an IEEE 8 02.3ad standar d for grouping sev eral physical ports into on e logical p ort (known as a dynamic trunk group or Lin k Aggregation group) with any device that su[...]
-
Page 108
BLADEOS 6.5.2 Application Guid e 108 Chapter 7: Ports and T runking BMD002 20, October 2010 Each port on the switch can have o ne of the following LACP modes . off (default) The user can configure thi s port in to a regular stati c trunk gro up. active The port i s capable of fo rming an LACP trunk. Thi s port sends L ACPDU packets t o [...]
-
Page 109
BMD00220 , October 2010 109 C HAPTER 8 S p anning T ree Protocols When multiple paths exist b etween two points on a network, Spanning Tree Protocol (STP), or one of its enhanced v ariants, can prevent broadcas t loops and ensure that th e RackSwitch G8124 (G8124) u ses only the mos t effi cient network path . This chapter covers the following topi[...]
-
Page 110
BLADEOS 6.5.2 Application Guid e 110 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Rapid Span ning T ree Pro tocol (RSTP ) IEEE 802.1 D (2004) RSTP mode is an enhanced vers ion of STP . It pr ovides mo re rapid conver gence of the Spanning T ree network path s tates on STG 1. RSTP is the default Spanning T ree mode on the G81[...]
-
Page 111
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 8: S p annin g T ree Protoc ols 111 STP/P VST+ Mode Using STP , netw ork devices detect an d eliminate lo gical loops in a bridged or switched network. When multiple paths exist, Sp anning T ree configures the network so that a switch uses only the most ef ficient path. If that p[...]
-
Page 112
BLADEOS 6.5.2 Application Guid e 112 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Bridge Protoc ol Dat a Unit s Bridge Pr oto col Dat a Units Over vi ew T o create a Spanning T ree, the s witch generates a configur ation Bridge Protocol Data Unit (BPDU), which it then forwards out of its ports. All switches in the Layer 2 networ[...]
-
Page 113
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 8: S p annin g T ree Protoc ols 11 3 Port Priorit y The port priority h elps determi ne which bri dge port becom es the roo t port or the designated port. The case for the root port is when two switches are connected using a minimum of two links with the same path-cost. The case [...]
-
Page 114
BLADEOS 6.5.2 Application Guid e 114 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Fast Uplink Conf igur ation Guideli nes When you enable Fast Uplink Conver gence, BLADEOS automatically makes the following configuration chang es: The bridge priority is set to 65535 so that it does no t become the root switch. The cost of[...]
-
Page 115
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 8: S p annin g T ree Protoc ols 11 5 Simple STP Confi guration Figur e 9 depicts a simple t opology us ing a swit ch-to-s witch link b etween two G81 24 1 and 2. Figure 9 S panning T ree Bl ocking a Switch- to-Switc h Link T o prevent a n etwork loop among the swit ches, STP must[...]
-
Page 116
BLADEOS 6.5.2 Application Guid e 116 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Figure 10 S p anni ng T ree Rest oring the S witch -to-Switch Link In this exampl e, port 10 on each G8 124 is used for the sw itch-to-switch link. T o ensure that the G8124 switch-to -switch li nk is bl ocked during normal oper ation, th e port pa[...]
-
Page 117
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 8: S p annin g T ree Protoc ols 11 7 Per-VLAN Sp anning T ree Gro up s STP/PVST+ mode supports a m aximum of 127 STGs, with each STG acting as an independen t, simultan eous inst ance of STP . Multiple STGs provide multiple da ta paths wh ich can be used for load-balancing and re[...]
-
Page 118
BLADEOS 6.5.2 Application Guid e 118 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 STP/PV ST+ Defaul ts an d Guide lines In STP/PVST+ configuration, u p to 128 STGs are available on the switch. STG 1 is t he default STG . Altho ugh ports can be added to or deleted from default STG 1, the S TG itself cannot be deleted from the sys[...]
-
Page 119
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 8: S p annin g T ree Protoc ols 11 9 Crea ting a VLAN When you create a VLAN, that VLAN automatically belongs to STG 1, the default STG . T o place the VLAN in a dif ferent STG , follow these steps: Create the VLAN. Add the VLAN to an existing STG . The VLAN is automa[...]
-
Page 120
BLADEOS 6.5.2 Application Guid e 120 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Addi ng and Remo ving P orts from S T Gs When you add a port to a VLAN that belong s to an STG , the port is also added to that STG . However , if the port you are add ing is an untag ged port and is alread y a member of another STG , that port[...]
-
Page 121
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 8: S panning T re e Protocol s 121 Switch-C en tric Configura tion STP/PVST+ is switch-centric: STGs are enforced only on the switch where th ey are configured. The STG ID is not tra nsmitted in the Spanning T ree BPDU. Each Spanning T ree decision is based entirely on the config[...]
-
Page 122
BLADEOS 6.5.2 Application Guid e 122 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Configuring Multiple STGs This configuration shows how to configure the three instances of STGs on the switches A, B, C, and D illustrated in F igur e 12 on page 1 21 . By default Spanning T rees 2 to 127 are empty , and STG 1 contains all configur[...]
-
Page 123
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 8: S panning T re e Protocol s 123 3. Configure the following on application s witch C: Add port 8 to VLAN 3 an d define S TG 2 for VLAN 3. VLAN 3 is automatically removed fro m STG 1. By default VLAN 1 remains in STG 1. 4. Switch D does not require any special configuration for [...]
-
Page 124
BLADEOS 6.5.2 Application Guid e 124 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Rapid Sp anning T ree Proto col Note – Rapid Spannin g T ree Prot ocol (RSTP ) is enable d by defaul t on the G81 24. RSTP prov ides rapid conver gence of the Sp anning T ree and provides t he fast re- configuratio n critical for networks carryin[...]
-
Page 125
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 8: S panning T re e Protocol s 125 RSTP Configuration Guidelines This sec tion provides im portant inform ation about configuring RS TP . When RSTP is turned on, the following occurs : STP par ameters apply only to S TG 1. Only STG 1 is available. All other STGs are turne[...]
-
Page 126
BLADEOS 6.5.2 Application Guid e 126 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 Per-VLAN Rapi d S p anni ng T ree Grou p s PVRST is b ased on IEEE 802.1w Ra pid Spanning T ree Protocol (RSTP ). Like RSTP , PVRST mo de provides rapid Spann ing T ree co nver gence. However , s imilar to the way standard STP is enhanced by PVST+ [...]
-
Page 127
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 8: S panning T re e Protocol s 127 Multiple S p annin g T ree Pro tocol Multiple Sp anning Tree Protocol (MSTP) extends R apid Spannin g Tr ee Protocol (R STP), allow ing multiple Spanning T ree Groups (STGs) which may each include multiple VLANs. MSTP was originally defined in I[...]
-
Page 128
BLADEOS 6.5.2 Application Guid e 128 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 MSTP Configuration Guidelines This section provides important inform atio n about configuring Multiple Spanning Tr ee Groups: When MSTP is turned on , the switch automatically moves all VLANs to the CIST . When MSTP is turned off, the switch mo[...]
-
Page 129
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 8: S panning T re e Protocol s 129 MSTP Configuration Example 2 This confi guration shows how to confi gure MSTP Gr oups on t he switch, as shown i n Figure 12 . Figure 13 Implementi ng Mul tip le S panning T ree Groups This exampl e shows how mu ltiple Spanning T rees can pro vi[...]
-
Page 130
BLADEOS 6.5.2 Application Guid e 130 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010 1. Config ure port member ship and define the STG s for VLAN 1. Enable tag ging on upl ink port s that share VLANs. Port 19 and port 20 co nnect to the Enterprise Routing switches. 2. Add server ports 1 and 2 to VL AN 1. Add up link ports 19 and po[...]
-
Page 131
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 8: S panning T re e Protocol s 131 Port T ype and Link T ype For us e in RSTP , MSTP , and PVRST modes, BLA DEOS Spanni ng T re e configur ation includes parameters fo r edge port and link ty pe. Note – Although edge po rt and link ty pe parameters are configured with glob al c[...]
-
Page 132
BLADEOS 6.5.2 Application Guid e 132 Chapter 8: Spanning T ree Proto cols BMD002 20, October 2010[...]
-
Page 133
BMD00220 , October 2010 133 C HAPTER 9 Quality of Service Quality of Service features allo w you to allocate network resour ces to mission-critical applicatio ns at the expense of applications that are less s ensitive to such factors as time delays or network congestion. Y ou can configure your network to prioritize specific types of traf fic, ensu[...]
-
Page 134
BLADEOS 6.5.2 Application Guid e 134 Chapter 9: Qual ity of Service BMD002 20, October 2010 Figur e 14 shows the basic QoS model u sed by the switch. Figure 14 QoS M odel The basic QoS model works as follows: Classify traf fic: Read DSCP value. Read 802.1p priority value. Match ACL filter parameters. Perform actions: Def[...]
-
Page 135
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 9: Qual ity of Servic e 135 Using ACL Filters Access Control Lists ( ACLs) are filters that allow you to clas sify and segment traffic, so yo u can provide dif ferent levels of serv ice to different traf fic types. Each filter defines the cond itions that must match for inclusio [...]
-
Page 136
BLADEOS 6.5.2 Application Guid e 136 Chapter 9: Qual ity of Service BMD002 20, October 2010 ACL Metering and Re-Marking Y o u can define a pr ofile for th e aggregate traf fic flo wing through t he G8124 b y configuring a QoS meter (if desired ) and assigning ACLs to ports. When you ad d ACLs to a port, m ake sure they are ordered cor rectly in[...]
-
Page 137
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 9: Qual ity of Servic e 137 Using DSCP V alues to Prov ide QoS The switch uses the Dif ferentiated Services (Dif fServ) architecture to p rovide QoS functions. Dif fServ is des cribed i n IETF RFCs 2474 and 2475. The six most s ignificant bits in the T OS byte of the IP header ar[...]
-
Page 138
BLADEOS 6.5.2 Application Guid e 138 Chapter 9: Qual ity of Service BMD002 20, October 2010 Per Hop Behavior The DSCP value determines the Per Hop Behav ior (PHB) of each p acket. The PHB is the forwarding treatment given to packets at each hop. QoS policies are built by applying a set of rules to packets , based on the DSCP value, as they h op[...]
-
Page 139
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 9: Qual ity of Servic e 139 QoS Leve ls Ta b l e 1 3 shows the default service levels provid ed by the switch, listed from highest to lowest importance: Ta b l e 1 3 D efault Qo S Servic e Levels Service Le vel Default PHB 802.1p Prio rity Critic al CS7 7 Network Contro l CS6 6 P[...]
-
Page 140
BLADEOS 6.5.2 Application Guid e 140 Chapter 9: Qual ity of Service BMD002 20, October 2010 DSCP Re-Marking and Map ping The switch can u se the DSCP value of ingres s packets to re-mar k the DSCP to a new value, and to set an 802.1p priority value. Use the following command to view the default settin gs. Use the f ollowing comman d to turn on [...]
-
Page 141
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 9: Qual ity of Servic e 141 DSCP Re-Marking Configur ation Example 1. T urn DSCP re-mark i ng on gl oball y , and defi ne the DSC P- DSC P- 802 .1p mapping . Y ou can use the defa u lt ma ppin g. 2. Enable DSCP re-marking on a port. RS G8124(config)# qos dscp re-marking RS G8124([...]
-
Page 142
BLADEOS 6.5.2 Application Guid e 142 Chapter 9: Qual ity of Service BMD002 20, October 2010 Using 802.1p Priority to Prov ide QoS The G8124 provides Quality of Service functions based on the priority bits in a packet’ s VLAN header . (The priority b its are defin ed by the 802. 1p stand ard within t he IEEE 802.1 Q VLAN header .) The 802.1p b[...]
-
Page 143
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 9: Qual ity of Servic e 143 Queuin g and Scheduling The G8124 can be configured to h ave either 2 or 8 o utput Class of Service (COS) q ueues per port, into which each pack et is placed. Each packet’ s 802.1p priority determin es its COS queue, except when an ACL action sets th[...]
-
Page 144
BLADEOS 6.5.2 Application Guid e 144 Chapter 9: Qual ity of Service BMD002 20, October 2010[...]
-
Page 145
BMD00220 , October 2010 145 Part 4: Advanced Switching Features[...]
-
Page 146
BLADEOS 6.5.2 Application Guid e 146 Part 4: Advanc ed Switchi ng Features BMD00220 , October 2010[...]
-
Page 147
BMD00220 , October 2010 147 C HAPTER 10 Deployment Profiles The BLADEOS software for the RackSwitch G8 124 can be configu red to operate in dif ferent modes for dif ferent deployment scen arios. Each deploy ment profile sets di fferent capaci ty levels for basic switch resources, such as the number o f IP routes and ARP entries, in order to optimiz[...]
-
Page 148
BLADEOS 6.5.2 Application Guid e 148 Chapter 10: Deploym ent Profiles BMD00220 , October 2010 The properties of each mode are com pared in the following table. Note – Throughout this guide, where fea ture capacities are listed, values reflect tho se of the Default profile only , unles s otherwise noted. Ta b l e 1 4 D eploymen t Mode C ompari[...]
-
Page 149
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 10: Deployment Profiles 14 9 Selecting Profi les T o change the deploy ment profile, the new prof ile must first be se lected, and the switch must th en be reboot ed to use the n ew profile. Note – Before changing profiles, it is recommen ded that yo u save the activ e switch co[...]
-
Page 150
BLADEOS 6.5.2 Application Guid e 150 Chapter 10: Deploym ent Profiles BMD00220 , October 2010[...]
-
Page 151
BMD00220 , October 2010 151 C HAPTER 11 V irtualization V irtualization allows resources to be allocated in a fluid manner based on the logical needs of the data center , rather than on the str ict, physical nature of com ponents. The following virtualization features are included in BL ADEOS 6.5 on the RackSwit ch G8124 (G812 4): V irtual Loca[...]
-
Page 152
BLADEOS 6.5.2 Application Guid e 152 Chapter 11: Virtual ization BMD002 20, October 2010[...]
-
Page 153
BMD00220 , October 2010 153 C HAPTER 12 V irtual NICs A Network Interface Contr oller (NIC) is a component within a server that allows the ser ver to be connected to a n etwork. The NIC provides th e physical point of connection, as well as internal software for encoding and d ecoding network p ackets. V irtu alizing the NIC helps to resolve issues[...]
-
Page 154
BLADEOS 6.5.2 Application Guid e 154 Chapter 12: Virtual NICs BMD00220 , October 2010 Each vNIC can be independently allocated a s ymmetric percentage of the 10Gbps bandwidth on the link (from NIC to switch, and from switch to NIC). The G8124 can be used as the s ingle point o f vNIC configurat ion. The follo wing restrict ions apply t [...]
-
Page 155
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 12: Virtual N ICs 155 vNIC IDs vNIC IDs on the Switch BLADEOS 6.5 suppor ts up to four vNICs attached to each server po rt. Each vNIC is provided its own ind ependent virtu al pipe on t he port. On the switch, each v NIC is identified by its p ort and vNIC number as fo llows: <[...]
-
Page 156
BLADEOS 6.5.2 Application Guid e 156 Chapter 12: Virtual NICs BMD00220 , October 2010 vNIC Bandwid th Metering BLADEOS 6 .5 support s bandwidth met ering for vN IC traf fic. By defaul t, each of the four vNIC s on any give n port is allowed an equa l share (25%) of NIC capacity when enabled. However , you may configure the percentage of availab[...]
-
Page 157
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 12: Virtual N ICs 157 vNIC Groups vNICs can be gr oup ed together , along with upl ink ports an d tru nks , as we ll as other ports th at we re defined as server po rts but not co nnected to vNI Cs. Each vNIC gro up is essen tially a separat e virtual network within the switch. El[...]
-
Page 158
BLADEOS 6.5.2 Application Guid e 158 Chapter 12: Virtual NICs BMD00220 , October 2010 Other vNIC group rules are as follows: vNIC grou ps may have one o r more vNIC mem bers. However , any given vNIC can be a memb er of on ly on e vN IC gro up . All vNIC s on a given port mus t belong to dif ferent vNIC gro ups. All members of a vNI[...]
-
Page 159
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 12: Virtual N ICs 159 vNIC T eaming Failo ver For NIC failover in a non-virtualized enviro nment, when a ser vice group’ s uplink ports fail or are disconnected, the switch d isab les the af fected group’ s server ports , cau sing the se rver to failove r to the backup NIC and[...]
-
Page 160
BLADEOS 6.5.2 Application Guid e 160 Chapter 12: Virtual NICs BMD00220 , October 2010 Figure 20 vNIC Fail over S olution By default, vNI C T eaming Failover is disabled o n each vNIC grou p, but can b e enabled or disabled independently f or each vNIC grou p using the following co mmands: Hypervisor NIC VNIC VNIC VNIC VNIC VNIC VNIC VNIC VNIC v[...]
-
Page 161
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 12: Virtual N ICs 161 vNIC Config uration Exampl e Consider the following example co nfiguration: Figure 21 Multiple vNIC Groups Figur e 21 has the followin g vNIC network characteristics: vNIC gro up 1 has an outer tag f or VLAN 10 00. Th e g r ou p is co mpr ised of v NIC pi[...]
-
Page 162
BLADEOS 6.5.2 Application Guid e 162 Chapter 12: Virtual NICs BMD00220 , October 2010 1. Define the server ports. 2. Configure the external trunk to be u sed with vNIC group 2. 3. Enable the vNIC feature on the switch. 4. Configure the virtual pipes fo r the vNICs attached to each ser ver port: As a configuration shortcut, vNICs do not have to [...]
-
Page 163
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 12: Virtual N ICs 163 5. Add port s, trun ks, and virtual pipes to t heir vNIC gro ups. Once VLAN 1000 and 1774 are configured f or vNIC groups, they will not b e available for configurat ion in the r egular VLAN menus ( /cfg/l2/vlan ). Note – vNICs are not sup ported si multane[...]
-
Page 164
BLADEOS 6.5.2 Application Guid e 164 Chapter 12: Virtual NICs BMD00220 , October 2010 vNICs for iSCSI on Emul ex Eraptor 2 The BLADEOS vNIC feature wor ks with standard network app lications like iSCSI as prev iously described. However , the Emulex Eraptor 2 NIC expects iSCSI traf fic to occur only on a single vNI C pipe. When using the Emulex [...]
-
Page 165
BMD00220 , October 2010 165 C HAPTER 13 VMready V irtualization is used to allocate server resources based on logical needs , rather than on str ict physical structure. W ith appropr iate hardwar e and soft ware support, servers can b e virtual ized to host multiple instan ces o f operating systems, known as virt ual mach ines (VMs). Each VM has it[...]
-
Page 166
BLADEOS 6.5.2 Application Guid e 166 Chapter 13: VMready BMD002 20, October 2010 VE Cap acity When VMready is enabled, the switch will automatically discover VEs that reside in hyperviso rs directly connected on the switch ports. BLADEO S 6.5 suppo rts up to 2 048 VEs. Once this limit is reached, the switch will reject add itio nal VEs. Note ?[...]
-
Page 167
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 167 Local VM Gro up s The configuration for local VM groups is maintained on the switch (locally) and is not directly synchronized with h ypervisors. Local VM gro ups may include only local elements: local switch ports and trun ks, and o nly th ose VEs conn ected to o[...]
-
Page 168
BLADEOS 6.5.2 Application Guid e 168 Chapter 13: VMready BMD002 20, October 2010 The follo wing rules ap ply to the l ocal VM grou p configurati on commands: key : Add LACP trunks to the group. port : Add s witch server p orts or swi tch uplink ports to the group. N ote that VM groups and vNICs (see “V irtual NICs” on page 153 ) are[...]
-
Page 169
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 169 Distributed VM Group s Distribut ed VM groups allow configu ration pro files to be syn chronized between the G8124 and associated hyperv isors and VEs. This allows VE co nfiguration to be centralized, and provides fo r more reliab le VE migration across hy perviso[...]
-
Page 170
BLADEOS 6.5.2 Application Guid e 170 Chapter 13: VMready BMD002 20, October 2010 Note – The bandwidth shaping param eters in the VM profile ar e used by the hyp ervisor virtual switch so ftware. T o set bandwidt h policies for indi vidual VEs, see “VM Policy Bandwidth Control” on pa ge 178 . Once conf igured, the VM pro file may be as sig[...]
-
Page 171
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 171 Synchronizing the C onfiguratio n When the con figuratio n for a dist ributed VM g roup is mod ified, the sw itch upd ates the ass igned virtualization managemen t server . The management server then dis tributes changes to the appropriate hyperv isors. For VM mem[...]
-
Page 172
BLADEOS 6.5.2 Application Guid e 172 Chapter 13: VMready BMD002 20, October 2010 V irtualization Management Se rvers The G8124 can connect with a virtualization managemen t server to collect configu ration information ab out associated VEs. Th e switch can also automatically push VM group configuration profiles to the virtualizati on management[...]
-
Page 173
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 173 vCenter Scans Once the vCenter is assigned, the switch will period ically scan the vCenter to collect b asic information abou t all the VEs in the datacenter , and more detailed infor mation about the local VEs that the sw itch has discovered at tached to its own [...]
-
Page 174
BLADEOS 6.5.2 Application Guid e 174 Chapter 13: VMready BMD002 20, October 2010 Export ing Profil es VM profil es for di sco vere d V Es in dis tr ibut ed VM g rou ps are au tomat ical ly sy nch ron ized with the virtual mana gement server and the ap propriate hypervisors. Howev er , VM profiles can also be manually ex ported to speci fic host[...]
-
Page 175
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 175 Pre-Provisioning VEs VEs may be man ually added t o VM groups in advance of bei ng detected on the switch ports. By pre-provisioning the MAC address of VEs th at are not yet active, the switch will b e able to later recognize the VE when it becomes active on a s w[...]
-
Page 176
BLADEOS 6.5.2 Application Guid e 176 Chapter 13: VMready BMD002 20, October 2010 VLAN Map s A VLAN map (VMAP) is a type of Access Control List (ACL) that is app lied to a VLAN or VM group rather than to a switch port as with regular ACLs (see “Access Control Lists” on pag e 75 ). In a virtualized environment, VMAPs allow you to create traff[...]
-
Page 177
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 177 Once a VMAP filter is created, it can be assigned o r removed using the following commands: For regular VLANs, use config-v lan mode: For a VM gr oup, use the g lobal config uration mode : Note – Each VMAP can be assigned to only one VLAN or VM group. Ho[...]
-
Page 178
BLADEOS 6.5.2 Application Guid e 178 Chapter 13: VMready BMD002 20, October 2010 VM Policy Bandwid th Control Note – VM policy band width cont rol is suppo rted only when the sw itch is op erating w ith the Default deplo yment prof i le (see “Deployment Prof iles” on page 147 ). If using the Routing profile, VM policy bandwidth control co[...]
-
Page 179
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 179 Bandwidth Poli cies vs. Bandw idth Shapin g VM Prof ile Bandwidt h Shaping d iffe rs from VM P olicy Bandwi dth Cont rol. VM Profi le Bandwidth S haping (see “VM P rofi les” o n pa ge 169 ) is conf igured per VM group and is enforced on the server by a virtual[...]
-
Page 180
BLADEOS 6.5.2 Application Guid e 180 Chapter 13: VMready BMD002 20, October 2010 VMread y Information Di splays The G8124 can be used to display a var iety of VMready info rmation. Note – S ome displays depict information collected fro m scans of a VMwar e vCenter and may no t be available without a valid vCe nter . If a vCenter is assigned ([...]
-
Page 181
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 181 If a vCenter is available, more ver bose information can b e obtained using the f ollowing ISCLI privile ged EXEC command option: T o view additional detail regarding any specific VE, see “vCent er VE Details” on page 183 ). RS G8124# show virt vm -v Index MAC[...]
-
Page 182
BLADEOS 6.5.2 Application Guid e 182 Chapter 13: VMready BMD002 20, October 2010 vCenter Hype rvisor Hos ts If a vCenter is available, the f ollowing IS CLI privileged EXEC command displays the name and UUID of all VMware hosts, prov iding an essential overview of th e data center: Using the following co mmand, the administrator can view more d[...]
-
Page 183
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 183 vCenter VEs If a vCenter is available, the following ISCLI privileged EXEC command displays a list of all known VE s: vCenter VE Details If a vCenter is available, the f ollowing IS CLI privileged EXEC command displays detailed information abo ut a specific VE: RS[...]
-
Page 184
BLADEOS 6.5.2 Application Guid e 184 Chapter 13: VMready BMD002 20, October 2010 VMready Confi guration Exa mple This example has the followin g characteristics: A VMware vCenter is fully installed and configured prior to VMready configuration and includes a “ bladevm ” adminis tration accoun t and a valid SSL certificate. The dist [...]
-
Page 185
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 13: VMread y 185 5. Define the VM group. When VMs are added , the server ports on which they app ear are automatically added to the VM group. I n this example, t here is no need t o manually add ports 1 and 2. Note – VM groups and vNIC s (see “V i rtual NICs ” o n page 153 )[...]
-
Page 186
BLADEOS 6.5.2 Application Guid e 186 Chapter 13: VMready BMD002 20, October 2010[...]
-
Page 187
BMD00220 , October 2010 187 C HAPTER 14 FCoE and CEE Th is cha pt er provides conceptual backgroun d and configu ration examples for u sing Conver ged Enhanced Ether net (CEE) features of the R ackSwitch G8124, with an emphasis o n Fibre Channel over Ethernet ( FCoE) solutions. The follo wing topics are addressed in this chapter: “Fibre Chann[...]
-
Page 188
BLADEOS 6.5.2 Application Guid e 188 Chapter 14: FCoE an d CEE BMD002 20, October 2010 “Enhanced T ransmission Selection” o n page 204 Enhanced T ransmission Sel ection (ETS) pr ovides a method for al locating lin k bandwidth based on the 80 2.1 p p riority valu e in each packet’ s VLAN tag. Using ETS, dif fer ent ty pes of traf fic ([...]
-
Page 189
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 18 9 Fibre Ch annel ov er Ethernet Fibre Channel over Ethernet (FCoE) is an ef fort to co nv er g e two o f the dif ferent phy sical n etworks in today’ s data centers. It allows F ibre Channel traf fic (such as that commonly used in Storag e Area Network s, or[...]
-
Page 190
BLADEOS 6.5.2 Application Guid e 190 Chapter 14: FCoE an d CEE BMD002 20, October 2010 In Fi gure 22 on page 189 , the Fibre Chan nel netw ork is conn ected to the FCoE netw ork throu gh an FCoE Forwarder (FCF). The FCF acts as a Fibre Channel ga teway to and from the FCoE network. For the FCoE portion o f the network, the FCF is con nected to [...]
-
Page 191
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 19 1 FCoE Requirements The following are required for impl ementing FCoE using the RackSwitch G8124 (G8124) with BLADEOS 6.5 so ftware: The G8124 m ust be co nnected to the F ibre Chan nel networ k throug h an F CF such as a Cis co Nexus 5000 S eries S witch.[...]
-
Page 192
BLADEOS 6.5.2 Application Guid e 192 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Conver ged Enhance d Ethernet Conver ged Enhan ced Ethernet (CEE) refers to a set of IEEE stan dards desig ned to allow dif ferent physical networks with different data handling requirements to be converged together , simplifying mana g eme nt, in crea sing e[...]
-
Page 193
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 19 3 Effect s on 802. 1p Quality of Service While CEE is off (the default), the G8124 allows 802.1p priority values to be used for Quality of Service (QoS) configu ration (see page 133 ). 802.1 p QoS default settings are shown i n Ta b l e 1 6 , but can be change[...]
-
Page 194
BLADEOS 6.5.2 Application Guid e 194 Chapter 14: FCoE an d CEE BMD002 20, October 2010 If the pri or , non-C EE configurati on used 802.1 p priority values for dif ferent purposes, o r does not expect bandwidth allocation as shown in T able 17 on p age 193 , when C EE is turned on, the administrator s hould reconfigure ETS settings as approp ri[...]
-
Page 195
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 19 5 FCoE I nitialization Proto col Snooping FCoE In itialization P rotocol (FI P) snoopi ng is an FC oE feature. In o rder to en force point- to-point links for FCoE traf fic outside the regular Fibre Channel topolog y , Ethernet ports used in FCoE can be automa[...]
-
Page 196
BLADEOS 6.5.2 Application Guid e 196 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Port FCF and EN ode Detection When FIP snooping is enabled on a port, the port is placed in FCF auto-detect mode by default. I n this mode, the por t assum es co nnection to an ENod e un less FIP packets show th e po rt is conn ected to an FC F . Ports can al[...]
-
Page 197
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 19 7 FCoE ACL Rules When FIP Snooping is enabled on a port, the switch automa tically installs the appropriate ACLs to enforce the fo llowing rules for FCoE traff ic: Ensure t hat FIP f rames fr om ENo des may onl y be address ed to F CFs. Flag important [...]
-
Page 198
BLADEOS 6.5.2 Application Guid e 198 Chapter 14: FCoE an d CEE BMD002 20, October 2010 V iewing FIP Snoopin g Information ACLs automati cal ly gener a ted under FI P sn oop i ng are indepen dent of regular , manually configure ACLs, and are not listed with regular ACLs in swit ch information and statistics output. Instead, FCoE ACLs are shown u[...]
-
Page 199
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 19 9 FIP Snooping Co nfiguration In this exampl e, as shown in Figur e 2 2 on pa g e 189 , FCoE devices are connected to port 2 for the FCF device, and port 3 for an ENode. FIP s nooping can be con figured on these ports using the following ISCLI co mmands: 1. En[...]
-
Page 200
BLADEOS 6.5.2 Application Guid e 200 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Priority-Ba sed Flow Cont rol Priority-based F low Control (PFC) is defined in IEEE 802.1Qbb. PF C extends the IEEE 802.3x standard fl ow control mech anism. Under standard flow co ntrol, when a port becomes busy , the switch manages cong estion by pausing al[...]
-
Page 201
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 20 1 Global Configur ation PFC requires CEE to be turned on ( “T urn ing CEE On or O ff” on pag e 192 ). Whe n CEE is tu rned on, stan dard flow contro l is disabl ed on all ports, and PFC is enabled on all ports for 802.1p p riority value 3. While CEE is tur[...]
-
Page 202
BLADEOS 6.5.2 Application Guid e 202 Chapter 14: FCoE an d CEE BMD002 20, October 2010 PFC Configuration Example Note – DCBX may be conf igured to permi t sharing or learning PFC configurati on with or f rom external devices. This example assumes that PFC configuration is being performed manually . See “Data Center Bridging Capability Excha[...]
-
Page 203
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 20 3 2. Enable PFC for the FCoE traffic. Note – PFC is enabled o n priority 3 by defaul t. If using t he defaults, th e manual conf iguration commands sho wn in this step ar e not necessary . 3. Enable PFC for the business-critical LAN application: 4. Save the [...]
-
Page 204
BLADEOS 6.5.2 Application Guid e 204 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Enhanc ed T r ansmiss ion Selection Enhanced T ran smission Selection ( ETS) is defined in I EEE 802.1Qaz. ETS provides a method for allocating port bandwi dth based on 802.1p pr iority valu es in the VLAN tag. Usin g ETS, dif ferent amounts of link bandwidth[...]
-
Page 205
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 20 5 802. 1p pri o rity valu e s may b e assi gned by the a dmi ni str a tor for a var i ety o f purp oses. How e ver, when CEE is turned on, the G8124 sets the ini tial default v a lues for ETS configuratio n as follows: Figure 23 Default ETS Pri ority Groups In[...]
-
Page 206
BLADEOS 6.5.2 Application Guid e 206 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Priori ty Group s For ETS use, each 801.2p p riority va lue is assigned to a pr iority gr oup which can then be allocated a specific portion of avail able link ban dwidth. T o configure a p riority gro up, the fol lowing is required: CEE must b e turned o[...]
-
Page 207
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 20 7 Assigning Prior ity V alues t o a Priority Gr oup Each priority group may be co nfigured fr om its corre sponding ETS Prior ity Group, ava ilable using the following co mmand: where pr i o r i ty lis t is one o r more 802.1p p riority values (with each se pa[...]
-
Page 208
BLADEOS 6.5.2 Application Guid e 208 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Allocating Bandwidth Allocate d Bandwid th for PGID 0 Through 7 The administr ator may allocat e a portion of the switch’ s available ba ndwidth to PGI Ds 0 through 7. A vailable band widt h i s defi ned as th e amou nt of link bandwi dth th at remai ns aft[...]
-
Page 209
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 20 9 If PGID 15 has low traffic levels, most of the switch’ s bandwidth will be available to serve priority groups 0 throug h 7. However , if PGID 15 co nsumes a lar ger part of the switch’ s total bandw idth, the amount available to the other groups is reduc[...]
-
Page 210
BLADEOS 6.5.2 Application Guid e 210 Chapter 14: FCoE an d CEE BMD002 20, October 2010 This example can be co nfigured using th e following commands: 1. T urn CEE o n. Note – Turn ing CEE on wi ll automatically ch ange some 80 2.1p QoS and 80 2.3x standar d flow control settings and menus (see “T urn i ng CEE On or Of f” on page 192 ). 2.[...]
-
Page 211
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 14: FCoE and CEE 21 1 Dat a Center Bridgi ng Cap ability Exchange Data Center Bridging Capability Exchange (DCB X) pro tocol is a vital elemen t of CEE. DCB X allows peer CEE devices to exchange information about their advanced capabilities. Using DCBX, neighbori ng network dev i[...]
-
Page 212
BLADEOS 6.5.2 Application Guid e 212 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Enabling and Disabling DCBX When CEE is turn ed on, DCBX can be enabled and d isabled on a per -port basis, us ing the following commands: Note – DCBX and vNICs (see “V irtual NICs” on p age 153 ) are not supported simultaneously on the same G8124. When[...]
-
Page 213
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 21 3 These flags are av ailable for the following C EE features: Applica tion P rotocol DCBX exch anges information reg arding FCoE and F IP snooping , including the 802 .1p priority value used f or FCoE traf fic. The advertise flag is set or reset using the [...]
-
Page 214
BLADEOS 6.5.2 Application Guid e 214 Chapter 14: FCoE an d CEE BMD002 20, October 2010 Configuring DCBX Consider an exam ple con sistent Fig ure 22 on page 189 and used with th e prev ious FCoE examp les in this chapter: FCoE is used o n port s 2 and 3. CEE features are als o used with LANs on ports 1 and 4. All other ports are disa[...]
-
Page 215
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 14: FCoE an d CEE 21 5 4. Disable DCBX for each n on-CEE por t as appropriate: 5. Save the con figuration. RS G8124(config)# no cee port 5-24 dcb x enable[...]
-
Page 216
BLADEOS 6.5.2 Application Guid e 216 Chapter 14: FCoE an d CEE BMD002 20, October 2010[...]
-
Page 217
BMD00220 , October 2010 217 Part 5: IP Routing This se ct ion di scusses Layer 3 switch ing functions. In ad dition to switching t raffic at near line ra tes, the application switch can perform multi-protoc ol routing. This section discusses basic routing and advanced ro uting prot ocols: Basic Ro uting IPv6 H ost Ma n agem e nt Routing[...]
-
Page 218
BLADEOS 6.5.2 Application Guid e 218 Part 5: IP Rou ting BMD002 20, October 2010[...]
-
Page 219
BMD00220 , October 2010 219 C HAPTER 15 Basic IP Routing Th is cha pt e r pro vides confi guration backgr ound and ex amples for us ing the G812 4 to perf orm IP routing functions. The following topics are addressed in this chapter: “IP Routin g Benefits” on page 219 “Routing Between IP Subn ets” on page 21 9 “Example o f Subn[...]
-
Page 220
BLADEOS 6.5.2 Application Guid e 220 Chapter 15: Basic IP Routing BMD002 20, October 2010 For examp le, consider t he following topology migration: Figure 24 The Router L egacy Net work In this exampl e, a corporate campus has migrated from a r outer-cen tric topology to a faster , more powerful, switch-based topology . As is often the case, th[...]
-
Page 221
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 15: Basic IP Routin g 221 Example of Subnet Routing Consider the role of the G8124 in the following config uration example: Figure 25 Switch-Bas ed Routin g T opology The switc h connects t he Gigabit Et hernet and F ast Ethernet t runks fr om various s witched sub nets throughou [...]
-
Page 222
BLADEOS 6.5.2 Application Guid e 222 Chapter 15: Basic IP Routing BMD002 20, October 2010 Using VLANs to Segregate Broadcast Domains If you wa nt to contr ol the broadcasts on your ne twork, use VLAN s to create disti nct broadcast domains. Create on e VLAN for each server s ubnet, and one for the r outer . Configuration Example This secti on d[...]
-
Page 223
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 15: Basic IP Routin g 223 3. Determine which switch po rts and IP interfaces b elong to which VLANs. The following table ad ds port and VLAN infor mation: Note – T o per form this configuratio n, you mus t be connected t o the switch C ommand Line Interface (CLI) as the administ[...]
-
Page 224
BLADEOS 6.5.2 Application Guid e 224 Chapter 15: Basic IP Routing BMD002 20, October 2010 5. Assign a VLAN to each IP inter face. Now that the ports are s eparated into VLANs, the VLANs are ass igned to the appr opriate IP interface for each subnet. From T abl e 2 2 on pa ge 22 3 , the settings are made as follows: 6. Configure the default gate[...]
-
Page 225
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 15: Basic IP Routin g 225 ECMP St atic Routes Equal-Cost Multi-Path (ECMP) i s a forwarding mechanism that routes packets along m ultiple paths of equal cost . ECMP provides equally- distributed link load sh aring across the paths. The hashing algorithm used is based on the source[...]
-
Page 226
BLADEOS 6.5.2 Application Guid e 226 Chapter 15: Basic IP Routing BMD002 20, October 2010 Configuring ECMP St atic Routes T o configure ECMP static routes, add the same route multiple times, each with the same destin ation IP address, bu t with a differen t gateway IP address. Th ese routes become ECMP routes. 1. Add a static route (IP address,[...]
-
Page 227
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 15: Basic IP Routin g 227 Dynami c Host Configuration Protoc ol Dynamic Hos t Configur ation Protocol ( DHCP) is a tr ansport prot ocol that provides a framework for automatically assigning IP addresses and configuratio n information to other IP h osts or clients in a large T CP/I[...]
-
Page 228
BLADEOS 6.5.2 Application Guid e 228 Chapter 15: Basic IP Routing BMD002 20, October 2010 When a switch receives a UDP broadcast on por t 67 from a DHCP client re questing an IP addres s, the switch acts as a proxy for the client, replacing the client source IP (SIP) and destination IP (DIP) addresses. The req uest is then forwarded as a UDP Un[...]
-
Page 229
BMD00220 , October 2010 229 C HAPTER 16 Internet Protocol V ersion 6 Internet P rotocol v ersion 6 (IP v6) is a networ k layer pro tocol inten ded to expand the network address space. IPv6 is a robust and ex pandable protocol that meets the need for increased ph ysical address sp ace. The switch supports the following RFCs for I Pv6-related feature[...]
-
Page 230
BLADEOS 6.5.2 Application Guid e 230 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010 IPv6 Limi t ations The following IPv6 featur es are not suppo rted in this release. Dynami c Host Co ntro l Pr otoco l for IPv6 (D HCPv6 ) Border Ga teway P rotocol for IPv6 ( BGP) Routing In formation P rotocol f or IPv6 ( RIPng) [...]
-
Page 231
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 16: Internet Protoco l V e rsion 6 23 1 IPv6 Addr ess Form at The IPv6 address is 128 bits (16 bytes) long and is rep resented as a s equence of eigh t 16-bit hex val ue s, s epara ted by colo ns. Each IPv6 address has t wo parts: Subnet prefix r epresenting the network to whi[...]
-
Page 232
BLADEOS 6.5.2 Application Guid e 232 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010 IPv6 Addr ess T ype s IPv6 supp orts three types of add resses: unicas t (one-to- one), multicas t (one-to-m any), and any cast (one-to-nearest). Multicast addresses replace the use o f broadcast addresses. Unicast Address Unicast is a communi[...]
-
Page 233
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 16: Internet Protoco l V e rsion 6 23 3 Anycast Packets sent to an an ycast address or list of addresses are delivered to the nearest interface identified by that address . Anycast is a communication between a single sender and a list of addresses. Anycast addresses ar e allocated[...]
-
Page 234
BLADEOS 6.5.2 Application Guid e 234 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010 IPv6 Interf aces Each IPv6 interface supports multiple IPv6 addresses. Y o u can manually configure up to two IPv6 addresses for each interface, or you can allow the switch to use s tateless autoconfiguration . Y ou can manually configure two [...]
-
Page 235
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 16: Internet Protoco l V e rsion 6 23 5 Neighb or D iscover y Neighbor Discov ery Overvi ew The switc h uses Neigh bor Disco very protocol (ND) to g ather informatio n about o ther router and host nod es, including the IPv6 addres ses. Host nodes use ND to configure their interfac[...]
-
Page 236
BLADEOS 6.5.2 Application Guid e 236 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010 Host vs. Router Each IPv6 interface can be configure d as a router node or a host no de, as follows: A router node’ s IP address is configured manually . Router nodes can send Ro uter Advertisements. A host node’ s IP address is au[...]
-
Page 237
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 16: Internet Protoco l V e rsion 6 23 7 Support ed Applications The following ap plications have been enhanced to provide I Pv6 support. Ping The ping command supports IPv6 addr esses. Use th e followin g format to ping an IPv 6 address: ping <hos t name > | <IPv6 add[...]
-
Page 238
BLADEOS 6.5.2 Application Guid e 238 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010 SSH Secure Sh ell (SSH) connections ov er IPv6 are sup ported. Th e following s yntax is requ ired from the client: ssh -u <IPv 6 addr ess> Example: ssh -u 2001:2:3:4:0:0:0:142 TFTP The TFTP commands support both I Pv4 and IPv6 a[...]
-
Page 239
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 16: Internet Protoco l V e rsion 6 23 9 Configurati on Guidelines When you conf igure an interface fo r IPv6, consider the following guidelines: IPv6 on ly supports static rout es. Support for subnet router anycast addresses is not available. A single interface can acc[...]
-
Page 240
BLADEOS 6.5.2 Application Guid e 240 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010 IPv6 Configur ation Exam ples This sect ion provi des steps to configur e IPv6 on th e switch. IPv6 Example 1 The following example us es IPv6 h ost mode to autoco nfig ure an IPv6 addr ess for the interface. B y default, the interface is assi[...]
-
Page 241
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 16: Internet Protoco l V e rsion 6 24 1 2. Configure the IPv6 def ault gateway . 3. Configure Neighbor Discovery adv ertisements for the interf ace (optional) 4. V erify the config uration. RS G8124(config)# ip gateway6 1 address 2001:BA98:7654:BA98:FEDC:1234:ABCD:541 2 RS G8124(c[...]
-
Page 242
BLADEOS 6.5.2 Application Guid e 242 Chapter 16: Internet Pro tocol Vers ion 6 BMD002 20, October 2010[...]
-
Page 243
BMD00220 , October 2010 243 C HAPTER 17 Routing Information Protocol In a routed environment, routers communicate with one another to keep track of av ailable routes. Routers can learn abo ut available routes dynamically using th e Ro uting In formation Protocol (RIP). BLADEOS s oftware supports RIP versi on 1 (RI Pv1) and RIP version 2 (RIPv2) f o[...]
-
Page 244
BLADEOS 6.5.2 Application Guid e 244 Chapter 17: Routin g Information Protocol BMD00220 , October 2010 Routing Up dates RIP sends routing- update messages at r egular intervals and when the network top ology changes. Each router “ad vertises” r outing informat ion by sen ding a routi ng informatio n update every 30 seconds. If a router does[...]
-
Page 245
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 17: Routin g Informat ion Protoco l 245 RIPv2 in RIPv1 Comp atibility Mod e BLADEOS allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 r outers withi n a network. I n this mod e, the regular routing u pdates use b roadcast UDP dat a packet to [...]
-
Page 246
BLADEOS 6.5.2 Application Guid e 246 Chapter 17: Routin g Information Protocol BMD00220 , October 2010 Default The RIP r outer can li sten and su pply a defaul t route, u sually represen ted as IPv4 0.0.0.0 in t he routing table. When a router does not have an explicit route to a destination net work in it s rou tin g table, it uses the default[...]
-
Page 247
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 17: Routin g Informat ion Protoco l 247 RIP Configuratio n Example Note – A n interface RIP disabled uses all the default values of the RIP , no matter how the RIP parameters are config ured for that interf ace. RIP sends out RIP regular upda tes to include a n UP interface, but[...]
-
Page 248
BLADEOS 6.5.2 Application Guid e 248 Chapter 17: Routin g Information Protocol BMD00220 , October 2010 Use the following comman d to check the cur rent valid routes in the ro uting table of the switch: For those RIP routes learned within the garbage collection period, that are r outes phasing out of the routing table with metric 16, use the fol[...]
-
Page 249
BMD00220 , October 2010 249 C HAPTER 18 Internet Group Management Protocol Internet G roup Management Protocol (IGMP ) is used by IPv4 Multicas t routers to learn about t he existence of hos t group member s on their directly attached subn et (see RFC 2236). The IPv4 Multicast routers get th is information by b roadcasting IGMP Membership Queries a[...]
-
Page 250
BLADEOS 6.5.2 Application Guid e 250 Chapter 18: Internet G roup Man agement Pro tocol BMD00220 , October 2010 IGMP Snoo ping IGMP Snooping allows the swi tch to forward multicas t traffic only to those ports that request it. IGMP Snooping prevents mu lticast traf fic from being flood ed to all po rts. The s witch learn s which server ho sts ar[...]
-
Page 251
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 18: Inte rnet Group Managem ent Protoco l 251 IGMP G roups The G8124 s upports a m aximum of 100 0 IGMP entr ies, on a maximum of 102 4 VLANs. One IGMP entry is allocated for each uniqu e join request, b ased on the VLAN and IGMP gro up address. If multiple ports join the same IGM[...]
-
Page 252
BLADEOS 6.5.2 Application Guid e 252 Chapter 18: Internet G roup Man agement Pro tocol BMD00220 , October 2010 The switch supports the following IGMPv3 filter modes: INCLUDE mode: The host requests membership to a mul ticast g r oup and provides a list of IPv4 addresses fr om which it wants to receive traf fic. EXCLUDE mode: The host re[...]
-
Page 253
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 18: Inte rnet Group Managem ent Protoco l 253 IGMP Snooping Configuration Example This sect ion provi des steps to configur e IGMP Snoo ping on th e switch. 1. Configure port and VLAN membership on the switch . 2. Add VLANs to IGMP Snooping. 3. Enable IGMP v3 Snoo ping (optio nal)[...]
-
Page 254
BLADEOS 6.5.2 Application Guid e 254 Chapter 18: Internet G roup Man agement Pro tocol BMD00220 , October 2010 St atic Multicast Router A static multicast router (Mrou ter) can be co nfig ured for a par ticular port on a par t icular VLAN. A static Mrouter does not have to be learned through IGMP Snooping . Any data port can accept a static Mro[...]
-
Page 255
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 18: Inte rnet Group Managem ent Protoco l 255 IGMP Queri er IGMP Querier allows the switch to perform th e multicast router (Mrouter) role and provide Mrouter discovery when the netw ork or virtual LAN (VLAN) do es not have a router . When IGMP Querier is enab led on a VLAN, the s[...]
-
Page 256
BLADEOS 6.5.2 Application Guid e 256 Chapter 18: Internet G roup Man agement Pro tocol BMD00220 , October 2010 IGMP Filte ring W ith IGMP Filtering, you can allow or deny a port to send and receive multicast traf fic to certain multicast groups. Unauthorized users are rest ricted from streaming mu lticast traffic across the net work. If access [...]
-
Page 257
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 18: Inte rnet Group Managem ent Protoco l 257 Configure IGMP Filteri ng 1. Enable IGMP Filtering on the switch. 2. Define an IGMP filter with IPv4 information. 3. Assign the IGMP filter to a port. > ># ip igmp filtering > ># ip igmp profile 1 range 224.0.0.0 226.0.0.0 [...]
-
Page 258
BLADEOS 6.5.2 Application Guid e 258 Chapter 18: Internet G roup Man agement Pro tocol BMD00220 , October 2010[...]
-
Page 259
BMD00220 , October 2010 259 C HAPTER 19 Border Ga teway Protocol Border Gat eway Protocol (BGP) is a n Internet prot ocol that enab les routers on an IPv4 network to share and advertise routing infor mation with each other ab out the segments of the IPv4 address space they can access within their network and with rout ers on extern al networks. B G[...]
-
Page 260
BLADEOS 6.5.2 Application Guid e 260 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010 Intern al Routing V ersus Exte rnal Routing T o ensure effective process ing of network traf fic, every router on your network needs to know how to send a packet (directly or indirectly) to any other location/destination in your network. This is r[...]
-
Page 261
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 19: Border Gatew ay Protocol 261 Formin g BGP Peer Routers T wo BGP routers becom e peers or neighbo rs once you establish a TCP connection between them. For each new r oute, if a peer is interested in that route (for ex ample, if a peer would like to receive your static routes an[...]
-
Page 262
BLADEOS 6.5.2 Application Guid e 262 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010 Figure 27 Distributin g Network Filters in Access Lists and Route Maps Incoming and Outgoing Route Maps Y o u can have two t ypes of ro ute maps: incomi ng and outg oing. A BGP p eer router can be configured t o support up to eight rou te maps in [...]
-
Page 263
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 19: Border Gatew ay Protocol 263 Precedence Y ou can s et a priority to a route map by specifying a precedence v alue with the following command (Route Map mode): The smaller the valu e the higher the precedence. If two route maps have the same precedence value, the smaller numb e[...]
-
Page 264
BLADEOS 6.5.2 Application Guid e 264 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010 4. Set up the BGP attributes. If you want to overwrite the attributes that the peer ro uter is sending, then define the following BGP attributes: Specify the AS number s that you want to prepe nd to a matched route and the local preference for[...]
-
Page 265
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 19: Border Gatew ay Protocol 265 Aggregati ng Routes Aggregation is the pr ocess of combining s everal diff erent routes in such a way th at a single route can be advertised, wh ich minimizes the size of the routing table. Y ou can con figure aggregate routes in BGP either by redi[...]
-
Page 266
BLADEOS 6.5.2 Application Guid e 266 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010 BGP Attributes The following two BGP attributes are discussed in th is section: Local preference and metric (Multi-Exit Discriminator). Local Prefer ence Attribute When there are multiple paths to the same destinatio n, the local preference attrib[...]
-
Page 267
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 19: Border Gatew ay Protocol 267 Selecting Rou te Paths in BGP BGP sel ects only one path as t he best path . It does no t rely on me tric attribut es to determi ne the best path. When the sam e network is learned via mo re than one BGP peer , B GP uses its policy for selecting th[...]
-
Page 268
BLADEOS 6.5.2 Application Guid e 268 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010 BGP Failover Configurati on Use the following example to create redundant d efault gateways for a G812 4 at a W eb Host/ISP site, eliminating the possi bility , sh ould one gateway go down, that requests will b e forwarded to an upstream ro uter u[...]
-
Page 269
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 19: Border Gatew ay Protocol 269 1. Define the VLANs. For simplicity , both default gateways are con figured in the same VLAN in th is example. The gateways could be in the same VLAN or dif ferent VLANs . 2. Define the IP interfaces with IPv4 addresses. The switch will need an IP [...]
-
Page 270
BLADEOS 6.5.2 Application Guid e 270 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010 Default Re distribution a nd Route Aggregation Example This example shows you how to configure the switch to redistribute information from one routing protocol to an other and create an aggr egate route entry in the BGP routing table to minimize t[...]
-
Page 271
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 19: Border Gatew ay Protocol 271 3. Configure internal peer router 1 and external peer rou ter 2 with IPv4 addres ses. 4. Configure redistribut ion for P eer 1. 5. Config ure aggr egat ion pol i cy contro l. Configure the IPv4 ro utes that you want aggregated . > ># router b[...]
-
Page 272
BLADEOS 6.5.2 Application Guid e 272 Chapter 19: Border Ga teway Protoc ol BMD00220 , October 2010[...]
-
Page 273
BMD00220 , October 2010 273 C HAPTER 20 OSPF BLADEOS s upports the Open Shorte st Path Fi rst (OSP F) routing p rotocol. The BLADEOS implementation conforms to the OS PF v ersion 2 specifications detailed in Internet RFC 158 3, and OSPF v ersion 3 sp ecifications in RFC 2740 . The followi ng section s discuss O SPF suppor t for the RackSwitch G8124[...]
-
Page 274
BLADEOS 6.5.2 Application Guid e 274 Chapter 20: OSPF BMD00220 , October 2010 T ypes o f OSPF Area s An AS can be b roken into logi cal units kno wn as ar eas . In any AS with multiple areas, one area must be des ignated as area 0 , kno wn as the ba ckbone . The backbone acts as the central OSPF area. All other areas in th e AS must be connecte[...]
-
Page 275
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 275 T ypes o f OSPF Routing Devices As sh own in Figure 3 1 , OSPF uses the fo llowing typ es of r outing dev ices: Internal Router (IR )—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routing devices wit[...]
-
Page 276
BLADEOS 6.5.2 Application Guid e 276 Chapter 20: OSPF BMD00220 , October 2010 Neighbors and Adjacencies In areas with two or more routing devices, ne ighbors an d adjacencies are for med. Neighb ors are rou ting devices that maintain infor mation about each o thers’ health. T o establish neighbor r elationships, routing d evices periodically [...]
-
Page 277
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 277 The Shortest Path First T ree The routing devices use a link- state algorithm (Dijkstra’ s algorithm) to calculate the shortest path to all known destinatio ns, based on th e cumulativ e cost required to reach the destination. The cost of an individu al interface in[...]
-
Page 278
BLADEOS 6.5.2 Application Guid e 278 Chapter 20: OSPF BMD00220 , October 2010 OSPFv2 Implement ation in BLADEOS BLA DE OS supports a single inst ance of OSPF and u p to 4K ro utes on th e network. The fo llowing sections describe OSP F implementatio n in BL ADE OS: “Configurab le P arameters” o n page 278 “Defining Areas” on p a[...]
-
Page 279
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 279 Defining Areas If you are configuring multip le areas in your OSP F domain, one of the areas must be designated as area 0, known as the backbone . The backbone is the central OSPF area and is usually phys ically connected to all oth er areas. The areas inject routing [...]
-
Page 280
BLADEOS 6.5.2 Application Guid e 280 Chapter 20: OSPF BMD00220 , October 2010 Using the A rea ID to Assign the OSPF Ar ea Number The OSPF area number is defin ed in the areaid <IP addr ess> option. The octet format is used in order to be co mpatible with two different sy stems of no tation used by oth er OSPF network ven dors. There are t[...]
-
Page 281
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 281 Interface Cost The OSPF link-state algorithm (Dijkstra’ s algorithm) places each routing dev ice at the root of a tree and determines the cumul ative cost required to reach each des tination. Usually , the cost is inversely proportion al to the bandwidth of the inte[...]
-
Page 282
BLADEOS 6.5.2 Application Guid e 282 Chapter 20: OSPF BMD00220 , October 2010 Default Routes When an OSPF routing device encounters traf fic for a destination add ress it does not recognize, it forwards that traf fic along the d efault r oute . T ypically , the default route leads upstream toward the backbone u ntil it reaches the intended area[...]
-
Page 283
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 283 V irtual Lin ks Usually , all areas in an OSPF AS are physically connected to the backbone. In some c ases where this is not possible, yo u can use a virtual link . V irtual links are created to connect one ar ea to the backbone thr ough another non-backbon e area (se[...]
-
Page 284
BLADEOS 6.5.2 Application Guid e 284 Chapter 20: OSPF BMD00220 , October 2010 Authentication OSPF protocol exchanges can b e authenticated so that only trusted ro uting devices can participate. This ensures less pr ocessing on routing d evices that are not listening to OSPF packets. OSPF allows packet authentication and uses IP multicast when s[...]
-
Page 285
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 285 Configu ring P lain T ext O SPF Passwor ds T o configu re simple plain text OSPF passwords o n the switches shown in Figu re 33 us e the following commands: 1. Enable OSPF authentication for Area 0 on switches 1, 2 , and 3. 2. Configure a simple text password up to ei[...]
-
Page 286
BLADEOS 6.5.2 Application Guid e 286 Chapter 20: OSPF BMD00220 , October 2010 Confi gurin g MD5 Aut henticat ion Use the following commands to configure MD5 authentication on the switches sh own in Figure 33 : 1. Enable OSPF MD5 authentication for Area 0 on switches 1, 2, and 3. 2. Configure MD5 key ID fo r Area 0 on s witches 1 , 2, and 3. 3. [...]
-
Page 287
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 287 Host Routes for Load Balancing BLADEOS imp lementation of OSPF incl udes host r outes. Host ro utes are u sed for adver tising network device IP ad dresses to external network s, accomplishing the f ollowing goals: ABR Load Sharing As a form of load balancing, hos[...]
-
Page 288
BLADEOS 6.5.2 Application Guid e 288 Chapter 20: OSPF BMD00220 , October 2010 OSPFv2 Co nfiguration Examples A summary of the basic steps for configuring OSPF o n the G8124 is listed here. Detailed instructions for each of the steps is covered in the fo llowing sections: 1. Configure IP interfaces. One IP interface is req uired for each desired[...]
-
Page 289
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 289 Exam ple 1: Si mple OSPF Dom ain In this exampl e, two OSPF areas are defin ed—one area is the back bone and the other is a stub ar ea. A stub area does not allow advertisements of external routes, thus reducing the size of the database. Instead, a default s ummary [...]
-
Page 290
BLADEOS 6.5.2 Application Guid e 290 Chapter 20: OSPF BMD00220 , October 2010 3. Define t he backbone. The backbon e is always configured as a trans it area using areaid 0.0.0.0 . 4. Define the stub a rea. 5. Attach the network interf ace to the backbone. 6. Attach the network interf ace to the stub area. RS G8124(config-router-ospf)# area 0 a [...]
-
Page 291
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 291 Example 2: V irtual Links In the ex ample shown in Figure 3 5 , area 2 is not physically connected to the backbone as is usually required. Instead, area 2 will be connected to the backbone v ia a virtual link throug h area 1. The virtual link mus t be configured at ea[...]
-
Page 292
BLADEOS 6.5.2 Application Guid e 292 Chapter 20: OSPF BMD00220 , October 2010 3. Enable OSPF . 4. Define t he backbone. 5. Define the transit area. The area that contains the virtual link must be configured as a transit area. 6. Attach the network interf ace to the backbone. 7. Attach the network interf ace to the transit area. 8. Configure the[...]
-
Page 293
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 293 Configuring OSPF fo r a V irtual Li nk on Switc h #2 1. Configure IP interfaces on each network that will be attached to OSPF areas. In this exampl e, two IP interfaces are needed: Interface 1 fo r the trans it area network on 10. 10.12.0 /24 Interface 2 fo r [...]
-
Page 294
BLADEOS 6.5.2 Application Guid e 294 Chapter 20: OSPF BMD00220 , October 2010 6. Define the stub a rea. 7. Attach the network interf ace to the backbone. 8. Attach the network interf ace to the transit area. 9. Configure the virtu al link. The nbr router I D configu red in th is step must b e the sa me as the ro uter ID th at was configu red fo[...]
-
Page 295
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 295 Example 3 : S ummarizing Routes By default, ABRs adv ertise all the network addresses from one area into ano ther area. Route summarization can be u sed for consol idating advertised addres ses and reducing the p erceived complexity of the network. If network I P ad d[...]
-
Page 296
BLADEOS 6.5.2 Application Guid e 296 Chapter 20: OSPF BMD00220 , October 2010 2. Enable OSPF . 3. Define t he backbone. 4. Define the stub a rea. 5. Attach the network interf ace to the backbone. 6. Attach the network interf ace to the stub area. 7. Configure route summarization by specifying the st arting address and mask of the range of addre[...]
-
Page 297
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 297 8. Use the hide com mand to prevent a rang e of addresses from advertising to th e backbone. V erifying OSPF Configu ration Use the following commands to verify the OSPF configuration on your switch: show ip ospf show ip ospf neighbor show ip ospf database[...]
-
Page 298
BLADEOS 6.5.2 Application Guid e 298 Chapter 20: OSPF BMD00220 , October 2010 OSPFv3 Implement ation in BLADEOS OSPF v ersion 3 i s based on O SPF version 2, but has been modified to suppor t IPv6 addres sing. In most o ther ways, OSP Fv3 is simi lar to OSPFv2 : They bo th have the same p acket types an d interfaces, and both use the same mecha[...]
-
Page 299
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 299 OSPFv3 U ses Indepe ndent Com mand Paths Though OSPFv3 and OSPFv2 are very s imilar , they are configured indepen dently . They each have their own s eparate menu s in the C LI, and their ow n command pa ths in the I SCLI. OSPFv3 ba se menus and comm and paths are loc[...]
-
Page 300
BLADEOS 6.5.2 Application Guid e 300 Chapter 20: OSPF BMD00220 , October 2010 OSPFv3 Limit ations BLADEOS 6 .5 does not currently supp ort the fol lowing OS PFv3 featur es: Multiple instance s of OSPF v3 on one IPv6 lin k. Authentication via IPv6 Security (IPsec) OSPFv3 Configuration Exampl e The following example dep icts the OSPFv3 eq[...]
-
Page 301
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 20: OSPF 301 2. Enable OSPFv3. This is equivalent to the OSPFv2 enable option in the router ospf co mma nd path . 3. Define t he backbone. This is identical to OSPFv2 configuration. 4. Define the stub a rea. This is identical to OSPFv2 configuration. 5. Attach the network interf a[...]
-
Page 302
BLADEOS 6.5.2 Application Guid e 302 Chapter 20: OSPF BMD00220 , October 2010 7. Configure route summarization by specifying the starting address and prefix length of th e range of addresses to be summarized. This dif fers from OSPFv2 only in that the OSPFv3 command p ath is used, and the address and prefix are specified in IPv6 format. 8. Use [...]
-
Page 303
BMD00220 , October 2010 303 C HAPTER 21 Protocol Independent Multicast BLADEOS sup ports Protocol Independen t Multicast (PIM) in Sparse Mode (P IM-SM) and Den se Mode (PIM- DM). Note – BLADEOS 6.5 does n ot support IPv6 for P IM. The following sections discuss PIM suppo rt for the RackSwitch G8124: “PIM Overview” on page 303 “Suppo[...]
-
Page 304
BLADEOS 6.5.2 Application Guid e 304 Chapter 21: Protocol Independe nt Multic ast BMD002 20, October 2010 PIM-SM is a reverse-path routing mechanism. Client receiver station s advertise their willingness to join a multicast group. The local routing an d switching devices collect multicas t routing information and forward the request toward the [...]
-
Page 305
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 21: Pro tocol Ind ependent Multicast 305 The following PIM modes and features are no t currently supported in BLAD EO S 6.5: Hybrid Sparse-Dense Mode (PIM-S M/DM). Sparse Mode and D ense Mode ma y be config ured on separate IP interfaces on the switch, but are not cur rently s[...]
-
Page 306
BLADEOS 6.5.2 Application Guid e 306 Chapter 21: Protocol Independe nt Multic ast BMD002 20, October 2010 Defining a PIM Network Component The G8124 can be attached to a maximu m of two independent PIM n etwork components. Each component rep resents a dif ferent PIM network, and can be defin ed fo r either PIM-SM or PIM-DM operation. Basic PIM [...]
-
Page 307
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 21: Pro tocol Ind ependent Multicast 307 PIM Neighbor F ilters The G8124 accep ts connection to up to 72 PIM interfaces. By default, th e switch accepts all PIM neighbors attached to the PIM-enabled interfaces, up to the maximum number . Once the maximum is reached, the switch wil[...]
-
Page 308
BLADEOS 6.5.2 Application Guid e 308 Chapter 21: Protocol Independe nt Multic ast BMD002 20, October 2010 Addition al Sp arse Mode Settings Spec ifying the Rendezvous Point Using PIM-SM, at least one PIM-capable router must be a candidate for use as a Rendezvous Point (RP) for any given multicast group. If desired, the G812 4 can act as an RP c[...]
-
Page 309
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 21: Pro tocol Ind ependent Multicast 309 Influencing the Designated Router Sele ction Using PIM-SM, All PIM-enabled I P interfaces are cons idered as potential Designate R outers (DR ) for their dom ain. By default, the interface with the highest IP addr ess on the domain is selec[...]
-
Page 310
BLADEOS 6.5.2 Application Guid e 310 Chapter 21: Protocol Independe nt Multic ast BMD002 20, October 2010 Using PIM w ith Other Featur es PIM with ACLs or VMAPs If using ACLs or VMAPs , be sure to p ermit traf fic for local hosts and r outers. PIM with IGMP If using IGMP (see “Internet Grou p Management Pro tocol” o n page 249 ): IGMP s[...]
-
Page 311
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapt er 21: Protoc ol Indepe ndent Mult icast 31 1 PIM Con figuration Examples Example 1: PIM-SM with Dynamic RP This example configu res PIM Sparse Mode for on e IP interface, with the switch acting as a candidate for d ynamic Rendezvous Point (R P) selection. 1. Globally enable the PIM[...]
-
Page 312
BLADEOS 6.5.2 Application Guid e 312 Chapter 21: Protocol Independe nt Multic ast BMD002 20, October 2010 Example 2: PIM-SM with S t atic RP The following commands can be us ed to mod ify the prio r examp le configu ration to us e a static RP: Where 225.1 .0.0 255 .255.0. 0 is the mu lticast gro up base add ress and mask, and 1 0.10.1. 1 is the[...]
-
Page 313
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 21: Pro tocol Ind ependent Multicast 313 1. Configure the PIM-SM component as sh own in the prior examp les, or if using PIM-DM independently , enable the PIM feature. 2. Configure a PIM component and set the PIM mode: 3. Define an IP interface f or use with PIM: 4. Enable PIM on [...]
-
Page 314
BLADEOS 6.5.2 Application Guid e 314 Chapter 21: Protocol Independe nt Multic ast BMD002 20, October 2010[...]
-
Page 315
BMD00220 , October 2010 315 Part 6: High A vailability Fundament als Internet traf f ic consists of m yriad services and app l ications which us e the Intern et Protoco l (I P) for data delivery . However, IP is not optimized for all the various applications. High A vailabi lity goes beyond IP and makes intellig ent switchin g decisions t o provide[...]
-
Page 316
BLADEOS 6.5.2 Application Guid e 316 : High Ava ilability Fu ndamenta ls BMD00220 , October 2010[...]
-
Page 317
BMD00220 , October 2010 317 C HAPTER 22 Basic Redundancy BLADEOS 6.5 i ncludes vario us features f or providing basic link or d evice redund ancy: “T runk ing for Link R edundancy” on page 317 “Hot Lin ks” on page 318 “Active MultiPath Protocol” on page 320 T r unking for L ink Redundancy Multiple s witch port s can be combi[...]
-
Page 318
BLADEOS 6.5.2 Application Guid e 318 Chapter 22: Basic Red undancy BMD00220 , October 2010 Hot Links For netw ork topologi es that re quire Spanni ng T ree to be turned of f, Hot Li nks provid es basic lin k redundancy with fas t recovery . Hot Links consists of up to 25 triggers. A trigg er consists of a pair o f layer 2 interfaces, each conta[...]
-
Page 319
BLADEOS 6.5.2 Applicat ion Guide BMD00 220, October 2010 Chapter 22: Basi c Redunda ncy 31 9 Configuration Gui delines The follo wing configu ration guidel ines apply t o Hot links : Ports that are con figured as Hot Link interfaces must have STP disabled. When Hot Links is turned on, MSTP , RSTP , and PVRST must be tu rned of f. Wh[...]
-
Page 320
BLADEOS 6.5.2 Application Guid e 320 Chapter 22: Basic Red undancy BMD00220 , October 2010 Active MultiPa th Protocol Active MultiPath Protocol (AMP) allows y ou to con nect three switches in a loop topology , and load-balance traf fic across all uplinks (no blocking). When an AMP link fails, upstream communication co ntinues over the remainin [...]
-
Page 321
BLADEOS 6.5.2 Applicat ion Guide BMD00 220, October 2010 Chapter 22: Basi c Redunda ncy 32 1 When the A MP l o op is br oken, the STP po rt s tates are set to f orw ard ing or blocking , dependin g o n the switch priority and port/trunk precedence, as foll ows: An aggregator's port/trunk has higher precedence over an access switch&apos[...]
-
Page 322
BLADEOS 6.5.2 Application Guid e 322 Chapter 22: Basic Red undancy BMD00220 , October 2010 AMP port s canno t be u sed as mo nitori ng po rts i n a port-m irror ing c onfigurat ion. Do not c onfig ure AMP p orts as Layer 2 Failov er cont rol ports . For IGMP , IP-based multicast entries su pport only Layer 2 (MAC) based multicast fo[...]
-
Page 323
BLADEOS 6.5.2 Applicat ion Guide BMD00 220, October 2010 Chapter 22: Basi c Redunda ncy 32 3 Configuring an Access Swit ch Perform the follo wing steps to configure AMP on an access switch: 1. T urn of f Spanni ng T ree. 2. T urn AMP on. 3. Defi ne the AM P grou p l inks, and en able th e AMP g r oup. V eri fy ing AMP Operation Display AMP grou[...]
-
Page 324
BLADEOS 6.5.2 Application Guid e 324 Chapter 22: Basic Red undancy BMD00220 , October 2010[...]
-
Page 325
BMD00220 , October 2010 325 C HAPTER 23 Layer 2 Failover The primary application for Layer 2 Failover is to support Network Adapter T eaming. With Network Adapter T eaming, all the NIC s on each server share the same IP addr ess, and are configured into a team. One NIC is the pr imary link, and the o ther is a stand by link. For more details, refer[...]
-
Page 326
BLADEOS 6.5.2 Application Guid e 326 Chapter 23: Layer 2 F ailover BMD00220 , October 2010 Figur e 41 is a simple example of Layer 2 Failover . One G8124 is the primary , and the ot her is used as a backup. In this example, all ports on the primary switch belong to a single trunk group, with Layer 2 Failover enabled, and Failover Limit set to 2[...]
-
Page 327
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 23: Layer 2 F ailover 32 7 Manual ly Monitoring Po rt Links The Manual Monitor allows you to con figure a set of ports and/or trunks to monitor for link failures (a monitor list), and an other set of ports and/or tr unks to di sable when the trigger limit is reached (a control lis[...]
-
Page 328
BLADEOS 6.5.2 Application Guid e 328 Chapter 23: Layer 2 F ailover BMD00220 , October 2010 L2 Fai lover with O ther Fea tures L2 Fai lover w orks to ge ther with L i nk Aggr e gatio n Contr ol Pro t o col (L ACP) a nd with Sp annin g T ree Pr otocol (STP) , as described below . LACP Link Agg regation Cont rol Protocol al lows the sw itch to for[...]
-
Page 329
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 23: Layer 2 F ailover 32 9 Configu ring Layer 2 Failove r Use the following procedure to configu re a Layer 2 Failover Manual Moni tor . 1. Specify the links to mon itor . 2. Specify the links to dis able when the failover limit is reached. 3. Configure general Fai lover paramet e[...]
-
Page 330
BLADEOS 6.5.2 Application Guid e 330 Chapter 23: Layer 2 F ailover BMD00220 , October 2010[...]
-
Page 331
BMD00220 , October 2010 331 C HAPTER 24 V irtual Router Redundancy Protocol The BNT RackSwitch G8 124 (G8124) supports IPv 4 high-availability network to pologies through an enhanced i mplementati on of the V irtual Rout er Redundan cy Protocol ( VRRP). Note – BLADEOS 6.5 does n ot supp ort IPv6 fo r VRRP . The following topics are discussed in t[...]
-
Page 332
BLADEOS 6.5.2 Application Guid e 332 Chapter 24: Virtual Router Redun dancy Pro tocol BMD00220 , October 2010 VRRP O vervi ew In a high-availability network topology , no device can create a si ngle point-of-failure f or the network o r force a sing le point- of-failure to any other part o f the network . This means t hat your network will rema[...]
-
Page 333
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 24: V irtual Router Red undancy Proto col 33 3 Master and Backup V irtual Router W ithin each virtua l router , one VRRP router is selected to be the virtual rou ter master . See “Selecting t he Master VRRP Router” on page 334 for an explanation of the selection proces s. Note[...]
-
Page 334
BLADEOS 6.5.2 Application Guid e 334 Chapter 24: Virtual Router Redun dancy Pro tocol BMD00220 , October 2010 Selecting the Master VRRP Router Each VRRP router is configured with a priority b etween 1–254. A bidding process determines which VRRP router is or becomes the m aster—th e VRR P router with the highest priority . The master period[...]
-
Page 335
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 24: V irtual Router Red undancy Proto col 33 5 Active-Active Redundancy In an active-active co nfiguration, shown in Figu re 42 , two switches provide redund ancy for each other , with both active at the same time. Each switch processes traffic on a dif ferent subnet. When a failu[...]
-
Page 336
BLADEOS 6.5.2 Application Guid e 336 Chapter 24: Virtual Router Redun dancy Pro tocol BMD00220 , October 2010 BLADEOS Extensions to VRRP This section desc ribes VRRP enhancements that are imp lemented in BLADEOS. BLADEOS supports a tracking function that dynamically mod ifies the priority of a VR RP router , based on its current state. The obje[...]
-
Page 337
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 24: V irtual Router Red undancy Proto col 33 7 V irtual Router Deployment Considera tions Assigning VRRP V irtual Router ID During the software upgrade process, VRRP virtual router IDs will be automatically assig ned if failover is enabled on the switch. W hen configurin g virtual[...]
-
Page 338
BLADEOS 6.5.2 Application Guid e 338 Chapter 24: Virtual Router Redun dancy Pro tocol BMD00220 , October 2010 High A va ilabil ity Confi guration s Figur e 43 shows an example configu ration where two G812 4s are used as VRRP routers in an active-active configur ation. In this configuration, both switches respond to packets. Figure 43 Active-A [...]
-
Page 339
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 24: V irtual Router Red undancy Proto col 33 9 T ask 1: Configure G8124 1 1. Configure client and server interfaces. 2. Configure the default gateways. Each default gatew ay points t o a Layer 3 ro uter . 3. T urn on VRRP and configure two V irtual Interface Routers. RS G8124(conf[...]
-
Page 340
BLADEOS 6.5.2 Application Guid e 340 Chapter 24: Virtual Router Redun dancy Pro tocol BMD00220 , October 2010 4. Enable tracking on ports. Set the priority of V irtual Router 1 to 101, so that it becomes the Master . 5. Config ure por ts. 6. T urn of f Spann ing T ree Prot ocol global ly. RS G8124(config-vrrp)# virtual-router 1 track ports RS G[...]
-
Page 341
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 24: V irtual Router Red undancy Proto col 34 1 T ask 2: Configure G8124 2 1. Configure client and server interfaces. 2. Configure the default gateways. Each default gatew ay points t o a Layer 3 ro uter . 3. T urn on VRRP and configure two V irtual Interface Routers. RS G8124(conf[...]
-
Page 342
BLADEOS 6.5.2 Application Guid e 342 Chapter 24: Virtual Router Redun dancy Pro tocol BMD00220 , October 2010 4. Enable tracking on ports. Set the priority of V irtual Router 2 to 101, so that it becomes the Master . 5. Config ure por ts. 6. T urn of f Spann ing T ree Prot ocol global ly. RS G8124(config-vrrp)# virtual-router 1 track ports RS G[...]
-
Page 343
BMD00220 , October 2010 343 Part 7: Network Management[...]
-
Page 344
BLADEOS 6.5.2 Application Guid e 344 Part 7: Netwo rk Manage ment BMD00220 , October 2010[...]
-
Page 345
BMD00220 , October 2010 345 C HAPTER 25 Link Layer Discovery Protocol The BLADEOS software sup port Link Layer Discov ery Protocol ( LLDP). This chapter dis cusses the use and configurati on of LLDP on the switch: “LLDP Overvi ew” on page 345 “Enabli ng or Disa bli ng LLDP” on page 346 “LLDP Tran sm it Features” on page 347 [...]
-
Page 346
BLADEOS 6.5.2 Application Guid e 346 Chapter 25: Link La yer Disco very Protocol BMD00220 , October 2010 The LLDP inf ormation to be di stributed by the G 8124 ports, and t hat which has been col lected from other LLDP stations, is stored in the switch’ s Management Information Base (MIB). Network Management Systems (NMS) can use Simple Netwo[...]
-
Page 347
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 25: Link Lay er Discov ery Protocol 347 LLDP T ran smit Fea tures Numerous L LDP transmit options are available, including scheduled and minimu m transmit interval, expiration on remote systems, SN MP trap notification, and the types of information permitted to be shared. Sched ul[...]
-
Page 348
BLADEOS 6.5.2 Application Guid e 348 Chapter 25: Link La yer Disco very Protocol BMD00220 , October 2010 T ime-to-Live for T ransmitted Information The transmitted LLDP information is held by remote sy stems for a limited time. A time-to-live parameter allows the switch to determine how long the transm itted dat a should be held before it expir[...]
-
Page 349
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 25: Link Lay er Discov ery Protocol 349 If SNMP trap notification is enabled , the notification messages can also appear in the system lo g. This is enabled by default. T o change whether the SNMP trap notifications for LLDP events appear in the system log, use the following c omm[...]
-
Page 350
BLADEOS 6.5.2 Application Guid e 350 Chapter 25: Link La yer Disco very Protocol BMD00220 , October 2010 LLDP transmissions can also be con figured to enable o r disable inclusion of optional inf ormation, using the following command (Interf ace Port mode): where type is an LLDP information option from Ta b l e 2 4 : By default, all optional LL[...]
-
Page 351
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 25: Link Lay er Discov ery Protocol 351 LLDP Receive Features T ypes o f Informati on Received When the LLDP receive option is enabled on a port (see “Ena bling or Disa bling LLDP” on page 34 6 ), the port may receive the following inform ation from LLDP-capable r emote system[...]
-
Page 352
BLADEOS 6.5.2 Application Guid e 352 Chapter 25: Link La yer Disco very Protocol BMD00220 , October 2010 T o view detailed information for a remote device, specify the I ndex number as fo und in the summary . For examp le, in keeping with the samp le su m mary , to list details for the first remote device (with an Index v alue of 1), us e the f[...]
-
Page 353
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 25: Link Lay er Discov ery Protocol 353 LLDP Exampl e Config uration 1. T urn LLDP on glob ally . 2. Set the global LLDP timer features. 3. Set LLDP options for each p ort. 4. Enable syslog repo rt ing. 5. V e ri fy th e confi gur ation sett ings: 6. V iew remote device informatio[...]
-
Page 354
BLADEOS 6.5.2 Application Guid e 354 Chapter 25: Link La yer Disco very Protocol BMD00220 , October 2010[...]
-
Page 355
BMD00220 , October 2010 355 C HAPTER 26 Simple Network Management Protocol BLADEOS p rovides Si mple Net work Managemen t Protocol (SNMP) vers ion 1, ve rsion 2, and version 3 su pport for access through any n etwork management sof tware, such as IBM Director or HP-OpenV iew . Note – SNMP read and write functions are enabled by default. For best [...]
-
Page 356
BLADEOS 6.5.2 Application Guid e 356 Chapter 26: Simple Ne twork Mana gement Prot ocol BMD00220 , October 2010 SNMP V ersion 3 SNMP vers ion 3 (SNMP v3) is an en hanced versio n of the Simp le Network Management Prot ocol, approved by the Internet Engineering Steering Group in March, 2002. SNMP v3 contains additional security and authentication[...]
-
Page 357
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 26: Simpl e Network Ma nagement Protocol 357 User Confi guration Example 1. T o configure a us er with name “admin,” authentication type MD5, and authen tication password of “admin,” privacy o ption DES with privacy password of “admin,” use the followin g CLI commands[...]
-
Page 358
BLADEOS 6.5.2 Application Guid e 358 Chapter 26: Simple Ne twork Mana gement Prot ocol BMD00220 , October 2010 Configuring SNMP T rap Host s SNMPv1 T rap Host 1. Configure a user with no authentication an d password. 2. Configure an access group and group table entries for the user . Use the following menu to specify which traps can be received[...]
-
Page 359
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 26: Simpl e Network Ma nagement Protocol 359 5. Use the communi ty table to specify which comm unity string is used in the trap. SNMPv2 T rap Host Configuration The SNMPv2 trap hos t configuration is sim ilar to the SNMPv1 trap hos t configuration. Wherev er you specif y the mode[...]
-
Page 360
BLADEOS 6.5.2 Application Guid e 360 Chapter 26: Simple Ne twork Mana gement Prot ocol BMD00220 , October 2010 SNMPv3 T rap Host Configuration T o configure a user for SNMP v3 traps, yo u can choose to send th e traps with b oth privacy and authentication, with authenticatio n only , or without privacy or authentication. This is configur ed in [...]
-
Page 361
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 26: Simpl e Network Ma nagement Protocol 361 SNMP MIBs The BLADEOS SNMP agent s upports SN MP version 3 . Security i s provided th rough SNMP community s trings. The defau lt community string s are “ public ” for SNMP GET op eration and “ private ” for SNMP SET operation.[...]
-
Page 362
BLADEOS 6.5.2 Application Guid e 362 Chapter 26: Simple Ne twork Mana gement Prot ocol BMD00220 , October 2010 The BLADEOS SNMP agent s upports the f ollowing generic traps as defined in RFC 1215: ColdStart Wa r m S t a r t LinkDown LinkUp AuthenticationFailure The SNMP agent also supp orts two Span ning T ree trap s as defi[...]
-
Page 363
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 26: Simpl e Network Ma nagement Protocol 363 altSwStgTopologyChanged Signifies that th ere was a STG topology change. altSwStgBlockingState An altSwStgBlockingState trap is sent when port state is changed in b locking state. altSwCistNewRoot Signifies that th e bridge has become [...]
-
Page 364
BLADEOS 6.5.2 Application Guid e 364 Chapter 26: Simple Ne twork Mana gement Prot ocol BMD00220 , October 2010 Switch I mages a nd Config uration Fi les This secti on descri bes how to us e MIB calls to work with swi tch images and configura tion files . Y ou can use a standar d SNMP tool to perform the actions , using the MIBs listed in Ta b l[...]
-
Page 365
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapte r 26: Simpl e Network Ma nagement Protocol 365 Loading a New Switch Imag e T o load a new switch image with th e name “ MyNewImage-1.img ” into image2 , follow the steps bel ow . This ex ample shows an FT P/ TF TP ser ver at IP v4 addr ess 19 2.1 68.10.10, t h oug h IP v 6 is a[...]
-
Page 366
BLADEOS 6.5.2 Application Guid e 366 Chapter 26: Simple Ne twork Mana gement Prot ocol BMD00220 , October 2010 Saving the Switch Config uration T o save the switch configuration to a FT P/TFTP server follow the steps below . This example shows a FTP/TF TP server at I Pv4 address 1 92.168.10 .10, though IPv6 is als o supported . 1. Set the FTP/T[...]
-
Page 367
BMD00220 , October 2010 367 Part 8: Monitoring The ability to monitor traffic passing through the G8124 can be invaluable for troublesh ooting some type s of net wor k ing pr obl e ms. Th is se ctio ns cov er the fol lowin g mon i tori ng fe a tures : Remote Monitoring (RMON) sFLO W Port M irro ring[...]
-
Page 368
BLADEOS 6.5.2 Application Guid e 368 Part 8: Monit oring BMD002 20, October 2010[...]
-
Page 369
BMD00220 , October 2010 369 C HAPTER 27 Remote Monitoring Remote Mo nitoring (RMO N) allows network devices to exchan ge network m onitoring d ata. RMON allows the switch to perform the following functions: T rack events an d trigger alarms when a threshold is reached. Notify administrators by issuing a syslog message or SNMP trap. RMON Ove[...]
-
Page 370
BLADEOS 6.5.2 Application Guid e 370 Chapter 27: Remote M onitoring BMD00220 , October 2010 RMON Group 1—S tatistics The switch supports collection of Ethernet st atisti cs as outlined in the RMON stati stics MIB, in reference to ether StatsT able. Y ou can configure RMON statistics on a per-p ort basis. RMON stat istics are s ampled every s [...]
-
Page 371
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 27: Remote Monitorin g 371 RMON Group 2—History The RMON History Group allows you to sample and ar chive Ethernet statistics for a specific interface during a specific time interval. History samplin g is done per port. Note – RMON port statistics must be enabled fo r the port [...]
-
Page 372
BLADEOS 6.5.2 Application Guid e 372 Chapter 27: Remote M onitoring BMD00220 , October 2010 Configuring RMON History Perform the following steps to configure RM ON Histo ry on a port. 1. Enable RMON on a port. 2. Configure the RMON His tory parameter s for a por t. where <x> is the number of the port to monitor . For example, the full OID[...]
-
Page 373
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Chapter 27: Remote Monitorin g 373 RMON Group 3—Alarms The RMON Al arm Group all ows you to d efine a set of thresholds used to determi ne network performance. When a con figured threshold is cro sse d, an alarm is g enerated. For example, you can configure th e switch to issue an alarm[...]
-
Page 374
BLADEOS 6.5.2 Application Guid e 374 Chapter 27: Remote M onitoring BMD00220 , October 2010 RMON Group 9—Event s The RMON Event Group allows y ou to d efine ev ents that are trigger ed b y alarms . An even t can b e a log message, an SNMP trap, or both. When an alarm is g enerated, it triggers a corresponding event notif ication. Use the foll[...]
-
Page 375
BMD00220 , October 2010 375 C HAPTER 28 sFLOW The G8124 s uppor ts sFlo w techno logy for monito ring tr af fic in data n etworks. Th e switc h incl udes an embedded sFlow agent which can be configured to p rovide cont inuous mon itoring infor mation of IPv4 traf fic to a central sFlow analyzer . The switch is res ponsible only for fo rwarding sFlo[...]
-
Page 376
BLADEOS 6.5.2 Application Guid e 376 Chapter 28: sFLOW BMD002 20, October 2010 sFlow sampling has the following restrictio ns : Sample Rate—The fastes t sFlow sample rate is 1 out of every 256 packets. ACLs—s Flow samplin g is perform ed before ACLs are processed . For ports co nfigured both with sFlow sampling and o ne or more ACLs[...]
-
Page 377
BMD00220 , October 2010 377 C HAPTER 29 Port Mirroring The BLADEOS port mirro ri ng feature al low s you t o m irror ( copy) the packets of a tar get por t, and forward them to a monitoring port. P ort mirroring function s for all layer 2 and layer 3 traf fic on a port. Thi s feature can be used as a tr oubleshooti ng tool or to enhance th e securi[...]
-
Page 378
BLADEOS 6.5.2 Application Guid e 378 Chapter 29: Port Mirrori ng BMD00220 , October 2010 The G8124 s upports three mon itor ports. Each monitor p ort can receive mirror ed traffic f rom any number of targ et ports. BLADEOS does not su pport “one to many” o r “many to many” mirro ring models wher e traffic from a specific port traf fic i[...]
-
Page 379
BMD00220 , October 2010 379 Part 9: Appendices[...]
-
Page 380
BLADEOS 6.5.2 Application Guid e 380 Part 9: Append ices BMD00220 , October 2010[...]
-
Page 381
BMD00220 , October 2010 381 A PPENDIX A Glossary CNA Conver ged Networ k Adapter . A device used fo r I/O cons olidation su ch as that in Conver ged Enhan ced Ethernet (C EE) environments implementing Fibre Chan nel over Ethernet (FCoE). The CNA performs the duties of both a Netw ork Interface Card (NIC) for Local Area Networks (LANs) and a Host Bu[...]
-
Page 382
BLADEOS 6.5.2 Application Guid e 382 Glossary BMD00220 , October 2010 T racki ng In VRRP , a method to increase the priority of a virtu al router and thus master design ation (with preem ption enable d). T racking can be very valuab le in an active/active configuration. Y ou can track the follo wing: Active IP interfaces on the W eb s witch[...]
-
Page 383
BMD00220 , October 2010 383 Index Symbols [ ] ............................ ........... ................. ............... 2 1 Numerics 802.1p QoS .............. ................. ................. ....... 193 802.1Q VLAN t agging .................... ............ . 9 0, 204 802.1Qa z ETS ............... ................. ................. .. 204 802[...]
-
Page 384
BLADEOS 6.5.2 Application Guid e 384 Index BMD00220 , October 2010 config urati on rules CEE ........... ................. ................. ............. 19 2 FCoE ............... ........... ................. ............. 19 1 Trunking ........... ................. ................. ....... 104 config uring BGP failover ................ ....[...]
-
Page 385
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Index 385 I IBM Director ................ ................. ............ ....... 355 IBM DirectorSNMP, IBM Director ................... .... 35 ICMP ................ ................. ................. ............... 7 6 IEEE standards 802.1D ....... ........... ................. .......[...]
-
Page 386
BLADEOS 6.5.2 Application Guid e 386 Index BMD00220 , October 2010 P packet size .................... ................. ................. .... 88 password adminis trator acc ount ..................... ......... 38, 68 defa ult .............. ................. ........... ......... 38, 68 user accoun t ....................... ................. .[...]
-
Page 387
BLADEOS 6.5.2 Applicat ion Guide BMD00220 , October 2010 Index 387 S SAN ............ ................. ................. ........... 189, 19 2 SecurID ................... ................. ........... ............... 6 1 security LDAP authentication ........... ................. ......... 73 port mirroring ............... ........... .........[...]
-
Page 388
BLADEOS 6.5.2 Application Guid e 388 Index BMD00220 , October 2010 VLANs .............. ........... ................. ................. .... 47 broa dca st dom ains ................... ............ ......... 87 defa ult PVI D ...................... ................. ......... 89 example showing multiple VLANs ............. .... 95 FCoE ........[...]