exosconcepts12_3_rev.02.book

ExtremeXOS Concepts GuideSoftware Version 12.3

Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 (408) 579-2800 http://www.extremenetworks.com Published: August 2009 Part number: 100339-00 Rev. 02

AccessAdapt, Alpine, Altitude, BlackDiamond, EPICenter, ExtremeWorks Essentials, Ethernet Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme Solution, ExtremeXOS ScreenPlay, ReachNXT, Sentriant, ServiceWatch, Summit, SummitStack, Triumph, Unified Access Architecture, Unified Access RF Manager, UniStack, the Extreme Networks logo, the Alpine logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS logo are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States and/or other countries. sFlow is a registered trademark of InMon Corporation. Specifications are subject to change without notice. All other registered trademarks, trademarks, and service marks are property of their respective owners. 2009 Extreme Networks, Inc. All Rights Reserved.

2

ExtremeXOS Concepts Guide, Software Version 12.3

ContentsPreface......................................................................................................................................... 31Introduction .............................................................................................................................31 Terminology........................................................................................................................31 Conventions..............................................................................................................................31 Platform-Dependent Conventions ..........................................................................................32 Text Conventions.................................................................................................................32 Related Publications .................................................................................................................33 Using ExtremeXOS Publications Online .................................................................................33

Part 1: Using ExtremeXOSChapter 1: Getting Started.............................................................................................................. 37Overview ..................................................................................................................................37 Software Required.....................................................................................................................38 Logging In to the Switch ............................................................................................................41 Understanding the Command Syntax...........................................................................................41 Syntax Helper .....................................................................................................................42 Command Shortcuts ............................................................................................................42 Names ...............................................................................................................................43 Symbols .............................................................................................................................43 Limits ................................................................................................................................44 Port Numbering ........................................................................................................................44 Stand-alone Switch Numerical Ranges ..................................................................................45 Modular Switch and SummitStack Numerical Ranges .............................................................45 Stacking Port Numerical Ranges...........................................................................................45 Line-Editing Keys......................................................................................................................46 Command History......................................................................................................................46 Common Commands..................................................................................................................46 Accessing the Switch for the First Time.......................................................................................49 Safe Defaults Setup Method.................................................................................................49 Configuring Management Access ................................................................................................50 Account Access Levels.........................................................................................................50 Configuring the Banner ........................................................................................................51 Startup Screen and Prompt Text ...........................................................................................51 Default Accounts.................................................................................................................53 Creating a Management Account...........................................................................................53 Failsafe Accounts ................................................................................................................54 Managing Passwords .................................................................................................................55 Applying a Password to the Default Account ..........................................................................55 Applying Security to Passwords.............................................................................................56 Displaying Passwords...........................................................................................................57 Access to Both MSM/MM Console PortsModular Switches Only ..................................................57 Access to an Active Node in a SummitStack ................................................................................57


3

Contents Domain Name Service Client Services .........................................................................................57 Checking Basic Connectivity.......................................................................................................58 Ping...................................................................................................................................58 Traceroute ..........................................................................................................................59 Displaying Switch Information ....................................................................................................60

Chapter 2: Managing the Switch .................................................................................................... 61Overview ..................................................................................................................................61 Understanding the ExtremeXOS Shell..........................................................................................62 Using the Console Interface .......................................................................................................62 Using the 10/100 Ethernet Management Port ..............................................................................63 Using EPICenter to Manage the Network .....................................................................................63 Authenticating Users .................................................................................................................64 RADIUS Client ....................................................................................................................64 TACACS+ ...........................................................................................................................64 Management Accounts.........................................................................................................64 Using Telnet .............................................................................................................................64 About the Telnet Client ........................................................................................................65 About the Telnet Server .......................................................................................................65 Connecting to Another Host Using Telnet...............................................................................66 Configuring Switch IP Parameters .........................................................................................66 Configuring Telnet Access to the Switch ................................................................................68 Disconnecting a Telnet Session ............................................................................................71 Using Secure Shell 2.................................................................................................................71 Using the Trivial File Transfer Protocol ........................................................................................72 Connecting to Another Host Using TFTP ................................................................................72 Understanding System RedundancyModular Switches and SummitStack Only .............................73 Node Election .....................................................................................................................74 Replicating Data Between Nodes ..........................................................................................75 Viewing Node Status............................................................................................................77 Understanding Hitless Failover SupportModular Switches and SummitStack Only ........................78 Protocol Support for Hitless Failover .....................................................................................79 Platform Support for Hitless Failover.....................................................................................81 Hitless Failover Caveats .......................................................................................................83 Understanding Power Supply Management ..................................................................................85 Using Power SuppliesModular Switches Only ......................................................................85 Using Power SuppliesSummit Family Switches Only............................................................88 Using Power Supplies - SummitStack Only ............................................................................88 Displaying Power Supply Information ....................................................................................88 Using the Simple Network Management Protocol .........................................................................89 Enabling and Disabling SNMPv1/v2c and SNMPv3 ................................................................89 Accessing Switch Agents......................................................................................................90 Supported MIBs ..................................................................................................................90 Configuring SNMPv1/v2c Settings ........................................................................................90 Displaying SNMP Settings....................................................................................................91 SNMPv3.............................................................................................................................92 Message Processing.............................................................................................................93 SNMPv3 Security ................................................................................................................93 SNMPv3 MIB Access Control ...............................................................................................96 SNMPv3 Notification...........................................................................................................97

4


Contents Using the Simple Network Time Protocol...................................................................................100 Configuring and Using SNTP ..............................................................................................100 SNTP Example..................................................................................................................103

Chapter 3: Managing the ExtremeXOS Software............................................................................. 105Overview ................................................................................................................................105 Using the ExtremeXOS File System ...........................................................................................106 Moving or Renaming Files on the Switch .............................................................................107 Copying Files on the Switch ...............................................................................................108 Displaying Files on the Switch ............................................................................................109 Transferring Files to and from the Switch ............................................................................110 Deleting Files from the Switch............................................................................................112 Managing the Configuration File ...............................................................................................113 Managing ExtremeXOS Processes .............................................................................................115 Displaying Process Information...........................................................................................115 Stopping a Process............................................................................................................116 Starting a Process .............................................................................................................117 Understanding Memory Protection ............................................................................................118 Monitoring CPU Utilization.......................................................................................................119 Disabling CPU Monitoring ..................................................................................................119 Enabling CPU Monitoring ...................................................................................................119 Displaying CPU Utilization History ......................................................................................119

Chapter 4: Configuring Stacked Switches ..................................................................................... 123Overview ................................................................................................................................123 SummitStack Terms ..........................................................................................................124 SummitStack Compatible Switches.....................................................................................126 SummitStack Topologies....................................................................................................126 Stack Depth .....................................................................................................................130 Understanding SummitStack Configuration Parameters, Configuration Files, and Port Numbering ... 130 Understanding Stacking Link Overcommitment ....................................................................131 About SummitStack Logging Messages................................................................................131 About QoS in Stacking.......................................................................................................132 About Power Management and Power Over Ethernet on Stacking ...........................................133 About Stacking Node Roles, Redundancy, and Failover .........................................................134 About the Failsafe Account on SummitStack Nodes..............................................................135 Logging into a SummitStack ....................................................................................................135 Logging in Through the Console Port ...................................................................................136 Logging in from the Management Network ...........................................................................136 Logging Into a Node From Another Node .............................................................................136 Configuring a New Stack..........................................................................................................137 About Easy Setup..............................................................................................................138 Configuration Procedure.....................................................................................................138 Example: Deploying a New Stack ........................................................................................139 Converting a Standalone Node Deployment to a Stack ................................................................143 Configuration Tasks for SummitStack........................................................................................144 Enabling Summit X650 Stacking Ports................................................................................145 Enabling the Stack ............................................................................................................145 Verifying the Configuration .................................................................................................145


5

Contents Setting the Command Prompt.............................................................................................148 Configuring Slot Numbers ..................................................................................................149 Configuring Node Priority ...................................................................................................149 Assigning a MAC Address for the Stack ...............................................................................150 Configuring Master-Capability.............................................................................................152 Configuring an Alternate IP Address and Gateway.................................................................153 Configuring the Failsafe Account on a Stack ........................................................................156 Disabling Stacking ............................................................................................................156 Saving the Configuration ....................................................................................................156 Managing an Operating SummitStack........................................................................................156 Managing Licenses on a SummitStack ................................................................................157 Stacking LEDs ..................................................................................................................160 Viewing the Alternate IP Address ........................................................................................160 Viewing Stacking Port Statistics..........................................................................................162 Adding a Node to a Stack...................................................................................................162 Replacing a Node with the Same Switch Type......................................................................165 Replacing a Node with a Different Switch Type ....................................................................166 Merging Two Stacks ..........................................................................................................166 Upgrading ExtremeXOS on a Stack......................................................................................173 Dismantling a Stack ..........................................................................................................174 Removing a Node from a Stack...........................................................................................174 Rebooting a Stack .............................................................................................................175 Troubleshooting a Stack...........................................................................................................175 Managing a Dual Master Situation ......................................................................................176 Setting Traps for Stacking ..................................................................................................179 Connecting to a SummitStack with No Master......................................................................179 Rescuing a Stack That Has No Master-Capable Node............................................................180 FAQs on SummitStack.............................................................................................................182

Chapter 5: Configuring Slots and Ports on a Switch....................................................................... 183Overview ................................................................................................................................183 Details on I/O Ports ...........................................................................................................184 Disabling MSM-G8X I/O Ports...................................................................................................185 Configuring Ports on a Switch...................................................................................................186 Port Numbering ................................................................................................................187 Enabling and Disabling Switch Ports ...................................................................................188 Configuring Switch Port Speed and Duplex Setting ...............................................................188 WAN PHY OAM .................................................................................................................193 Configuring Switching ModeCut-through Switching............................................................195 Jumbo Frames ........................................................................................................................195 Guidelines for Jumbo Frames .............................................................................................196 Enabling Jumbo Frames per Port ........................................................................................196 Enabling Jumbo Frames.....................................................................................................197 Path MTU Discovery ..........................................................................................................198 IP Fragmentation with Jumbo Frames..................................................................................198 IP Fragmentation within a VLAN .........................................................................................199 Link Aggregation on the Switch ................................................................................................200 Link Aggregation Overview..................................................................................................200 Link Aggregation and Software-Controlled Redundant Ports...................................................201 Dynamic Versus Static Load Sharing ...................................................................................201 Load-Sharing Algorithms ....................................................................................................202

6


Contents LACP ...............................................................................................................................207 Health Check Link Aggregation ...........................................................................................210 Guidelines for Load Sharing ...............................................................................................211 Configuring Switch Load Sharing ........................................................................................213 Load-Sharing Examples .....................................................................................................216 Displaying Switch Load Sharing ..........................................................................................218 Mirroring ................................................................................................................................218 Guidelines for Mirroring .....................................................................................................219 Mirroring Rules and Restrictions .........................................................................................224 Mirroring Examples ...........................................................................................................225 Verifying the Mirroring Configuration ...................................................................................227 Remote Mirroring ....................................................................................................................227 Configuration Details .........................................................................................................228 Guidelines ........................................................................................................................229 Use of Remote Mirroring with Redundancy Protocols ............................................................230 Remote Mirroring with EAPS ..............................................................................................230 Extreme Discovery Protocol ......................................................................................................233 Software-Controlled Redundant Port and Smart Redundancy .......................................................234 Guidelines for Software-Controlled Redundant Ports and Port Groups .....................................235 Configuring Software-Controlled Redundant Ports.................................................................235 Verifying Software-Controlled Redundant Port Configurations.................................................236 Configuring Automatic Failover for Combination Ports.................................................................236 Displaying Port Configuration Information..................................................................................238

Chapter 6: Universal Port............................................................................................................. 239Overview ................................................................................................................................239 Profile Types.....................................................................................................................240 Dynamic Profile Trigger Types ............................................................................................242 How Device Detect Profiles Work ........................................................................................245 How User Authentication Profiles Work................................................................................245 Profile Configuration Guidelines..........................................................................................246 Collecting Information from Supplicants..............................................................................251 Supplicant Configuration Parameters ..................................................................................253 Universal Port Configuration Overview .................................................................................253 Using Universal Port in an LDAP or Active Directory Environment ..........................................255 Configuring Universal Port Profiles and Triggers .........................................................................255 Creating and Configuring New Profiles.................................................................................256 Editing an Existing Profile ..................................................................................................256 Configuring a Device Event Trigger......................................................................................257 Configuring a User Login or Logout Event Trigger .................................................................257 Configuring a Universal Port Timer......................................................................................257 Configuring a Timer Trigger ................................................................................................257 Creating an EMS Event Filter..............................................................................................258 Configuring an EMS Event Trigger.......................................................................................258 Enabling and Disabling an EMS Event Trigger ......................................................................258 Unconfiguring a User or Device Profile Trigger .....................................................................258 Unconfiguring a Timer .......................................................................................................258 Managing Profiles and Triggers.................................................................................................259 Manually Executing a Static or Dynamic Profile....................................................................259 Displaying a Profile ...........................................................................................................259 Displaying Timers..............................................................................................................259


7

Contents Displaying Universal Port Events.........................................................................................260 Displaying Profile History ...................................................................................................260 Verifying a Universal Port Profile.........................................................................................260 Handling Profile Execution Errors .......................................................................................260 Disabling and Enabling a Profile .........................................................................................261 Deleting a Profile ..............................................................................................................261 Deleting a Timer ...............................................................................................................261 Deleting an EMS Event Trigger ...........................................................................................261 Sample Universal Port Configurations........................................................................................261 Sample MAC Tracking Profile .............................................................................................262 Universal Port Handset Provisioning Module Profiles ............................................................267 Sample Static Profiles .......................................................................................................271 Sample Configuration with Device-Triggered Profiles.............................................................274 Sample Configuration with User-Triggered Profiles ...............................................................276 Sample Timer-Triggered Profile ..........................................................................................279 Sample Profile with QoS Support ........................................................................................280 Sample Event Profile .........................................................................................................280 Sample Configuration for Generic VoIP LLDP .......................................................................282 Sample Configuration for Generic VoIP 802.1x ....................................................................283 Sample Configuration for Avaya VoIP 802.1x .......................................................................284 Sample Configuration for a Video Camera ............................................................................286

Chapter 7: Using CLI Scripting ..................................................................................................... 289Overview ................................................................................................................................289 Setting Up Scripts...................................................................................................................289 Enabling and Disabling CLI Scripting ..................................................................................290 Creating Scripts ................................................................................................................290 Using Script Variables .......................................................................................................291 Using Special Characters in Scripts ....................................................................................292 Using Operators ................................................................................................................292 Using Control Structures in Scripts .....................................................................................293 Using Built-In Functions ....................................................................................................294 Controlling Script Configuration Persistence.........................................................................295 Saving, Retrieving, and Deleting Session Variables ...............................................................295 Executing Scripts ..............................................................................................................296 Configuring Error Handling .................................................................................................296 Displaying CLI Scripting Information.........................................................................................296 Viewing CLI Scripting Status ..............................................................................................297 Viewing CLI Scripting Variables ..........................................................................................298 Controlling CLI Script Output .............................................................................................298 CLI Scripting Examples ...........................................................................................................298

Chapter 8: LLDP .......................................................................................................................... 301Overview ................................................................................................................................301 LLDP Packets .........................................................................................................................303 Transmitting LLDP Messages ...................................................................................................304 Receiving LLDP Messages........................................................................................................305 Managing LLDP ......................................................................................................................305 Supported TLVs ......................................................................................................................306 Mandatory TLVs ................................................................................................................309 Optional TLVs ...................................................................................................................310

8


Contents Configuring LLDP....................................................................................................................315 Enabling and Disabling LLDP .............................................................................................315 Configuring the System Description TLV Advertisement.........................................................316 Configuring LLDP Timers ...................................................................................................316 Configuring SNMP for LLDP ...............................................................................................316 Configuring Optional TLV Advertisements ............................................................................317 Unconfiguring LLDP ..........................................................................................................321 Displaying LLDP Settings.........................................................................................................321 Displaying LLDP Port Configuration Information and Statistics ..............................................321 Displaying LLDP Information Detected from Neighboring Ports ..............................................321

Chapter 9: Ethernet OAM.............................................................................................................. 323CFM ......................................................................................................................................323 Overview...........................................................................................................................323 Ping and Traceroute ..........................................................................................................327 Supported Instances for CFM .............................................................................................328 Configuring CFM ...............................................................................................................328 Displaying CFM.................................................................................................................332 CFM Example ...................................................................................................................332 Y.1731Compliant Frame Delay and Delay Variance Measurement .............................................334 Frame Delay Measurement .................................................................................................335 Configuring a CFM Segment ...............................................................................................336 EFM OAMUnidirectional Link Fault Management ....................................................................337 Unidirectional Link Fault Management ................................................................................338 Configuring Unidirectional Link Fault Management...............................................................339

Chapter 10: PoE .......................................................................................................................... 341Overview ................................................................................................................................341 Extreme Networks PoE Devices.................................................................................................341 Summary of PoE Features ........................................................................................................343 Power Checking for PoE Module ...............................................................................................343 Power Delivery ........................................................................................................................343 Enabling PoE to the Switch ................................................................................................344 Power Reserve Budget .......................................................................................................344 PD Disconnect Precedence ................................................................................................345 Port Disconnect or Fault ....................................................................................................346 Port Power Reset...............................................................................................................347 PoE Usage Threshold.........................................................................................................347 Legacy Devices .................................................................................................................347 PoE Operator Limits ..........................................................................................................348 Configuring PoE ......................................................................................................................348 Enabling Inline Power........................................................................................................349 Reserving Power................................................................................................................349 Setting the Disconnect Precedence .....................................................................................350 Configuring the Usage Threshold ........................................................................................351 Configuring the Switch to Detect Legacy PDs .......................................................................352 Configuring the Operator Limit ...........................................................................................352 Configuring PoE Port Labels ...............................................................................................353 Power Cycling Connected PDs ............................................................................................353 Adding an S-PoE Daughter Card to an Existing Configuration.................................................353


9

Contents Displaying PoE Settings and Statistics ......................................................................................355 Clearing Statistics .............................................................................................................355 Displaying System Power Information..................................................................................355 Displaying Slot PoE Information on Modular Switches...........................................................356 Displaying PoE Status and Statistics on Stand-alone Switches...............................................357 Displaying Port PoE Information .........................................................................................357

Chapter 11: Status Monitoring and Statistics ................................................................................ 361Overview ................................................................................................................................361 Viewing Port Statistics .............................................................................................................361 Viewing Port Errors ..................................................................................................................362 Using the Port Monitoring Display Keys .....................................................................................364 Viewing VLAN Statistics...........................................................................................................364 Performing Switch Diagnostics .................................................................................................365 Running Diagnostics..........................................................................................................366 Observing LED Behavior During a Diagnostic Test.................................................................369 Displaying Diagnostic Test Results......................................................................................376 Using the System Health Checker .............................................................................................376 Understanding the System Health Checker ..........................................................................377 Enabling Diagnostic Packets on the SwitchModular Switches Only......................................378 Configuring Diagnostic Packets on the SwitchModular Switches Only ..................................379 Disabling Diagnostic Packets on the SwitchModular Switches Only .....................................379 Displaying the System Health Check SettingAll Platforms ..................................................379 System Health Check Examples: DiagnosticsModular Switches Only ...................................380 Setting the System Recovery Level............................................................................................382 Configuring Software Recovery............................................................................................383 Configuring Hardware RecoverySummitStack and Summit Family Switches Only..................383 Configuring Module RecoveryModular Switches Only .........................................................386 Using ELSM ...........................................................................................................................393 About ELSM .....................................................................................................................393 ELSM Hello Messages .......................................................................................................394 ELSM Port States..............................................................................................................394 Link States .......................................................................................................................395 ELSM Link States .............................................................................................................395 ELSM Timers ....................................................................................................................396 Configuring ELSM on a Switch ...........................................................................................397 Displaying ELSM Information .............................................................................................400 Using ELSM with Layer 2 Control Protocols .........................................................................402 ELSM Configuration Example .............................................................................................402 Viewing Fan Information ..........................................................................................................403 Viewing the System Temperature ..............................................................................................404 System Temperature Output ...............................................................................................404 Power Supply TemperatureModular Switches Only.............................................................405 Fan Tray TemperatureBlackDiamond 10808 and BlackDiamond 20808 Switches Only ........406 Using the Event Management System/Logging ...........................................................................406 Sending Event Messages to Log Targets...............................................................................407 Filtering Events Sent to Targets ..........................................................................................408 Displaying Real-Time Log Messages ....................................................................................416 Displaying Event Logs........................................................................................................416 Uploading Event Logs ........................................................................................................417

10


Contents Displaying Counts of Event Occurrences ..............................................................................417 Displaying Debug Information.............................................................................................418 Logging Configuration Changes...........................................................................................418 Using sFlow............................................................................................................................418 Sampling Mechanisms.......................................................................................................420 Configuring sFlow..............................................................................................................420 Additional sFlow Configuration Options ...............................................................................423 sFlow Configuration Example..............................................................................................424 Displaying sFlow Information..............................................................................................425 Using RMON ..........................................................................................................................425 About RMON ....................................................................................................................425 Supported RMON Groups of the Switch ...............................................................................426 Configuring RMON ............................................................................................................428 Event Actions ...................................................................................................................429 Displaying RMON Information ............................................................................................429 SMON..............................................................................................................................429

Chapter 12: VLANs ...................................................................................................................... 431Overview ................................................................................................................................431 Benefits ...........................................................................................................................431 Virtual Routers and VLANs .................................................................................................432 Types of VLANs.......................................................................................................................432 Port-Based VLANs .............................................................................................................433 Tagged VLANs ..................................................................................................................435 Protocol-Based VLANs .......................................................................................................437 Precedence of Tagged Packets Over Protocol Filters .............................................................439 Default VLAN....................................................................................................................439 VLAN Names ..........................................................................................................................439 Renaming a VLAN .............................................................................................................440 Configuring VLANs on the Switch .............................................................................................440 Creating and Configuring VLANs .........................................................................................441 Enabling and Disabling VLANs ...........................................................................................442 VLAN Configuration Examples ............................................................................................442 Displaying Protocol Information ..........................................................................................444 Private VLANs.........................................................................................................................444 PVLAN Overview ...............................................................................................................445 Configuring PVLANs ..........................................................................................................453 Displaying PVLAN Information............................................................................................457 PVLAN Configuration Example 1.........................................................................................458 PVLAN Configuration Example 2.........................................................................................460 VLAN Translation ....................................................................................................................463 VLAN Translation Behavior .................................................................................................464 VLAN Translation Limitations .............................................................................................465 Configuring Translation VLANs ...........................................................................................466 Displaying Translation VLAN Information .............................................................................466 VLAN Translation Configuration Examples ...........................................................................467

Chapter 13: vMAN, PBB, and PBB-TE............................................................................................ 473Overview ................................................................................................................................473 vMAN Configuration Options and Features ...........................................................................480


11

Contents Configuration ..........................................................................................................................487 Configuring vMANs............................................................................................................487 Configuring PBB Networks .................................................................................................490 Configuring vMAN Options .................................................................................................494 Displaying Information.............................................................................................................499 Displaying vMAN Information .............................................................................................499 Displaying PBB Network Information...................................................................................499 Configuration Examples ...........................................................................................................500 vMAN Example, Black Diamond 8810.................................................................................500 vMAN Example, Black Diamond 10808...............................................................................501 LAG Port Selection Example...............................................................................................502 Multiple vMAN Ethertype Example......................................................................................503 Tag Translation Example Using ACLs Only ...........................................................................504 1:N Flooding Examples ......................................................................................................505 PBB Network Example .......................................................................................................507 PBB-TE Example...............................................................................................................510

Chapter 14: Web-Based Device Management................................................................................ 513Overview ................................................................................................................................513 Setting Up ScreenPlay.............................................................................................................513 HTTP and HTTPS Setup ....................................................................................................514 Client Setup .....................................................................................................................514 Launching ScreenPlay .......................................................................................................515 ScreenPlay Dashboard .............................................................................................................516 ScreenPlay Common Functions...........................................................................................517 Dashboard Workspace........................................................................................................521 Configuration ..........................................................................................................................522 ConfigurationPorts .........................................................................................................522 ConfigurationVLANs .......................................................................................................526 ConfigurationStacking ....................................................................................................529 ConfigurationSNMP........................................................................................................531 ConfigurationDynamic ACLs ............................................................................................533 Statistics and Monitoring .........................................................................................................536 Statistics & MonitoringEvent Log .....................................................................................536 Statistics & MonitoringPorts............................................................................................537 Statistics & MonitoringQoS .............................................................................................540 Administration ........................................................................................................................540 AdministrationUser Accounts ..........................................................................................541 AdministrationUser Sessions ...........................................................................................545 AdministrationCLI Shell..................................................................................................546 Help ......................................................................................................................................547

Chapter 15: FDB .......................................................................................................................... 549Overview ................................................................................................................................549 FDB Contents ...................................................................................................................549 How FDB Entries Get Added...............................................................................................550 FDB Entry Types ...............................................................................................................550 Managing the FDB ..................................................................................................................552 Adding a Permanent Static Entry ........................................................................................552 Configuring the FDB Aging Time.........................................................................................552

12


Contents Clearing FDB Entries .........................................................................................................552 Managing Multiple Port FDB Entries ...................................................................................553 Supporting Remote Mirroring..............................................................................................553 Managing FDB MAC Address Tracking.................................................................................554 Displaying FDB Entries ............................................................................................................555 MAC-Based Security................................................................................................................556 Managing MAC Address Learning........................................................................................556 Managing Egress Flooding..................................................................................................557 Displaying Learning and Flooding Settings...........................................................................560 Creating Blackhole FDB Entries ..........................................................................................560 Multicast FDB with Multiport Entry ...........................................................................................561

Chapter 16: Virtual Routers.......................................................................................................... 563Overview ................................................................................................................................563 Types of Virtual Routers .....................................................................................................564 User Virtual Router Configuration Domain............................................................................565 Managing Virtual Routers .........................................................................................................566 Creating User Virtual Routers .............................................................................................566 Adding Routing Protocols to a Virtual Router........................................................................566 Configuring Ports to Use One or More Virtual Routers ...........................................................567 Displaying Ports and Protocols............................................................................................568 Configuring the Routing Protocols and VLANs ......................................................................568 Virtual Router Configuration Example ........................................................................................569

Chapter 17: Policy Manager ........................................................................................................ 571Overview ................................................................................................................................571 Creating and Editing Policies....................................................................................................571 Using the Edit Command ...................................................................................................572 Using a Separate Machine .................................................................................................572 Checking Policies ..............................................................................................................572 Refreshing Policies............................................................................................................573 Applying Policies ....................................................................................................................573 Applying ACL Policies........................................................................................................573 Applying Routing Policies ..................................................................................................574

Chapter 18: ACLs ........................................................................................................................ 575Overview ................................................................................................................................575 ACL Rule Syntax .....................................................................................................................576 Matching All Egress Packets...............................................................................................577 Comments and Descriptions in ACL Policy Files ...................................................................578 Types of Rule Entries.........................................................................................................579 Match Conditions ..............................................................................................................580 Actions.............................................................................................................................580 Action Modifiers................................................................................................................581 ACL Rule Syntax Details ....................................................................................................583 IPv6 ACL Address Masks ...................................................................................................589 vMAN ACLs ............................................................................................................................590 vMAN Match Conditions ....................................................................................................590 vMAN ACL Actions ............................................................................................................591


13

Contents vMAN ACL Action Modifiers ...............................................................................................592 vMAN ACL Examples .........................................................................................................593 Layer-2 Protocol Tunneling ACLs ..............................................................................................595 ACL Byte Counters ..................................................................................................................595 Dynamic ACLs ........................................................................................................................596 Creating the Dynamic ACL Rule ..........................................................................................597 Configuring the ACL Rule on the Interface ...........................................................................598 Configuring ACL Priority.....................................................................................................599 ACL Evaluation Precedence......................................................................................................603 BlackDiamond 10808, BlackDiamond 12800, and BlackDiamond 20808 Switches Only ........603 BlackDiamond 8800 Series Switches, SummitStack, and Summit Family Switches Only .........604 Applying ACL Policy Files ........................................................................................................606 Displaying and Clearing ACL Counters .................................................................................607 Example ACL Rule Entries .................................................................................................607 ACL Mechanisms ....................................................................................................................610 ACL Masks and Rules ........................................................................................................610 ACL Slices and Rules ........................................................................................................617 ACL CountersShared and Dedicated.................................................................................628 Policy-Based Routing ..............................................................................................................629 Layer 3 Policy-Based Redirect ............................................................................................629 Layer 2 Policy-Based Redirect ............................................................................................631 Policy-Based Redirection Redundancy.................................................................................633 ACL Troubleshooting ...............................................................................................................636 Unicast Reverse Path Forwarding with ACLs ..............................................................................637 uRPF Disabled on a Switch ................................................................................................637 uRPF Enabled on a Switch in Loose Mode ...........................................................................637 uRPF Enabled on a Switch in Strict Mode ...........................................................................638

Chapter 19: Routing Policies ....................................................................................................... 639Overview ................................................................................................................................639 Routing Policy File Syntax........................................................................................................639 Policy Match Type .............................................................................................................640 Policy Match Conditions ....................................................................................................641 Policy Action Statements ...................................................................................................643 Applying Routing Policies ........................................................................................................644 Policy Examples......................................................................................................................644 Translating an access profile to a policy ..............................................................................644 Translating a Route Map to a Policy ....................................................................................646

Chapter 20: QoS and HQoS .......................................................................................................... 649Overview ................................................................................................................................649 Applications and Types of QoS ...........................................................................................651 Traffic Groups...................................................................................................................653 Introduction to Rate Limiting, Rate Shaping, and Scheduling ................................................657 Meters .............................................................................................................................660 QoS Profiles .....................................................................................................................661 HQoS Traffic Queues .........................................................................................................665 Multicast Traffic Queues ....................................................................................................668 Egress Port Rate Limiting and Rate Shaping ........................................................................669

14


Contents Configuring QoS and HQoS ......................................................................................................669 Platform Configuration Procedures ......................................................................................669 Selecting the QoS Scheduling Method.................................................................................678 Configuring the HQoS Scheduling Method ...........................................................................679 Configuring Queue Priority Levels for Strict Priority HQoS .....................................................680 Configuring Ingress QoS Profiles on BlackDiamond 10808 Switches ......................................681 Configuring 802.1p or DSCP Replacement ..........................................................................681 Configuring Egress QoS Profile Rate Shaping .......................................................................685 Configuring Egress Port Rate Limits ....................................................................................686 Configuring Traffic Groups .................................................................................................688 Creating and Managing Meters ...........................................................................................692 Configuring Traffic Queues.................................................................................................693 Adjusting the Byte Count Used to Calculate Traffic Rates......................................................696 Controlling Flooding, Multicast, and Broadcast Traffic on VLAN Egress Ports ..........................696 Controlling Flooding, Multicast, and Broadcast Traffic on vMAN Egress Ports..........................697 Displaying QoS and HQoS Configuration and Performance ..........................................................698 Displaying Traffic Group Configuration Data.........................................................................698 Displaying HQoS Configuration Controls ..............................................................................699 Displaying the Rate-Limiting and Rate-Shaping Configuration................................................700 Displaying Performance Statistics .......................................................................................701 HQoS Examples ......................................................................................................................703

Chapter 21: Network Login .......................................................................................................... 717Overview ................................................................................................................................717 Web-Based, MAC-Based, and 802.1x Authentication............................................................718 Multiple Supplicant Support ..............................................................................................719 Campus and ISP Modes .....................................................................................................720 Network Login and Hitless Failover .....................................................................................720 Configuring Network Login .......................................................................................................722 Enabling or Disabling Network Login on the Switch ..............................................................722 Enabling or Disabling Network Login on a Specific Port ........................................................722 Configuring the Move Fail Action ........................................................................................722 Displaying Network Login Settings ......................................................................................723 Exclusions and Limitations.................................................................................................723 Authenticating Users ...............................................................................................................724 Local Database Authentication .................................................................................................724 802.1x Authentication.............................................................................................................728 Interoperability Requirements.............................................................................................728 Enabling and Disabling 802.1x Network Login .....................................................................729 802.1x Network Login Configuration Example......................................................................730 Configuring Guest VLANs ...................................................................................................731 Post-authentication VLAN Movement ..................................................................................734 802.1x Authentication and Network Access Protection .........................................................734 Web-Based Authentication .......................................................................................................738 Enabling and Disabling Web-Based Network Login ...............................................................738 Configuring the Base URL..................................................................................................738 Configuring the Redirect Page ............................................................................................739 Configuring Proxy Ports......................................................................................................739 Configuring Session Refresh ...............................................................................................739 Configuring Logout Privilege ...............................................................................................740 Configuring the Login Page ................................................................................................740


15

Contents Customizable Authentication Failure Response ....................................................................742 Customizable Graphical Image in Logout Popup Window .......................................................742 Web-Based Network Login Configuration Example ................................................................742 Web-Based Authentication User Login.................................................................................744 MAC-Based Authentication ......................................................................................................745 Enabling and Disabling MAC-Based Network Login ...............................................................746 Associating a MAC Address to a Specific Port ......................................................................747 Adding and Deleting MAC Addresses...................................................................................747 Displaying the MAC Address List ........................................................................................747 Configuring Reauthentication Period ...................................................................................748 Secure MAC Configuration Example ....................................................................................748 MAC-Based Network Login Configuration Example................................................................749 Additional Network Login Configuration Details ..........................................................................749 Configuring Network Login MAC-Based VLANs .....................................................................750 Configuring Dynamic VLANs for Network Login.....................................................................752 Configuring Network Login Port Restart ...............................................................................754 Authentication Failure and Services Unavailable Handling ....................................................755

Chapter 22: Security ................................................................................................................... 759Overview ................................................................................................................................759 Safe Defaults Mode .................................................................................................................761 MAC Security..........................................................................................................................761 Limiting Dynamic MAC Addresses.......................................................................................762 MAC Address Lockdown .....................................................................................................765 MAC Address Lockdown with Timeout .................................................................................765 DHCP Server ..........................................................................................................................770 Enabling and Disabling DHCP ............................................................................................770 Configuring the DHCP Server..............................................................................................770 Displaying DHCP Information .............................................................................................771 IP Security .............................................................................................................................771 DHCP Snooping and Trusted DHCP Server...........................................................................772 Source IP Lockdown ..........................................................................................................778 ARP Learning ...................................................................................................................780 Gratuitous ARP Protection..................................................................................................782 ARP Validation..................................................................................................................784 Denial of Service Protection .....................................................................................................785 Configuring Simulated Denial of Service Protection ..............................................................786 Configuring Denial of Service Protection ..............................................................................786 Protocol Anomaly Protection...............................................................................................787 Unicast Reverse Path Forwarding........................................................................................788 Authenticating Management Sessions Through the Local Database ..............................................793 Authenticating Management Sessions Through a TACACS+ Server ...............................................793 Configuring the TACACS+ Client for Authentication and Authorization ....................................794 Configuring the TACACS+ Client for Accounting ...................................................................796 Authenticating Management Sessions Through a RADIUS Server .................................................799 How Extreme Switches Work with RADIUS Servers ...............................................................799 Configuration Overview for Authenticating Management Sessions ...........................................801 Authenticating Network Login Users Through a RADIUS Server ...................................................801 How Network Login Authentication Differs from Management Session Authentication ..............802 Configuration Overview for Authenticating Network Login Users .............................................802

16


Contents Configuring the RADIUS Client .................................................................................................802 Configuring the RADIUS Client for Authentication and Authorization ......................................803 Configuring the RADIUS Client for Accounting .....................................................................804 RADIUS Server Configuration Guidelines ...................................................................................806 Configuring User Authentication (Users File)........................................................................806 Configuring the Dictionary File ...........................................................................................815 Configuring Command Authorization (RADIUS Profiles).........................................................816 Additional RADIUS Configuration Examples .........................................................................818 Implementation Notes for Specific RADIUS Servers..............................................................822 Setting Up Open LDAP ......................................................................................................824 Configuring a Windows XP Supplicant for 802.1x Authentication.................................................829 Hyptertext Transfer Protocol .....................................................................................................829 Secure Shell 2........................................................................................................................830 Enabling SSH2 for Inbound Switch Access ..........................................................................830 Viewing SSH2 Information .................................................................................................832 Using ACLs to Control SSH2 Access ...................................................................................833 Using SCP2 from an External SSH2 Client ..........................................................................835 Understanding the SSH2 Client Functions on the Switch ......................................................835 Using SFTP from an External SSH2 Client ...........................................................................836 Secure Socket Layer ................................................................................................................838 Enabling and Disabling SSL ...............................................................................................838 Creating Certificates and Private Keys .................................................................................839 Displaying SSL Information ...................................................................................

exosconcepts12_3_rev.02.book

Documents

extreme networks logo

extreme ethernet

extreme velocity

extreme turbodrive logo

extremexos logo

purple extreme solution

extremexos publications

blackdiamond logo