foundry bigiron rx series configuration guide -...

Foundry BigIron RX SeriesConfiguration Guide

2100 Gold Street

P.O. Box 649100

San Jose, CA 95164-9100Tel 408.586.1700

Fax 408.586.1900

November 2005

Copyright 2005 Foundry Networks, Inc. All rights reserved.

No part of this work may be reproduced in any form or by any means graphic, electronic or mechanical, including photocopying, recording, taping or storage in an information retrieval system without prior written permission of the copyright owner.

The trademarks, logos and service marks ("Marks") displayed herein are the property of Foundry or other third parties. You are not permitted to use these Marks without the prior written consent of Foundry or such appropriate third party.

Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, IronPoint, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of Foundry Networks, Inc. in the United States and other countries.

F-Secure is a trademark of F-Secure Corporation. All other trademarks mentioned in this document are the property of their respective owners.

Contents

CHAPTER 1ABOUT THIS GUIDE..................................................................................... 1-1INTRODUCTION ...........................................................................................................................................1-1AUDIENCE ..................................................................................................................................................1-1NOMENCLATURE .........................................................................................................................................1-1LIST OF PUBLICATIONS ................................................................................................................................1-2LIST OF SUPPORTED FEATURES ..................................................................................................................1-2

CHAPTER 2GETTING STARTED WITH THE COMMAND LINE INTERFACE ............................ 2-1

LOGGING ON THROUGH THE CLI ...........................................................................................................2-1ON-LINE HELP .....................................................................................................................................2-2COMMAND COMPLETION .......................................................................................................................2-2SCROLL CONTROL ................................................................................................................................2-2LINE EDITING COMMANDS .....................................................................................................................2-3EXEC COMMANDS ...............................................................................................................................2-3

USER LEVEL.................................................................................................................................. 2-3PRIVILEGED EXEC LEVEL.............................................................................................................. 2-4

GLOBAL LEVEL .....................................................................................................................................2-4CONFIG COMMANDS ..........................................................................................................................2-4

REDUNDANCY LEVEL ..................................................................................................................... 2-4INTERFACE LEVEL.......................................................................................................................... 2-4TRUNK LEVEL ................................................................................................................................ 2-4ROUTER RIP LEVEL....................................................................................................................... 2-5ROUTER OSPF LEVEL................................................................................................................... 2-5BGP LEVEL................................................................................................................................... 2-5GLOBAL BGP AND BGP4 UNICAST ADDRESS FAMILY LEVEL........................................................... 2-5BGP4 MULTICAST ADDRESS FAMILY LEVEL.................................................................................... 2-5ROUTER DVMRP LEVEL................................................................................................................ 2-5ROUTER PIM LEVEL ...................................................................................................................... 2-5ROUTE MAP LEVEL........................................................................................................................ 2-5ROUTER VRRP LEVEL................................................................................................................... 2-5

November 2005 2005 Foundry Networks, Inc. i

Foundry BigIron RX Series Configuration Guide

ROUTER VRRPE LEVEL ................................................................................................................ 2-5VLAN LEVEL................................................................................................................................. 2-5METRO RING LEVEL....................................................................................................................... 2-5VSRP LEVEL ................................................................................................................................ 2-6TOPOLOGY GROUP LEVEL.............................................................................................................. 2-6802.1X PORT SECURITY LEVEL ..................................................................................................... 2-6MAC PORT SECURITY LEVEL......................................................................................................... 2-6

ACCESSING THE CLI ............................................................................................................................2-6NAVIGATING AMONG COMMAND LEVELS ................................................................................................2-7CLI COMMAND STRUCTURE ..................................................................................................................2-7

REQUIRED OR OPTIONAL FIELDS .................................................................................................... 2-7OPTIONAL FIELDS .......................................................................................................................... 2-7LIST OF AVAILABLE OPTIONS.......................................................................................................... 2-8

SEARCHING AND FILTERING OUTPUT .....................................................................................................2-8SEARCHING AND FILTERING OUTPUT FROM SHOW COMMANDS ........................................................ 2-8SEARCHING AND FILTERING OUTPUT AT THE --MORE-- PROMPT.................................................... 2-10USING SPECIAL CHARACTERS IN REGULAR EXPRESSIONS............................................................. 2-11

SYNTAX SHORTCUTS ..........................................................................................................................2-13SAVING CONFIGURATION CHANGES ....................................................................................................2-13

CHAPTER 3SECURING ACCESS TO MANAGEMENT FUNCTIONS ....................................... 3-1SECURING ACCESS METHODS .....................................................................................................................3-2RESTRICTING REMOTE ACCESS TO MANAGEMENT FUNCTIONS .....................................................................3-4

USING ACLS TO RESTRICT REMOTE ACCESS .......................................................................................3-4USING AN ACL TO RESTRICT TELNET ACCESS ............................................................................... 3-4USING AN ACL TO RESTRICT SSH ACCESS .................................................................................. 3-5USING AN ACL TO RESTRICT WEB MANAGEMENT ACCESS ............................................................ 3-5USING ACLS TO RESTRICT SNMP ACCESS .................................................................................. 3-6CONFIGURING HARDWARE-BASED REMOTE ACCESS FILTERING ON THE BIGIRON RX ...................... 3-6

RESTRICTING REMOTE ACCESS TO THE DEVICE TO SPECIFIC IP ADDRESSES .........................................3-7RESTRICTING TELNET ACCESS TO A SPECIFIC IP ADDRESS ............................................................ 3-7RESTRICTING SSH ACCESS TO A SPECIFIC IP ADDRESS ................................................................ 3-7RESTRICTING WEB MANAGEMENT ACCESS TO A SPECIFIC IP ADDRESS .......................................... 3-7RESTRICTING SNMP ACCESS TO A SPECIFIC IP ADDRESS ............................................................. 3-7RESTRICTING ALL REMOTE MANAGEMENT ACCESS TO A SPECIFIC IP ADDRESS .............................. 3-7

SPECIFYING THE MAXIMUM NUMBER OF LOGIN ATTEMPTS FOR TELNET ACCESS ....................................3-8RESTRICTING REMOTE ACCESS TO THE DEVICE TO SPECIFIC VLAN IDS ...............................................3-8

RESTRICTING TELNET ACCESS TO A SPECIFIC VLAN...................................................................... 3-8RESTRICTING WEB MANAGEMENT ACCESS TO A SPECIFIC VLAN.................................................... 3-8RESTRICTING SNMP ACCESS TO A SPECIFIC VLAN....................................................................... 3-8RESTRICTING TFTP ACCESS TO A SPECIFIC VLAN ........................................................................ 3-9

DISABLING SPECIFIC ACCESS METHODS ...............................................................................................3-9DISABLING TELNET ACCESS ........................................................................................................... 3-9DISABLING WEB MANAGEMENT ACCESS ........................................................................................ 3-9DISABLING WEB MANAGEMENT ACCESS BY HP PROCURVE MANAGER............................................ 3-9DISABLING SNMP ACCESS .......................................................................................................... 3-10

SETTING PASSWORDS ..............................................................................................................................3-10SETTING A TELNET PASSWORD .........................................................................................................3-10

SUPPRESSING TELNET CONNECTION REJECTION MESSAGES ........................................................ 3-10

ii 2005 Foundry Networks, Inc. November 2005

Contents

SETTING PASSWORDS FOR MANAGEMENT PRIVILEGE LEVELS ..............................................................3-11AUGMENTING MANAGEMENT PRIVILEGE LEVELS ........................................................................... 3-11

RECOVERING FROM A LOST PASSWORD ..............................................................................................3-12DISPLAYING THE SNMP COMMUNITY STRING ......................................................................................3-13DISABLING PASSWORD ENCRYPTION ...................................................................................................3-13SPECIFYING A MINIMUM PASSWORD LENGTH ......................................................................................3-13

SETTING UP LOCAL USER ACCOUNTS .......................................................................................................3-13CONFIGURING A LOCAL USER ACCOUNT .............................................................................................3-14

NOTE ABOUT CHANGING LOCAL USER PASSWORDS ..................................................................... 3-15CONFIGURING SSL SECURITY FOR THE WEB MANAGEMENT INTERFACE .....................................................3-15

ENABLING THE SSL SERVER ON THE BIGIRON RX ..............................................................................3-15SPECIFYING A PORT FOR SSL COMMUNICATION ........................................................................... 3-15

IMPORTING DIGITAL CERTIFICATES AND RSA PRIVATE KEY FILES ........................................................3-16GENERATING AN SSL CERTIFICATE ....................................................................................................3-16

DELETING THE SSL CERTIFICATE................................................................................................. 3-16CONFIGURING TACACS/TACACS+ SECURITY .........................................................................................3-16

HOW TACACS+ DIFFERS FROM TACACS .........................................................................................3-17TACACS/TACACS+ AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING .......................................3-17

TACACS AUTHENTICATION ......................................................................................................... 3-17TACACS+ AUTHENTICATION ....................................................................................................... 3-17TACACS+ AUTHORIZATION ......................................................................................................... 3-18TACACS+ ACCOUNTING ............................................................................................................. 3-18AAA OPERATIONS FOR TACACS/TACACS+............................................................................... 3-19AAA SECURITY FOR COMMANDS PASTED INTO THE RUNNING CONFIGURATION ............................. 3-20

TACACS/TACACS+ CONFIGURATION CONSIDERATIONS ....................................................................3-20TACACS CONFIGURATION PROCEDURE....................................................................................... 3-20TACACS+ CONFIGURATION PROCEDURE .................................................................................... 3-20

IDENTIFYING THE TACACS/TACACS+ SERVERS ...............................................................................3-21SPECIFYING DIFFERENT SERVERS FOR INDIVIDUAL AAA FUNCTIONS ...................................................3-21SETTING OPTIONAL TACACS/TACACS+ PARAMETERS .....................................................................3-22

SETTING THE TACACS+ KEY ...................................................................................................... 3-22SETTING THE RETRANSMISSION LIMIT........................................................................................... 3-23SETTING THE DEAD TIME PARAMETER.......................................................................................... 3-23SETTING THE TIMEOUT PARAMETER ............................................................................................. 3-23

CONFIGURING AUTHENTICATION-METHOD LISTS FOR TACACS/TACACS+ .........................................3-23ENTERING PRIVILEGED EXEC MODE AFTER A TELNET OR SSH LOGIN ......................................... 3-24CONFIGURING ENABLE AUTHENTICATION TO PROMPT FOR PASSWORD ONLY................................. 3-24TELNET/SSH PROMPTS WHEN THE TACACS+ SERVER IS UNAVAILABLE...................................... 3-24

CONFIGURING TACACS+ AUTHORIZATION .........................................................................................3-24CONFIGURING EXEC AUTHORIZATION ........................................................................................... 3-24CONFIGURING COMMAND AUTHORIZATION .................................................................................... 3-26

CONFIGURING TACACS+ ACCOUNTING ..............................................................................................3-27CONFIGURING TACACS+ ACCOUNTING FOR TELNET/SSH (SHELL) ACCESS................................. 3-27CONFIGURING TACACS+ ACCOUNTING FOR CLI COMMANDS....................................................... 3-27CONFIGURING TACACS+ ACCOUNTING FOR SYSTEM EVENTS...................................................... 3-28

CONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TACACS/TACACS+ PACKETS ......................3-28DISPLAYING TACACS/TACACS+ STATISTICS AND CONFIGURATION INFORMATION ..............................3-29

CONFIGURING RADIUS SECURITY ............................................................................................................3-30RADIUS AUTHENTICATION, AUTHORIZATION, AND ACCOUNTING ..........................................................3-30

RADIUS AUTHENTICATION .......................................................................................................... 3-30

November 2005 2005 Foundry Networks, Inc. iii


RADIUS AUTHORIZATION ............................................................................................................ 3-31RADIUS ACCOUNTING ................................................................................................................ 3-31AAA OPERATIONS FOR RADIUS ................................................................................................. 3-32AAA SECURITY FOR COMMANDS PASTED INTO THE RUNNING CONFIGURATION .............................. 3-33

RADIUS CONFIGURATION CONSIDERATIONS ......................................................................................3-33RADIUS CONFIGURATION PROCEDURE ..............................................................................................3-33CONFIGURING FOUNDRY-SPECIFIC ATTRIBUTES ON THE RADIUS SERVER ..........................................3-34IDENTIFYING THE RADIUS SERVER TO THE BIGIRON RX ....................................................................3-35SPECIFYING DIFFERENT SERVERS FOR INDIVIDUAL AAA FUNCTIONS ...................................................3-35SETTING RADIUS PARAMETERS ........................................................................................................3-36

SETTING THE RADIUS KEY ......................................................................................................... 3-36SETTING THE RETRANSMISSION LIMIT........................................................................................... 3-36SETTING THE TIMEOUT PARAMETER ............................................................................................. 3-36

CONFIGURING AUTHENTICATION-METHOD LISTS FOR RADIUS ............................................................3-37ENTERING PRIVILEGED EXEC MODE AFTER A TELNET OR SSH LOGIN ......................................... 3-37CONFIGURING ENABLE AUTHENTICATION TO PROMPT FOR PASSWORD ONLY................................. 3-37

CONFIGURING RADIUS AUTHORIZATION .............................................................................................3-38CONFIGURING EXEC AUTHORIZATION ........................................................................................... 3-38CONFIGURING COMMAND AUTHORIZATION .................................................................................... 3-38COMMAND AUTHORIZATION AND ACCOUNTING FOR CONSOLE COMMANDS..................................... 3-39

CONFIGURING RADIUS ACCOUNTING .................................................................................................3-39CONFIGURING RADIUS ACCOUNTING FOR TELNET/SSH (SHELL) ACCESS .................................... 3-39CONFIGURING RADIUS ACCOUNTING FOR CLI COMMANDS.......................................................... 3-39CONFIGURING RADIUS ACCOUNTING FOR SYSTEM EVENTS......................................................... 3-40

CONFIGURING AN INTERFACE AS THE SOURCE FOR ALL RADIUS PACKETS .........................................3-40DISPLAYING RADIUS CONFIGURATION INFORMATION ..........................................................................3-41

CONFIGURING AUTHENTICATION-METHOD LISTS ........................................................................................3-42CONFIGURATION CONSIDERATIONS FOR AUTHENTICATION-METHOD LISTS ............................................3-43EXAMPLES OF AUTHENTICATION-METHOD LISTS ..................................................................................3-43

CHAPTER 4CONFIGURING BASIC PARAMETERS............................................................. 4-1ENTERING SYSTEM ADMINISTRATION INFORMATION .....................................................................................4-2CONFIGURING SIMPLE NETWORK MANAGEMENT (SNMP) TRAPS .................................................................4-2

SPECIFYING AN SNMP TRAP RECEIVER ...............................................................................................4-2SPECIFYING A SINGLE TRAP SOURCE ...................................................................................................4-3SETTING THE SNMP TRAP HOLDDOWN TIME ........................................................................................4-4DISABLING SNMP TRAPS .....................................................................................................................4-4DISABLING SYSLOG MESSAGES AND TRAPS FOR CLI ACCESS ...............................................................4-5

EXAMPLES OF SYSLOG MESSAGES FOR CLI ACCESS...................................................................... 4-5DISABLING THE SYSLOG MESSAGES AND TRAPS............................................................................. 4-5

CONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TELNET PACKETS ....................................................4-6CANCELLING AN OUTBOUND TELNET SESSION ......................................................................................4-6CONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TFTP PACKETS ................................................4-6

SPECIFYING A SIMPLE NETWORK TIME PROTOCOL (SNTP) SERVER ............................................................4-7SETTING THE SYSTEM CLOCK .....................................................................................................................4-9LIMITING BROADCAST, MULTICAST, OR UNKNOWN-UNICAST RATES ............................................................4-10

LIMITING BROADCASTS .......................................................................................................................4-10

iv 2005 Foundry Networks, Inc. November 2005

Contents

LIMITING MULTICASTS ........................................................................................................................4-10LIMITING UNKNOWN UNICASTS ...........................................................................................................4-10

CONFIGURING CLI BANNERS .....................................................................................................................4-11SETTING A MESSAGE OF THE DAY BANNER .........................................................................................4-11SETTING A PRIVILEGED EXEC CLI LEVEL BANNER .............................................................................4-12DISPLAYING A MESSAGE ON THE CONSOLE WHEN AN INCOMING TELNET SESSION IS DETECTED ..........4-12

CONFIGURING TERMINAL DISPLAY .............................................................................................................4-12CHECKING THE LENGTH OF TERMINAL DISPLAYS .................................................................................4-12

ENABLING OR DISABLING ROUTING PROTOCOLS ........................................................................................4-13DISPLAYING AND MODIFYING SYSTEM PARAMETER DEFAULT SETTINGS ......................................................4-13 ENABLING OR DISABLING LAYER 2 SWITCHING .......................................................................................4-16CHANGING THE MAC AGE TIME ................................................................................................................4-17CONFIGURING STATIC MAC ADDRESSES ..................................................................................................4-17CONFIGURING STATIC ARP ENTRIES .........................................................................................................4-18

CHAPTER 5CONFIGURING INTERFACE PARAMETERS...................................................... 5-1ASSIGNING A PORT NAME ...........................................................................................................................5-2ASSIGNING AN IP ADDRESS TO A PORT .......................................................................................................5-2MODIFYING PORT SPEED ............................................................................................................................5-2MODIFYING PORT MODE .............................................................................................................................5-3DISABLING OR RE-ENABLING A PORT ..........................................................................................................5-3CHANGING THE 802.3X GIGABIT NEGOTIATION MODE ..................................................................................5-3CHANGING THE DEFAULT GIGABIT NEGOTIATION MODE ...............................................................................5-4

CHANGING THE NEGOTIATION MODE .....................................................................................................5-4DISABLING OR RE-ENABLING FLOW CONTROL .............................................................................................5-5

SPECIFYING THRESHOLD VALUES FOR FLOW CONTROL .........................................................................5-5LOCKING A PORT TO RESTRICT ADDRESSES ................................................................................................5-5MODIFYING PORT PRIORITY (QOS) .............................................................................................................5-6ASSIGNING A MIRROR PORT AND MONITOR PORTS ......................................................................................5-6

CONFIGURATION GUIDELINES FOR MONITORING TRAFFIC ......................................................................5-6CONFIGURING PORT MIRRORING AND MONITORING ...............................................................................5-6

MONITORING AN INDIVIDUAL TRUNK PORT ...................................................................................................5-7MONITORING 802.3AD AGGREGATE LINKS ...................................................................................................5-8

CONFIGURING PORT MONITORING ON 802.3AD AGGREGATE LINKS ........................................................5-8CONFIGURING PORT MONITORING ON AN INDIVIDUAL PORT IN AN 802.3AD AGGREGATE LINK .................5-9

MIRROR PORTS FOR POLICY-BASED ROUTING (PBR) TRAFFIC ....................................................................5-9ABOUT HARDWARE-BASED PBR ...........................................................................................................5-9CONFIGURING MIRROR PORTS FOR PBR TRAFFIC ................................................................................5-9

DISPLAYING MIRROR AND MONITOR PORT CONFIGURATION .......................................................................5-10ENABLING WAN PHY MODE SUPPORT .....................................................................................................5-11

CHAPTER 6CONFIGURING TRUNK GROUPS ................................................................... 6-1TRUNK GROUP CONNECTIVITY TO A SERVER ...............................................................................................6-2TRUNK GROUP RULES ................................................................................................................................6-2

November 2005 2005 Foundry Networks, Inc. v


SPECIFYING A MINIMUM NUMBER OF PORTS FOR A TRUNK GROUP ..............................................................6-3TRUNK FORMATION RULES .........................................................................................................................6-3TRUNK GROUP LOAD SHARING ...................................................................................................................6-4CONFIGURING A TRUNK GROUP ..................................................................................................................6-5

NAMING A TRUNK PORT .......................................................................................................................6-5DISABLING OR RE-ENABLING A TRUNK PORT ........................................................................................6-5DISABLING OR RE-ENABLING A RANGE OR LIST OF TRUNK PORTS .........................................................6-6DELETING A TRUNK GROUP ..................................................................................................................6-6

DISPLAYING TRUNK GROUP CONFIGURATION INFORMATION .........................................................................6-7

CHAPTER 7DYNAMIC LINK AGGREGATION..................................................................... 7-1USAGE NOTES ............................................................................................................................................7-1CONFIGURATION RULES ..............................................................................................................................7-1

ADAPTATION TO TRUNK DISAPPEARANCE ..............................................................................................7-4ENABLING LINK AGGREGATION ....................................................................................................................7-5

USING THE DEFAULT KEY ASSIGNED BY THE SOFTWARE .......................................................................7-5ASSIGNING A UNIQUE KEY ....................................................................................................................7-5

CONFIGURING LINK AGGREGATION PARAMETERS .........................................................................................7-5CONFIGURING PORT PRIORITY ..............................................................................................................7-6CONFIGURING KEYS FOR PORTS ...........................................................................................................7-6

CONFIGURING KEYS FOR PORTS WITH LINK AGGREGATION DISABLED............................................. 7-8CONFIGURING KEYS FOR PORTS WITH LINK AGGREGATION ENABLED.............................................. 7-8

VIEWING KEYS FOR TAGGED PORTS .....................................................................................................7-9DISPLAYING AND DETERMINING THE STATUS OF AGGREGATE LINKS .............................................................7-9

DISPLAYING LINK AGGREGATION AND PORT STATUS INFORMATION ............................................... 7-10DISPLAYING TRUNK GROUP AND LACP STATUS INFORMATION...................................................... 7-12

CHAPTER 8CONFIGURING UNI-DIRECTIONAL LINK DETECTION (UDLD) ......................... 8-1CONFIGURATION CONSIDERATIONS ..............................................................................................................8-1CONFIGURING UDLD ..................................................................................................................................8-2

CHANGING THE KEEPALIVE INTERVAL ....................................................................................................8-2CHANGING THE KEEPALIVE RETRIES .....................................................................................................8-2

DISPLAYING UDLD INFORMATION ................................................................................................................8-2DISPLAYING INFORMATION FOR ALL PORTS ...........................................................................................8-2DISPLAYING INFORMATION FOR A SINGLE PORT ....................................................................................8-4

CLEARING UDLD STATISTICS .....................................................................................................................8-5

CHAPTER 9CONFIGURING VIRTUAL LANS (VLANS)...................................................... 9-1TYPES OF VLANS ......................................................................................................................................9-1DEFAULT VLAN ..........................................................................................................................................9-2

ASSIGNING A DIFFERENT VLAN ID TO THE DEFAULT VLAN ..................................................................9-3LAYER 2 PORT-BASED VLANS ....................................................................................................................9-3

IEEE 802.1Q TAGGING ........................................................................................................................9-4

vi 2005 Foundry Networks, Inc. November 2005

Contents

CONFIGURING A PORT-BASED VLAN ....................................................................................................9-6CONFIGURING UPLINK PORTS WITHIN A PORT-BASED VLAN .................................................................9-6MODIFYING A PORT-BASED VLAN ........................................................................................................9-7

REMOVING A PORT FROM A PORT-BASED VLAN ............................................................................ 9-7ASSIGNING OR CHANGING A PRIORITY TO A VLAN.......................................................................... 9-7

REMOVING A PORT-BASED VLAN .........................................................................................................9-7LAYER 3 PROTOCOL-BASED VLANS ...........................................................................................................9-7

STATIC AND EXCLUDED PORT MEMBERSHIP ..........................................................................................9-8ALL PORTS MUST BE EXPLICITLY DESIGNATED AS STATIC PORTS OR EXCLUDED FROM A VLAN. ........ 9-9STATIC PORTS............................................................................................................................... 9-9EXCLUDED PORTS ......................................................................................................................... 9-9

CONFIGURING PROTOCOL-BASED VLANS .............................................................................................9-9SPANNING TREE PROTOCOL (STP) IN VLANS .............................................................................................9-9TRUNK GROUP PORTS AND VLAN MEMBERSHIP .......................................................................................9-10

ASSIGNING TRUNK GROUP PORTS ......................................................................................................9-10SUMMARY OF VLAN CONFIGURATION RULES ............................................................................................9-10

VLAN HIERARCHY .............................................................................................................................9-10MULTIPLE VLAN MEMBERSHIP RULES ................................................................................................9-10CONFIGURATION CONSIDERATIONS .....................................................................................................9-11

CONFIGURATION EXAMPLES OF PORT-BASED AND PROTOCOL-BASED VLANS ............................................9-11CONFIGURING PORT-BASED VLANS ...................................................................................................9-11

CONFIGURING BIGIRON RX-A ...................................................................................................... 9-13CONFIGURING BIGIRON RX-B ...................................................................................................... 9-14CONFIGURING BIGIRON RX-C ...................................................................................................... 9-14

VIRTUAL ROUTING INTERFACES .................................................................................................................9-15INTEGRATED SWITCH ROUTING (ISR)........................................................................................... 9-16

ROUTING BETWEEN VLANS USING VIRTUAL ROUTING INTERFACES ...........................................................9-16ROUTING BETWEEN VLANS ...............................................................................................................9-16

VIRTUAL ROUTING INTERFACES.................................................................................................... 9-16BRIDGING AND ROUTING THE SAME PROTOCOL SIMULTANEOUSLY ON THE SAME DEVICE .............. 9-16ROUTING BETWEEN VLANS USING VIRTUAL ROUTING INTERFACES .............................................. 9-17CONFIGURING BIGIRON RX-A ...................................................................................................... 9-18CONFIGURING BIGIRON RX-B ...................................................................................................... 9-21CONFIGURING BIGIRON RX-C ...................................................................................................... 9-22

CONFIGURING VLAN GROUPS ..................................................................................................................9-23CONFIGURING A VLAN GROUP ...........................................................................................................9-23

DISPLAYING INFORMATION ABOUT VLAN GROUPS ........................................................................ 9-24DISPLAYING THE VLAN GROUP ..........................................................................................................9-24

CONFIGURING THE SAME IP SUBNET ADDRESS ON MULTIPLE PORT-BASED VLANS ...................................9-24ALLOCATING MEMORY FOR MORE VLANS OR VIRTUAL ROUTING INTERFACES ............................................9-27CONFIGURING SUPER AGGREGATED VLANS .............................................................................................9-28

CONFIGURING AGGREGATED VLANS ..................................................................................................9-30CONFIGURING AGGREGATED VLANS ON AN EDGE DEVICE ........................................................... 9-30CONFIGURING AGGREGATED VLANS ON A CORE DEVICE ............................................................. 9-31

COMPLETE CLI EXAMPLES .................................................................................................................9-31COMMANDS FOR DEVICE A .......................................................................................................... 9-31COMMANDS FOR DEVICE B .......................................................................................................... 9-32COMMANDS FOR DEVICE C .......................................................................................................... 9-32COMMANDS FOR DEVICE D .......................................................................................................... 9-32

November 2005 2005 Foundry Networks, Inc. vii


COMMANDS FOR DEVICE E .......................................................................................................... 9-33COMMANDS FOR DEVICE F........................................................................................................... 9-33

CONFIGURING 802.1Q-IN-Q TAGGING ........................................................................................................9-34CONFIGURATION RULES .....................................................................................................................9-35ENABLING 802.1Q-IN-Q TAGGING ......................................................................................................9-35EXAMPLE CONFIGURATION .................................................................................................................9-35

CONFIGURING 802.1Q TAG-TYPE TRANSLATION .........................................................................................9-36CONFIGURATION RULES .....................................................................................................................9-38ENABLING 802.1Q TAG-TYPE TRANSLATION ........................................................................................9-39

DUAL-MODE VLAN PORTS .......................................................................................................................9-40HARDWARE FLOODING FOR LAYER 2 MULTICAST AND BROADCAST PACKETS ..............................................9-42UNICAST FLOODING ON VLAN PORTS .......................................................................................................9-43DISPLAYING VLAN INFORMATION ..............................................................................................................9-43

DISPLAYING SYSTEM-WIDE VLAN INFORMATION .................................................................................9-43DISPLAYING VLAN INFORMATION FOR SPECIFIC PORTS ......................................................................9-44

CHAPTER 10CONFIGURING SPANNING TREE PROTOCOL ............................................... 10-1IEEE 802.1D SPANNING TREE PROTOCOL (STP) .....................................................................................10-1

ENABLING OR DISABLING STP ............................................................................................................10-1ENABLING OR DISABLING STP GLOBALLY..................................................................................... 10-2ENABLING OR DISABLING STP ON A VLAN................................................................................... 10-2ENABLING OR DISABLING STP ON A PORT.................................................................................... 10-2

DEFAULT STP BRIDGE AND PORT PARAMETERS .................................................................................10-2CHANGING STP BRIDGE PARAMETERS ...............................................................................................10-3CHANGING STP PORT PARAMETERS ..................................................................................................10-4DISPLAYING STP INFORMATION ..........................................................................................................10-4

DISPLAYING STP INFORMATION FOR AN ENTIRE DEVICE ............................................................... 10-5DISPLAYING DETAILED STP INFORMATION FOR EACH INTERFACE.................................................. 10-8

IEEE SINGLE SPANNING TREE (SSTP) ...................................................................................................10-10SSTP DEFAULTS .............................................................................................................................10-10ENABLING SSTP ..............................................................................................................................10-11DISPLAYING SSTP INFORMATION ......................................................................................................10-12

SUPERSPAN .......................................................................................................................................10-12CUSTOMER ID ..................................................................................................................................10-13BPDU FORWARDING ........................................................................................................................10-13PREFORWARDING STATE ..................................................................................................................10-13COMBINING SINGLE STP AND MULTIPLE SPANNING TREES ................................................................10-14

CUSTOMER AND SP USE MULTIPLE SPANNING TREES ................................................................ 10-15CUSTOMER USES MULTIPLE SPANNING TREES BUT SP USES SINGLE STP................................. 10-15CUSTOMER USES SINGLE STP BUT SP USES MULTIPLE SPANNING TREES................................. 10-16CUSTOMER AND SP USE SINGLE STP ....................................................................................... 10-17

CONFIGURING SUPERSPAN ..............................................................................................................10-18CONFIGURING A BOUNDARY INTERFACE ..................................................................................... 10-18ENABLING SUPERSPAN.............................................................................................................. 10-18

DISPLAYING SUPERSPAN INFORMATION ............................................................................................10-19PVST/PVST+ COMPATIBILITY ................................................................................................................10-20

OVERVIEW OF PVST AND PVST+ ....................................................................................................10-20

viii 2005 Foundry Networks, Inc. November 2005

Contents

VLAN TAGS AND DUAL MODE ..........................................................................................................10-20ENABLING PVST+ SUPPORT ............................................................................................................10-21

ENABLING PVST+ SUPPORT MANUALLY..................................................................................... 10-21DISPLAYING PVST+ SUPPORT INFORMATION ....................................................................................10-21CONFIGURATION EXAMPLES .............................................................................................................10-22

TAGGED PORT USING DEFAULT VLAN 1 AS ITS PORT NATIVE VLAN.......................................... 10-22UNTAGGED PORT USING VLAN 2 AS PORT NATIVE VLAN.......................................................... 10-23

CHAPTER 11CONFIGURING RAPID SPANNING TREE PROTOCOL ..................................... 11-1BRIDGES AND BRIDGE PORT ROLES ..........................................................................................................11-1

ASSIGNMENT OF PORT ROLES ............................................................................................................11-2PORTS ON SWITCH 1 ..........................................................................................................................11-3PORTS ON SWITCH 2 ..........................................................................................................................11-3PORTS ON SWITCH 3 ..........................................................................................................................11-3PORTS SWITCH 4 ...............................................................................................................................11-3

EDGE PORTS AND EDGE PORT ROLES ......................................................................................................11-3POINT-TO-POINT PORTS ...........................................................................................................................11-4BRIDGE PORT STATES ..............................................................................................................................11-5EDGE PORT AND NON-EDGE PORT STATES ...............................................................................................11-5CHANGES TO PORT ROLES AND STATES ...................................................................................................11-5STATE MACHINES .....................................................................................................................................11-6

HANDSHAKE MECHANISMS ..................................................................................................................11-7HANDSHAKE WHEN NO ROOT PORT IS ELECTED .......................................................................... 11-7HANDSHAKE WHEN A ROOT PORT HAS BEEN ELECTED .............................................................. 11-12

CONVERGENCE IN A SIMPLE TOPOLOGY ..................................................................................................11-17CONVERGENCE AT START UP ...........................................................................................................11-18CONVERGENCE AFTER A LINK FAILURE .............................................................................................11-21CONVERGENCE AT LINK RESTORATION .............................................................................................11-21

CONVERGENCE IN A COMPLEX RSTP TOPOLOGY ....................................................................................11-22PROPAGATION OF TOPOLOGY CHANGE .............................................................................................11-24

COMPATIBILITY OF RSTP WITH 802.1D ...................................................................................................11-27CONFIGURING RSTP PARAMETERS .........................................................................................................11-28

ENABLING OR DISABLING RSTP IN A PORT-BASED VLAN .................................................................11-28ENABLING OR DISABLING RSTP ON A SINGLE SPANNING TREE .........................................................11-28DISABLING OR ENABLING RSTP ON A PORT ......................................................................................11-29CHANGING RSTP BRIDGE PARAMETERS ...........................................................................................11-29CHANGING PORT PARAMETERS ........................................................................................................11-29

DISPLAYING RSTP INFORMATION ............................................................................................................11-31

CHAPTER 12METRO RING PROTOCOL (MRP) ............................................................... 12-1MRP RINGS WITHOUT SHARED INTERFACES (MRP PHASE 1) ...................................................................12-2MRP RINGS WITH SHARED INTERFACES (MRP PHASE 2) ..........................................................................12-3

SELECTION OF MASTER NODE ON SHARED INTERFACES ......................................................................12-4RING INITIALIZATION ..................................................................................................................................12-4

November 2005 2005 Foundry Networks, Inc. ix


HOW RING BREAKS ARE DETECTED AND HEALED ......................................................................................12-7MASTER VLANS AND CUSTOMER VLANS IN A TOPOLOGY GROUP .............................................................12-9CONFIGURING MRP ................................................................................................................................12-11

ADDING AN MRP RING TO A VLAN ..................................................................................................12-11CHANGING THE HELLO AND PREFORWARDING TIMES ........................................................................12-12

USING MRP DIAGNOSTICS ......................................................................................................................12-12ENABLING MRP DIAGNOSTICS ..........................................................................................................12-13DISPLAYING MRP DIAGNOSTICS .......................................................................................................12-13

DISPLAYING MRP INFORMATION .............................................................................................................12-14DISPLAYING TOPOLOGY GROUP INFORMATION ..................................................................................12-14DISPLAYING RING INFORMATION .......................................................................................................12-14

MRP CLI EXAMPLE ................................................................................................................................12-16COMMANDS ON SWITCH A (MASTER NODE) ......................................................................................12-16COMMANDS ON SWITCH B ................................................................................................................12-17COMMANDS ON SWITCH C ................................................................................................................12-17COMMANDS ON SWITCH D ................................................................................................................12-18

CHAPTER 13VIRTUAL SWITCH REDUNDANCY PROTOCOL (VSRP) ................................. 13-1

LAYER 2 REDUNDANCY ......................................................................................................................13-2MASTER ELECTION AND FAILOVER ......................................................................................................13-2

VSRP FAILOVER ......................................................................................................................... 13-2VSRP PRIORITY CALCULATION .................................................................................................... 13-2MAC ADDRESS FAILOVER ON VSRP-AWARE DEVICES ................................................................. 13-6

VSRP PARAMETERS ..........................................................................................................................13-7CONFIGURING BASIC VSRP PARAMETERS ..........................................................................................13-9CONFIGURING OPTIONAL VSRP PARAMETERS ..................................................................................13-10

DISABLING OR RE-ENABLING VSRP........................................................................................... 13-10CONFIGURING AUTHENTICATION................................................................................................. 13-10REMOVING A PORT FROM THE VRIDS VLAN ............................................................................. 13-10CONFIGURING A VRID IP ADDRESS ........................................................................................... 13-11CHANGING THE BACKUP PRIORITY ............................................................................................. 13-11SAVING THE TIMER VALUES RECEIVED FROM THE MASTER ......................................................... 13-11CHANGING THE TIME-TO-LIVE (TTL) .......................................................................................... 13-12CHANGING THE HELLO INTERVAL................................................................................................ 13-12CHANGING THE DEAD INTERVAL ................................................................................................. 13-12CHANGING THE BACKUP HELLO STATE AND INTERVAL ................................................................ 13-13CHANGING THE HOLD-DOWN INTERVAL ...................................................................................... 13-13CHANGING THE DEFAULT TRACK PRIORITY ................................................................................. 13-13SPECIFYING A TRACK PORT ....................................................................................................... 13-14DISABLING OR RE-ENABLING BACKUP PRE-EMPTION .................................................................. 13-14SUPPRESSING RIP ADVERTISEMENT FROM BACKUPS.................................................................. 13-14

DISPLAYING VSRP INFORMATION .....................................................................................................13-14DISPLAYING VRID INFORMATION................................................................................................ 13-15DISPLAYING THE ACTIVE INTERFACES FOR A VRID ..................................................................... 13-18

VSRP FAST START ..........................................................................................................................13-18SPECIAL CONSIDERATIONS WHEN CONFIGURING VSRP FAST START .......................................... 13-19RECOMMENDATIONS FOR CONFIGURING VSRP FAST START...................................................... 13-19CONFIGURING VSRP FAST START ............................................................................................. 13-19

x 2005 Foundry Networks, Inc. November 2005

Contents

DISPLAYING PORTS THAT HAVE VSRP FAST START FEATURE ENABLED ..................................... 13-20VSRP AND MRP SIGNALING ............................................................................................................13-20

CHAPTER 14TOPOLOGY GROUPS ................................................................................. 14-1MASTER VLAN AND MEMBER VLANS .......................................................................................................14-1MASTER VLANS AND CUSTOMER VLANS IN MRP ....................................................................................14-2CONTROL PORTS AND FREE PORTS ..........................................................................................................14-2CONFIGURATION CONSIDERATIONS ............................................................................................................14-2CONFIGURING A TOPOLOGY GROUP ..........................................................................................................14-2DISPLAYING TOPOLOGY GROUP INFORMATION ...........................................................................................14-3

DISPLAYING TOPOLOGY GROUP INFORMATION ....................................................................................14-3

CHAPTER 15CONFIGURING VRRP AND VRRPE ........................................................... 15-1OVERVIEW OF VRRP ................................................................................................................................15-1

STANDARD VRRP ..............................................................................................................................15-1MASTER ROUTER ELECTION ........................................................................................................ 15-3PRE-EMPTION .............................................................................................................................. 15-4VIRTUAL ROUTER MAC ADDRESS ................................................................................................ 15-4

FOUNDRYS ENHANCEMENTS OF VRRP ..............................................................................................15-4TRACK PORTS AND TRACK PRIORITY............................................................................................ 15-4SUPPRESSION OF RIP ADVERTISEMENTS FOR BACKED UP INTERFACES ........................................ 15-4AUTHENTICATION......................................................................................................................... 15-5FORCING A MASTER ROUTER TO ABDICATE TO A STANDBY ROUTER............................................. 15-5VRRP ALONGSIDE RIP, OSPF, AND BGP4 ................................................................................. 15-5

OVERVIEW OF VRRPE .............................................................................................................................15-5VRRP AND VRRPE PARAMETERS ............................................................................................................15-8CONFIGURING PARAMETERS SPECIFIC TO VRRP .....................................................................................15-10

CONFIGURING THE OWNER ...............................................................................................................15-10CONFIGURING A BACKUP ..................................................................................................................15-11CONFIGURATION RULES FOR VRRP .................................................................................................15-11

CONFIGURING PARAMETERS SPECIFIC TO VRRPE ..................................................................................15-11CONFIGURATION RULES FOR VRRPE ...............................................................................................15-12

CONFIGURING ADDITIONAL VRRP AND VRRPE PARAMETERS .................................................................15-12AUTHENTICATION TYPE ....................................................................................................................15-13SUPPRESSION OF RIP ADVERTISEMENTS ON BACKUP ROUTERS FOR THE BACKUP UP INTERFACE ......15-13HELLO INTERVAL ..............................................................................................................................15-13DEAD INTERVAL ...............................................................................................................................15-14BACKUP HELLO MESSAGE STATE AND INTERVAL ...............................................................................15-14TRACK PORT ...................................................................................................................................15-14TRACK PRIORITY ..............................................................................................................................15-15BACKUP PREEMPT ...........................................................................................................................15-15MASTER ROUTER ABDICATION AND REINSTATEMENT .........................................................................15-15

DISPLAYING VRRP AND VRRPE INFORMATION .......................................................................................15-16DISPLAYING SUMMARY INFORMATION ................................................................................................15-17DISPLAYING DETAILED INFORMATION ................................................................................................15-18

November 2005 2005 Foundry Networks, Inc. xi


DISPLAYING STATISTICS ...................................................................................................................15-21CLEARING VRRP OR VRRPE STATISTICS ........................................................................................15-22

CONFIGURATION EXAMPLES ....................................................................................................................15-22VRRP EXAMPLE ..............................................................................................................................15-23

CONFIGURING ROUTER1 ............................................................................................................ 15-23CONFIGURING ROUTER2 ............................................................................................................ 15-23

VRRPE EXAMPLE ............................................................................................................................15-24CONFIGURING ROUTER1 ............................................................................................................ 15-24CONFIGURING ROUTER2 ............................................................................................................ 15-24

CHAPTER 16CONFIGURING QUALITY OF SERVICE.......................................................... 16-1CLASSIFICATION .......................................................................................................................................16-1

PROCESSING OF CLASSIFIED TRAFFIC .................................................................................................16-2MARKING ..................................................................................................................................................16-4

CONFIGURING DSCP CLASSIFICATION BY INTERFACE ..........................................................................16-4CONFIGURING PORT, MAC, AND VLAN-BASED CLASSIFICATION ..........................................................16-5

ASSIGNING QOS PRIORITIES TO TRAFFIC ..................................................................................... 16-5CHANGING A PORTS PRIORITY .................................................................................................... 16-5CHANGING A LAYER 2 PORT-BASED VLANS PRIORITY................................................................. 16-5ASSIGNING STATIC MAC ADDRESS ENTRIES TO PRIORITY QUEUES .............................................. 16-6

CONFIGURING TOS-BASED QOS ...............................................................................................................16-6ENABLING TOS-BASED QOS ..............................................................................................................16-6SPECIFYING TRUST LEVEL ..................................................................................................................16-6ENABLING MARKING ...........................................................................................................................16-6

CONFIGURING THE QOS MAPPINGS ...........................................................................................................16-7CHANGING THE COS > DSCP MAPPINGS .........................................................................................16-7CHANGING THE DSCP > DSCP MAPPINGS ......................................................................................16-7CHANGING THE DSCP > INTERNAL FORWARDING PRIORITY MAPPINGS ..............................................16-8CHANGING THE COS > INTERNAL FORWARDING PRIORITY MAPPINGS ................................................16-8

DISPLAYING QOS CONFIGURATION INFORMATION ....................................................................................16-10DETERMINING PACKET DROP PRIORITY USING WRED ............................................................................16-11

HOW WRED OPERATES ..................................................................................................................16-12CALCULATING AVG-Q-SIZE ................................................................................................................16-12CALCULATING PACKETS THAT ARE DROPPED ...................................................................................16-13USING WRED WITH RATE LIMITING ..................................................................................................16-13

CONFIGURING PACKET DROP PRIORITY USING WRED ............................................................................16-13ENABLING WRED ............................................................................................................................16-13SETTING THE AVERAGING-WEIGHT (WQ) PARAMETER ........................................................................16-13CONFIGURING THE DROP PRECEDENCE PARAMETERS .......................................................................16-14

SETTING THE MAXIMUM DROP PROBABILITY ............................................................................... 16-14SETTING THE MINIMUM AND MAXIMUM AVERAGE QUEUE SIZE..................................................... 16-14SETTING THE MAXIMUM PACKET SIZE......................................................................................... 16-15

DISPLAYING THE WRED CONFIGURATION .........................................................................................16-15SCHEDULING TRAFFIC FOR FORWARDING ................................................................................................16-15

CONFIGURING TRAFFIC SCHEDULING ................................................................................................16-16CONFIGURING STRICT PRIORITY-BASED TRAFFIC SCHEDULING.................................................... 16-16CONFIGURING ENHANCED STRICT PRIORITY-BASED TRAFFIC SCHEDULING .................................. 16-16

xii 2005 Foundry Networks, Inc. November 2005

Contents

CALCULATING THE VALUES FOR WFQ SOURCE AND DESTINATION-BASED TRAFFIC SCHEDULING.. 16-17CONFIGURING WFQ DESTINATION-BASED TRAFFIC SCHEDULING................................................. 16-17CONFIGURING WFQ SOURCE-BASED TRAFFIC SCHEDULING........................................................ 16-17CONFIGURING MAXIMUM RATE-BASED TRAFFIC SCHEDULING ...................................................... 16-18CONFIGURING MINIMUM RATE-BASED TRAFFIC SCHEDULING ....................................................... 16-18DISPLAYING THE SCHEDULER CONFIGURATION ........................................................................... 16-19

CONFIGURING MULTICAST TRAFFIC ENGINEERING ...................................................................................16-19DISPLAYING THE MULTICAST TRAFFIC ENGINEERING CONFIGURATION ................................................16-20

CHAPTER 17CONFIGURING IP....................................................................................... 17-1THE IP PACKET FLOW ..............................................................................................................................17-1

ARP CACHE TABLE ............................................................................................................................17-3STATIC ARP TABLE ...........................................................................................................................17-3IP ROUTE TABLE ................................................................................................................................17-3IP FORWARDING CACHE .....................................................................................................................17-4

BASIC IP PARAMETERS AND DEFAULTS .....................................................................................................17-5WHEN PARAMETER CHANGES TAKE EFFECT .......................................................................................17-5IP GLOBAL PARAMETERS ...................................................................................................................17-5IP INTERFACE PARAMETERS ...............................................................................................................17-9

CONFIGURING IP PARAMETERS ...............................................................................................................17-10CONFIGURING IP ADDRESSES ..........................................................................................................17-10

ASSIGNING AN IP ADDRESS TO AN ETHERNET PORT................................................................... 17-11ASSIGNING AN IP ADDRESS TO A LOOPBACK INTERFACE............................................................. 17-11ASSIGNING AN IP ADDRESS TO A VIRTUAL INTERFACE ................................................................ 17-12DELETING AN IP ADDRESS ......................................................................................................... 17-12

CHANGING THE NETWORK MASK DISPLAY TO PREFIX FORMAT ..........................................................17-13CONFIGURING THE DEFAULT GATEWAY .............................................................................................17-13CONFIGURING DOMAIN NAME SERVER (DNS) RESOLVER ..................................................................17-13

DEFINING A DNS ENTRY............................................................................................................ 17-13USING A DNS NAME TO INITIATE A TRACE ROUTE ..................................................................... 17-14

CONFIGURING DHCP ASSIST ..................................................................................................................17-14HOW DHCP ASSIST WORKS...................................................................................................... 17-15CONFIGURING DHCP GATEWAY LIST ......................................................................................... 17-17

CONFIGURING PACKET PARAMETERS ................................................................................................17-18CHANGING THE ENCAPSULATION TYPE ....................................................................................... 17-18SETTING MAXIMUM FRAME SIZE PER PPCR .............................................................................. 17-18CHANGING THE MTU ................................................................................................................. 17-19

CHANGING THE ROUTER ID ..............................................................................................................17-21SPECIFYING A SINGLE SOURCE INTERFACE FOR TELNET, TACACS/TACACS+,

OR RADIUS PACKETS ...............................................................................................................17-21CONFIGURING ARP PARAMETERS ...........................................................................................................17-23

HOW ARP WORKS ...........................................................................................................................17-23RATE LIMITING ARP PACKETS ..........................................................................................................17-24CHANGING THE ARP AGING PERIOD .................................................................................................17-24

ENABLING PROXY ARP.............................................................................................................. 17-25CREATING STATIC ARP ENTRIES ............................................................................................... 17-25CHANGING THE MAXIMUM NUMBER OF ENTRIES THE STATIC ARP TABLE CAN HOLD................... 17-26

CONFIGURING FORWARDING PARAMETERS ..............................................................................................17-26

November 2005 2005 Foundry Networks, Inc. xiii


CHANGING THE TTL THRESHOLD ............................................................................................... 17-26ENABLING FORWARDING OF DIRECTED BROADCASTS.................................................................. 17-26DISABLING FORWARDING OF IP SOURCE-ROUTED PACKETS ....................................................... 17-27ENABLING SUPPORT FOR ZERO-BASED IP SUBNET BROADCASTS................................................ 17-27

DISABLING ICMP MESSAGES ...........................................................................................................17-28DISABLING ICMP REDIRECT MESSAGES ...........................................................................................17-29CONFIGURING STATIC ROUTES .........................................................................................................17-30

STATIC ROUTE TYPES ............................................................................................................... 17-30STATIC IP ROUTE PARAMETERS................................................................................................. 17-30MULTIPLE STATIC ROUTES TO THE SAME DESTINATION PROVIDE LOAD SHARING

AND REDUNDANCY.................................................................................................................................. 17-31STATIC ROUTE STATES FOLLOW PORT STATES.......................................................................... 17-31CONFIGURING A STATIC IP ROUTE ............................................................................................. 17-32CONFIGURING A NULL ROUTE.................................................................................................. 17-33CONFIGURING LOAD BALANCING AND REDUNDANCY USING MULTIPLE STATIC

ROUTES TO THE SAME DESTINATION....................................................................................................... 17-34CONFIGURING STANDARD STATIC IP ROUTES AND INTERFACE OR NULL STATIC

ROUTES TO THE SAME DESTINATION....................................................................................................... 17-34CONFIGURING A DEFAULT NETWORK ROUTE .....................................................................................17-36

CONFIGURING A DEFAULT NETWORK ROUTE .............................................................................. 17-37CONFIGURING IP LOAD SHARING ......................................................................................................17-38

HOW MULTIPLE EQUAL-COST PATHS ENTER THE IP ROUTE TABLE............................................. 17-38HOW IP LOAD SHARING WORKS ................................................................................................ 17-40CHANGING THE MAXIMUM NUMBER OF LOAD SHARING PATHS .................................................... 17-40RESPONSE TO PATH STATE CHANGES ....................................................................................... 17-40

CONFIGURING IRDP .........................................................................................................................17-40ENABLING IRDP GLOBALLY ....................................................................................................... 17-41ENABLING IRDP ON AN INDIVIDUAL PORT................................................................................... 17-41

CONFIGURING UDP BROADCAST AND IP HELPER PARAMETERS ........................................................17-42ENABLING FORWARDING FOR A UDP APPLICATION ..................................................................... 17-43CONFIGURING AN IP HELPER ADDRESS...................................................................................... 17-44

CONFIGURING BOOTP/DHCP FORWARDING PARAMETERS ................................................................17-44BOOTP/DHCP FORWARDING PARAMETERS................................................................................ 17-44CONFIGURING AN IP HELPER ADDRESS...................................................................................... 17-45CHANGING THE IP ADDRESS USED FOR STAMPING BOOTP/DHCP REQUESTS ............................ 17-45CHANGING THE MAXIMUM NUMBER OF HOPS TO A BOOTP RELAY SERVER ................................. 17-45

DISPLAYING IP INFORMATION ..................................................................................................................17-46DISPLAYING GLOBAL IP CONFIGURATION INFORMATION .............................................................. 17-46

DISPLAYING IP INTERFACE INFORMATION ..........................................................................................17-48DISPLAYING INTERFACE NAME IN SYSLOG .........................................................................................17-49DISPLAYING ARP ENTRIES ...............................................................................................................17-50

DISPLAYING THE ARP CACHE .................................................................................................... 17-50DISPLAYING THE STATIC ARP TABLE ......................................................................................... 17-51

DISPLAYING THE FORWARDING CACHE ..............................................................................................17-52DISPLAYING THE IP ROUTE TABLE ....................................................................................................17-54CLEARING IP ROUTES ......................................................................................................................17-56DISPLAYING IP TRAFFIC STATISTICS .................................................................................................17-57

xiv 2005 Foundry Networks, Inc. November 2005

Contents

CHAPTER 18CONFIGURING RATE LIMITING .................................................................. 18-1RATE LIMITING PARAMETERS AND ALGORITHM ...........................................................................................18-1

AVERAGE RATE ..................................................................................................................................18-1MAXIMUM BURST ...............................................................................................................................18-1

CONFIGURATION CONSIDERATIONS ............................................................................................................18-2CONFIGURING RATE LIMITING POLICIES ON THE BIGIRON RX .....................................................................18-2

CONFIGURING A PORT-BASED RATE LIMITING POLICY .........................................................................18-2CONFIGURING A PORT-AND-PRIORITY-BASED RATE LIMITING POLICY ...................................................18-3CONFIGURING A PORT-AND-VLAN-BASED RATE LIMITING POLICY .......................................................18-3CONFIGURING A VLAN-GROUP-BASED RATE LIMITING POLICY ............................................................18-3

CONFIGURATION CONSIDERATIONS FOR VLAN-GROUP-BASED RATE LIMITING POLICIES................ 18-4CONFIGURING A PORT-AND-ACL-BASED RATE LIMITING POLICY ..........................................................18-5

DROPPING TRAFFIC DENIED BY A RATE LIMITING ACL .................................................................. 18-5CONFIGURING A PORT-AND-IPV6 ACL-BASED RATE LIMITING POLICY .................................................18-5

DISPLAYING RATE LIMITING POLICIES ........................................................................................................18-6

CHAPTER 19LAYER 2 ACLS ........................................................................................ 19-1FILTERING BASED ON ETHERTYPE .............................................................................................................19-1CONFIGURATION RULES AND NOTES .........................................................................................................19-2CONFIGURING LAYER 2 ACLS ...................................................................................................................19-2

CREATING A LAYER 2 ACL TABLE ......................................................................................................19-2EXAMPLE LAYER 2 ACL CLAUSES ......................................................................................................19-3INSERTING AND DELETING LAYER 2 ACL CLAUSES .............................................................................19-4BINDING A LAYER 2 ACL TABLE TO AN INTERFACE ..............................................................................19-4INCREASING THE MAXIMUM NUMBER OF CLAUSES PER LAYER 2 ACL TABLE .......................................19-4

VIEWING LAYER 2 ACLS ...........................................................................................................................19-4EXAMPLE OF LAYER 2 ACL DENY BY MAC ADDRESS .........................................................................19-4

CHAPTER 20ACCESS CONTROL LIST ............................................................................ 20-1HOW THE BIGIRON RX PROCESSES ACLS ................................................................................................20-2

GENERAL CONFIGURATION GUIDELINES........................................................................................ 20-2DISABLING OR RE-ENABLING ACCESS CONTROL LISTS (ACLS) ..................................................................20-2DEFAULT ACL ACTION ..............................................................................................................................20-2TYPES OF IP ACLS ..................................................................................................................................20-2ACL IDS AND ENTRIES .............................................................................................................................20-3

ENABLING SUPPORT FOR ADDITIONAL ACL STATEMENTS ....................................................................20-3CONFIGURING NUMBERED AND NAMED ACLS ............................................................................................20-3

CONFIGURING STANDARD NUMBERED ACLS .......................................................................................20-4STANDARD ACL SYNTAX ............................................................................................................. 20-4

CONFIGURING EXTENDED NUMBERED ACLS .......................................................................................20-5EXTENDED ACL SYNTAX ............................................................................................................. 20-7

CONFIGURING STANDARD OR EXTENDED NAMED ACLS .....................................................................20-15DISPLAYING ACL DEFINITIONS ..........................................................................................................20-16

November 2005 2005 Foundry Networks, Inc. xv


DISPLAYING OF TCP/UDP NUMBERS IN ACLS ..................................................................................20-17MODIFYING ACLS ...................................................................................................................................20-17

ADDING OR DELETING A COMMENT ...................................................................................................20-19NUMBERED ACLS: ADDING A COMMENT..................................................................................... 20-19NUMBERED ACLS: DELETING A COMMENT.................................................................................. 20-19NAMED ACLS: ADDING A COMMENT TO A NEW ACL................................................................... 20-19NAMED ACLS: DELETING A COMMENT........................................................................................ 20-20

DELETING ACL ENTRIES ........................................................................................................................20-20FROM NUMBERED ACLS ..................................................................................................................20-21FROM NAMED ACLS ........................................................................................................................20

foundry bigiron rx series configuration guide -...

Documents