3Com 2200 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones 3Com 2200. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica 3Com 2200 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual 3Com 2200 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales 3Com 2200, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones 3Com 2200 debe contener:
- información acerca de las especificaciones técnicas del dispositivo 3Com 2200
- nombre de fabricante y año de fabricación del dispositivo 3Com 2200
- condiciones de uso, configuración y mantenimiento del dispositivo 3Com 2200
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de 3Com 2200 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de 3Com 2200 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico 3Com en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de 3Com 2200, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo 3Com 2200, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual 3Com 2200. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    ® S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION C ONSOLE U SER G UIDE Part No. 801-00310-000 Published September 1996 Revision 01[...]

  • Página 2

    3Com Corporation ■ 5400 Bayfront Plaza ■ Santa Clara, California ■ 95052-8145 © 3Com Corporation, 1996. All rights reser ved . No part of this documentation may be reproduced in any form or by an y means or used to make any derivative w ork (such as translation, transformation, or adaptation) without permission from 3Com Corporation. 3Com Co[...]

  • Página 3

    C ONTENTS A BOUT T HIS G UIDE Introduction 1 How to Use This Guide 2 Con ventions 3 Switch 2200 Documentation 4 Documentation Comments 5 P ART II NTRODUCTION 1 S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW About Switch 2200 Administration 1-1 Configuration T asks 1-1 2 H OW TO U SE THE A DMINISTRATION C ONSOLE Initial User Access 2-1[...]

  • Página 4

    Administration Console Int er face Parameters 2-10 Adjusting the Screen Height 2-10 Disabling the Reboot and Abort Keys 2-11 Remote Access P arameters 2-11 Prev enting Disconnec tions 2-11 Enabling Timeout of Remote Sessions 2-12 Setting Timeout Interval for Remote Sessions 2-13 Running Scripts of Administration Console T asks 2-13 Getting Help in [...]

  • Página 5

    Setting Up SNMP on Y our System 3-15 Displaying SNMP Settings 3-15 Configuring C ommunit y Strings 3-15 Administering SNMP Tr ap Repor ting 3-16 Displaying T rap Information 3-16 Configuring T rap Reporting 3-17 Removing T rap Destinations 3-18 Flushing Trap Destinations 3-19 Setting Up SMT Event P roxying 3-19 4 A DMINISTERING Y OUR S YSTEM E NV[...]

  • Página 6

    8 A DMINISTERING FDDI R ESOURCES Administering FDDI Stations 8-1 Displaying Station Information 8-2 Setting the Connection Policies 8-3 Setting Neighbor Notification Timer 8-5 Enabling and Disabling Status Repor ting 8-5 Administering FDDI P aths 8-6 Displaying P ath Information 8-6 Setting tvxLow erBound 8-7 Setting tmaxLow erBound 8-8 Setting ma[...]

  • Página 7

    Administering STP Bridge P arameters 10-7 Enabling and Disabling STP on a Bridge 10-7 Setting the Bridge Priority 10-7 Setting the Bridge Maximum Age 10-8 Setting the Bridge Hello Time 10-9 Setting the Bridge F or ward Delay 10-9 Setting the STP Group Addr ess 10-10 11 A DMINISTERING B RIDGE P ORTS Displaying Bridge P or t Information 11-1 Setting [...]

  • Página 8

    Loading P acket Filters 12-22 Assigning P acket Filters to P orts 12-22 Unassigning P ack et F ilters from Ports 12-24 13 C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Using Groups in P acket Filters 13-1 Listing Groups 13-2 Displaying Groups 13-3 Creating New Groups 13-4 Deleting Groups 13-6 Adding Addr esses and Ports to Gro[...]

  • Página 9

    B T ECHNICAL S UPPORT Online T echnical Services B-1 3Com Bulletin Board Service B-1 Access by Modem B-1 Access by ISDN B-2 W orld Wide W eb Site B-2 3ComF orum on CompuSer ve® B-2 3ComF ac tsSM Automated F ax Ser vice B-3 Support from Y our Network Supplier B-3 Suppor t from 3C om B-4 Returning Pr oduc ts for Repair B-4 I NDEX[...]

  • Página 10

    A BOUT T HIS G UIDE Introduction The SuperStack™ II Switch 2200 Administr ation Console User Guide provides all the information you need t o configure and manage your Switch 2200 once it is installed and the system is attached to the network. P rior to using this guide, you should ha ve already installed and set up your system using the SuperSta[...]

  • Página 11

    2 A BOUT T HIS G UIDE How to U se This Guide This guide is organiz ed by types of tasks you may need to perform on the Switch 2200. The par ts of the guide are described in T able 1. T able 1 Description of Guide Parts Part Contents I: Introduction Introducing Switch 2200 administration Learning about the various system configurations and the quick[...]

  • Página 12

    Conventions 3 C onv entions T able 2 and T able 3 list icon and text conventions that are used throughout this guide. IV: Bridging Configuring bridge and bridge port parameters Administering the Spanning Tree Protocol bridge and bridge port parameters Displaying and configuring bridge port addresses Creating and using packet filters Creating addres[...]

  • Página 13

    4 A BOUT T HIS G UIDE Swit ch 2200 Documentation T he following documents comprise the Switch 2200 documentation set. If you want to or der a document that you do not have or order additional documents, contact your sales representativ e for assistance. ■ SuperStack™ II Switch 2200 Unpacking Instructions Describes how to unpack your Swit ch 220[...]

  • Página 14

    Documentation Comments 5 ■ SuperStack™ II Switch 2200 Getting Star ted Describes all the procedures necessary for planning your configuration and for installing , cabling, pow ering up, and troubleshooting y our Switch 2200 system. (Shipped with system/P ar t No . 801-00309-000) ■ SuperStack™ II Switch 2200 Operation Guide Pr ovides inform[...]

  • Página 15

    I Chapter 1 Over view of SuperStack™ II Swit ch 2200 Administration Chapter 2 How to Use the Administration C onsole I NTRODUCTION[...]

  • Página 16

    1 S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW This chapter introduces y ou to SuperStack™ II Switch 2200 administration and briefly describes the system parameters that you can configure . About S witch 2200 Administr ation The Switch 2200 software is installed at the factor y in flash memory on the system processor . Because t[...]

  • Página 17

    1-2 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW T able 1-1 General System Commands Task Quick Command For Details, See. . . Run a script of commands to set up a system Write a script of Console commands with the values you assign so that you can quickly configure one or more systems. You can run the same script on a numb[...]

  • Página 18

    Configuration Tasks 1-3 Save, restore, or reset nonvolatile data in the system Provide a backup for nonvolatile data, restore nonvolatile data to the system, or reset nonvolatile data to defaults. system nvData page 6-2 Reboot the system Restart the system. Disconnects rlogin and telnet sessions. system reboot page 4-4 T able 1-2 System Management [...]

  • Página 19

    1-4 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW Configure SNMP management Display current SNMP configurations and specify the type of authorization for SNMP management. snmp display snmp community page 3-15 Configure SNMP trap reporting Display SNMP trap reporting information, add or modify trap reporting destination con[...]

  • Página 20

    Configuration Tasks 1-5 Configure Spanning Tree Protocol (STP) parameters for a bridge Enable or disable STP and set the bridge priority, the maximum age of stored configuration message information, the period between the generation of messages by a root bridge, the amount of time a bridge spends in the listening and learning states, and the group [...]

  • Página 21

    1-6 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW T able 1-4 Ethernet Commands Task Quick Command For Details, See. . . Display Ethernet port information Display label, status, and statistic information on Ethernet ports in a summarized or detailed format. ethernet summary ethernet detail page 7-1 Label an Ethernet port As[...]

  • Página 22

    Configuration Tasks 1-7 T able 1-5 FDDI Commands Task Quick Command For Details, See. . . Display FDDI information Display information about the system’s FDDI station, paths, MAC, and ports. MAC information is available in a summarized or detailed format. fddi station display fddi path display fddi mac summary fddi mac detail fddi port display pa[...]

  • Página 23

    2 H OW TO U SE THE A DMINISTRATION C ONSOLE This chapter familiariz es you with user access levels of the Superstack™ II Switch 2200 Administration C onsole and explains how to: ■ Move ar ound within the menu hierarchy to perform tasks ■ Set up the inter face parameters ■ Access online help ■ Use scripts for performing Administration Cons[...]

  • Página 24

    2-2 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Each time you access the Administration C onsole, the system prompts y ou for an access level and passw ord, as shown here: Select access level (read, write, administer): Password: The passwords ar e stored in nonvolatile (NV ) memory . Y ou must enter the password corr ec tly before y ou ar[...]

  • Página 25

    Using Menus to Perform Tasks 2-3 Read Acc ess Example If you have r ead access, the system menu contains only the display options shown here: Menu options: ------------------------------------------------------------------ display - Display the system configuration baseline - Administer statistics baseline Type ‘q’ to return to the previous men[...]

  • Página 26

    2-4 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Administr ation Console Menu Structure The follo wing sec tions show the menu paths for performing tasks from the top-level menu and pro vide a brief description of each top-level menu option. See “Selecting Menu Options” on page 2-8 for instructions on actually using the menu system. Th[...]

  • Página 27

    Using Menus to Perform Tasks 2-5 FDDI Menu F rom the fddi menu, you can view information about and configur e the FDDI station, paths, MAC, and ports. (See Figur e 2-3.) F or example, to enable the LL C ser vice of the FDDI MA C, you enter f ddi at the top-level menu, mac at the fddi menu , and then llcService at the mac menu. Figur e 2-3 FDDI Men[...]

  • Página 28

    2-6 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Figur e 2-4 Bridging Menu Hierarchy for A dminister Access IP Menu F rom the ip menu, you can view information about and configure Int ernet Pr otocol (IP) inter faces and rout es. Y ou can also administer the Address Resolution Pr otocol (ARP) and the Routing Information Pr otocol (RIP), a[...]

  • Página 29

    Using Menus to Perform Tasks 2-7 SNMP Menu F rom the snmp menu, you can configure SNMP community strings and trap reporting. (See F igure 2-6.) F or example, to flush all trap reporting destinations, you ent er snmp at the t op-level menu, trap at the snmp menu, and then flush at the trap menu. Figur e 2-6 SNMP Menu Hierarchy for A dminister Acc[...]

  • Página 30

    2-8 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Selec ting Menu Options Y ou selec t a menu option at the selection prompt by entering its name (or enough of the name to uniquely identify it within the particular menu). For example, to access the system menu from the top-level menu, you ent er : Select a menu option: system OR Select a me[...]

  • Página 31

    Using Menus to Perform Tasks 2-9 If you enter a command incorrectly , you receive a prompt telling you that what you entered was not v alid or was ambiguous. Y ou must re-enter the command from the point at which it became incorrect. Entering V alues When you reach the level at which y ou per form a specific task, y ou are prompted f or a value. T[...]

  • Página 32

    2-10 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Administr ation C onsole Inter face P arameters Y ou can change two Administration Console interface parameters: the screen height and the functioning of the reboot and abor t control keys. Adjusting the Screen Height Y ou can change the Administration Console ’ s screen height to increas[...]

  • Página 33

    Remote Access Parameters 2-11 Example: Do you want this to be the new default screen height? (y/n): y Disabling the Reboot and Abor t Keys As shipped , the Administration Console allows you t o use the [Ctrl + X] or [Ctrl + C] key combinations within the Administration Console. These key strokes allow you to r eboot the system [Ctrl + X] or restart[...]

  • Página 34

    2-12 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE T o ensure that your Administration Console session will not be pr e-empted by remote access , you can lock the Administration Console . Remote access is prohibited only f or that par ticular session. The Administr ation Console is always locked when y ou are in the middle of a command . F [...]

  • Página 35

    Running Scripts of Administration Console Tasks 2-13 Setting Timeout Interval for Remote Sessions Y ou can set the timeout inter v al for remote sessions to any v alue from 30 minutes to 60 minutes. B y default, the timeout interval is 30 minutes. T o set the telnet timeout inter v al: 1 F rom the top level of the Administration C onsole, enter: sy[...]

  • Página 36

    2-14 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE The task you scripted is run in the A dministration Console. The next example shows how you can script these tasks to initially configure your system: ■ Setting up the Console port baud rate ■ Setting the system name ■ Assigning an IP address f or management ■ Checking the IP conne[...]

  • Página 37

    Running Scripts of Administration Console Tasks 2-15 # This script performs some start-up configurations. # # Set the Console serial port baud rate. # system consoleSpeed 300 # Console port baud rate # # Set the system name # system name Engineering Switch2200_4 # # Assign an IP address to the Switch 2200. # ip interface define 158.101.112.99 # IP [...]

  • Página 38

    2-16 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Getting Help in the Administr ation C onsole If you need assistance when using the Administration C onsole, it has online Help and an outlining feature , both of which can be accessed from any menu level. These features are described in this section. Online Help The Administration Console o[...]

  • Página 39

    Exiting the Administration Console 2-17 Exiting the Administr ation C onsole If you are using an rlogin session t o access the system, exiting will terminate the session. If you are accessing the syst em through the Console serial port, exiting returns you t o the password prompt. T o exit from the Administration Console: 1 Return to the top level [...]

  • Página 40

    II Chapter 3 Configuring Management Access to the System Chapter 4 Administering Y our System En vironment Chapter 5 Baselining Statistics Chapter 6 Saving , Restoring, and Resetting Non volatile Data S YSTEM -L EVEL F UNCTIONS[...]

  • Página 41

    [...]

  • Página 42

    3 C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM This chapter describes how to configure management access to the SuperStack™ II Switch 2200 stackable switch through a serial connection or an IP inter face. It also describes how to configure the Swit ch 2200 so that you can manage it using the Simple Network Management Pr otocol (SNMP). About [...]

  • Página 43

    3-2 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM In-band or Out-of-band? By default, the Switch 2200 system pro vides in-band management through its Ethernet and FDDI ports. In-band management, management using the same network that carries regular data traffic, is often the most con venient and inexpensive way to access y our syste[...]

  • Página 44

    Setting Up an IP Interface for Management 3-3 Setting Up an IP Inter face for Management IP is a standard networking protocol used for communications among various networking devices. T o access the system using T CP/IP or to manage the system using SNMP , you must set up IP for y our system as described in this section. General Setup Pr ocess Y ou[...]

  • Página 45

    3-4 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM ■ Broadcast Addr ess The system uses the IP address when it br oadcasts pack ets to other stations on the same subnet. In particular , the system uses this address for sending RIP updates. By default, the system uses a directed broadcast (all 1 s in the host field). ■ Cost The sys[...]

  • Página 46

    Setting Up an IP Interface for Management 3-5 IP forwarding is enabled, RIP is active, ICMP router discovery is disabled. Index IP address Subnet mask Cost Ports 1 158.101.1.1 255.255.255.0 1 1 2 158.101.4.1 255.255.255.0 1 2 3 158.101.6.1 255.255.255.0 1 5 4 158.101.8.1 255.255.255.0 1 8 Defining an Inter face When you define an inter face , you[...]

  • Página 47

    3-6 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM 3 Enter the subnet mask of the network to which the inter face is to be connected. 4 Enter the broadcast address to be used on the interface. 5 Enter the cost value of the int er face. 6 Enter the port(s) that you want to include in the inter face . Separate nonconsecutive ports with c[...]

  • Página 48

    Setting Up an IP Interface for Management 3-7 Removing an Interface Y ou might want to remove an interface if you no longer need to communicate with IP on the ports associated with that inter face. T o remove an IP interface definition: 1 F rom the top level of the Administration C onsole, enter: ip interface remove 2 Enter the index numbers of th[...]

  • Página 49

    3-8 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM ■ Gateway IP Addr ess This address tells the r outer how to forward packets whose destination address matches the route ’ s IP address and subnet mask. The system forwards such packets to the indicated gateway . ■ Status The status of the route pr ovides the information described[...]

  • Página 50

    Setting Up an IP Interface for Management 3-9 Defining a S tatic Route Y ou might want to define a static route to transmit system traffic , such as system pings or SNMP response , through a consistent route . Before y ou define static routes, you must define at least one IP interface. (See “Defining an Inter face ” on page 3-5.) Static ro[...]

  • Página 51

    3-10 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Flushing a Route Flushing delet es all learned routes from the routing table . T o flush all learned routes, enter the follo wing from the top level of the Administration C onsole: ip route flush All learned routes are immediat ely deleted from the routing table. Setting the Default [...]

  • Página 52

    Setting Up an IP Interface for Management 3-11 Administering the ARP Cache The Switch 2200 uses the A ddress Resolution Prot ocol (ARP) to find the MAC addresses corr esponding to the IP addresses of hosts and routers on the same subnets. An ARP cache is a table of known IP addresses and their corresponding MAC addr esses. Displaying the ARP C ach[...]

  • Página 53

    3-12 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Flushing ARP C ache Entries Y ou might want to delete all entries from the ARP cache if the MAC address has changed. T o remove all entries from the ARP cache , enter the following command from the top level of the A dministration Console: ip arp flush The ARP cache entries are immedi[...]

  • Página 54

    Setting Up an IP Interface for Management 3-13 Pinging uses the Internet C ontrol Message Prot ocol (ICMP) echo facilit y to send an ICMP echo request packet to the IP station you specify . I t then waits for an ICMP echo reply packet. P ossible responses from pinging are: ■ Alive ■ No answer ■ Network is unreachable. A net work is unreachabl[...]

  • Página 55

    3-14 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Displaying IP Statistics The IP statistics y ou can view are described in T able 3-3. T o display IP statistics, enter the following fr om the top level of the Administration C onsole: ip statistics Statistics are display ed, as shown in this example: IP forwarding is enabled, RIP is [...]

  • Página 56

    Setting Up SNMP on Your System 3-15 Setting Up SNMP on Y our Sy stem T o manage the Switch 2200 from an external management application, you must configure SNMP community strings and set up trap repor ting as described in this section. Y ou can manage the Switch 2200 using an SNMP-based external management application. This application (an SNMP ma[...]

  • Página 57

    3-16 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM in the request matches the agent’ s read-write communit y . Only the SNMP get and get-next requests are valid if the community string in the request matches the read-only community . Community string length When you set a community string, you can specify an y value up to 48 charact[...]

  • Página 58

    Setting Up SNMP on Your System 3-17 Here is an example display of the SNMP trap reporting information: Trap Descriptions: Trap #Description 1 MIB II: Coldstart 2 MIB II: Authentication Failure 3 Bridge MIB: New Root 4 Bridge MIB: Topology Change 5 LANplex Systems MIB: System Overtemperature 10 LANplex Systems MIB: Address Threshold 12 LANplex Opt F[...]

  • Página 59

    3-18 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM 3 Enter the trap number(s). Separate a series of more than two trap numbers with a hyphen (-) and nonsequential trap numbers by commas. Enter all if you want to enable all the traps for the destination. The trap numbers y ou enter allow the trap specified by that number to be sent to[...]

  • Página 60

    Setting Up SNMP on Your System 3-19 Flushing T rap Destinations When flushing the SNMP trap reporting destinations, you remove all trap destination address information f or the SNMP agent. T o flush all SNMP trap repor ting destinations: 1 F rom the top level of the Administration C onsole, enter: snmp trap flush Y ou receive the following pr omp[...]

  • Página 61

    3-20 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM occurring locally on the one Switch 2200 and to those r epor ted b y other stations on the FDDI ring (including other Swit ch 2200s). ■ Enable local SNMP traps and disable the proxying of remote SMT events on every Switch 2200 in your network. Local traps will be r epor ted to the m[...]

  • Página 62

    4 A DMINISTERING Y OUR S YSTEM E NVIRONMENT This chapter f ocuses on the administration of your SuperStack™ II Switch 2200 system environment, which in volves: ■ Displaying the current system configuration ■ Setting system passwords ■ Setting the system name ■ Changing the system date and time ■ Rebooting Displa ying the Sy stem C on?[...]

  • Página 63

    4-2 C HAPTER 4: A DMINISTERING Y OUR S YSTEM E NVIRONMENT ■ System temperatur e has exceeded the maximum level for normal operation ■ F an failure ■ P ower supply failure Setting P asswords The A dministration Console suppor ts three levels of passwor d: one for browsing or viewing only (read), one for configuring network parameters (write),[...]

  • Página 64

    Setting the System Name 4-3 The administration console password has been successfully changed. 6 Repeat steps 1 through 5 f or each level of password you want to configure . Setting the Sy stem Name Y ou should give the Switch 2200 an easily recognizable and unique name to help you manage the system. F or example , you might want to name the syste[...]

  • Página 65

    4-4 C HAPTER 4: A DMINISTERING Y OUR S YSTEM E NVIRONMENT 4 Pr ess [Return] when you want the system to star t keeping the time that you entered. Example: Enter the new system time (mm/dd/yy hh:mm:ss xM): 09/30/96 10:00:00 AM Press RETURN at the exact time: Rebooting the Sys te m If your system is connected to the Administration C onsole through an[...]

  • Página 66

    5 B ASELINING S TATISTICS This chapter describes how baselining statistics w ork in the SuperStack™ II Switch 2200, and how to set, displa y , enable, or disable a baseline statistic. About Setting Baselines Normally , statistics for MACs and ports star t compiling at system pow er-up. Baselining allows you to view statistics o ver the period of [...]

  • Página 67

    5-2 C HAPTER 5: B ASELINING S TATISTICS Setting Baselines Setting a baseline resets the counters to zero . The accumulated totals since power up are maintained b y the system. The baseline is time-stamped. T o set a baseline, enter the following commands fr om the top level of the Administration C onsole: system baseline set A message similar to th[...]

  • Página 68

    6 S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA This chapter describes the non volatile (NV ) data in the SuperStack™ II Switch 2200 system and how to save , restore, and r eset the data. About W ork ing with Non volatile Data If you want to transfer NV data from one syst em to another , save the system ’ s NV data and restore it as [...]

  • Página 69

    6-2 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA Saving NV Da ta When NV data is sa ved, it is written t o a disk file on a host computer . The information can then be retriev ed from the disk file when you use the restore command . T o save NV data: 1 F rom the top level of the Administration C onsole, enter: system nvDat[...]

  • Página 70

    Restoring NV Data 6-3 The failure message v aries depending on the problem encountered while saving the NV data. At the end of the sav e, you are returned t o the previous menu. Restoring NV Data When you rest ore system NV data, the soft ware presents y ou with a proposal for how t o restore the data. This pr oposal is based on the restoration rul[...]

  • Página 71

    6-4 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA T o restore the NV data: 1 F rom the top level of the Administration C onsole, enter: system nvData restore Y ou are prompted for inf ormation for restoring the NV data sav ed to a file. Pr ess [Return] at a prompt to use the value specified in brackets. Any entry for IP add[...]

  • Página 72

    Examining a Saved NV Data File 6-5 Examining a Sav ed NV Data F ile After saving NV data to a file , you can examine the header information of that file. T o examine the file: 1 F rom the top level of the Administration C onsole, enter: system nvData examine Y ou are prompted for inf ormation for examining a saved NV data file. Press [Return] a[...]

  • Página 73

    6-6 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA Resetting NV Data to Defaults At times you may not want to r estore the system NV data. Instead , you may want to reset the v alues to the fac tor y defaults so that you can start configuring the system from the original settings. CAUTION: Resetting the NV data means that all[...]

  • Página 74

    III Chapter 7 Administering Ethernet P orts Chapter 8 Administering FDDI Resour ces Chapter 9 Setting Up the System f or Roving Analysis E THERNET AND FDDI P ARAMETERS[...]

  • Página 75

    [...]

  • Página 76

    7 A DMINISTERING E THERNET P ORTS This chapter describes how to: ■ View Ethernet por t inf ormation ■ Configure E thernet por t labels ■ Enable or disable an Ethernet port Displa ying Ethernet P or t Information Y ou can display either a summar y of Ethernet port information or a detailed report. When you display a summar y of Ethernet port [...]

  • Página 77

    7-2 C HAPTER 7: A DMINISTERING E THERNET P ORTS port rxFrames rxBytes rxFrameRate rxByteRate 1 406430 36336795 0 0 12 242400 29275605 0 0 port rxPeakByteRate rxPeakFrameRate noRxBuffers alignmentErrs 1 90484 163 0 0 12 58438 394 0 0 port fcsErrs lengthErrs rxInternalErrs rxDiscards 1 0 0 0 0 12 0 0 0 0 port rxUnicasts rxMulticasts txFrames txBytes [...]

  • Página 78

    Displaying Ethernet Port Information 7-3 An example of a summar y display for E thernet por ts is shown here: T able 7-1 describes the information pro vided about an Ethernet por t. port portLabel portState 1 Office113_SPARCstation5 on-line 12 Office322_Quadra900 on-line port rxFrames txFrames rxBytes txBytes 1 406876 1423733 36377226 234900612 12 [...]

  • Página 79

    7-4 C HAPTER 7: A DMINISTERING E THERNET P ORTS portLabel 32-character string containing a user-defined name. The maximum length of the string is 32 characters, including the null terminator. portState Current software operational state of this port. Possible values are on-line and off-line. portType Specific description of this port’s type. requ[...]

  • Página 80

    Displaying Ethernet Port Information 7-5 txFrameRate Average number of frames transmitted per second by this port during the most recent sampling period. Sampling periods are 1 second long and are not configurable. txFrames The number of frames transmitted by this port txInternalErrs Number of frames discarded because of an internal error during tr[...]

  • Página 81

    7-6 C HAPTER 7: A DMINISTERING E THERNET P ORTS Fr ame Processing and Ethernet Statistics All frames on the Ethernet network are received promiscuously b y an Ethernet port. However , frames may be discarded for the follo wing reasons: ■ There is no buff er space available. ■ The frame is in error . F igure 7-1 shows the order in which these di[...]

  • Página 82

    Displaying Ethernet Port Information 7-7 F rames are delivered to an Ethernet port by bridge and management applications. How ever , a frame may be discarded f or the following reasons: ■ The Ethernet port is disabled. ■ There is no room on the transmit queue . ■ An error occurred during frame transmission. F igure 7-2 shows the order in whic[...]

  • Página 83

    7-8 C HAPTER 7: A DMINISTERING E THERNET P ORTS Labeling a P or t P or t labels serve as useful reference points and as an accurate means of identifying your ports for management. Y ou may want to label your Ethernet ports so that you can easily identify the device specifically attached to each port (for example, LAN, workstation, or ser ver). T o[...]

  • Página 84

    8 A DMINISTERING FDDI R ESOURCES This chapter describes how to displa y information about and configure the SuperStack™ II Switch 2200 system and its: ■ FDDI station ■ FDDI paths ■ Media Access Control (MA C) ■ FDDI por ts This chapter , which covers adv anced FDDI topics, is intended for users familiar with the FDDI MIB. Under normal op[...]

  • Página 85

    8-2 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Displaying S tation Information When you displa y FDDI station information, you receive inf ormation about the station, including its configuration, status repor ting, and the most per tinent statistics about general station activity and errors. 1 Enter the following fr om the top level of the Adminis[...]

  • Página 86

    Administering FDDI Stations 8-3 Setting the Connection P olicies The connectP olicy attribute is a bit string representing the connection policies in effect on a station. A connection ’ s typ e is defined by the types of the two por ts inv olved (A, B, M, or S) in the connection. Y ou can set the corresponding bit for each of the connection type[...]

  • Página 87

    8-4 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T o set the connec tion policies of an FDDI station: 1 F rom the top level of the Administration C onsole, enter: fddi station connectPolicy Y ou are prompted for a station. The Switch 2200 has one station, which appears in brackets. 2 Pr ess Return. 3 Enter the value of the connection policy for that [...]

  • Página 88

    Administering FDDI Stations 8-5 Setting Neighbor Notification Timer The T-notify attribute is a timer used in the Neighbor Notification pr otocol to indicate the interval of time between the generation of Neighbor Information F rames (NIF). NIF frames allow stations to discov er their upstream and downstream neighbors . The T-notify value has a r[...]

  • Página 89

    8-6 C HAPTER 8: A DMINISTERING FDDI R ESOURCES 2 Pr ess [Return]. 3 Enter the new statusReporting value ( enabled or disabled ). See the following example: Select station [1]: Station 1 - Enter new value (disabled,enabled) [enabled]: disabled Administ ering FDDI P aths FDDI’ s dual, counter-rotating ring consists of a primar y ring and a secondar[...]

  • Página 90

    Administering FDDI Paths 8-7 3 Enter the path ( p = primar y , s = secondar y). See the following example of path information: T able 8-3 describes these statistics. Setting tvxLow erBound The t vxLow erBound attribute specifies the minimum time value of fddiMAC TvxV alue that will be used by any MAC that is configur ed onto this path. A MAC uses[...]

  • Página 91

    8-8 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T o set tvxLowerBound: 1 F rom the top level of the Administration C onsole, enter: fddi path tvxLowerBound Y ou are prompted for a station, path, and value . The Switch 2200 has one station, which appears in brackets. 2 Pr ess [Return]. 3 Enter the path ( p = primar y , s = secondar y). 4 Enter the ne[...]

  • Página 92

    Administering FDDI MACs 8-9 Setting maxT-Req The maxT-Req attribute specifies the maximum time v alue of fddiMACT-Req that will be used by any MA C that is configured onto this path. T-Req is the value that a MA C bids during the claim process to determine a ring’ s operational token rotation time, T_Opr . The lowest T-Req bid on the ring becom[...]

  • Página 93

    8-10 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Displaying MA C Information FDDI MAC inf ormation can be viewed in a summar y or in detail. When y ou display a summary of various FDDI MAC statistics , you receive information about the MAC, including received and transmitt ed frames and received and transmitted bytes. The detailed display includes t[...]

  • Página 94

    Administering FDDI MACs 8-11 The follo wing example shows the detail display of FDDI MAC information: rxFrames rxBytes rxFrameRate rxByteRate 103666 23089968 36 7582 rxPeakFrameRate rxPeakByteRate lostCount lateCount 48 10308 0 0 notCopiedCount notCopiedThresh notCopiedRatio notCopiedCond 0 6550 0 inactive errorCount frameErrThresh frameErrorRatio [...]

  • Página 95

    8-12 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T able 8-4 describes the information provided f or the FDDI MAC. T able 8-4 Description of Fields for FDDI MA C Attributes Field Description currentPath Path on which this MAC is currently located (primary or secondary) downstream MAC address of this MAC’s downstream neighbor downstreamType Indicate[...]

  • Página 96

    Administering FDDI MACs 8-13 oldDownstream Previous value of the MAC address of this MAC’s downstream neighbor oldUpstream Previous value of the MAC address of this MAC’s upstream neighbor ringOpCount Number of times that this MAC has entered the operational state from the nonoperational state rmtState State of the ring management as defined in[...]

  • Página 97

    8-14 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Fr ame Processing and FDDI MAC Statistics All frames on the FDDI network are receiv ed promiscuously by an FDDI MAC. How ever , a frame might be discarded f or the following reasons: ■ There is no buff er space available. ■ The frame is in error . tvxCapab Maximum time value of the valid transmiss[...]

  • Página 98

    Administering FDDI MACs 8-15 ■ LL C ser vice is disabled. ■ This is an NSA F rame and the A-bit is set. F igure 8-1 shows the order in which these discard t ests are made. Figur e 8-1 How Frame P rocessing Affects FDDI MAC Receive F rame Statistics F rames are delivered to an FDDI MAC b y bridges and management applications. How ever , a frame [...]

  • Página 99

    8-16 C HAPTER 8: A DMINISTERING FDDI R ESOURCES F igure 8-2 shows the order in which the discard t ests are made. Figur e 8-2 How Frame P rocessing Affects FDDI MAC T ransmit F rame Statistics Setting the Fr ame Error Thr eshold The Fr ameErrorThreshold attribute determines when a MAC condition report is generated because too many frame err ors hav[...]

  • Página 100

    Administering FDDI MACs 8-17 See the following example: Select MAC [1]: MAC 1 - Enter new value [655]: Setting the Not Copied T hreshold The NotC opiedThreshold attribute determines when a MAC condition report is generated because too many frames could not be copied . Not-copied frames occur when there is no buffer space a vailable in the station ([...]

  • Página 101

    8-18 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Enabling and Disabling LL C Ser vice The L ogical Link Control (LL C) ser vice allows LL C frames to be sent and received on the MA C. LL C frames are all data frames transmitted on the network. If there is something wrong on your network, y ou may want to turn off data (user) traffic for a MAC b y d[...]

  • Página 102

    Administering FDDI Ports 8-19 Administ ering FDDI P or ts Within an FDDI station, the PHY and PMD entities mak e up a port. A por t (consisting of the PHY/PMD pair that connects to the fiber media) is located at both ends of a physical connection and determines the characteristics of that connection. Each FDDI por t is one of f our t ypes: A, B, M[...]

  • Página 103

    8-20 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T able 8-5 describes the type of information provided f or an FDDI por t. Setting lerAlarm The lerAlarm attribute is the link error rate (LER) v alue at which a link connection generates an alarm. If the LER value is greater than the alarm setting, then SMT sends a Status Report Frame (SRF) t o the ne[...]

  • Página 104

    Administering FDDI Ports 8-21 values so that y ou are only receiving alarms if your network is in poor health. The SMT Standard r ecommended value is 8. The lerAlarm value must be higher than the lerCutoff v alue so that the network manager will be aler t ed to a problem before the PHY (port) is actually remov ed from the network. T o set lerAlarm [...]

  • Página 105

    8-22 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T o set the lerCutoff : 1 F rom the top level of the Administration C onsole, enter: fddi port lerCutoff Y ou are prompted for a port number and an estimated link error rate value at which the link connection will be broken. 2 Enter the por t number . 3 Enter the estimated link error rate v alue. V al[...]

  • Página 106

    Administering FDDI Ports 8-23 Setting the Po r t Pa t hs In the Switch 2200 you can assign the A and B ports to either the primar y or the secondar y path. T o assign por ts to paths: 1 F rom the top level of the Administration C onsole, enter: fddi port path Y ou are prompted for a port. 2 Enter the port(s) you want to configure. 3 Select the DAS[...]

  • Página 107

    9 S ETTING U P THE S YSTEM FOR R OVING A NALYSIS This chapter describes how to set up the SuperStack™ II S witch 2200 system for ro ving analysis. With roving analysis, y ou can monitor Ethernet por t activity either locally or remotely using a network analyzer attached to the system. About Roving Anal ysi s Roving analysis is the monitoring of E[...]

  • Página 108

    9-2 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS the remote port is located. The remote system must be located on the same FDDI ring as the system to which the analyzer is attached . F igure 9-1 shows the process f or establishing local and remote monitoring of por ts. Figur e 9-1 Roving Analysis of Local and Remote Ethernet P orts Co[...]

  • Página 109

    Adding an Analyzer Port 9-3 T o display the roving analysis configurations, enter the f ollowing from the top level of the Administration C onsole: analyzer display The configurations are display ed as shown in the following example: Ethernet ports configured as analyzer ports: Ethernet Port Address 9 00-80-3e-0a-3b-02 Ethernet ports being monito[...]

  • Página 110

    9-4 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS Once the analyzer port is set, it is disabled from receiving or transmitting any other data. Instead , it transmits the data it receives from the monit ored por t to the network analyzer . If you have enabled Spanning T ree on this por t, it is automatically disabled as long as the port[...]

  • Página 111

    Starting Port Monitoring 9-5 Starting Port Monitoring After you hav e a local or remote por t configur ed for the network analyzer , you can start monitoring por t activity . 3Com rec ommends that you AL W A YS configur e the analyzer por t before configuring the monitored ports. T o star t monitoring a new port: 1 F rom the top level of the Adm[...]

  • Página 112

    9-6 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS Y ou are then prompted for an FDDI port through which the data should be forwarded, as shown below : Select FDDI port (1-2): 2 Once you successfully configure a port to monitor , all the data received and transmitted on the por t is forwarded to the selected analyzer por t, as w ell as[...]

  • Página 113

    IV Chapter 10 Administ ering the Bridge Chapter 11 Administ ering Bridge Ports Chapter 12 Creating and Using P acket Filters Chapter 13 Configuring A ddress and Port Groups to Use in P acket Filters B RIDGING P ARAMETERS[...]

  • Página 114

    10 A DMINISTERING THE B RIDGE This chapter describes how to view the bridge setup and how to configure the following bridge-lev el parameters: ■ IP fragmentation ■ IPX snap translation ■ Address thr eshold ■ Address aging time ■ Spanning T ree P rotocol (STP) parameters F or information about configuring the bridge por t, see Chapter 11[...]

  • Página 115

    10-2 C HAPTER 10: A DMINISTERING THE B RIDGE The follo wing example shows a display of bridge information. Each item in the bridge parameter list is described in T able 10-1. stpState timeSinceLastTopologyChange enabled 1 hr 28 mins 31 secs topologyChangeCount 2 topologyChangeFlag BridgeIdentifier false 8000 00803e0f2b00 designatedRoot stpGroupAddr[...]

  • Página 116

    Displaying Bridge Information 10-3 T able 10-1 Bridge Attributes Parameter Description addressCount Number of addresses in the bridge address table addrTableSize Maximum number of addresses that will fit in the bridge address table addrThreshold Reporting threshold for the total number of addresses known on this bridge. When this threshold is reach[...]

  • Página 117

    10-4 C HAPTER 10: A DMINISTERING THE B RIDGE maxAge The maximum age value at which the stored configuration message information is judged too old and discarded. This value is determined by the root bridge. mode Operational mode of the bridge. Valid value is transparent for IEEE 802.1d Transparent bridging. peakAddrCount Peak value of addressCount p[...]

  • Página 118

    Enabling and Disabling IP Fragmentation 10-5 Enabling and Disabling IP F ragmentation When IP fragmentation is enabled , large FDDI packets are “fragment ed” into smaller packets. IP fragmentation allows FDDI and Ethernet stations connected to the Switch 2200 to communicate using IP ev en if the FDDI stations are transmitting packets that would[...]

  • Página 119

    10-6 C HAPTER 10: A DMINISTERING THE B RIDGE Setting the Addr ess Thr eshold The address threshold f or a bridge is the repor ting threshold for the total number of Ethernet addresses known to the system. When this threshold is reached , the SNMP trap addr essThresholdEvent is generated . Address threshold values The range of v alid values for this[...]

  • Página 120

    Administering STP Bridge Parameters 10-7 Administ ering STP Bridge P arameters Y ou can enable or disable Spanning T ree Protocol in the system and set the following STP bridge paramet ers: priorit y , maximum age, hello time, and forward delay. F or more information about how the Spanning T ree parameters interact at the bridge level to create a l[...]

  • Página 121

    10-8 C HAPTER 10: A DMINISTERING THE B RIDGE T o configure the STP bridge priority : 1 F rom the top level of the Administration C onsole, enter: bridge stpPriority 2 Enter the priority value at the prompt. If your configuration was successful, you return to the pr evious menu. If the configuration was not successful, you are notified that your[...]

  • Página 122

    Administering STP Bridge Parameters 10-9 Setting the Bridge Hello Time Hello time is the period between the generation of configuration messages by a root bridge . If the probabilit y of losing configuration messages is high, shor tening the time makes the protocol mor e robust. However , lengthening the time lowers the o verhead of the algorithm[...]

  • Página 123

    10-10 C HAPTER 10: A DMINISTERING THE B RIDGE Setting the STP Group A ddress The STP group address is a single address that bridges listen t o when receiving STP information. Each bridge on the network sends STP pack ets to the group address . Every bridge on the net work receiv es STP pack ets sent to the group address , regardless of which bridge[...]

  • Página 124

    11 A DMINISTERING B RIDGE P ORTS This chapter describes how t o view bridge por t inf ormation and configure the following: ■ Multicast packet threshold ■ Spanning T ree P rotocol (STP) parameters ■ Bridge por t addresses Displa ying Bridge P or t Information Bridge por t information includes the STP configurations f or the bridge por t. Y [...]

  • Página 125

    11-2 C HAPTER 11: A DMINISTERING B RIDGE P ORTS The follo wing example shows a bridge por t summary display. port rxFrames rxDiscards txFrames Ethernet 1 411180 0 1353766 Ethernet 12 243559 0 1184225 port portId stp state fwdTransitions Ethernet 1 0x8003 enabled forwarding 1 Ethernet 12 0x800e enabled forwarding 1 The follo wing example shows a bri[...]

  • Página 126

    Displaying Bridge Port Information 11-3 T able 11-1 describes the type of information provided f or the bridge por t. T able 11-1 Bridge Port Attributes Parameter Description designatedBridge Identification of the designated bridge of the LAN to which the port is attached designatedCost Cost through this port to get to the root bridge. The designat[...]

  • Página 127

    11-4 C HAPTER 11: A DMINISTERING B RIDGE P ORTS rxFrames Number of frames that have been received by this port from its segment. A frame received on the interface corresponding to this port is only counted by this object if the frame is for a protocol being processed by the local bridging function, including bridge management frames. rxMcastExcDisc[...]

  • Página 128

    Displaying Bridge Port Information 11-5 state Spanning Tree state (blocking, listening, learning, forwarding, disabled) in which the port is currently operating: Blocking : The bridge continues to run the Spanning Tree algorithm on that port, but the bridge does not receive data packets from the port, learn locations of station addresses from it, o[...]

  • Página 129

    11-6 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Fr ame Processing and Bridge Port Statistics All frames received on a physical (Ethernet or FDDI) int er face and not explicitly directed to the Switch 2200 are deliv ered to the corresponding bridge por t. A frame is then either forwarded to another bridge por t or discarded . A frame might be discar[...]

  • Página 130

    Setting the Multicast Limit 11-7 F igure 11-2 shows the order in which the discard decisions ar e made. Figur e 11-2 How Frame P rocessing Affects T ransmit Bridge P or t Statistics Setting the Multicast Limit Y ou can assign a multicast packet firewall threshold to a bridge port on the Switch 2200 to limit the f or warding rat e of multicast traf[...]

  • Página 131

    11-8 C HAPTER 11: A DMINISTERING B RIDGE P ORTS 4 Enter the new multicast threshold v alue for the por t(s). See the example below : Ethernet port 4 - Enter new value [0]: 400 Ethernet port 5 - Enter new value [0]: 400 Administ ering STP Bridge P or t P arameters Y ou can enable or disable the Spanning T ree Protocol f or one or more por ts on the [...]

  • Página 132

    Administering STP Bridge Port Parameters 11-9 The follo wing example shows values being set for mor e than one por t: Ethernet port 4 - Enter new value (disabled,enabled) [enabled]: disabled Ethernet port 5 - Enter new value (disabled,enabled) [enabled]: disabled Setting the Port Pa th Cost Y ou can set the path cost for a bridge port. The path cos[...]

  • Página 133

    11-10 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Setting the Port Priority The STP port priorit y influences the choice of port when the bridge has two por ts connected to the same LAN, creating a loop . The por t with the lowest por t priority will be the one used by the Spanning T ree P rotocol. Port priority value Port priority is a 1-oc t et v[...]

  • Página 134

    Administering Port Addresses 11-11 Administ ering P or t Addr esses Y ou can administer the MAC addresses of stations connected to E thernet and FDDI por ts on the Switch 2200. Listing Addr esses Y ou can display MA C addresses currently associated with the selected por ts. Each address type (static or dynamic), assigned por t , and age are also li[...]

  • Página 135

    11-12 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Adding New Addr esses When you assign new MAC addresses to the selected ports, these addresses are added as statically configured addresses . A statically configured address is never aged and can never be learned on a diff erent Ethernet por t. T o add a MAC address: 1 F rom the top level of the Ad[...]

  • Página 136

    Administering Port Addresses 11-13 Flushing A ll Addr esses Y ou can flush all static and dynamic MAC addr esses from the selec ted por t(s). Static MAC addr esses are those that you specified using the add menu option. Dynamic MAC addresses are those that were automatically learned by the bridge. T o flush all addresses: 1 F rom the top level o[...]

  • Página 137

    11-14 C HAPTER 11: A DMINISTERING B RIDGE P ORTS T o freeze all dynamic addresses: 1 F rom the top level of the Administration C onsole, enter: bridge port address freeze Y ou are prompted for the port t ype. 2 Enter Ethernet , FDDI , o r all . Y ou are prompted for the port number(s). 3 Enter the number(s) of the por t(s) or all . The dynamic addr[...]

  • Página 138

    12 C REATING AND U SING P ACKET F ILTERS This chapter describes how to cr eate and edit packet filters using the packet filter language. T his chapter also provides instructions for how t o: ■ List, display , and delete currently defined filters ■ Load packet filter definitions created in an ASCII-based edit or onto the Switch 2200 system[...]

  • Página 139

    12-2 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Listing P acket F ilters When you list the packet filters for the system, the filter identification, filter name (if any), and filter assignments are displa yed. T o list the currently defined packet filters, enter the following from the t op level of the Administration C onsole: bridge[...]

  • Página 140

    Displaying Packet Filters 12-3 Displa ying P acket Filters When displaying the contents of a single packet filter , you select the pack et filter using the filter id (which you can obtain b y listing the pack et filters as described in the previous section). The packet filter instructions are displayed; howev er , any comments in the original [...]

  • Página 141

    12-4 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Conc epts for W riting a F ilter Before writing a packet filter , you should understand thsee basic concepts: ■ How the packet filter language works ■ The basic elements of a packet filter ■ How to implement sequential tests in a packet filter ■ The pre-processed and run-time st or[...]

  • Página 142

    Creating Packet Filters 12-5 T able 12-2 describes the instructions and stacks of a pack et filter . T able 12-2 Packet F ilter Instructions and Stacks — Descriptions and Guidelines Element Descriptions and Guidelines Instructions Each instruction in a packet filter definition must be on a separate line in the packet filter definition file. Inst[...]

  • Página 143

    12-6 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Basic Elements of a P acket Filter Before cr eating a packet filter , you must decide which part of the packet you want to filter . Y ou can filter Ethernet packets by the destination address, source address , t ype/length, or some par t of the data. Y ou can filter FDDI packets by the des[...]

  • Página 144

    Creating Packet Filters 12-7 The Ethernet and FDDI packet fields in F igure 12-1 are used as oper ands in the packet filter . The two simplest operands ar e described in T able 12-3. The oper ators that you specify in the packet filter allow the filter to make a logical decision about whether the packet should be for warded or discarded . These[...]

  • Página 145

    12-8 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Implementing Sequential T ests in a P acket F ilter F ilter language expressions are normally evaluated t o completion — a packet is accepted if the value remaining on the top of the stack is non-zero . F requently , howev er , a single test is insufficient to filter packets effectively . [...]

  • Página 146

    Creating Packet Filters 12-9 The follo wing example shows the use of both accept and reject in a pack et filter . This packet filter was created for a network running both Phase I and Phase II AppleT alk. TM The goal of the filter is to eliminate the AppleT alk traffic. Name “Filter AppleTalk datagrams” pushField.w 12 # Get the type field. [...]

  • Página 147

    12-10 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Run-time storage of packet filters Fo r run-time storage of packet filter programs, each Switch 2200 system provides a maximum of 8192 byt es. There is no explicit system or per-packet-filter overhead; however , per f ormance considerations can result in unused areas of the run-time storag[...]

  • Página 148

    Creating Packet Filters 12-11 4 Apply a logic operation to the values in steps 2 and 3. The operator you use depends on what comparison you want to make. V ariations on these four basic steps of writing packet filters include: ■ Use pushTop for each additional comparison you int end to mak e with the pushF ield value. This opcode makes a duplica[...]

  • Página 149

    12-12 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Pack et Filter Solution The solution described here is to cr eate a highly sophisticated packet filter that prevents only the broadcast packets from the market data servers from being forwarded onto the segments that are not par t of an active trading floor . Before writing the packet filt[...]

  • Página 150

    Creating Packet Filters 12-13 The pseudocode translates into the f ollowing packet filter : Name “IP XNS ticker bcast filter” # Assign this filter in the multicast path # of a port only--this is very important # # XNS FILTERING SECTION # pushField.w 12 # get the type field of the packet and # place it on top of the stack. pushLiteral.w 0x0600 [...]

  • Página 151

    12-14 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS The rest of this section concentrates on the parts of the filter , showing you how to translate the pseudocode’ s requirements into filter language . The large filter on page 12-13 is broken down into subsets to show how you can create small filters that per form one or two tasks , and [...]

  • Página 152

    Creating Packet Filters 12-15 4 Enter executable instruction #3: eq # if the two values on the top of the stack are equal, # then return a non-zero value Packet F ilter T wo . T his filter is designed to accept packets within the socket range of 0x76c and 0x898. These steps show how to cr eate this filter : 1 Name the filter: “Socket range fil[...]

  • Página 153

    12-16 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Combining a Subset of the F ilters. The next filter accepts IP packets with a socket range of 0x76c (1900) and 0x898 (2200). The filter combines packet filters one and two , modifying them for IP . These steps show how to create this filter . 1 Name the filter: “Only IP pkts w/in socke[...]

  • Página 154

    Creating Packet Filters 12-17 Combining All the F ilters. T ogether , the four packet filters work to per f orm the solution to the problem: filtering the br oadcast pack ets from the market data ser vers . These steps show how to create this filter: 1 Name the filter: “Discard XNS & IP pkts w/in socket range” 2 P er form st eps 2 throu[...]

  • Página 155

    12-18 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS The maximum length of a packet filter definition is 4096 bytes . The editor assumes a terminal capability no higher than a glass tty (that is, it does not assume an addressable screen). Y ou can place any ASCII printable character into the editing buffer at the cursor position. If a charact[...]

  • Página 156

    Creating Packet Filters 12-19 T able 12-6 Packet F ilter Editor C ommands Command Keys Description List buffer Ctrl+l Displays each of the lines in the editing buffer and then redisplays the line currently being edited Next Line Ctrl+n Moves cursor to next line; positions cursor at start of line Previous Line Ctrl+p Moves cursor to previous line; p[...]

  • Página 157

    12-20 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Using an External T ext Editor T o use an ASCII-based editor to create a packet filter : 1 Create the definition in a text file. 2 F rom a networked workstation, ftp the file to the Switch 2200 on which you want to load the filter . 3 Load the filter as described in “Loading P acket F[...]

  • Página 158

    Editing, Checking and Saving Packet Filters 12-21 T o edit a pack et filter using the Switch 2200 system line edit or : 1 F rom the top level of the Administration C onsole, enter: bridge packetFilter edit 2 Enter the packet filter id number . Specifying a filter id loads that filter into the edit buffer . 3 Edit the filter . For mor e informa[...]

  • Página 159

    12-22 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Loading P acket F ilters When you create packet filters using an external text editor , you must load the filters onto the system from the netw ork host on which you created them. Once loaded , the pack et filter definition is conv er ted int o the internal format that is used by the pack[...]

  • Página 160

    Assigning Packet Filters to Ports 12-23 it meets the forwarding criteria. A packet that does not meet the forwarding criteria defined in the filter is discarded . T o assign a pack et filter: 1 F rom the top level of the Administration C onsole, enter: bridge packetFilter assign 2 Enter the id number of the packet filter to be assigned. T o get[...]

  • Página 161

    12-24 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Unassigning P acket Filters from P or ts T o unassign a pack et filter from one or more ports, the packet filter must have been pr eviously assigned to at least one por t. T o unassign a pack et filter: 1 F rom the top level of the Administration C onsole, enter: bridge packetFilter unassi[...]

  • Página 162

    13 C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS This chapter describes how to use address and port groups as filtering criteria in a packet filter , and how to administer address and port groups. Using Groups in P acket Filters Y ou can use address groups (a list of MAC addr esses) and por t groups (a list of Switch 2200 Et[...]

  • Página 163

    13-2 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Port group packet filter example In this example, packets are not forwarded to por ts in groups 3 and 8. Name “Discard Groups 3 and 8” pushSPGM # Get source port group mask pushLiteral.l 0x0084 # Select bits 3 and 8 and # If port group bits 3 & 8 are comm[...]

  • Página 164

    Displaying Groups 13-3 Address group example In this example, three addr ess groups are defined in the system. The first address group has an id of 1 and the name Accounting . This group uses an address group mask of 1 (the bit set in the mask) . Address Groups Address Group 1 - Accounting Address group mask - bit 1 Address Group 2 - Development [...]

  • Página 165

    13-4 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS members of the group . The name of the address group in this example is Development , and the group has five members . Select address group to be displayed [1-n]: 2 Address Group 2 - Development 05-39-24-56-ab-ee 08-29-34-fd-32-14 08-29-34-dd-ee-01 09-34-56-32-12[...]

  • Página 166

    Creating New Groups 13-5 Enter the ports in this syntax: < Ethernet | E | FDDI | F > [port] < port number > As you enter each address or port, the system attempts to add it to the group. If the address or port you enter is already a member of the group , the system displays a message , as shown nex t , and the address or por t is ignore[...]

  • Página 167

    13-6 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Port group example In this example , a new por t group is cr eated and loaded on the system. The bit in the por t gr oup mask for the group is 12 and the name of the group is Educ ation . One por t is enter ed and assigned to the group. Select a bit in the port gr[...]

  • Página 168

    Adding Addresses and Ports to Groups 13-7 Adding Addr esses and P or ts to Groups When adding addresses or ports to an existing group, y ou can either enter the addresses or ports at the prompts or impor t them fr om a file. At least one address group or port group must exist before y ou can add addresses or por ts. (See “Creating New Groups ”[...]

  • Página 169

    13-8 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Enter the ports in this syntax: < Ethernet | E | FDDI | F > [port] < port number > As you enter each address or port, the system attempts to add it to the group. If the address or por t you enter is already a member of the gr oup, a message is displaye[...]

  • Página 170

    Removing Addresses or Ports from a Group 13-9 Port group example This example shows a port successfully added to the Manufacturing port group . Select port group to be modified [1-4]: 2 Adding ports to group 2 - Manufacturing Enter the ports to be added - type q to return to the menu: Port: Ethernet 3 Port: q Removing Addr esses or P or ts from a G[...]

  • Página 171

    13-10 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS As you enter addresses and ports, the system attempts to remov e them from the group. If the address or port is not found in the group , a warning message is displayed , as shown here: Warning: Specified address was not a member of the address group. OR Warning: [...]

  • Página 172

    Loading Groups 13-11 Loading Gr oups There is no explicit menu it em to load address and por t gr oups that are defined in a file on a remote host. Howev er , you can “load ” groups by creating a script on a remote host (which includes your address or por t group) and then running that script. The follo wing example shows a script that builds[...]

  • Página 173

    13-12 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS[...]

  • Página 174

    V Appendix A Packet F ilter Opcodes, Examples, and Sytax Err ors Appendix B T echnical Suppor t A PPENDIXES[...]

  • Página 175

    A P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS This appendix: ■ Describes the specific opcodes you can use when creating a packet filter ■ Pr ovides numerous examples of commonly used packet filters ■ Describes the possible syntax errors you might receiv e when loading a packet filter F or information on creating and using p[...]

  • Página 176

    A-2 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS pushField.size <offset> Description : Pushes a field from the target packet onto the stack. Packet data starting at <offset> is copied onto the stack. The most significant byte of the field is the byte at the specified offset. The number of bytes pushed is deter[...]

  • Página 177

    Opcodes A-3 pushTop Description: Pushes the current top of the stack onto the stack (that is, it reads the top of the stack and pushes the value onto the stack). The size of the push is determined by the size of the contents of the stack. Storage Needed: 1 byte pushSAGM Description: Pushes the source address group mask (SAGM) onto the top of the st[...]

  • Página 178

    A-4 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS pushSPGM Description: Pushes the source port group mask (SPGM) onto the top of the stack. The SPGM is a bitmap representing the groups to which the source port of a packet belongs. This instruction pushes 4 bytes on to the stack. Each port group mask is represented by a sin[...]

  • Página 179

    Opcodes A-5 ne (not equal) Description: Pops two values from the stack and compares them. If they are not equal, a byte containing the value non-zero is pushed onto the stack; otherwise, a byte containing 0 is pushed. The size of the operands is determined by the contents of the stack. Storage Needed: 1 byte lt (less than) Description: Pops two val[...]

  • Página 180

    A-6 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS gt (greater than) Description: Pops two values from the stack and performs an unsigned comparison. If the first is greater than the second, a byte containing the value non-zero is pushed onto the stack; otherwise, a byte containing 0 is pushed. The size of the operands is d[...]

  • Página 181

    Opcodes A-7 or (bit-wise OR) Description: Pops two values from the stack and pushes the bit-wise OR of these values back onto the stack. The size of the operands and the result are determined by the contents of the stack. Storage Needed: 1 byte xor (bit-wise exclusive-OR) Description: Pops two values from the stack and pushes the bit-wise exclusive[...]

  • Página 182

    A-8 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS reject Description: Conditionally rejects the packet being examined. A byte is popped from the stack. If it is non-zero, the packet is rejected and evaluation of the filter ends immediately; otherwise, filter evaluation continues with the next instruction. Storage Needed: 1[...]

  • Página 183

    Packet Filter Examples A-9 P acket Filter Examples The follo wing examples of using the pack et filter language start with basic packet filter concepts. Destination Addr ess Filter This filter operates on the destination addr ess field of a frame. It allows packets to be forwarded that are destined for stations with an Organizationally Unique I[...]

  • Página 184

    A-10 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS T ype Filter This filter operates on the type field of a frame. It allows packets to be forwarded that are IP frames. T o customize this filter to another type value , change the literal value loaded in the pushLiteral.w instruction. name “Forward IP frames” pushFie[...]

  • Página 185

    Packet Filter Examples A-11 Source A ddress and T ype Filter This filter operates on the sour ce address and type fields of a frame. I t allows XNS packets to be forwarded that are from stations with an OUI of 08-00-02. T o customize this filter to another OUI value , change the literal value loaded in the last pushLiteral.l instruction. Note th[...]

  • Página 186

    A-12 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS Addr ess Group F ilter This filter accepts only frames whose source and destination address are in the same group . name “Forward Same Source and Destination” pushSAGM # Get source address group mask pushDAGM # Get destination address group # mask and # Compare if sou[...]

  • Página 187

    Common Syntax Errors A-13 C ommon Syntax Errors When a packet filter definition is loaded, the definition is checked for syntax errors. The syntax errors and their causes are listed in T able A-1. T able A-1 Possible Syntax Errors When Loading Packet F ilters Syntax Error Description Opcode not found An opcode was expected on the line and was no[...]

  • Página 188

    A-14 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS Invalid characters in number The number specified as an offset or literal is improperly formatted. Possible causes are 1) lack of white space setting off the number, and 2) invalid characters in the number. Note: The radix of the number is determined by the first 1 or 2 ch[...]

  • Página 189

    B T ECHNICAL S UPPORT 3Com pro vides easy access to technical suppor t inf ormation through a variety of ser vices. This appendix describes these services. Online T echnical Ser vices 3C om offers worldwide product suppor t seven days a w eek, 24 hours a day , through the follo wing online systems: ■ 3Com Bulletin Board Service (3ComBBS) ■ W or[...]

  • Página 190

    B-2 A PPENDIX B: T ECHNICAL S UPPORT Acc ess by ISDN ISDN users can dial in to 3ComBBS using a digital modem f or fast access up to 56 Kbps. T o access 3ComBBS using ISDN, dial the follo wing number : (408) 654 2703 W orld Wide W eb Site Access the latest networking information on 3C om’ s W orld Wide Web sit e by entering our URL into your Inter[...]

  • Página 191

    Support from Your Network Supplier B-3 3ComF ac ts SM Automated F ax Ser vice 3Com C orporation’ s interactive fax ser vice, 3C omF acts, provides data sheets, technical articles, diagrams, and troubleshooting instructions on 3Com products 24 hours a day , seven days a week. Call 3ComF acts using your touch-tone telephone and international access[...]

  • Página 192

    B-4 A PPENDIX B: T ECHNICAL S UPPORT Suppor t from 3C om If you are unable to receive support from your network supplier , technical suppor t contracts are available fr om 3Com. In the U.S. and Canada, call (800) 876-3266 for customer ser vice. If you are outside the U.S. and Canada, contact your local 3C om sales office to find your authorized s[...]

  • Página 193

    I NDEX Numerics 3Com Bulletin Board Service (3ComBBS) B-1 3Com sales offices B-4 3ComF acts B-3 3ComF orum B-2 A abort at prompts 2-9 enabling CTL+C 2-11 accept opcode 12-8, A-7 access levels 2-1 address adding static 11-12 aging time 10-6 filters A-9 flushing 11-13 for SNMP trap reporting 3-17 freezing 11-13 in routing table 3-7 IP 3-3 IP to MA[...]

  • Página 194

    2 I NDEX baud rate console serial port 3-2 bell, warning 4-1 blocking state 11-5 bridge See also packet filter address threshold, setting 10-6 aging time, setting 10-6 designated 11-3 IP fragmentation, enabling 10-5 IPX Snap T ranslation, enabling 10-5 menus 2-5 Spanning T ree bridge priorit y , setting 10-7 enabling 10-7 forward delay , setting 1[...]

  • Página 195

    I NDEX 3 portState 7-8 station MAC addresses 11-11 Ethernet address and restoring NV data 6-3 for the monitored port 9-5 Ethernet port analyzer attached 9-3 displaying information 7-1 label 7-4 labeling 7-8 setting state (on-line or off-line) 7-8 static MAC addresses 11-12 statistics 7-3 F fan, warning 4-2 fax ser vice B-3 FDDI commands, quick 1-7 [...]

  • Página 196

    4 I NDEX Internet Contr ol Message Protocol. See ICMP IP address translation 3-11 ARP cache 3-11 inter face 3-3 management access 3-1 menus 2-6 pinging 3-12 RIP mode 3-12 route table 3-8 routes 3-7 statistics, displaying 3-14 IP address and restoring NV data 6-3 configuring 3-5 for IP inter face 3-3 in routing table 3-7 IP fragmentation enabling 1[...]

  • Página 197

    I NDEX 5 multicast frames and pack et filters 12-1 multicast limit configuring 11-7 defined 11-7 N name opcode A-1 naming the Switch 2200 4-3 ne opcode A-5 neighbor notification and LLC Ser vice 8-18 network monitoring. See r oving analysis and analyz er network supplier support B-3 network troubleshooting 9-1 not opcode A-7 NotCopiedThreshold [...]

  • Página 198

    6 I NDEX path cost defined 11-9 setting 11-9 path. See FDDI path and backplane paths PHY and FDDI ports 8-19 ping IP station 3-12 PMD and FDDI ports 8-19 port See also FDDI por t bridging priorit y 11-10 for analyzer 9-3 including in IP interface 3-4 label 8-20 maximum number in group 13-7 path cost 11-9 speed, setting 3-2 state, setting 7-8 types[...]

  • Página 199

    I NDEX 7 S SAGM (source address gr oup mask) 13-1 screen height adjusting 2-10 scripts for the Administration C onsole examples 2-15 running 2-13 serial port (console) for management 3-1 rebooting the system 4-4 setting baud rate 3-2 Ser vice Access P oints (SAPs) and pack et filters 12-4 shiftl opcode A-8 shiftr opcode A-8 SMT (Station Management[...]

  • Página 200

    8 I NDEX Switch 2200 administration over view 1-1 and network monitoring 9-1 bell warning 4-1 documentation 4 fan warning 4-2 naming 4-3 NV data restoration 6-3 ports and IP inter faces 3-6 power supply warning 4-2 quick commands 1-1 rebooting 4-4 resetting to system defaults 6-6 system backup 6-2 system configuration, displaying 4-1 system date a[...]