Extreme Networks 300-48 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198

Go to page of

A good user manual

The rules should oblige the seller to give the purchaser an operating instrucion of Extreme Networks 300-48, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.

What is an instruction?

The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Extreme Networks 300-48 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.

Unfortunately, only a few customers devote their time to read an instruction of Extreme Networks 300-48. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.

What should a perfect user manual contain?

First and foremost, an user manual of Extreme Networks 300-48 should contain:
- informations concerning technical data of Extreme Networks 300-48
- name of the manufacturer and a year of construction of the Extreme Networks 300-48 item
- rules of operation, control and maintenance of the Extreme Networks 300-48 item
- safety signs and mark certificates which confirm compatibility with appropriate standards

Why don't we read the manuals?

Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Extreme Networks 300-48 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Extreme Networks 300-48, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Extreme Networks service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Extreme Networks 300-48.

Why one should read the manuals?

It is mostly in the manuals where we will find the details concerning construction and possibility of the Extreme Networks 300-48 item, and its use of respective accessory, as well as information concerning all the functions and facilities.

After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.

Table of contents for the manual

  • Page 1

    Extreme N etworks , Inc. 3585 Mo nroe Stre et Santa Cl ara, Ca lif ornia 9505 1 (888) 257-3000 http://www .e xtremen etworks. com Summit 300-48 Switch Softw are User Guide Soft ware V ersion 6.2a Publishe d: September 2 003 P ar t number : 12300 7-00 Rev . 01[...]

  • Page 2

    2 ©2003 Extreme Networks, Inc. All rights reserved. Extr eme Networks, ExtremeW are, Alpine, and BlackDiamond are register ed trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions. ExtremeW are V ista, ExtremeW orks, ExtremeAssis t, Extre meAssist1, Extre meAssist2, PartnerAssis t, Extreme Standby Router Pr otoc[...]

  • Page 3

    Summit 300-48 Switch Software User Gu ide 3 Contents Pref ace Introductio n 15 Conventions 15 Related Publi cations 16 Chapter 1 Extreme W are Overview Summary of Featu res 17 Unified Access 18 V irtual LANs (VLANs) 18 Span ning T ree Protoc ol 18 Quality o f Service 19 Load Shar ing 19 ESRP-A war e Switches 19 Software Licen sing 19 Security Licen[...]

  • Page 4

    4 Summit 300-48 Switch Software User Guide Contents Configuring Management A ccess 28 User Account 29 Administrator Account 29 Default Accounts 29 Creating a M anagement Account 30 Domain Name S ervice Clie nt Services 31 Checking Bas ic Connectivity 32 Ping 32 Tr a c e r o u t e 32 Chapter 3 Managing the Switch Overvi ew 35 Using the Console Inter[...]

  • Page 5

    Summit 300-48 Switch Software User Gu ide 5 Contents Port Number ing 55 Enabling and Di sabling Switch Po rts 55 Configuring Switch Port Speed and Duplex Setting 56 Switch Port Commands 56 Load Shar ing on the Switch 57 Load-S haring Algor ithms 5 7 Configurin g Switch Lo ad Sharin g 58 Load-Sha ring Ex ample 59 V erifying the Load-Sharing Configur[...]

  • Page 6

    6 Summit 300-48 Switch Software User Guide Contents Configuring W ireless Port Interf aces 79 Managing W ireless Clients 80 Show Commands 80 Event Logging and Re porting 81 Chapter 7 Unifie d Access Security Overvi ew of Se curity 83 User Access Securit y 84 Authenticatio n 84 Privacy 85 Cipher Suites 85 Network Secur ity Policies 87 Policy De sign[...]

  • Page 7

    Summit 300-48 Switch Software User Gu ide 7 Contents Chapter 10 Acces s P olicies Overview of Access Policies 107 Access Control Lists 107 Rate Limits 107 Using Access Control Lists 107 Access Masks 108 Acce ss Li sts 108 Rate Limits 109 How Access Control Lists W ork 109 Access Mask Pr ecedence Numbers 1 10 Specif ying a Defau lt Rule 1 10 The per[...]

  • Page 8

    8 Summit 300-48 Switch Software User Guide Contents Port Statisti cs 135 Port Errors 136 Port Monitorin g Display Keys 137 Setting th e System Recovery Lev el 137 Logging 138 Local Log ging 139 Remote Lo gging 139 Logging Con figuratio n Changes 140 Logging Com mands 140 RMON 142 About RMON 142 RMON Features of th e Switch 142 Config uring RMON 143[...]

  • Page 9

    Summit 300-48 Switch Software User Gu ide 9 Contents Resetting a nd Disabling Route r Settings 163 Configuring DHCP/BOOTP Re lay 1 64 V erifying the DHCP/B OOTP Relay Con figuration 165 UDP-For wardi ng 165 Configurin g UDP-Forw arding 165 UDP-Forwar ding Example 166 ICMP Packet Processing 166 UDP-Forw ardi ng Commands 166 Appendix A S afety Inform[...]

  • Page 10

    10 Summit 300-48 Switch Software User Guide Contents Debu g T rac ing 187 TOP Command 187 Contacting Ext reme T echnical Support 187 Index Index of Commands[...]

  • Page 11

    Summit 300-48 Switch Software User Gu ide 11 Figures 1 Example of a port-bas ed VLAN on t he Summit 300 -48 swit ch 64 2 Single port -based VLAN spanni ng two swit ches 65 3 T wo port- based VL ANs spann ing two sw itches 66 4 Physical diagra m of tagged a nd untagged tra ffic 68 5 Logical diagra m of tagged and untagge d traffic 68 6 Sample integr[...]

  • Page 12

    12 Summit 300-48 Switch Software User Guide Figure s[...]

  • Page 13

    Summit 300-48 Switch Software User Gu ide 13 Ta b l e s 1 Notice Icons 15 2 Te x t C o n v e n t i o n s 1 6 3 Extr emeW are Summi t 300-48 F actory Defa ults 20 4 Command Syntax Sy mbols 25 5 Line-Editing Keys 25 6 Common Commands 26 7 Default Accou nts 29 8 DNS Co mmand s 31 9 Ping Comm and Param eters 32 10 SNMP Configuration Commands 41 11 RADI[...]

  • Page 14

    14 Summit 300-48 Switch Software User Guide Ta b l e s 34 Security Profile Command Pr operty V a lues 90 35 Per-Port LEDs 98 36 Power Over Ethernet Configuration Commands 98 37 PoE S how Comm ands 101 38 FDB Configura tion Comman ds 105 39 Access Control List Configuration Commands 1 13 40 T raffic T ype and QoS Guideli nes 123 41 QoS C onf igurat [...]

  • Page 15

    Summit 300-48 Switch Software User Gu ide 15 Pref ace This preface pr ovides an overview of this guide, describes guide co nventions, and lists other publ ica tions tha t may b e us eful. Introduction This guid e provides the required information t o install t he Summit™ 3 00-48 switch and con figure the ExtremeW are ™ s oftwar e running on t h[...]

  • Page 16

    16 Summit 300-48 Switch Software User Guide Preface Related Publications The publications related t o this one are: • Extr emeW are R elease No tes • Summit 30 0-48 Swi tch Release Notes Documentation for Extreme Networks products is availabl e on the W orld W ide W eb at t he following location: • http://w ww .ex tremenetwor ks.com / Caution[...]

  • Page 17

    Summit 300-48 Switch Software User Gu ide 17 1 ExtremeW are Ov er vie w This chapter describes the fol lowing topi cs: • Summar y of Fe atures on p age 17 • Security Licensin g on page 20 • Softwar e Factory De faults on page 20 ExtremeW are is the full-feature d software operating system that is designed to run on the Summit 300-48 switch. T[...]

  • Page 18

    18 Summit 300-48 Switch Software User Guide Extr emeW are Ov ervie w • SSH 2 conn ect ion • Simpl e Netwo rk Manage ment Protocol ( SNMP) supp ort • Remo te Moni toring (R MON) • T raffic mirroring for ports Unified Access The Summit 30 0-48 supports th e Unified Access architecture, enabling w ired and wireless applications across a comple[...]

  • Page 19

    Software Lice nsing Summit 300-48 Switch Software User Gu ide 19 Quali ty of Servic e Extr emeW are ha s Quality o f Service (QoS) fea tures that support IEEE 802.1 p, MAC QoS, and four queues. These feature s enable you to specify service levels for different tr affic gr oups. By default, all traffic is assigned the “no rmal” QoS policy profil[...]

  • Page 20

    20 Summit 300-48 Switch Software User Guide Extr emeW are Ov ervie w Secur ity Licensin g Certain additional Extr emeW are security feature s, such as the use of Secur e Shell (SSH2) encryption, may be under United States export r estriction control. Extrem e Networks ships these security features in a disabled state. Y ou can obtain information on[...]

  • Page 21

    Sof tw are F actory D ef ault s Summit 300-48 Switch Software User Gu ide 21 NO TE F or default settin gs of indi vidual E xtremeWare f eatures, see th e applic able individu al chapters in this guide. IP multic ast routin g Disa bled IGMP Enabl ed IGMP sn ooping Disa bled SNTP Disa bled DNS Disa bled Port Mirroring Disa bled Wire less Enabled Ta b[...]

  • Page 22

    22 Summit 300-48 Switch Software User Guide Extr emeW are Ov ervie w[...]

  • Page 23

    Summit 300-48 Switch Software User Gu ide 23 2 Accessing the Switch This chapter describes the fol lowing topi cs: • Understand ing the Com mand Synta x on page 23 • Line-Editi ng Keys on page 25 • Comm and Hi story on pa ge 26 • Common Commands on page 26 • Configuring M anagement A ccess on page 28 • Domain Na me Service Client S ervi[...]

  • Page 24

    24 Summit 300-48 Switch Software User Guide Accessing the Switch Syntax Hel per The CLI has a built-in s yntax hel per . If you ar e unsur e of the complete synt ax for a particu lar comman d, enter as much of the command as possible and pres s [Return]. The syntax helper pr ovides a list of option s for the remain der of the comma nd. The syntax h[...]

  • Page 25

    Line-Editing K eys Summit 300-48 Switch Software User Gu ide 25 Names All na med c ompo nent s of th e swi tch c onfig urat ion mu st h ave a uniqu e name . Na mes mu st b egin with an alphabetica l character and are delimited by whites pace, unless enclosed in quotatio n marks. Symbol s Y ou may see a variety of symbols shown as part of the comman[...]

  • Page 26

    26 Summit 300-48 Switch Software User Guide Accessing the Switch Comma nd Hist or y ExtremeW are “r em embers” the last 49 commands you enter ed. Y ou can dis play a list of these commands by using the f ollowing com mand: history Common Comma nds T a ble 6 describes comm on commands used to manage the switch. Comm ands specific to a particular[...]

  • Page 27

    Common Commands Summit 300-48 Switch Software User Gu ide 27 confi g sys- reco very- level [non e | c rit ical | al l] Config ures a recov ery option for instance s where a n excepti on occurs in ExtremeW are. Specify one of t he follow ing: • none — Reco very withou t system reboot. • critical — Extreme Ware logs an error to the syslog, a [...]

  • Page 28

    28 Summit 300-48 Switch Software User Guide Accessing the Switch Configur ing Management Access ExtremeW are supports the following two levels of management: • User • Admini strat or In addition to the man agement levels, you can optional ly use an external RADIUS server to provide CLI comman d authori zation che cking for each co mmand. For mo[...]

  • Page 29

    Config uring Mana gement Access Summit 300-48 Switch Software User Gu ide 29 User Account A user -level account has viewing access to all manageable parameters, with the exception of: • User account database. • SNMP commu nity strings . A user -level account can use the ping command to test device rea chability , and cha nge the passwor d assig[...]

  • Page 30

    30 Summit 300-48 Switch Software User Guide Accessing the Switch Changing the Def ault P asswor d Default a ccounts do no t have passw ords assigned to them. Passwords must h ave a minim um of f our characte rs and can have a m aximum of 1 2 characters. NO TE User nam es and pas s words are cas e-sensiti ve . T o add a password to the default admi [...]

  • Page 31

    Domain Name Ser vice Client Services Summit 300-48 Switch Software User Gu ide 31 Viewin g Accounts T o view the accounts that have been created, you must have administrator privileges. Use the following command to see the accounts: show accounts Deleting an Account T o delete a account, you m ust have admini strator privileges. T o delete an accou[...]

  • Page 32

    32 Summit 300-48 Switch Software User Guide Accessing the Switch Chec king Basic Connectivity The switch offers the following commands for checking basic connectivity: • ping • traceroute Ping The ping com mand enables you to send Interne t Control Messa ge Protocol (ICMP) echo me ssages to a rem ot e I P d ev ic e . T h e ping command is ava i[...]

  • Page 33

    Checking Basic Con nectivity Summit 300-48 Switch Software User Gu ide 33 • from uses the specified source address in the ICMP packet. If not specified, the addr ess of the transmitting i nterface is used. • ttl configures the switch to trace up to the time-to-live n umber of the switch. • port uses the specified UDP port number .[...]

  • Page 34

    34 Summit 300-48 Switch Software User Guide Accessing the Switch[...]

  • Page 35

    Summit 300-48 Switch Software User Gu ide 35 3 Managing the Switch This chapter describes the fol lowing topi cs: • Overview on page 3 5 • Using the Con sole Interface o n page 36 • Using T eln et on page 36 • Using Secur e Shell 2 (SSH2) on page 39 • Using SN MP on page 40 • Authenticatin g Users on page 43 • Using ExtremeW are V ist[...]

  • Page 36

    36 Summit 300-48 Switch Software User Guide Managi ng the Switch Using the Console In terf ace The CLI built into the switch is a ccessible by way of the 9-pin, RS -232 port labeled cons ole , located on the front of the Summit 300-48 sw itch. After the connection h as been establ ished, you will see the switch prompt an d you can lo g in. Using T [...]

  • Page 37

    Using T elnet Summit 300-48 Switch Software User Gu ide 37 Y ou can enab le BOOTP on a per -VLAN ba sis by using t he following command: enable bootp vlan [<name> | all] By default, BOOTP is disabled on the de fault VLAN. T o enable the forwardi ng of BOOTP and D yna mic Hos t Conf igurat ion P ro tocol (DHCP) re quests , us e the fol lowi ng[...]

  • Page 38

    38 Summit 300-48 Switch Software User Guide Managi ng the Switch When you have successfully logged in to the switch, th e command-lin e prompt displays th e name of the switch in its prompt. 5 Assign an IP addr ess and subnetwork mask for the default VLAN by using the following command: config vlan <name> ipaddress <ipaddress> {<subn[...]

  • Page 39

    Using Secure Shell 2 (SSH2) Summit 300-48 Switch Software User Gu ide 39 Contr olling T elnet Access By default, T e lnet services are ena bled on the switch. T o display th e status of T eln et, use the following command: show management Y ou can choo se to disable T el net by using the f ollowing comm and: disable telnet T o re-en able T elnet on[...]

  • Page 40

    40 Summit 300-48 Switch Software User Guide Managi ng the Switch Y ou can specify a list of predefined clients that are allowed SSH2 access to the switch. T o do this, you must create an acce ss profile that con tains a l ist of allow ed IP addresses. For more informati on on creating access profiles, r efer to Chapter 10. Y o u c a n a l s o s p e[...]

  • Page 41

    Using SNMP Summit 300-48 Switch Software User Gu ide 41 Suppor ted MIBs In addition to priv ate MIBs, the switch supports the standa rd MIBs listed in Appendix B. Configuring SNMP Settings The followin g SNMP param eters can be configu red on the switch: • Authoriz ed trap rec eivers — A n a u t h o r i z e d t r a p r e c e i v e r c a n b e o[...]

  • Page 42

    42 Summit 300-48 Switch Software User Guide Managi ng the Switch Displa ying SNMP Settings T o display t he SNMP setting s configured on the sw itch, use the follo wing comm and: show management This comma nd displays the follow ing info rmation: • Enable/ disable st ate for T elnet, SSH2 , and SNMP , and web • SNM P commu nity strin gs • Aut[...]

  • Page 43

    Authenticating User s Summit 300-48 Switch Software User Gu ide 43 A uth enticating Us ers ExtremeW are provides a Radius client to authenticate sw itch admin us ers who login to the switch: RADIUS Client Remote Authenticatio n Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and centrally administrating access to network n[...]

  • Page 44

    44 Summit 300-48 Switch Software User Guide Managi ng the Switch RADIUS RFC 2138 Attri butes The RADIUS R FC 2138 opti onal attr ibutes suppo rted ar e as fol lows: • User -Name • User-Passw ord • Serv ic e-T ype • Login-IP-Host RADIUS Server Configurat ion Example (Meri t) Many implementa tions of RAD IUS server use the pub licly available[...]

  • Page 45

    Authenticating User s Summit 300-48 Switch Software User Gu ide 45 eric Password = "", Service-Type = Administrative Filter-Id = "unlim" albert Password = "password", Service-Type = Administrative Filter-Id = "unlim" samuel Password = "password", Service -Type = Administrative Filter-Id = "unli[...]

  • Page 46

    46 Summit 300-48 Switch Software User Guide Managi ng the Switch Filter-Id = "unlim" admin Password = "", Service-Type = Administrative Filter-Id = "unlim" eric Password = "", Service-Type = Administrative, Profile-Name = "" Filter-Id = "unlim" Extreme:Extreme-CLI-Authorization = Enabled a[...]

  • Page 47

    Using Extre meWare Vista Summit 300-48 Switch Software User Gu ide 47 Using ExtremeW are Vista The ExtremeW are V i sta™ device-management software that runs on the switch allows you to access the switch over a T CP/IP netw ork using a sta ndard web browser . Any p roperly configured standard web br owser that s upports fram es and JavaS cript (s[...]

  • Page 48

    48 Summit 300-48 Switch Software User Guide Managi ng the Switch • After downloading a newer version of the switch image, clear the browser disk and memory cache to see the updated menu screen s. Y ou must clear the cache while at the main ExtremeW are V ista Logon scr een, so that all underl ying .GIF files ar e updated. • Check for newer vers[...]

  • Page 49

    Using Extre meWare Vista Summit 300-48 Switch Software User Gu ide 49 T ask Frame The task fram e has two section s: menu buttons and submenu lin ks. The four task m enu buttons a re: • Configuratio n • Statisti cs • Support • Logout Below the task buttons are options. Opti ons are specific to the task butt on that yo u select. When you sel[...]

  • Page 50

    50 Summit 300-48 Switch Software User Guide Managi ng the Switch Status Messages Status messages ar e displayed at the top of the content frame. The four types of status messages are: • Inf orm ati on —Dis plays in formati on that is usefu l to kno w prior to, o r as a r esult of, chan ging conf igur ation opti ons. •W a r n i n g —Displays[...]

  • Page 51

    Using th e Simple N etwork Time P rotocol Summit 300-48 Switch Software User Gu ide 51 Do a GET When Co nfiguring a VLAN When configuri ng a VLAN using ExtremeW a re V ista , prior to editing th e VLAN configura tion, you must first cl ick the get button to ens ure that subsequent edits are applied to the correct VLAN. If you do not click the get b[...]

  • Page 52

    52 Summit 300-48 Switch Software User Guide Managi ng the Switch Once enabled, the switch sends out a periodic query to the NTP servers defined later (if configured) or listens to b roadcast NTP updates from the network. The netw ork time inf ormation is automat ically saved in to the on- board real-time clock. 4 If you would like this sw itch to u[...]

  • Page 53

    Using th e Simple N etwork Time P rotocol Summit 300-48 Switch Software User Gu ide 53 -9:00 -540 YST - Yuk on Standard -10:00 -6 00 AHST - Alaska-Hawaii Standard CAT - Central Alaska HST - Hawaii Standard -11:00 -6 60 NT - Nome -12:00 -7 20 IDLW - Inte rnation al Date Li ne West +1:00 +60 CET - Cen tral European FWT - Fren ch Winter MET - Middl e [...]

  • Page 54

    54 Summit 300-48 Switch Software User Guide Managi ng the Switch SNTP Configuration Commands T a ble 1 4 describes SNTP configuratio n commands. SNTP Example In this exam ple, the switch queries a specif ic NTP server and a b ackup NTP serv er . The swi tch is located in Cupertino, CA, and an update occurs every 20 minutes. The commands to configur[...]

  • Page 55

    Summit 300-48 Switch Software User Gu ide 55 4 Configur ing P or t s on a Switch This chapter describes the fol lowing topi cs: • Por t Numb erin g on p age 55 • Enabling a nd Disablin g Switch Ports on page 55 • Load Sha ring on the S witch on pa ge 57 • Switch Port-Mirroring on page 59 • Extreme Dis covery P rotocol on page 61 Po r t N [...]

  • Page 56

    56 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch Configuring Swit ch P or t Sp eed and Duplex Setting By default, the switch is co nfigured to use autonegotiatio n to determine the port speed a nd duplex setting for each port. Y ou can manu ally configure the duplex setting and the speed o f 10/100 Mbps ports. 10BASE-T [...]

  • Page 57

    Load Sh aring on th e Switch Summit 300-48 Switch Software User Gu ide 57 Load Shar in g on the Switch Load sharin g with s witches allows you to i ncrease bandwidth an d resiliency by us ing a group of ports to carry traffic in parallel between switches. The sh aring algorith m allows the switch to u se multiple ports as a s ingle logical po rt. F[...]

  • Page 58

    58 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch Y ou can conf igure the address-based load- sharing algo rithm on the Su mmit 300-48 switch. The address-based loa d-sharing alg orithm uses a ddressing informa tion to de termine which ph ysical port in the load-sharing group to use for forwar ding traf fic out of the sw[...]

  • Page 59

    Switch P or t-Mirroring Summit 300-48 Switch Software User Gu ide 59 • P o r t s o n t h e s w i t c h a r e d i v i d e d i n t o a m a x i m u m o f f i v e g r o u p s . • Port -based and roun d-robi n load s har ing algo rit hms do n ot ap pl y . • A r edundant l oad shar e group can on ly inclu de ports fr om the following ran ges: 1:1- [...]

  • Page 60

    60 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch Up to eight mirroring filters and one monitor port can be configured. Af ter a port has been specified as a monitor port, it cannot be used for any other function. NO TE F rame s that contain errors ar e not mirr ored. The mirror ed port alwa ys transmits tagged frames. T[...]

  • Page 61

    Extreme Discov er y Protocol Summit 300-48 Switch Software User Gu ide 61 P or t-Mirr oring Example The following example selects port 1:3 as the mirror port and sends all traf fic coming into or out of the switch on port 1:1 to the mirror port: enable mirroring to port 1:3 tagged config mirroring add port 1:1 Extreme Discov er y Protocol The Extr [...]

  • Page 62

    62 Summit 300-48 Switch Software User Guide Conf igu ring P orts on a Sw itch[...]

  • Page 63

    Summit 300-48 Switch Software User Gu ide 63 5 Vir tual LANs (VLANs) This chapter describes the fol lowing topi cs: • Overview of V irtual LANs on page 63 • T ypes of VLANs on page 64 • VLAN Names on page 69 • Configuring VL ANs on the S witch on page 70 • Displayin g VLAN Settin gs on p age 71 Setting up Virtual Local Area Networks (VLAN[...]

  • Page 64

    64 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) • VLANs ease the cha nge and movement of devices. W ith tradit ional netw orks, network administrators spend much o f their tim e dealing with moves and changes. If users move to a dif fer ent subnetwork, the addr esses of each endstation must be updated manual ly . T ypes of VLANs[...]

  • Page 65

    T ype s of VLANs Summit 300-48 Switch Software User Gu ide 65 Spanning Switches wi th P or t-Based VLANs T o create a port-b ased VLAN that span s two sw itches, you must do t wo things: 1 A s s i g n t h e p o r t o n e a c h s w i t c h t o t h e V L A N . 2 Cable the two switches together usin g one port on each switch per VLAN. Figure 2 illustr[...]

  • Page 66

    66 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) Figure 3 illu strates two VL ANs spanni ng two switches. On system 1, ports 1:12 through 1:24, and port 1:51 are p art o f VL AN Accounting ; ports 1 :37 thro ugh 1:48, a nd port 1:52 ar e part of VLAN Engin eering . O n s y s t e m 2 , a l l p o r t s o n s l o t 1 a r e p a r t o f[...]

  • Page 67

    T ype s of VLANs Summit 300-48 Switch Software User Gu ide 67 NO TE The use of 802.1Q tag ged packets ma y lead t o the appe arance of pa ck ets slight ly bigge r than the curre nt IEEE 802 .3/Ether net ma ximum of 1,518 bytes. This may aff ect p ack et error coun ters in o ther devices, and may also lead to connecti vity pr oblems if non- 802.1Q b[...]

  • Page 68

    68 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) Figure 4: Physical d iagram of tagged and untag ged traffic Figure 5 is a logical dia gram of the sam e network. Figure 5: Log ical dia gram of tagged and untagge d traffic In Figure 4 and Figure 5 : • The trunk port on each switch carries traf fic for both VLAN Mar keti ng and VLA[...]

  • Page 69

    VLAN Names Summit 300-48 Switch Software User Gu ide 69 • The server con nected to port 1 :16 on sys tem 1 has a NIC t hat supports 802.1Q taggi ng. • The server connected to port 1:16 on sys tem 1 is a member of both VLAN Marketin g and VLA N Sales . • All other stati ons use untagged tra ffic. As data passes out of the switch, the switch de[...]

  • Page 70

    70 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs) Renaming a VLAN T o ren ame an existing VLAN, use the followin g command: config vlan <old_name> name <new_name> The follow ing rules ap ply to renaming VLA Ns: • After you change the name o f the default VLAN, it cann ot be changed back to de fault . • Y ou cannot cr[...]

  • Page 71

    Displaying VLAN Settings Summit 300-48 Switch Software User Gu ide 71 VLAN Configuration Examples The followin g Summit 30 0-48 swit ch example creates a tag-based VLAN named video . It assign s the VLANid 10 00. Po rts 1:4 th ro ugh 1:8 ar e added as tagged port s to the VLAN . create vlan video config video tag 1000 config video add port 1:4-1:8 [...]

  • Page 72

    72 Summit 300-48 Switch Software User Guide Virtual LANs ( VLANs)[...]

  • Page 73

    Summit 300-48 Switch Software User Gu ide 73 6 Wireless Netw or king This ch apter describes w ire less net working u sing th e Summit 3 00-48 sw itch and th e Altitude 3 00 wireless port and includ es informa tion on th e following to pics: • Overview of W ireless Networki ng on page 73 • Wi re l e s s De v i c e s o n p ag e 7 4 • Bridgin g[...]

  • Page 74

    74 Summit 300-48 Switch Software User Guide Wireless Networking Figure 6: Sa mple integrate d wired and wireless n etwork This arrangement is part of the Extr eme Unified Access Ar chitecture, which is designed to support both wired and wireless netw orks from a single network switch. Because th e intelligence normall y associated with an a ccess p[...]

  • Page 75

    Bridging Summit 300-48 Switch Software User Gu ide 75 Y ou can set network policies at Layers 2 and 3 to cover both the w ir ed and wireless networks . In this way you can bl ock access to i ndividuals suspected of in trusion across the entire network infrastructure. In addition t o traditiona l wired devices, the Summ it 300-48 switch supports the[...]

  • Page 76

    76 Summit 300-48 Switch Software User Guide Wireless Networking 7 Configure a specif ic channel (d etermined from a s ite survey), i f desired, on each int erface. If you do not configure a specific cha nnel, the switch a uto-selects the chann el with the lea st interference. 8 Connect the Altitu de 300 wireless port. After this process is com plet[...]

  • Page 77

    Configuring RF Proper ties Summit 300-48 Switch Software User Gu ide 77 frag-leng th 2345 256-23 45 Identif ies fragme nt size in bytes . This val ue should remain at i ts defa ult setting of 2345 . It specif ies the maximu m siz e for a pack et befo re data is f ragmen ted into multi ple pa ckets. If y ou experi ence a hig h pack et error rate, yo[...]

  • Page 78

    78 Summit 300-48 Switch Software User Guide Wireless Networking Configur ing Wireless Sw itch Proper ties T able 21 lists the wireless confi guration comm and that a pplies to the sw itch as a whole, indepen dent of individual ports or port interfaces. T a ble 2 2 lists the command properties . Configuring Cou ntry Codes When the Summ it 300-48 swi[...]

  • Page 79

    Configuring Wireless P or ts Summit 300-48 Switch Software User Gu ide 79 Configur ing Wire less P or t s The configure wireless ports c o m m a n d s a l l o w y o u t o c o n f i g u r e p r o p e r t i e s s u c h a s t h e I P a d d r e s s and the location of the port. T able 23 lists the configura tion comma nds for wireless ports. T a ble 24[...]

  • Page 80

    80 Summit 300-48 Switch Software User Guide Wireless Networking T able 25 lists the configura tion comma nds for wireless ports. Managing Wirel ess Clients T able 26 lists the comman ds for configuri ng interactions w ith client statio ns. Sho w Commands Use the show co mmands lis ted in T able 27 to displa y informati on on port conf iguration , R[...]

  • Page 81

    Event Logging and Repor ting Summit 300-48 Switch Software User Gu ide 81 Ev en t Loggin g and Re por tin g The Summit 30 0-48 switch s upports th e following enh ancements fo r wireless event logging a nd rep o r t in g : • All wireless-r elated syslog messages ar e clearly labeled with the wireless port on which the event occurred a nd the MAC [...]

  • Page 82

    82 Summit 300-48 Switch Software User Guide Wireless Networking[...]

  • Page 83

    Summit 300-48 Switch Software User Gu ide 83 7 Unified Access Secur ity This chapt er describes t he securit y featur es of the Summit 3 00-48 sw itch an d includes i nformati on on the following to pics: • Overview of Security on page 83 • User Access Security on page 84 • Network Security Policies on pa ge 8 7 • Network Security Policies [...]

  • Page 84

    84 Summit 300-48 Switch Software User Guide Unified Access Security User Access Secur ity Effective user se curity meets the follo wing objectives: • Authenticatio n — Assuring that only approved users are connected to the network a t permitted locations and tim es. • Privacy — Assurin g that user data is protected. A uthentication The auth[...]

  • Page 85

    User Access Security Summit 300-48 Switch Software User Gu ide 85 then extends or denies access as instructed, and passes along configuration information such as VLAN and p riorit y . 802.1x supports several EAP-class ad vanced authentication protocols, which dif fer in the specific identification types a nd encryption meth ods for the authentica t[...]

  • Page 86

    86 Summit 300-48 Switch Software User Guide Unified Access Security incorporate each of these suites, and the Altitude 300 wir eles s port supports har dware-ba sed AES and RC4 enc ryptio n. WP A-Only Support T o support WP A client s, the Summit 300 -48 switch p ort sets the privacy bit in the beacon frames it advertises. The switch also advertise[...]

  • Page 87

    Network S ecurity P olicies Summit 300-48 Switch Software User Gu ide 87 Network Secur ity P olicies Network security pol icy r ef ers to a set of network rule s that apply to user access. Y ou can base the rules on a variety of factors, in cluding user identificati on, time and location, a nd method of authenticatio n. It is possible to design net[...]

  • Page 88

    88 Summit 300-48 Switch Software User Guide Unified Access Security P ol icy Ex amp le s The followin g examples sugg est typical uses of network s ecurity polici es. Examp le. Y ou want to gi ve employees compl ete network access bu t limit access t o visitors. The solution is to base network access o n the authentica tion method, as indicated in [...]

  • Page 89

    CLI Comm ands for Security o n the Switch Summit 300-48 Switch Software User Gu ide 89 T a ble 3 1 lists t he attributes incl uded in the RADIUS response. V endor- Specific Att rib utes T able 32 lists the s upported vendor -specific attributes (VSAs). The Extreme vendor ID is 1916 . The followin g rules apply for VSA s: • There is no RADI US sup[...]

  • Page 90

    90 Summit 300-48 Switch Software User Guide Unified Access Security T a ble 34 lists the properties for the security profile configuration command. Ta b l e 3 4 : Security Profile Command Pr oper ty V alu es Case Default Ranges Ac tion ssid-i n-beacon <v alue> on off | on Turns o n whethe r the SSID is pub lishe d in the bea con or not. If yo[...]

  • Page 91

    Examp le Wireless Conf iguration Pr ocess Summit 300-48 Switch Software User Gu ide 91 Example Wirele ss Configuration Proce ss This section provides an exam ple of the configu ration process. First, the wireless managem ent VLAN is configured , IP addresses ar e assign ed, and RF pr ofiles are cr eate d and configur ed. Next, the security prof ile[...]

  • Page 92

    92 Summit 300-48 Switch Software User Guide Unified Access Security T o configure the VLAN, address es, and RF pro files, follow these steps: 1 Create the wir eless manage ment VLAN. create vlan w ireless-mgmt 2 R e m o v e t h e w i r e l e s s p o r t f r o m t h e d e f a u l t V L A N . configure vlan default delete ports 1:5 3 Add the wireless[...]

  • Page 93

    Examp le Wireless Conf iguration Pr ocess Summit 300-48 Switch Software User Gu ide 93 If you enter the wrong number of ch aracters for the code, a mess age similar to the follo wing appea rs. Invalid number of bytes in key. Expected 10 bytes, got 15 bytes. 8 Configure the security profile to use t he 0 key you just def ined as the defaul t encrypt[...]

  • Page 94

    94 Summit 300-48 Switch Software User Guide Unified Access Security[...]

  • Page 95

    Summit 300-48 Switch Software User Gu ide 95 8 P o wer Ov er Ether net This chapt er explains h ow to config ure th e Summit 3 00-48 swit ch to supply pow er to devices usin g the Power over Ethe rnet (PoE) capabilit y . It contai ns the foll owing sectio ns: • Overview on page 9 5 • Port Pow er Managem ent on pag e 9 6 • Per-Port LEDs on pag[...]

  • Page 96

    96 Summit 300-48 Switch Software User Guide P ower Over Ethern et P or t Power Ma nagement When you con nect PDs, the Summit 3 00-48 switch auto matically di scovers and classifies those that are AF-complaint. The following functions are supported for delivering power to the port: • Enabling the port for di scovery and cla ssification • Enablin[...]

  • Page 97

    P or t P ower Managemen t Summit 300-48 Switch Software User Gu ide 97 Common P ower P ool The common power pool repr esents the total amount of power available on a per -slot basis, less any power re served or a llocated to curr ently powered devi ces. When a new device is dis covered, its defined power requir em ents are su btracted from the comm[...]

  • Page 98

    98 Summit 300-48 Switch Software User Guide P ower Over Ethern et Ports are powered based upon their priority and discovery ti me. Higher priority ports w ith the oldest discovery time are powered first. If a device cons umes more power than it is allocated by class type, it is consider ed a class violation. The device enters a fault state, and unr[...]

  • Page 99

    Configur ing Pow er Over Eth ernet Summit 300-48 Switch Software User Gu ide 99 enable i nline -power port s <portlis t> dis able i nline -po wer po rts < port lis t> Enables PoE for the lis ted ports. Disa ble s PoE for t he lis ted port s. config i nline -power us age-thresh old <thresh old> Sets the thr eshold for initiati on o[...]

  • Page 100

    100 Summit 300-48 Switch Software User Guide P ower Over Ethern et unconfi g inline-p ower disco nnect-p recedenc e [lowest-pri ority | deny-po rt] Returns the disconnect-precedence to the defa ult s tate of deny-port . When the power d rain excee ds the availabl e power budget, d ue to a ri se in power consum ption aft er power is a llocated to th[...]

  • Page 101

    Configur ing Pow er Over Eth ernet Summit 300-48 Switch Software User Gu ide 101 unc onfig inlin e- powe r ope rato r-li mit po rts < port lis t> Res ets the op erator li mit back to the default. unconfi g inli ne-power vio lation -precedenc e ports <po rtlist> Resets th e violatio n prece dence back to the defau lt. unconfi g inli ne-p[...]

  • Page 102

    102 Summit 300-48 Switch Software User Guide P ower Over Ethern et[...]

  • Page 103

    Summit 300-48 Switch Software User Gu ide 103 9 F orw arding Database (FDB) This chapter describes the fol lowing topi cs: • Overview of the FDB on page 10 3 • Configurin g FDB Entrie s on page 105 • Displayin g FDB Entries on page 106 Ov er vi e w of th e FDB The switch mainta ins a database of all medi a access control (MAC) addresses recei[...]

  • Page 104

    104 Summit 300-48 Switch Software User Guide Forwarding Databas e (FDB) interface a re s tor ed as permanent . The Summi t 300-48 sw itches support a maxim um of 128 permanent entries. Once created , permanent entries stay the same as when they were cr eated. For example, the permanent entry store is not updated when any of the following take place[...]

  • Page 105

    Configuring FDB Entr i es Summit 300-48 Switch Software User Gu ide 105 Configur ing FDB Entr ies T o configure entries in the FDB, use the commands listed in T able 38. Ta b l e 3 8 : FDB Configuration Commands Command Description clear fdb [{<mac_ad dress> | v lan <nam e> | ports <p ortlist>}] Clears dy namic FDB en tries th at [...]

  • Page 106

    106 Summit 300-48 Switch Software User Guide Forwarding Databas e (FDB) FDB Configuration Examples The following example adds a permanent entry to the FDB: create fdbentry 00:E0:2B:12:34:56 vlan marketing port 1:4 The permanent entry has the following characteristics: • MAC addr ess is 00:E0:2B :12:34: 56. • VLAN name is marketing . • P o r t[...]

  • Page 107

    Summit 300-48 Switch Software User Gu ide 107 10 Access P olicies This chapter describes the fol lowing topi cs: • Overview of Access Policies on page 1 07 • Using Access Control Lists on p age 107 Ov er vie w of Access P o licies Access policies are a general ized cate gory of feat ur es that impact forwar ding and ro ute forwar ding decisions[...]

  • Page 108

    108 Summit 300-48 Switch Software User Guide Access P olicies shared multiple a ccess control lists, usin g differe nt lists o f values to exam ine packets. The f ollowing sections describe how to use access control lists. Access Masks There are between twel ve and fourtee n access ma sks avai lable in th e Summit 3 00-48, dependin g on which featu[...]

  • Page 109

    Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 109 Rate Limits Each entry that m akes up a rate limit conta ins a unique nam e and specifies a previously created access mask. Like an access list, a rate limit in cludes a list of values to co mpar e with the incom ing packets and an action to take for packets that match. Addit[...]

  • Page 110

    110 Summit 300-48 Switch Software User Guide Access P olicies Access Mask Pr ecedence Number s The access mask prece dence number is optional, and determines the orde r in which each rule is examined by the switch. Access control list entries ar e evaluated fr om highest precedence to lowest preceden ce. Precedence nu mbers range fr om 1 to 25,600,[...]

  • Page 111

    Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 111 The permit-established Keyword The permit-established keywo rd is used to directionally con trol attempts to open a TCP session . Session in itiation can be explicitly blo cked using this keyword. NO TE F or an example of u sing the pe r mit-esta blished ke yword, r efer to ?[...]

  • Page 112

    112 Summit 300-48 Switch Software User Guide Access P olicies The maxim um number of access lis t allo wed by th e hard war e is 254 f or each block of eight 10/100 Etherne t ports and 1 26 for each G igabit Eth ernet port, fo r a total of 10 14 ru les (254 *3+126* 2). Most user entered access list command s will requir e multiple rules on th e har[...]

  • Page 113

    Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 113 Ta b l e 3 9 : Access Contro l List Config uration Co mmands Command Description create ac cess-li st <nam e> acces s-mask <a ccess-m ask nam e> {dest- mac <des t_mac>} {source-m ac <src_ mac>} {vla n <n ame>} {ethertyp e [IP | ARP | < hex_val[...]

  • Page 114

    114 Summit 300-48 Switch Software User Guide Access P olicies crea te access -mask <a ccess-mask n ame> {dest-mac} {source- mac} {vlan } {ethertyp e} {tos | code -poin t} {ipprotoc ol} {dest- ip /<mask lengt h>} {dest-L4p ort} {source- ip /<mask length >} {source- L4port | {icmp- type} {icmp-code}} {permit-e stablished} {egressp o[...]

  • Page 115

    Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 115 create rat e-limit <rule_nam e> acces s-mask <a ccess-m ask nam e> {dest- mac <des t_mac>} {source-m ac <src_ mac>} {vla n <n ame>} {ethertyp e [IP | ARP | < hex_valu e>]} {tos <ip_ precedenc e> | code-p oint <cod e_poin t>} {ip[...]

  • Page 116

    116 Summit 300-48 Switch Software User Guide Access P olicies Access Contr ol List Examples This section presents thr ee access contr ol list examples: • Using the p ermit-establi sh keywo rd • Filtering ICMP packets • Using a rate li mit Using the P ermit-Establi shed K eyw ord T h i s e x a m p l e u s e s a n a c c e s s l i s t t h a t p [...]

  • Page 117

    Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 117 Step 1 – Deny IP T raff ic. First, crea te an access-mask that examines the IP protocol field for each packet. Then create two access-list s, one that blocks a ll TCP , one that blocks UDP . Although ICMP i s used in conjunct ion with IP , it is technically n ot an IP da ta[...]

  • Page 118

    118 Summit 300-48 Switch Software User Guide Access P olicies Figure 9: Access list allo ws TCP tr aff ic Step 3 - Permit-Establish ed Acces s List. When a TCP session begins, there is a thr ee-way handshake that includes a sequence of a SYN, SYN/ACK, an d ACK packets. Figu r e 10 shows an illu stration of the han dshake that occurs wh en host A in[...]

  • Page 119

    Using Access Co ntrol Lists Summit 300-48 Switch Software User Gu ide 119 Figure 1 1 shows the final outcom e of this a ccess list. Figure 11: Permit-e stablished ac cess lis t filters out SYN packet to dest inatio n Example 2: Fil ter ICMP P ackets This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo packets are[...]

  • Page 120

    120 Summit 300-48 Switch Software User Guide Access P olicies[...]

  • Page 121

    Summit 300-48 Switch Software User Gu ide 121 11 Quality of Ser vice (QoS) This chapter describes the fol lowing topi cs: • Overview of Policy -Based Qual ity of Service on pa ge 1 21 • Applicati ons and T ypes of QoS o n page 122 • C o n f i g u r i n g Q o S f o r a P o r t o r V L A N o n p a g e 1 2 3 • T raffic Gr ouping s on p age 124[...]

  • Page 122

    122 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Summit 300-48 switches support up to four phys ical queues per port. NO TE As with al l Extreme switch prod ucts, QoS has no impac t on switch performanc e. Using ev en the most complex traffic gro upings ha s no co st in ter m s of switch perfor mance. Applications an d T yp[...]

  • Page 123

    Configur ing QoS f or a Port or VLAN Summit 300-48 Switch Software User Gu ide 123 W eb B ro wsing Applications QoS needs for W eb browsing applicat ions cannot be g eneralized i nto a sing le category . For exam ple, ERP applica tions that use a browser front-end may be more important th an retrieving dail y news informatio n. T raffic groupings c[...]

  • Page 124

    124 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) T raffic Groupings After a QoS profile has been modifi ed for bandwidth and priority , you assign traffic a grouping to th e prof ile. A traffic grouping is a classification of traffic that has one or mor e attributes in common. T raffic is typically grouped ba sed on the app[...]

  • Page 125

    T raffic G roupings Summit 300-48 Switch Software User Gu ide 125 prescribe the bandwidth ma nagement and prio rity handling f or that traffic grouping. This level of packet filtering h as no impact o n performance. MA C-Based T raffic Gr oupings QoS profiles can be a ssigned to d estination MAC addresses. MAC-ba sed traffic groupings are configure[...]

  • Page 126

    126 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Explicit Cla ss of Service (802.1p and DiffServ) T raffic Gr oupings This category of tra ff ic groupings describes w hat is sometime s referr ed to as expli cit pack et markin g, an d refers to information contained with in a packet intend ed to explicitly de termine a class[...]

  • Page 127

    T raffic G roupings Summit 300-48 Switch Software User Gu ide 127 supports four hardwar e queues. The transmitting har dware queue determines the bandwidth manageme nt and priority characteristics used when transmi tting packets. T o control the mapping of 802.1p prioritization values to hardwar e queues , 802.1p prioritization values can be mapped[...]

  • Page 128

    128 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Configuring DiffServ Contained in the header of every IP packet is a field for IP T ype of Service (TOS), n ow also called the Diff Serv field. The TOS field is used by the switch to determine the type of service provided to the packet. Observing DiffServ code points as a tr [...]

  • Page 129

    T raffic G roupings Summit 300-48 Switch Software User Gu ide 129 Observing DiffServ Inf ormation When a packet arrives at the switch on an ingress port, the switch examines the first six of eight TOS bits, called the c ode po int . The switch can assign th e QoS profile used to subseq uently transmit the packet based on the co de point. The Q o S [...]

  • Page 130

    130 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) DiffServ Examples For information on the access list and access mask commands in the following examples, see Chapter 10, “Access Polici es”. Use the followin g command to u se the DiffServe code point value to assig n traffic to the hardwar e queues: enable diffserv exami[...]

  • Page 131

    V er ifying Config uration and P erfor mance Summit 300-48 Switch Software User Gu ide 131 The same info rmation is also ava ilable for ports or VLANs using o ne of the follow ing comman ds: show ports <portlist> info {detail} or show vlan V er i fying C onfiguration and P erfor mance After you have created QoS policies tha t manage the traff[...]

  • Page 132

    132 Summit 300-48 Switch Software User Guide Quality o f Serv i ce (QoS ) Displaying Qo S Profile Informatio n The QoS monitor can also be used to verify the QoS configuration and monitor the use of the QoS policies that are in place. T o display QoS information on the switch , use the following command: show qosprofile <qosprofile> Displayed[...]

  • Page 133

    Summit 300-48 Switch Software User Gu ide 133 12 Status Monitor ing and Statistics This chapter describes the fol lowing topi cs: • S t a t u s M o n i t o r i n g o n p a g e 1 3 3 • P o r t S t a t i s t i c s o n p a g e 1 3 5 • Po rt E rrors on pag e 136 • Port Mo nitoring D isplay Keys on pag e 13 7 • Settin g the System Reco very Le[...]

  • Page 134

    134 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics T able 47 des cribes comm ands that ar e used to mo nitor t he status of t he swi tch. Ta b l e 4 7 : Status Monitor ing Com mands Command Descript ion show log {< priority>} Displ ays the c urrent sn apshot of the log. Options incl ude: • priority — Filte rs t[...]

  • Page 135

    Po r t S ta t is t i cs Summit 300-48 Switch Software User Gu ide 135 Po r t S t a t i s t i c s ExtremeW a re pr ovides a facility for viewing port statistic i nformation . The summary informa tion lists values for the curr ent counter against each port on each operational module in the system, and it is refr eshed approximately every 2 seco nds. [...]

  • Page 136

    136 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics • Re ceived Byte Count (RX Byte C ount) — The total nu mber of bytes that wer e received by the port, including ba d or lost fram es. This number includes bytes contain ed in the Frame Check S equence (FCS), but excludes bytes in the preamble. • Rec eived Br oadcas[...]

  • Page 137

    P or t Monitor ing Display K eys Summit 300-48 Switch Software User Gu ide 137 • Receiv e Fragmented Frames (RX Frag) — The total number of frames received by the port wer e of incorr ect length and co ntained a bad FCS value. • Receive Jabber Fram es (RX Jab) — The total number of frames received by the port that was of greater than the su[...]

  • Page 138

    138 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics NO TE Extrem e Networks rec ommen ds that you set the sy stem recovery lev el to critical . Th is al lows Extrem eW ar e to lo g an error to the sy slog an d autom aticall y rebo ot the sy stem after a criti cal exception . Logging The switch lo g tracks all conf igurati[...]

  • Page 139

    Loggin g Summit 300-48 Switch Software User Gu ide 139 • Message — The message co ntains the log i nformation with text tha t is specific to the problem. Local Logging The switch ma intains 1,0 00 messa ges in its intern al log. Y ou can display a sn apshot of the log at any time by using the follow ing comma nd: show log {<priority>} whe[...]

  • Page 140

    140 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics — ipaddress — The IP addr ess of the syslog host. — facility — The syslog faci lity level for local use. Options in clude local0 through local7 . — priority — Filters the log to display messag e with th e selected priority or higher (more critical). Prioritie[...]

  • Page 141

    Loggin g Summit 300-48 Switch Software User Gu ide 141 config s yslog {add} <h ost name/ ip> {<port>} <facili ty> {<pri ority>} Con figures th e sys log host ad dress and filters messa ges sent to the sysl og hos t. Up to 4 syslog ser vers can be confi gure d. O ption s incl ude: • host name/ip — The IP addre ss or name [...]

  • Page 142

    142 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics RMON Using the Re mote Monitoring (RMON) capa bilities of the sw itch allow s network adm inistrators to improve system ef ficiency and reduce the load on the network. The following sections explain more about the RMON concept and the RMON features supported by the switc[...]

  • Page 143

    RMON Summit 300-48 Switch Software User Gu ide 143 History The Histo ry group provid es histori cal vie ws of netw ork p erforma nce by tak ing peri odic sam ples of the counters supplied by the Statistics group. The group fea tures user -defined sample in tervals and buck et counters for complete customization of trend analysis. The group is usefu[...]

  • Page 144

    144 Summit 300-48 Switch Software User Guide Status M onitoring and Statistics Event Actions The action s that y ou can defin e for each alarm ar e sh own in T able 52. T o be notified of events using SNMP traps, yo u must configure o ne or more trap receivers, as described in Chapter 3, “Mana ging th e Switch ”. Ta b l e 5 2 : Ev ent Ac tions [...]

  • Page 145

    Summit 300-48 Switch Software User Gu ide 145 13 Spanning T ree Protocol (STP) This chapter describes the fol lowing topi cs: • Overview of the Spanning T ree Pr otocol on page 145 • Spannin g T ree Domains o n page 145 • STP Configura tions on page 146 • Configuring S TP on the Switch on page 148 • Displayin g STP Se ttings on page 151 ?[...]

  • Page 146

    146 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) A p o r t c a n b e l o n g t o o n l y o n e S T P D . I f a p o r t i s a m e m b e r o f m u l t i p l e V L A N s , t h e n a l l t h o s e V L A N s must belong to the same S TPD. The key points to remember when configuring VLANs and STP are: • Each VLAN forms an i [...]

  • Page 147

    STP Configurations Summit 300-48 Switch Software User Gu ide 147 • Market ing is d efined on al l switches (switch A, switch B, sw itch Y , sw itch Z, and sw itch M). T w o STPDs ar e defined: • STPD1 cont ains VLANs Sale s and Personne l. • STPD2 cont ains VLANs Manufactu ring and Enginee ring. The VLAN Mar ketin g is a member of the default[...]

  • Page 148

    148 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) Figure 16: T ag -based S TP conf iguration The tag-based netw ork in F igure 16 has the foll owing config uration: • Switc h 1 co ntain s VLA N Marketin g and VLAN Sales . • Switc h 2 co ntain s VLA N E ngin eering and VLAN Sales . • Switc h 3 co ntain s VLA N Market[...]

  • Page 149

    Configuring STP on the Switch Summit 300-48 Switch Software User Gu ide 149 3 Enable STP for o ne or more STP doma ins using th e following co mmand: enable stpd { <stpd_name>} NO TE All VLAN s belong to the def aul t STPD (s0). If you do not want to r un STP on a VLAN , y ou must add the VLAN to a STPD tha t is disa bled. Once you ha ve crea[...]

  • Page 150

    150 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) config s tpd <s tpd_na me> maxa ge <val ue> Specifie s the m aximum age of a BP DU in this STPD. The range is 6 thro ugh 40. The defaul t setting is 20 se conds. Note th at the tim e must be greater tha n, or equa l to 2 * (He llo Time + 1) and less than , or e[...]

  • Page 151

    Displayin g STP Settings Summit 300-48 Switch Software User Gu ide 151 STP Configuration Example The following Summit 300-48 switch example cr eates and enables an STPD named Backbone_st . It assig ns the M anufacturing VLAN to the STPD. It disabl es STP on ports 1:1 th rou gh 1:7 and port 1: 12. create stpd b ackbone_st config stpd backbone_st add[...]

  • Page 152

    152 Summit 300-48 Switch Software User Guide Spanning T ree Pro tocol (STP ) Disab ling and Resetting STP T o disable STP or return STP settings to their defaults, use th e commands listed in T able 5 4. Ta b l e 5 4 : STP Disable and Reset Com mands Command Descript ion delete s tpd <st pd_nam e> Remov es an STPD. An STPD can on ly be remov [...]

  • Page 153

    Summit 300-48 Switch Software User Gu ide 153 14 IP Unicast Routing This chapter describes the fol lowing topi cs: • Overview o f IP Unic ast Rou ting on pa ge 153 • Proxy ARP on pa ge 15 6 • Relati ve Route Pr iorities on pag e 15 7 • Configurin g IP Unicast R outing on page 157 • I P C o m m a n d s o n p a g e 1 5 8 • Routing Co nfig[...]

  • Page 154

    154 Summit 300-48 Switch Software User Guide IP Unicast Routing Router Interfa ces The routing softwar e and hardwar e r outes IP traffic between r outer interfaces. A r outer interface is simply a VL AN that ha s an IP ad dress assigned to it. As you create VLANs with IP a ddresses belonging to d iffer en t IP subnets, you can al so choose to rout[...]

  • Page 155

    Overview of IP Unicast Routing Summit 300-48 Switch Software User Gu ide 155 — Locally , by way of interface addres ses assigned to the system — By other static routes, a s configured by the administra tor NO TE If you define a default rou te, and subsequ ently d elete the VL AN on the subnet as soci ated with the default route, the inv alid de[...]

  • Page 156

    156 Summit 300-48 Switch Software User Guide IP Unicast Routing Pro xy ARP Proxy Address Resol ution Protocol (ARP ) was first invented so th at ARP-ca pable devices co uld respond t o A R P R e q u e s t p a c k e t s o n b e h a l f o f A R P - i n c a p a b l e d e v i c e s . P r o x y A R P c a n a l s o b e u s e d t o a c h i e v e router re[...]

  • Page 157

    Relative Route Priorities Summit 300-48 Switch Software User Gu ide 157 Relativ e Route Pr ior ities T a ble 55 li sts the r elative priorities assigned to routes depending upon the learned source of the ro ute. CA UTION Although these pr ior ities can be chan ged, do not att empt any man ipulation unless you are exper tly f amili ar with the p oss[...]

  • Page 158

    158 Summit 300-48 Switch Software User Guide IP Unicast Routing V e rifying the IP Unicast Routing Configuration Use the show iproute command to dis play the current configurat ion of IP u nicast routing for the switch, and for each VLAN. The show iproute command displays the curr ently configured routes, and includes how each ro ute was learned. A[...]

  • Page 159

    IP Comm ands Summit 300-48 Switch Software User Gu ide 159 T a ble 57 describes the commands us ed to configure the IP r oute table. disabl e bootp vlan [<nam e> | all] Disables the gene ration a nd proc essing o f BOOTP pa ckets. disabl e bootp relay Disa bles t he fo rward ing of BO OTP requests . dis able i pfo rward ing {vla n <nam e&g[...]

  • Page 160

    160 Summit 300-48 Switch Software User Guide IP Unicast Routing T able 58 describes the com mands used to configur e IP options and the ICMP protoco l. config i proute add d efault <gateway > {<metric>} Ad ds a def ault gatew ay to the ro uting tabl e. A defa ult ga tew ay must be lo cate d on a configu red IP interface. If no me tric i[...]

  • Page 161

    IP Comm ands Summit 300-48 Switch Software User Gu ide 161 dis able i p-op tion l oos e-sou rce -rout e Disab les the lo ose so urce route IP o ption. disabl e ip-opt ion record-r oute Di sable s th e reco rd rou te IP opti on. disabl e ip-opt ion record-t imestam p Disables the record timestam p IP option. disabl e ip-option strict-source -route D[...]

  • Page 162

    162 Summit 300-48 Switch Software User Guide IP Unicast Routing Routing C onfiguration Exampl e Figure 1 8 illust rates a Sum mit24e3 switch tha t has two VL ANs defin ed as follows: • Finance — Contain s ports 2 an d 4. — IP ad dress 19 2.2 07.3 5.1. • Personne l — Contain s ports 3 an d 5. — IP ad dress 19 2.2 07.3 6.1. Figure 18: Un [...]

  • Page 163

    Displ a ying Rout er S etting s Summit 300-48 Switch Software User Gu ide 163 The example in Figure 18 is configured as follow s: create vlan Finance create vlan Personnel config Finance add port 2,4 config Personnel add port 3,5 config Finance ipaddress 192.207.35.1 config Personnel ipaddress 192.207.36. 1 enable ipforwarding Displ a ying R outer [...]

  • Page 164

    164 Summit 300-48 Switch Software User Guide IP Unicast Routing Configur ing DHCP/BOO TP Rela y Once IP unicast routing is configured, you can configure the switch to forward Dynamic Host Configuratio n Protocol (DHCP) or BOOTP requests comin g from clients on subnets bein g serviced by the switch and go ing to hos ts on different subnets. This fea[...]

  • Page 165

    UDP-Forw arding Summit 300-48 Switch Software User Gu ide 165 3 Configure the ad d resses to which DHCP or BOOTP requests should be directed, using the following command: config bootprelay add <ipaddress> T o delete an entry , us e the followin g command: config bootprelay delete {<ipaddress> | all} V e rifying the DHCP/BOO TP Rela y C [...]

  • Page 166

    166 Summit 300-48 Switch Software User Guide IP Unicast Routing UDP-Forwarding Ex ample In this example, the VLA N Mark etin g and t he VLA N Op eration s are pointed toward a specific backbone DHCP server (wi th IP addr ess 10.1.1 .1) and a backup server (with IP addr ess 10.1.1. 2). Addition ally , the VLAN LabUser i s c o n f i g u r e d t o u s[...]

  • Page 167

    UDP-Forw arding Summit 300-48 Switch Software User Gu ide 167 config v lan <n ame> udp-p rofile < profile_na me> Assigns a UDP-fo rwarding profile to th e source VL AN. Once the UDP prof ile is assoc iated with the VL AN, the switc h picks up any bro adcas t UDP pack ets tha t matche s with the user confi gured UD P port numb er, and f [...]

  • Page 168

    168 Summit 300-48 Switch Software User Guide IP Unicast Routing[...]

  • Page 169

    Summit 300-48 Switch Software User Gu ide 169 A Saf ety Inf or mation Impor tant Sa f ety Inf or mation WA R N I N G ! Read the f ollowing sa fety inf ormation thor oughly before ins talling y our Extreme Netw orks switch. F ailure to follow this safety information can lead to personal injury or damag e to the equipment. I n s t a l l a t i o n , m[...]

  • Page 170

    170 Summit 300-48 Switch Software User Guide S afe ty I nfo r ma t io n • The appliance coupler ( the connector t o the unit and not the wall plu g) must have a configuratio n for mati ng with a n EN60320/I EC320 appli ance inle t. • France and Peru only This unit cann ot be powered from IT† supplies. If y our supplies are of IT type, this un[...]

  • Page 171

    Impor tant Safety Inform ation Summit 300-48 Switch Software User Gu ide 171 Lithium Battery The lithium battery is not user-replaceable. WA R N I N G ! Danger of explosion if batter y is incorrect ly replace d. Replace only with t he same or equivalent type recomm ended by the manufacturer . Di spose of used batter ies ac cording to the manufactur[...]

  • Page 172

    172 Summit 300-48 Switch Software User Guide S afe ty I nfo r ma t io n[...]

  • Page 173

    Summit 300-48 Switch Software User Gu ide 173 B Suppor ted Standards The followin g is a list o f software standards supported by E xtremeW are for the Summit 3 00-48 sw itch. Standards and Pro tocols RFC 1122 H ost requi rements IEEE 802.1D-199 8 (802.1 p) Packet priori ty IEEE 802.1Q V LAN tagging RFC 2474 Di ffServ Preced ence RFC 783 TFTP RFC 1[...]

  • Page 174

    174 Summit 300-48 Switch Software User Guide Suppor ted S tandards[...]

  • Page 175

    Summit 300-48 Switch Software User Gu ide 175 C Softw are U pg r ade and Boot Options This appendix de scribes the follow ing topics: • Downlo ading a New I mage on page 175 • Savi ng Con figur atio n Chan ges o n page 176 • Using TF TP to Uplo ad the Conf iguration on page 177 • Using TF TP to Dow nload the Con figuration on pa ge 178 • [...]

  • Page 176

    176 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options Rebooting the Switch T o rebo ot the switch, use the following command: reboot { time <date> <time> | cancel} where date i s t h e d a t e a n d time is the t ime (using a 2 4-hour clock fo rmat) when th e switch will be rebooted. Th e values use the followi[...]

  • Page 177

    Using TFTP to U pload the Co nfiguration Summit 300-48 Switch Software User Gu ide 177 T o erase the curr ently selected configuration image and reset all switch parameters, use the following command: unconfig switch all Using TFTP to Uploa d the Configuration Y ou can upload the current configuration to a TF TP server on your network . The uploade[...]

  • Page 178

    178 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options Using TFTP to Download th e Configuration Y ou can download ASCII files that con tain CLI commands to the swit ch to modify the switch config uration . Thr ee types of co nfigu ration s cenario s that ca n be download ed: • Complete conf iguration • Incremental conf[...]

  • Page 179

    Upgrading a nd Accessing Bo otROM Summit 300-48 Switch Software User Gu ide 179 T o display s cheduled do wnload in formation, us e the follow ing comma nd: show switch T o cancel sch eduled incremental downloads , use the follo wing comm and: download configuration cancel Remember to Sa ve Regardless of wh ich downloa d option is u sed, config ura[...]

  • Page 180

    180 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options Accessing the Boot loader CLI The Bootloader CLI contains commands that support the selection of image and configuratio n for the switch. T o access the Bootloader CLI, follow these steps: 1 Attach a serial cable to the serial console port of the switch. 2 Attach the ot[...]

  • Page 181

    Boot Optio n Command s Summit 300-48 Switch Software User Gu ide 181 Boot Op tion C ommand s T able 64 lists the CLI co mmands a ssociated with switch boot option s. Ta b l e 6 4 : Boot Option Comma nds Command Description config d ownload serve r [prima ry | seco ndary] [<hostna me> | <ipa ddres s>] <filena me> Configures th e TF[...]

  • Page 182

    182 Summit 300-48 Switch Software User Guide Software U pgrade and Boot Options use confi gura tion [ prim ary | s econdary ] Config ures the sw itch to use a pa rticular configu ration o n the next re boot. Opti ons includ e the pri mary conf iguration area o r the second ary config uration area. use im age [pr imar y | seconda ry] Config ures the[...]

  • Page 183

    Summit 300-48 Switch Software User Gu ide 183 D T roub leshooting If you encoun ter pr o blems when using t he switch, this appendix ma y be helpful. If you ha ve a pr oblem not listed here or in the release notes, contact your local tech nical support representative. LEDs Power LED does not light: Check that the pow er cable is firmly connected to[...]

  • Page 184

    184 Summit 300-48 Switch Software User Guide T rou bleshooting • Both ends of the G igabit link are set to the same autone gotiation sta te. Both sides of th e Gigabit lin k must be enabled or dis abled. It the two are differ ent, typically the sid e with auto negotiation d isabled will have the link LED lit, and the sid e with aut onegotiati on [...]

  • Page 185

    Using the Comma nd-Line Inter f ac e Summit 300-48 Switch Software User Gu ide 185 Check that the port through which you are trying to access the device has not been disabled. If it is enabled, check the connections and network cabling at the port. Check that the port through which you are trying to access the device is in a correctly configur ed V[...]

  • Page 186

    186 Summit 300-48 Switch Software User Guide T rou bleshooting The only way to establish a full dupl ex link is to either force it at both sid es, or run auto-neg otiation on both sides (usin g full duplex as an advertised capabil ity , which is th e default setting on the Extreme switch). NO TE A mismat ch of du ple x mode be tween the Ex treme sw[...]

  • Page 187

    Debug T racin g Summit 300-48 Switch Software User Gu ide 187 with a num ber , or contains non -alphabeti cal charact ers, you mus t use quotat ion marks whenever referring to the VLAN name. VLANs, IP Add resses and default routes: T h e s y s t e m c a n h a v e a n I P a d d r e s s f o r e a c h c o n f i g u r e d V L A N . I t i s n e c e s s [...]

  • Page 188

    188 Summit 300-48 Switch Software User Guide T rou bleshooting • support@e xtremenetwor ks.com Y ou can also visit th e support website a t: • http://w ww .extremene tworks .com/extreme /support/te chsupport .asp to downloa d softwa re updates (requires a service contract) and docum entation.[...]

  • Page 189

    Summit 300-48 Switch Software User Gu ide 189 Inde x Numerics 02.1 x/EA P 84 802.1 1a, 8 02.1 1b, 802.1 1g 74 802.1p co nfigur ation commands (t able) 127 A acces s contr ol lists description 1 07 examples 116 ICMP filt er example 119 verifyin g settings 112 access lev els 28 acce ss lis ts adding 1 11 config uration comm ands (tab le) 113 deleti n[...]

  • Page 190

    190 - Ind e x Summit 300-48 Switch Software User Guide configu ration down loading 178 down loading c omplete 178 down loading in crem ental 178 loggin g 140 primar y and sec ondary 176 savin g changes 176 schedule dow nload 178 uploadin g to file 177 wireles s port s 79 configuring PoE 98 console c onnect ion 36 contr olling T elnet access 39 conv[...]

  • Page 191

    Summit 300-48 Switch Software User Gu ide Inde x - 191 DHCP relay 164 disablin g 163 enablin g 157 IP route shari ng 155 proxy ARP 156 reset an d disable comm ands (ta ble) 163 resettin g 163 router inte rfaces 154 router show comman ds (table) 163 rou tin g t abl e config uration comm ands (tab le) 159 multiple routes 155 populating 154 stati c ro[...]

  • Page 192

    192 - Ind e x Summit 300-48 Switch Software User Guide primar y image 175 privacy 85 private c ommunity , SNMP 41 prot ocol analyzers, use with port-mirr oring 60 proxy ARP communicati n g with devices outside su bnet 156 condit ions 156 configuring 1 56 MAC addr ess in r esponse 156 res po ndi ng t o re que sts 156 subnets 156 table, di splayin g [...]

  • Page 193

    Summit 300-48 Switch Software User Gu ide Inde x - 193 Greenw ich Mean T ime Offsets (table) 52 NTP servers 51 softwar e licensing secur ity feat ures 2 0 SSH2 pr otocol 20 Spanning T ree Protocol. See ST P speed, ports 56 SSH2 pr otocol authenti cation k ey 40 description 2 0 , 39 enablin g 39 predef ined clients 40 TCP port number 4 0 stand -alon[...]

  • Page 194

    194 - Ind e x Summit 300-48 Switch Software User Guide types 64 UDP-Fo rwarding 1 65 voice applicat ions, QoS 122 W W eb access, c ontr olling 47 web br owsi ng appl ications , and Qo S 1 2 3 WEP 84 wireles s event logging a nd r eporting 81 example netw ork 74 featu res 74 netwo rkin g 73 show commands 80 wireles s port s config uration comm ands [...]

  • Page 195

    Summit 300-48 Switch Software User Gu ide 195 Inde x of Commands C clear counters 140 clear fdb 105, 125 clear inline-pow er connection - history slot 99 clear inline-pow er fa ult po rts 100 clear ipar p 158, 163 clear ipf db 158, 163 clear log 140 cle ar se ssion 26, 3 8 config account 26 config ba nner 26 config bootprelay add 158, 16 5 config b[...]

  • Page 196

    196 - Ind e x of Comman ds Summit 300-48 Switch Software User Guide config vlan ipaddres s 27, 38, 70, 15 7 conf ig vl an na me 7 0 config vlan priorit y 127 config vlan qos profile 123, 13 0 config vlan tag 70 config vlan udp-profile 167 conf ig wire less por t 7 9 conf ig wire less por t int erfa ce 80 conf igure wir eless 78 create access -list [...]

  • Page 197

    Summit 300-48 Switch Software User Gu ide Index of Co mmands - 197 enable inline-po wer 98 enable inline-po wer ports 99 enable inline-po wer slot 98 enable ip forwardi ng 157, 159 enable ipfo rwarding broadcast 159 enable ip-option loo se-source-route 161 enable ip-option record -route 161 enable ip-option record -timest amp 161 enable ip-option s[...]

  • Page 198

    198 - Ind e x of Comman ds Summit 300-48 Switch Software User Guide show wire le ss config 80 show wirele ss ports 80 show wirele ss ports interface 80 T teln et 31 , 36 trace rou te 31, 32 U unconfi g icmp 162, 164 unconfig inline-pow er detection ports 100 unconfig inline - power di sconnec t-prec edence 100 unconfig inli ne-power operat or-limit[...]