Alcatel-Lucent 6600 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Alcatel-Lucent 6600. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Alcatel-Lucent 6600 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Alcatel-Lucent 6600 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Alcatel-Lucent 6600 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Alcatel-Lucent 6600
- nom du fabricant et année de fabrication Alcatel-Lucent 6600
- instructions d'utilisation, de réglage et d’entretien de l'équipement Alcatel-Lucent 6600
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Alcatel-Lucent 6600 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Alcatel-Lucent 6600 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Alcatel-Lucent en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Alcatel-Lucent 6600, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Alcatel-Lucent 6600, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Alcatel-Lucent 6600. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    Part No. 060179-10, Rev. F April 2006 OmniSwitch 6600 Family Network Configuration Guide www.alcatel.com[...]

  • Page 2

    i i O mniSw i t ch 6 6 00 Fa m ily Network Co n f igu r ation Gui d e Ap r il 2 0 06 This user guide docume nts release 5.4 of the OmniSwitch 6600 Family Ne twork Configuration Guide. The functionality described in this guid e is subject to change without notice. Copyright © 2006 by Alcatel Internet working, Inc. All rights reserved . This documen[...]

  • Page 3

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 iii Contents About This Guide ...................... ................ ................ ................... ................ .............. xxv Supported Platforms ................... ............... .................... ............... .................... .............. xxv Who Should [...]

  • Page 4

    Contents iv OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting Interface Line Sp eed .......... ................ ................... ................ ................... 15-16 Configuring Duplex Mode ............. ................ ................... ................ ................... 15-17 Enabling and Disabling Interfaces ..[...]

  • Page 5

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 v Configuring the Number of MAC Addresses Allowed .................... .................... ......... 17-8 Configuring Authorized MAC Addresses ......... ................ ................... ................ ......... 17-8 Configuring an Auth orized MAC Address Range ..........[...]

  • Page 6

    Contents vi OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Spanning Tree Operating Modes .............................. ............... .................... ................ . 19-9 Using the Flat Spanning Tree Mode .......... ................ ................... ................ ......... 19-9 Using 1x1 Spanning Tree Mode ..........[...]

  • Page 7

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 vii MST Interoperability and Migration ..................... ................... ................ ................... 20-12 Migrating from Flat Mode STP/RSTP to Flat Mode MSTP ................. ............... 20-12 Migrating from 1x1 Mode to Flat Mode MSTP ....................[...]

  • Page 8

    Contents viii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Custom (User Defined) Rules ................. ................... ................ .................... . 22-7 Port Rules ................. ................... ................ ................... ................ ................. 22-7 Understanding VLAN Rule Precedence .[...]

  • Page 9

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 ix Chapter 10 Using Interswitch Protocols ............... ................ ................... ................ ................ . 24-1 In This Chapter ....... ................ ................... ................ ............... .................... ................ . 2 4-1 AI[...]

  • Page 10

    Contents x OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Adding Ports to a Static Aggregate Gr oup .. ................... ................ ................. 26-9 Removing Ports from a Static Aggregat e Group ................ .................... ....... 26-14 Modifying Static Aggregatio n Group Parameters ..........................[...]

  • Page 11

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xi Modifying the Partner Port System ID ....................... .................... ............... 27-30 Modifying the Partne r Port System Priority ........ ................... ................ ....... 27-31 Modifying the Partne r Port Administrative Status .................[...]

  • Page 12

    Contents xii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying UDP Information ..... .................... ................... ................ ................... 28-24 Verifying the IP Configuration ............. .................... ............... .................... ............... 28-24 Chapter 15 Configuring IPv6 ....[...]

  • Page 13

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xiii RIP Options .................... ............... .................... ................ ................... ................ ......... 30-9 Configuring the RIP Forced Hold-down Interval ...... ............... .................... ......... 30-9 Enabling a RIP Host Route ...[...]

  • Page 14

    Contents xiv OmniSwi tch 6600 Family Network Configuration Guid e April 2006 DHCP Relay Overview ................. .................... ................ ................... ................ ......... 32-5 DHCP .............. .................... ............... ................ ................... ................ ................ . 32-5 DHCP and t[...]

  • Page 15

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xv VRRP Tracking ............... ............... ............ .... ................... ................ ................ ..... 3 3-7 Interaction With Othe r Feature s .................... ................ ............... .................... ............. 33-7 Configuration Ove[...]

  • Page 16

    Contents xvi O mniSwitch 6600 Family Network Configuration Guid e April 2006 Retrieving Directory Search Results ....................... ............... .................... ... 34-18 Directory Modificat ions .............. ................ ................... ................ ............... 34-18 Directory Compare and Sort ................ ......[...]

  • Page 17

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xvii Configuring the Server Aut hority Mode ........... .................... ............... .................... ... 35-32 Configuring Single Mode ............... .................... ............... .................... ............... 35-32 Configuring Multiple Mode ....... [...]

  • Page 18

    Contents xviii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Modifying Policy Servers ...... ............... .................... ................... ................ ................. 37-4 Modifying LDAP Policy Server Parameters .................. ................... .................... . 37-4 Disabling the Policy Server From Dow[...]

  • Page 19

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xi x Returning the Global Configuration to Defaults .... ....................... ................ ....... 38-18 Verifying Global Settings ............................... ................... ................ ................... 38-19 QoS Ports and Queues ........................[...]

  • Page 20

    Contents xx O mniSwitch 6600 Family Network Configuration Guid e April 2006 Policy Applications ............................... ................ ................... ................ ................... 38-49 Basic QoS Policies ...... ................... ................ ................ ................... ................ ... 38-49 Basic Commands [...]

  • Page 21

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xx i Chapter 26 Configuring IP Multicast Switching ..................... ............... ................ ................ . 40-1 In This Chapter ....... ................ ................... ................ ............... .................... ................ . 4 0-1 IPMS Spe[...]

  • Page 22

    Contents xxii OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Chapter 27 Diagnosing Switch Problems ................ ................ ............... .................... ............. 41-1 In This Chapter ....... ................ ................... ................ ............... .................... ................ . 4 1-1 Port [...]

  • Page 23

    Contents OmniSwitch 6600 Family Network Configurati on Guide April 2006 xxiii Enabling or Disabling RMON Probes ........................ ................... ................ ....... 41-27 Displaying RMON Tables .......................... ................ ................... ................ ....... 41-28 Displaying a List of RMON Probes ...........[...]

  • Page 24

    Contents xxiv O mniSwitch 6600 Family Network Configuration Guide April 2006 Configuring Debug Memory Commands ...................... ............... .................... ............. 43-4 Enabling/Disabl ing Memory Monitoring Function s ...... ............... ................ ......... 43-4 Displaying the Memory Monitor Log ......................[...]

  • Page 25

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxv About This Guide This OmniSwitch 6600 F amily Network Con figuration Guid e describes how to set up and moni tor soft- ware features that will allow your sw itch to operate in a live network envi ronment. The so ftware feat ures described in this manual are shipped stan dard wi[...]

  • Page 26

    Who Should Read this Manual? About This Guide page xxvi OmniSwitch 6600 Family Network Configuration Guide April 2006 Unsupported Platforms The information i n this guide d oes not app ly to the fo llowing prod ucts: • OmniSwitch (original version with no numeric model name) • OmniSwitch 6800-24 • OmniSwitch 6800-48 • OmniSwitch 6800-U 24 ?[...]

  • Page 27

    About This Guide What is in this Manual? OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxvii What is in this Manual? This configuration guide includes informatio n about config uring the followi ng features: • VLANs, VLAN router ports, mob ile ports, and VLAN rules. • Basic Layer 2 functi ons, such as Ethern et port para m[...]

  • Page 28

    What is Not in this Manual? About This Guide page xxviii OmniSwitch 6600 Family Network Configuration Guide April 2006 What is Not in this Manual? The configuration p rocedures in this manual use Command Line Interface (CLI) commands in all exam- ples. CLI commands are text-based commands used to manage the swit ch through serial (console port) con[...]

  • Page 29

    About This Guide Documentation Roadmap OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxix Documentation Roadmap The OmniSwitch user document ation suite was designed to supply you with in formation at severa l critical junctures of t he configuration p rocess. The followi ng section outlines a roadma p of the manuals t hat wil[...]

  • Page 30

    Documentation Roadmap About This Guide page xxx OmniSwitch 6600 Family Network Configuration Guide April 2006 Stage 3: Integrating the Switch Into a Network Pertinent Documentation: OmniSw itch 6600 Family Netw ork Configur ation Guide OmniSwitch 66 00 Family Adv anced Rout ing Configura tion Guide When you are ready to conn ect your switch to the [...]

  • Page 31

    About This Guide Related Documentation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxxi Related Documentation The following are the titl es an d descript ions of all the OmniSwitch 660 0 Family user ma nuals: • OmniSwitch 66 00 Family Getti ng Started Guid e Describes the hardware and software pro cedures for getti ng an O[...]

  • Page 32

    Related Documentation About This Guide page xxxii OmniSwitch 6600 Family Network Configuration Guide April 2006 • OmniSwitch 66 00 Family Advanced Routing Config uration Gu ide Includes network configuration p rocedures and d escri ptive informa tion on all the software f eatures and protocols included in the advan ced routing softwa re package O[...]

  • Page 33

    About This Guide User Manuals Web Site OmniSwitch 6600 Family Network Configurati on Guide April 2006 page xxxiii User Manuals W eb Site All related use r guides for the Omn iSwitch 6600 Fa mily can be found on ou r web site at http://www.alca tel.com/enterprise/e n/resource_lib rary/user_manuals.h tml All documenta tion on the Us er Manual web si [...]

  • Page 34

    Technical Support About This Guide page xxxiv OmniSwitch 660 0 Family Network Configuration Guide April 2006[...]

  • Page 35

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-1 1 Configuring Ethernet Por ts The Ethernet software is re sponsible for a variety of funct ions that suppor t the Ethernet an d Gigabit Eth er- net ports on OmniSwitch 6600 Family switches. These functions include diagnostics, so ftware load ing, initializatio n, configuratio n[...]

  • Page 36

    Ethernet Specifications Configuring Ethernet Ports page 1-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Ethernet Specifications IEEE Standards Supported 802.3 Carrier Sense Multiple Acce ss with Collision Detection (CSMA/CD) Ports Supported Ethernet (10 Mbps) Fast Ethernet (100 Mbps) Gigabit Ether net (1 Gb/1000 Mbps) . 2-Port Gi[...]

  • Page 37

    Configuring Ethernet Ports Ethernet Port Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-3 Ethernet Por t Defaults The following ta ble shows Ethern et port defa ult values. Parameter Description Comma nd Default V alue/Comments T rap Port Link Messages trap port link Disabled Flow Control flow Disabled Flow Control W[...]

  • Page 38

    Configuring Ethernet Ports Tutorial Configuring Ethernet Ports page 1-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Ethernet Por ts T utorial This tutoria l describes typic al steps involv ed in conf iguring an Ethern et port. This example pres umes that slot (switch) 1 , port 1 is an Ethernet po rt. 1 This step co nf[...]

  • Page 39

    Configuring Ethernet Ports Configuring Ethernet Ports Tutorial OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-5 Note. Optional. To verify the Ethe rnet port co nfiguration, use the show interfaces command. The display is similar to the one shown belo w, and provides additi onal statistics ab out received and transmi tted byte[...]

  • Page 40

    Ethernet Ports Overview Configuring Ethernet Ports page 1-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Ethernet Por ts Over view This chapter descri bes the Ethernet software CLI command s used for configuring and monitoring your switch’s Ethern et port paramete rs. These commands all ow you to ha ndle administ rative or port-[...]

  • Page 41

    Configuring Ethernet Ports Et hernet Ports Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-7 OmniSwitch 6624 The OmniSwitch 6624 provi des 24 10/100 Mb ps ports and two expansi on slots. The expansion slot s are empty by default. Opt ionally, they can hold eit her four Gigabit Ethernet ports or two Gigabit Ethernet po[...]

  • Page 42

    Ethernet Ports Overview Configuring Ethernet Ports page 1-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6600-P24 The OmniSwi tch 6600-P24 provides 24 10/1 00 Mbps Power over Ethernet (PoE ) ports and t wo expansion slots. The expa nsion slots are empt y by defa ult. Optiona lly, they can hold either four Gigabit Ethern[...]

  • Page 43

    Configuring Ethernet Ports Et hernet Ports Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-9 OmniSwitch 6602-48 The OmniSwi tch 6602-48 p rovides 48 10/1 00 Mbps po rts, two Gigabit M iniGBIC ports, and two stack - ing ports. Port number s 1 through 48 suppor t both 10 Mbps Ethernet and 100 Mbps Fast Eth ernet inter- [...]

  • Page 44

    Ethernet Ports Overview Configuring Ethernet Ports page 1-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 V alid Port Settings This table below lists valid sp eed, duplex, an d auto nego tiation settings for the different O mniSwitch 66 00 Family port types. Chassis T ype (Port Nos.) Port T ype User -Specified Port Speed (Mbps) S[...]

  • Page 45

    Configuring Ethernet Ports Et hernet Ports Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-11 OmniSwit ch 6600-U24 (ports 1–24) 100 Mbps fiber SFP ports 100 full/half Y es OmniSwit ch 6600-U24 (ports 25–26) W ire-rate when an OS6600- GNI-U2 is installed us ing LC fiber SFPs or copper 1000Base-T SFPs. 1000 full Y e[...]

  • Page 46

    Ethernet Ports Overview Configuring Ethernet Ports page 1-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 OmniSwit ch 6602-24 (ports 1–24) Copper twisted pair (RJ-45) auto/10/100 auto/full/half Y es OmniSwit ch 6602-24 (ports 25–26) W ire-rate when an LC fiber SFP or copper 1000Base-T SFP is installed. 1000 full Y es (fiber) [...]

  • Page 47

    Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-13 Setting Ethernet Por t Parameters When using CLI command s to set Ethernet port parameters, keep in mind tha t Ethernet and Fast Eth ernet are supporte d only on ports 1 through 48 on the OmniSwitch 6648 and OmniSw i[...]

  • Page 48

    Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Setting Flow Contr ol The flow command can be used to enable or di sable (the de fault) flow control on a specific port, a ra nge of ports, or all po rts on an enti re switch (slot). Wh en th e buffers on a receiving[...]

  • Page 49

    Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-15 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example to disable flow co ntrol on the interface on slot 2 port 3 and document the [...]

  • Page 50

    Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Restoring the Flow Control W ait Time To restore the fl ow control wait time (i.e., set it back to 0) fo r an entire switch , enter flow followed by the slot number an d no wait . For exam ple, to resto re the flow c[...]

  • Page 51

    Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-17 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example, to configure th e line speed o n slot 2 port 3 at 10 0 Mbps and docu- ment [...]

  • Page 52

    Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling and Disabling Inter faces The interfaces a dmin command is used to enable (the default) or disable a specific po rt, a range of ports, or all ports on an ent ire switch (slot). To enable or disable an entire[...]

  • Page 53

    Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-19 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example, to set the inter-f rame gap value o n port 52 on slot 2 to 10 bytes and doc[...]

  • Page 54

    Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Flood Rates The following su bsections descri be how to en able the maximum floo d rate (see “Enab ling the Maximum Flood Rate” on page 1-20 ), enab le the m aximu m flood rate for multicast traffic ([...]

  • Page 55

    Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-21 Configuring Flood Rate V alues By default, the flood rate is 42 Mbp s on 10/100 ports and 49 6 Mbps on Gigabit po rts. The interfaces flood rate command can be used to configur e the peak flood ra te value on a spe c[...]

  • Page 56

    Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-22 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Auto Negotiation, Crossover , and Flow Contr ol Settings The following su bsections desc ribe how to enable and disab le auto negot iation (see “Enabling and Disabling Aut o Negotiatio n” on page 1-2 [...]

  • Page 57

    Configuring Ethernet Ports Setti ng Ethernet Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-23 Configuring Crossover Settings To configure crossover settings on a single po rt, a range of ports, or an entire slot u se the interfaces crossover command. If au to negotiatio n is disabled, fl ow control, au to spe[...]

  • Page 58

    Setting Ethernet Port Parameters Configuring Ethernet Ports page 1-24 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 As an option, you can document the interface type by entering ethernet , fastethernet , or gigaethernet before the slot number. For example, to enable flow control on port 3 on sl ot 2 and document the port as Fast E[...]

  • Page 59

    Configuring Ethernet Ports Verifying Ethernet Port Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 1-25 V erifying Ethernet Por t Configuration To display information abo ut Ethernet port configurat ion settings, use the show commands listed in the following t able. These commands can be quite useful in troubl esho[...]

  • Page 60

    Verifying Ethernet Port Configuration Configuring Ethernet Ports page 1-26 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]

  • Page 61

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-1 2 Managing Source Learning Transparent b ridging rel ies on a proces s referred to as source learning to handle traffic flow. Netwo rk devices communicate by sending and receiving data pa ckets that e ach contain a source MAC address and a destination MAC address. When pack ets[...]

  • Page 62

    Source Learning Specifications Managing Source Learning page 2-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Source Learning Specifications Source Learning Defaults Sample MAC Address T able Configuration The following ste ps provide a quick tutorial that will create a static MAC a ddress and change the MAC address aging timer fo[...]

  • Page 63

    Managing Source Learning Sample MAC Address Table Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-3 2 Assign switch ports 2 t hrough 5 on slot 3 to VLAN 200--if they are not alread y assoc iated with VLAN 200--using the fol lowing command: -> vlan 200 port default 3/2-5 3 Create a static MAC address entry usin[...]

  • Page 64

    MAC Address Table Overview Managing Source Learning page 2-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 MAC Address T able Over view Source learning bu ilds and maintains the MAC ad dress table on each swit ch. New MAC address table entries are created in one of two ways: they are dynamically learne d or statically assigned. Dyn[...]

  • Page 65

    Managing Source Learning Using Static MAC Addresses OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-5 • There are two type s of static MAC address beh avior supported: bridging (default) or filtering . Enter filtering to set up a denial of service to block potential hostile attacks. Traffic sent to or from a filtered MAC add[...]

  • Page 66

    Using Static Multicast MAC Addresses Managing Source Learning page 2-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Static MAC Addresses on Link Aggregate Ports Static MAC Addresses are not assigned to ph ysical ports th at belong to a link aggregate. Inste ad, they are assigned to a link aggregate ID that represent s a collection[...]

  • Page 67

    Managing Source Learning Configuring MAC Address Table Aging Time OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-7 Use the no form of the mac-address-table static-multicast command to delete static multi cast MAC address en tries. For example, the following co mmand deletes a static multic ast address that is a ssigned to por[...]

  • Page 68

    Configuring MAC Address Table Aging Time Managing Source Learning page 2-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The MAC address table aging time is also use d as the t imeout value for t he Address Reso lution Protocol (ARP) table. Th is timeout value dete rmin es how long the switch re tains dynamically lea rned ARP[...]

  • Page 69

    Managing Source Learning Displayi ng MAC Address Table Information OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 2-9 Displaying MAC Address T able Information To display MAC Address Tabl e entries, statistics, and aging time values, use the show commands listed below: For more information about the resulting di splays from the[...]

  • Page 70

    Displaying MAC Address Table Info rmation Managing Source Learning page 2-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]

  • Page 71

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-1 3 Configuring Learned Por t Security Learned Port Security (LPS) pr ovides a mechanis m for authorizing source lear ning of MAC addresses on Ethernet and Gigabi t Ethernet ports. The o nly types of Ethernet port s that LP S does not support are link aggregate and tagged (t runk[...]

  • Page 72

    Learned Port Security Specifications Configuring Learned Port Security page 3-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Learned Por t Security Specifications Learned Por t Security Defaults RFCs supported Not applicable at this time. IEEE Standards supported Not applicable at this time. Ports eligible for Le arned Port Securi[...]

  • Page 73

    Configuring Learned Port Securi ty Sample Learned Port Security Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-3 Sample Learned Por t Security Configuration This section provides a quick tutoria l that demonstrates the fo llowing tasks: • Enabling LPS on a se t of switch ports. • Defining the maximum num ber[...]

  • Page 74

    Learned Port Security Overview Configuring Learned Port Security page 3-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Learned Por t Security Over view Learned Port Security (LPS) provides a mecha nism for controlling network de vice access on one or more switch ports. Co nfigurable LPS para meters allow the user to restrict the s[...]

  • Page 75

    Configuring Learned Por t Security Learned Port Security Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-5 How LPS Authorizes Source MAC Addresses When a packet is received on a port that has LPS enabled, switc h software checks t he following crite ria to determine if the sourc e MAC address contained in the packe t [...]

  • Page 76

    Learned Port Security Overview Configuring Learned Port Security page 3-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Static Configuration of Authorized MAC Addresses It is also possible to st atically configure aut horized source MAC a ddress entries into the LPS table. This type of entry behaves the same way as dynamically conf[...]

  • Page 77

    Configuring Learned Port Security Enabling/Disabling Learned Port Security OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-7 Enabling/Disabling Learned Por t Security By default, LPS is disabled on all switch po rts. To enable LPS on a port, use the port-security command. For example, the followi ng command enab les LPS on por[...]

  • Page 78

    Configuring the Number of MAC Addresses A llowed Configuring Learned Port Security page 3-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring the Number of MAC Addresses Allowed By default, one MAC address is allowed on an LPS port . To change this number, e nter port-security followed by the port’s slot /port designation[...]

  • Page 79

    Configuring Learned Por t Security Config uring an Authorized MAC Address Range OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-9 Configuring an Authorized MAC Address Range By default, each LPS port is set to a range of 00:0 0:00:00:00:00–ff:ff:ff:ff:ff:ff , which includes all MAC addresses. If this defaul t is not changed,[...]

  • Page 80

    Selecting the Security Violation Mode Configuring Learned Port Security page 3-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Selecting the Security V iolation Mode By default, the se curity violation mode for an LPS port is set to restr ict . In this mode, when an unautho- rized source MAC address is receive d on an LPS po rt, [...]

  • Page 81

    Configuring Learned Port Securi ty Displaying Learned Port Security Informatio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 3-11 Displaying Learned Por t Security Information To display LPS port and tab le informatio n, use the show commands listed bel ow: For more information abou t the resulting display from th ese comman[...]

  • Page 82

    Displaying Learned Port Security Inform ation Configuring Learned Port Security page 3-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]

  • Page 83

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-1 4 Configuring VLANs In a flat bridged network, a broa dcast domain is c o nfined to a sing le LAN segment or even a spec ific physical loca tion, such as a department or bui lding floor. In a switch-based network, such as one comprised of Alcatel switching system s, a broadcast[...]

  • Page 84

    VLAN Specifications Configuring VLANs page 4-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Specifications VLAN Defaults RFCs Supported 2674 - Definitions of Managed Ob jects for Bridges with Traffic Classes, Multic ast Filtering and Virtual LAN Extensions IEEE Standards Supported 802.1Q - Virtual Bridged Local Area Networks [...]

  • Page 85

    Configuring VLANs Sample VLAN Configuratio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-3 Sample VLAN Configuration The following steps p rovide a quick tutorial that will create VLAN 255 on a stack config uration that includes four switc hes. Also includ ed are steps to define a VLA N desc ription, IP router interface, a[...]

  • Page 86

    Sample VLAN Configuration Configuring VLANs page 4-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To verify that ports 3/2 -4 were assigned t o VLAN 255, use the show vlan port command. For example: -> show vlan 255 port port type status --------+---------+-------------- 3/2 default inactive 3/3 default inactive 3/4 default ina[...]

  • Page 87

    Configuring VLANs VLAN Management Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-5 VLAN Management Over view One of the main benefi ts of using VLANs to segment network traffic, is that VLAN configuration and port assignment is han dled throu gh switch softwa re. This elimi nates the need to physically change a netwo[...]

  • Page 88

    Creating/Modifying VL ANs Configuring VLANs page 4-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating/Modifying VLANs The initial con figuration fo r all Alcatel switche s consists of a defaul t VLAN 1 and all swit ch ports are initially assigne d to this VLAN. When a switching mo dule is added to the switch, th e module’s [...]

  • Page 89

    Configuring VLANs Defining VLAN Port Assignments OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-7 Enabling/Disabling the VLAN Administrative Status To enable or disable the administrative status for an existing VLAN, enter vlan followed by a n existing VLAN ID and either enable or disable . -> vlan 755 disable -> vlan 2[...]

  • Page 90

    Defining VLAN Port Assignments Configuring VLANs page 4-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Changing the Default VLAN Assignment for a Por t To assign a switch port to a new default VLAN, enter vlan followed by an existi ng VLAN ID number, port default , then the slot/port design ation. For exa mple, the foll owing comm[...]

  • Page 91

    Configuring VLANs Defining VLAN Port Assignments OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-9 Configuring VLAN Ru le Classificati on VLAN rule classifi cation triggers dynamic VLAN po rt assignment when t raffic received on a mobile port matches the criteri a defined in a VLAN rule. Differen t rule types are avail able fo[...]

  • Page 92

    Defining VLAN Port Assignments Configuring VLANs page 4-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling/Disabling VLAN M obile T ag Classification Use the vlan mobile-tag command to enable or disable the cla ssi fication of mo bile port packets b ased on 802.1Q VLAN ID tag. For example, the fo llowing commands enable the[...]

  • Page 93

    Configuring VLANs Enabling/Disabling Span ning Tree for a VLAN OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-11 Enabling/Disabling Spanning T ree for a VLAN When a VLAN is created, an 802.1D standard Spanning Tree Al gorithm and Prot ocol (STP) instance is enabled for the VLAN by default. The span ning tr ee operating mode s[...]

  • Page 94

    Enabling/Disabling VLAN Authentication Configuring VLANs page 4-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling/Disabling VLAN Authentication Layer 2 authentication uses VLAN membership to gr ant access to network re sources. Authentica ted VLANs control membership through a log-in process; th is is sometimes called user[...]

  • Page 95

    Configuring VLANs Bridging VLANs Across Multiple Switches OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 4-13 Bridging VLANs Acr oss Multiple Switches To create a VLAN brid ging domai n that extends across multiple swi tches: 1 Create a VLAN on each switch wit h the same VLAN ID number (e.g., VL AN 10). 2 If using mobile ports [...]

  • Page 96

    Verifying the VLAN Configuration Configuring VLANs page 4-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The connection between Stack C and D is shown with a brok en line because the ports tha t provide this connection are in a bl ocking state. Spanning Tree is active by default on all stacks, VLANs and port s. The Spanning Tree[...]

  • Page 97

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-1 5 Configuring Spanning T ree Parameters The Spanning Tree Algorith m and Protocol (STP) is a self-configuring algorith m that maintains a loop- free topology while pr oviding data path redundancy and network scalabi lity. Based on the IEEE 802.1D standard, the Alcate l STP impl[...]

  • Page 98

    Spanning Tree Specifications Conf iguring Spanning Tree Parameters page 5-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Spanning T ree Specifications Spanning T ree Bridge Parameter Defaults IEEE Standards supported 802.1D– Media Acce ss Control (MAC) Bridges 802.1w– Rapid Reconfigurati on (802.1D Am endment 2 ) 802.1Q– Vir[...]

  • Page 99

    Configuring Spanning Tree Parameters Sp anning Tree Port Parameter Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-3 Spanning T ree Por t Parameter Defaults Multiple Spanning T ree (MST) Region Defaults Although the following parameter values are specific to the MSTP (802.1s), they are configurab le re gard- less of w[...]

  • Page 100

    Spanning Tree Overview Configuring Spanning Tree Parameters page 5-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Spanning T ree Over view Alcatel switches sup port the use of the 802.1D Sp anning Tree Algorith m and Protocol (STP), th e 802.1w Rapid Spanning Tree Algo rithm and Protocol (RSTP), and the 802.1s Multiple Spanni ng T[...]

  • Page 101

    Configuring Spanning Tree Parameters Spanning Tree Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-5 Note. The distinction between a backup port and an alternate port was introduced with the IEEE 802.1w standard to he lp define rapid transi tion of an alte rnate port to a root port. The role a port plays or may poten [...]

  • Page 102

    Spanning Tree Overview Configuring Spanning Tree Parameters page 5-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The sending and receiv ing of Configuratio n BPDU between switches part icipating in the b ridged network is how the roo t bridge is e lected and the best path to t he root is determin ed and then a dvertised to th e r[...]

  • Page 103

    Configuring Spanning Tree Parameters Spanning Tree Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-7 2 The best root path cost. 3 If root path costs are equal, t he bridge ID of the bridge sendin g the BPDU. 4 If the previous three values ti e, then the port ID (lowest priority value , th en lowest port number). When [...]

  • Page 104

    Spanning Tree Overview Configuring Spanning Tree Parameters page 5-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following d iagram shows the l ogical connectiv ity of the sa me physical to pology as det ermined by the Spanning Tree Algo rithm. Active Spanning T ree T opology Example In the above active Spanning Tree to polog[...]

  • Page 105

    Configuring Spanning Tr ee Parame ters Spanning Tree Operating Modes OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-9 Spanning T ree Operating Modes The switch can operate in one o f two Spanning Tree modes: flat and 1x1 . Both modes apply to th e entire switch and determi ne whether a sin gle Spanning Tree insta nce is appli[...]

  • Page 106

    Spanning Tree Operating Modes Confi guring Spanning Tree Parameters page 5-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Flat Spanning T ree Example In the above example , if port 8/3 co nnects to another switch and port 10/5 connects to th at same switch, the Spanni ng Tree Algo rithm woul d detect a re dundant p a th and tran[...]

  • Page 107

    Configuring Spanning Tr ee Parame ters Spanning Tree Operating Modes OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-11 The following diagram shows a switch runn ing in the 1x1 Spanning Tree mode and sh ows Spanning Tree participation for bo th fixed and tagged ports. 1x1 (single and 802.1Q) Spanning T ree Example In the above[...]

  • Page 108

    Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Spanning T ree Bridge Parameters The Spanning Tree software is active on all swi tches by defau lt and uses defau lt bridge and port parame- ter values to calculate a loop free topol[...]

  • Page 109

    Configuring Spanning Tr ee Parameters Conf iguring Spanning Tree Bridge Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-13 Note that exp licit command s using the cist and msti keywords are required to define an MSTP (802.1s) configuration . Implicit commands are only allowed for defining STP or RSTP con figurations[...]

  • Page 110

    Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The following sec tions provide i nformation and pr ocedures fo r using implicit bridge configurat ion commands and also includes explicit comma nd examples. Note . When a snapshot is t aken of [...]

  • Page 111

    Configuring Spanning Tr ee Parameters Conf iguring Spanning Tree Bridge Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-15 Note. Configurin g a Spanning Tree bridge instance with a priority value that will cause the instance to become the ro ot is recomme nded, instead o f relying on the comparis on of switch ba se [...]

  • Page 112

    Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note that lowering t he hello time i nterval improv es the robu stness of the Spanning Tree algorithm. Increasing the hell o time interval l owers the overhead of Spanning Tree processing. If th[...]

  • Page 113

    Configuring Spanning Tr ee Parameters Conf iguring Spanning Tree Bridge Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-17 The explicit bridge 1x1 max age command configures the max age t i me for a VLAN instance when the switch is running in either mode (1x1 o r flat). Fo r example, the following comma nd performs [...]

  • Page 114

    Configuring Spanning Tree Bridge Parame ters Configuring Spanning Tree Parameters page 5-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 -> bridge forward delay 10 -> bridge cist forward delay 10 As in previous releases, it is possible to configure the flat mode instance wit h the bridge forward delay command by specifying [...]

  • Page 115

    Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-19 Configuring Spanning T ree Por t Parameters The following sectio ns provide informat ion and procedures for using CLI commands to configure STP port parameters. These parameters de termine the beh[...]

  • Page 116

    Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The following is a summary of Spanning Tree port configuratio n commands. For more information ab out these comman ds, see the Omn iSwitch CLI Reference Gu ide. Commands T ype Used for ... bridge [...]

  • Page 117

    Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-21 The following sec tions provide i nformation and proced ures for usi ng implicit Sp anning Tree po rt configu- ration command s and also inc lud es explicit command examples. Note . When a snapsho[...]

  • Page 118

    Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-22 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 To enable or disable the Spanning Tree status for a li nk aggreg ate, use the bridge slot/port commands described above but specify a link aggregate control nu mber instead of a slot an d port. Fo[...]

  • Page 119

    Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-23 STP or RSTP protocols are in use. See Chapter 6, “Using 802.1s Multiple Spanni ng Tree,” for more infor- mation. Port Priority on Li nk Aggregate Por ts Physical ports that belong to a link ag[...]

  • Page 120

    Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-24 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 By default, Span ning Tree is enab led on a port and the path cost is set to zero. If the switch i s running in the 1x1 Spannin g Tree mode, th en th e port pa th cost applies to the sp ecifi ed V[...]

  • Page 121

    Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-25 Path Cost for Link Aggregate Ports Physical ports that belong to a link aggregate do no t participate in the Span ning Tree Algorithm. Inste ad, the algorithm is applied to the aggreg ate logi cal[...]

  • Page 122

    Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-26 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 To change the path cost value for a link aggregate, use the bridge slot/port path cost commands described above, but specify a link aggregate cont ro l number instead of a slot and port. Fo r exam[...]

  • Page 123

    Configuring Spanning Tr ee Parameters Co nfiguring Spanning Tree Port Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-27 Mode for Link Aggregate Ports Physical ports that belong to a link aggregate do no t participate in the Span ning Tree Algorithm. Inste ad, the algorithm is applied to the aggreg ate logi cal link[...]

  • Page 124

    Configuring Spanning Tree Port Paramete rs Configuring Spanning Tree Parameters page 5-28 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 To change the port connection type for a VLAN insta nce, specify a VL AN ID with the bridge slot/port connection command when th e switch is runnin g in the 1x1 mode. For exam ple, the follow ing [...]

  • Page 125

    Configuring Spanning Tr ee Parameters Sample Spanning Tree Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-29 Sample Spanning T ree Configuration This section provid es an example network configurati on in which Spanni ng Tree has calculated a loop - free topology. In a ddition, a tu torial is al so included that[...]

  • Page 126

    Sample Spanning Tree Configuration C onfiguring Spanning Tree Parameters page 5-30 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • Ports 2/1-3, 2 /8-10, 3/1-3, an d 3/8-10 provid e connection s to other swi tches and are all assigned to VLAN 255 on their respective switch es. The Spanning Tree administrati ve status for each por[...]

  • Page 127

    Configuring Spanning Tr ee Parameters Sample Spanning Tree Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 5-31 -> bridge 255 priority 10 VLAN 255 on Switch D will ha ve the lowest Bri dge ID priority value of all four switches, whi ch will qualify it as the Spanni ng Tree root VLAN for the VLAN 255 broadcast do[...]

  • Page 128

    Verifying the Spanning Tree Configurat ion Configuring Spanning Tree Parameters page 5-32 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 V erifying the Spanning T ree Configuration To display information abo ut the Spanning Tree configuration on the switch, use the show commands listed below: For more information about the resultin[...]

  • Page 129

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-1 6 Using 802.1s Multiple Spanning T ree The Alcatel Multiple Spanning Tree (M ST) implementation provides su pport for the IEEE 802.1s Multi- ple Spanni ng Tree Protocol (MSTP). In add ition to the 802.1D Span ning Tree Algo rithm and Prot ocol (STP) and the 802.1w Rap id Spanni[...]

  • Page 130

    MST Specifications Using 802.1s Multiple Spanning Tree page 6-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 MST Specifications Spanning T ree Bridge Parameter Defaults IEEE Standards supported 802.1D– Media Acce ss Control (MAC) Bridges 802.1w– Rapid Reconfigurati on (802.1D Am endment 2 ) 802.1Q– Virtual Bridged Local Area[...]

  • Page 131

    Using 802.1s Multiple Spanning T ree Spanning Tree Port Parameter Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-3 Spanning T ree Por t Parameter Defaults MST Region Defaults Although the following parameter values are specific to the MSTP (802.1s), they are configurab le re gard- less of which mode (flat or 1x1) o r[...]

  • Page 132

    MST General Overview Using 802 .1s Multiple Spanning Tree page 6-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 MST General Over view The Multiple Span ning Tr ee (M ST) featur e allows fo r the mapping of one or more VLANs to a single Spanning Tree instance , referred to as a Multip le Spanning Tree Instance (MST I), when the swi[...]

  • Page 133

    Using 802.1s Multiple Spanning T ree MST General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-5 1x1 Mode STP/RSTP In the above 1x 1 mode example: • Both switches are running in the 1x1 mo de (one Spanning Tree inst ance per VLAN). • VLAN 100 and VLAN 200 are each associated with their own Spanning Tree instan c[...]

  • Page 134

    MST General Overview Using 802 .1s Multiple Spanning Tree page 6-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Flat Mode MSTP (802.1s) In the above flat mode MSTP example: • Both switches are running in the flat mode and using MSTP. • VLANs 100 and 150 are no t associated with an MSTI. By defaul t they are con trolled by the [...]

  • Page 135

    Using 802.1s Multiple Spanning T ree MST General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-7 Comparing MSTP with STP and RSTP Using MSTP (802.1s) has the foll owing items in common wit h STP (802.1D) and RSTP (802.1 w) proto- cols: • Each protocol ensures one data pa th between any two switches within the netw[...]

  • Page 136

    MST General Overview Using 802 .1s Multiple Spanning Tree page 6-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 What is a Multiple Spanning T ree Region A Multiple Sp anning Tree regio n re presents a group of 802.1s switches. An MST regio n appears as a single, flat mode instance to switc hes outside the region. A switch can belo[...]

  • Page 137

    Using 802.1s Multiple Spanning T ree MST General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-9 number of hops for the region, however, i s not one o f the attribut es that define s whether or not a switch is a member of a re gion. See “Quick Steps for Config uring an MST Reg ion” on page 6-14 for a tutori al o[...]

  • Page 138

    MST Configuration Overvi ew Using 802.1s Multiple Spanning Tree page 6-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 MST Configuration Over view The following g eneral step s are requir ed to set up a Multiple Span ning Tree (MST) config uration: • Select the flat Spanning Tree mode. By default, each switch ru ns in the 1x1 m[...]

  • Page 139

    Using 802.1s Multiple Spanning T ree MST Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-11 Implicit commands resemble previously implemen ted Spanning Tree co mmands, but appl y to the appro- priate instance based on t he current mode and protocol that is active on the switch. For example, if the 1x1 mo[...]

  • Page 140

    MST Interoperability and Mi gration U sing 802.1s Multiple Spanning Tree page 6-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 MST Inter operability and Migration Connecting an MSTP (802.1s) swit ch to a non-MSTP flat mode switch is supp orted. Since the Common and Internal Span ning Tree (CIST) con trols the flat mode instance [...]

  • Page 141

    Using 802.1s Multiple Spanning T ree MST Interoperability and Migratio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-13 Migrating fr om 1x1 Mode to Flat Mode MSTP As previously described, the 1x1 mo de is an Alcatel propri etary implementation th at applies one Span - ning Tree instance to each VLAN. For example, if five V[...]

  • Page 142

    Quick Steps for Configuring an MST Reg ion Using 802.1s Multiple Spanning Tree page 6-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring an MST Region An MST region ident ifies a group of MSTP (80 2.1s) swit ches that is seen as a si ngle, flat mode instance by other regions and/ or non-MSTP switche s. A [...]

  • Page 143

    Using 802.1s Multiple Spanning T ree Quick Step s for Configuring an MST Region OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-15 3 Map VLANs 100 and 200 to MSTI 2 and VLAN s 300 and 400 to MSTI 4 using t he bridge msti vl an command to define the con figuration digest. For exampl e: -> bridge msti 2 vlan 100 200 -> bri[...]

  • Page 144

    Quick Steps for Configuring MSTIs Usi ng 802.1s Multiple Spanning Tree page 6-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring MSTIs By default the Spa nning Tree software is a ctive on all swit ches and op erating in the 1x1 mode using the standard 802.1D STP. As a result, a loop-free netw ork topology[...]

  • Page 145

    Using 802.1s Multiple Spanning T ree Quick Steps for Configuring MSTIs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-17 The follow ing commands assign ports 2/1, 5/1 , 5/2, and 3/ 6 to VLANs 10 0, 150, 200 , and 250 o n Switch B: -> vlan 100 port default 2/1 -> vlan 150 port default 5/1 -> vlan 200 port default 5/2 [...]

  • Page 146

    Quick Steps for Configuring MSTIs Usi ng 802.1s Multiple Spanning Tree page 6-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note that of the two data paths a vailable to MSTI 1 VLANs, one is still b locked because i t is seen as redundant for that instance. In a ddition, the CIST data path st ill remains availa ble for CIST VLA[...]

  • Page 147

    Using 802.1s Multiple Spanning T r ee Verifying the MST Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 6-19 V erifying the MST Configuration To display information abo ut the MST configurati on on the switch, use the show commands listed be low: For more information about the resulting di splays from these c omman[...]

  • Page 148

    Verifying the MST Configuration Using 802 .1s Multiple Spanning Tree page 6-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]

  • Page 149

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-1 7 Assigning Por ts to VLANs Initially all switch ports are no n-mobile and are assigned to VLAN 1, which is also their configured default VLAN. When additional VLANs ar e created on the switch, ports a re assigned to the VLANs so that traffi c from device s connected to these p[...]

  • Page 150

    Port Assignment Specific ations Assigning Ports to VLANs page 7-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Assignment Specifications Por t Assignment Defaults IEEE Standards Supported 802.1Q– Virtual Bridged Local Area Networks 802.1D– Media Access Control Bridges Maximum VLANs per switch 4094 (inclu ding default VLA[...]

  • Page 151

    Assigning Ports to VLANs Sample VLAN Port Assignment OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-3 Sample VLAN Por t Assignment The following ste ps provide a qu ick tutorial th at will creat e a VLAN, statical ly assign ports to the VLAN, and configure mo bility on some of the VLAN p orts: 1 Create VLAN 255 with a descrip[...]

  • Page 152

    Statically Assigning Ports to VLANs Assigning Ports to VLANs page 7-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Statically Assigning Por ts to VLANs The vlan port default command is used to static ally assign bot h mobile and non -mobile port s to another VLAN. When the assignment is made, the port drop s the previous VLAN assi[...]

  • Page 153

    Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-5 How Dynamic Por t Assignment W orks Traffic received on mobile ports is classi fied using one of the following met hods: • Packet is ta gged with a VLAN ID that match es the ID of anot her VLAN that ha s mobile ta[...]

  • Page 154

    Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 In the initial VLAN port assignment configuration shown below, • All three port s have worksta tions that ar e configured to se nd packets wi th an 802. 1Q VLAN ID tag fo r three differ ent VLANs (VLAN 2, 3, and 4)[...]

  • Page 155

    Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-7 T agged Mobile Port T raffic T r iggers Dynamic VLAN Assignment OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch Port 2 VLAN 2 VLAN 1 VLAN 4 IP Network 130.0.0.0 Default VLAN IP Network 140[...]

  • Page 156

    Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Rule Classification VLAN rule classifi cation triggers dynamic VLAN po rt assignment when t raffic received on a mobile port matches the criteri a defined in a VLAN rule. Differen t rule types are avail able for[...]

  • Page 157

    Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-9 VLAN Rule Cla ssification : Initial Configuratio n As soon as the workstations start se nding traffic, swi tch so ftware checks the source subnet of the frames and looks for a matc h with any configure d IP network [...]

  • Page 158

    Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Mobile Port T raffic T rigge rs Dynamic VLAN Assignment Configuring Dynamic VLAN Por t Assignment Dynamic VLAN port assignment requires the following co nfiguration steps: 1 Use the vlan port mobile command to enab[...]

  • Page 159

    Assigning Ports to VLANs Dynamic ally Assigning Ports to VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-11 Enabling/Disabling Por t Mobility To enable mo bility on a port , use the vlan por t mobile command. For example, the following command enables mobility o n port 1 of slot 4: -> vlan port mobile 4/1 To enable mo[...]

  • Page 160

    Dynamically Assigning Ports to VLANs Assigning Ports to VLANs page 7-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 When BPDU ignore is enabled and the mobile port r eceive s a BPDU, the following occurs: • The port reta ins its mobi le status and remai ns eligible fo r dynamic VLAN assignme nt. • The port is n ot included i[...]

  • Page 161

    Assigning Ports to VLANs Underst anding Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-13 Understanding Mobile Por t Pr oper ties Dynamic assignme nt of mobile ports occurs witho ut user interve ntion when mo bile port traffic matches VLAN criteria. When ports a re dynamically assi gned, howeve r, the f[...]

  • Page 162

    Understanding Mobile Port Prop erties Assigning Ports to VLANs page 7-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 VLAN Management software on each switch tracks VPAs . When a mobile po rt link is disa bled and then enabled, all secondary VLAN assignments for that port are automa tically droppe d and the po rt’s original con[...]

  • Page 163

    Assigning Ports to VLANs Underst anding Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-15 How Mobile Port VLAN Assignments Age OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 [...]

  • Page 164

    Understanding Mobile Port Prop erties Assigning Ports to VLANs page 7-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring Mobile Por t Properties Mobile port pr operties indicat e mobile port status a nd affect port beh avior when the port is dynamically assigned to one or more VLANs. For e xample, mobile p ort properties[...]

  • Page 165

    Assigning Ports to VLANs Underst anding Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-17 Enable/Disable De fault VLAN Restore To enable or disable defa ult VLAN restore, enter vlan port followed by the port’s slot/port designation then default vlan restore followed by enable or disable . For example,[...]

  • Page 166

    Understanding Mobile Port Prop erties Assigning Ports to VLANs page 7-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enable/Disable 802.1X Por t -Based Access Contr ol To enable or disab le 802.1X on a mobile port, enter vlan port followed by the port’s slot/port designa- tion then 802.1 x followed by enable or disable. For ex[...]

  • Page 167

    Assigning Ports to VLANs Verifying VLAN Po rt Associations and Mobile Port Properties OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 7-19 V erifying VLAN Por t Associations and Mobile Por t Properties To display a list of VLAN port assi gnments or the status of mobile port properties, use the show commands list ed below: Unders[...]

  • Page 168

    Verifying VLAN Port Associations and Mobile Port Properties Assigning Ports to VLANs page 7-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The following ex ample uses the show vlan po rt command to display VP A in formation for all ports in VLAN 200: -> show vlan 200 port port type status --------+---------+-------------- 3/2[...]

  • Page 169

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-1 8 Defining VLAN Rules VLAN rules are used to classify mo bile port traffic for dy namic VLAN port assign ment. Rules are defi ned by specifying a port, MAC address, protoc ol, network address, user-defined, binding, or DHCP cr iteria to capture certain types of network device t[...]

  • Page 170

    VLAN Rules Specifications Defining VLAN Rules page 8-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Rules Specifications VLAN Rules Defaults IEEE Standards Supported 802.1Q– Virtual Bridged Local Area Networks 802.1v– VLAN Classification by Prot ocol and P ort 802.1D– Media Access Control Bridges Maximum number of VLANs[...]

  • Page 171

    Defining VLAN Rules Sample VLAN Rule Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-3 Sample VLAN Rule Configuration The following steps p rovide a qu ick tutorial that wi ll create a n IP network address and DHCP MAC range rule for VLAN 255, an IPX pro tocol rule for VLAN 355, an d a MAC-IP-port bindi ng rule f[...]

  • Page 172

    VLAN Rules Overview Defining VLAN Rules page 8-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN Rules Over view The mobile po rt feature availa ble on the swi tch allows dy namic VLAN po rt assignment ba sed on VLAN rules that are applied to mobile port traffic.When a port is defined as a mob ile port, switch softwa re compares[...]

  • Page 173

    Defining VLAN Rules VLAN Rules Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-5 DHCP Rules Dynamic Host Config uration Protocol (DH CP) frames ar e sent from client workstations to request an IP address from a DHC P server. The serv er respond s with the same type of frames, whic h contain an IP address for t he clie[...]

  • Page 174

    VLAN Rules Overview Defining VLAN Rules page 8-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Binding Rules Binding rules restrict VLAN a ssignme nt to specifi c devices by requiring that devic e traffic match all crite- ria specified in the rule. As a result, a separate binding rule is required for each devic e. An unlimite d num[...]

  • Page 175

    Defining VLAN Rules VLAN Rules Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-7 IP protocol rules also c apture DHCP traffic, i f no other DHCP rule exists that would classify the DHCP traffic into anot her VLAN. Therefore, it is not necessary to c ombine DHCP rules with IP protoco l rules for the same VLAN. Custom ([...]

  • Page 176

    VLAN Rules Overview Defining VLAN Rules page 8-8 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Understanding VLAN Rule Precedence In addition to configurable VLAN rule types, there are t wo internal rule types fo r processing mobile port frames. One is referred to as frame typ e and is used to identify Dyna mic Host Configuration P[...]

  • Page 177

    Defining VLAN Rules VLAN Rules Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-9 Prece dence S tep/Rule T ype Condition Result 1. Frame T ype Frame is a DHCP frame. Frame is not a DHCP frame. Go to Step 2. Skip Steps 2, 3, 4, and 5. 2. DHCP MAC DHCP frame contains a matching source MAC address. Frame source is as si g[...]

  • Page 178

    VLAN Rules Overview Defining VLAN Rules page 8-10 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 8. MAC-Port Bi nding Frame contains a matching sou rce MAC address and source port. Frame only contains a matching source MAC address; port does not match. Frame only contains a matching port; source MAC address does not match. Frame so[...]

  • Page 179

    Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-11 Configuring VLAN Rule Definitions Consider the followin g when config uring rule s for a VLAN: • The VLAN must already exist. Use t he vlan command to create a new VLAN or the sho w vlan command to verify a VLAN is alread[...]

  • Page 180

    Configuring VLAN Rule Definitions Defining VLAN Rules page 8-12 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Refer to the following sections (liste d in the order of rule precedenc e) for instructions on h ow to define each type of VLAN rule: To display a list of VLAN rules already configured on the switch, use the show v lan rul[...]

  • Page 181

    Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-13 Defining DHCP MAC Range Rules A DHCP MAC rang e rule is similar t o a DHCP MAC ad dress rule, but allows the user to specify a ra nge of MAC addresses. This is useful when it is necessary to de fine rules for a large number[...]

  • Page 182

    Configuring VLAN Rule Definitions Defining VLAN Rules page 8-14 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Defining DHCP Generic Rules DHCP generic rules capture all DHCP traffic t hat does no t match an existing DHCP MAC or DHCP port rule. If none of th ese other rules exist, t hen all DHCP frames are captured regardle ss of t[...]

  • Page 183

    Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-15 How to Define a MAC-Por t-IP Address Binding Rule To define a MAC-po rt-IP address binding ru le, enter vlan followed by an exis ting VLAN ID then binding mac-ip-port followed by a valid MA C ad dress, IP address, and a slo[...]

  • Page 184

    Configuring VLAN Rule Definitions Defining VLAN Rules page 8-16 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 How to Define a MA C-Por t Binding Rule To define a MAC-port binding rule, enter vlan followed by a n existing VLAN ID then bind ing mac-po rt followed by a valid MAC address and a slot/port designat ion. For example, the [...]

  • Page 185

    Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-17 How to Define a Por t -Pro tocol Binding Rule To define a port- protocol bind ing rule, enter vlan followed by an existi ng VLAN ID then binding port-protocol followed by a va lid MAC address, a slot/port designation and a [...]

  • Page 186

    Configuring VLAN Rule Definitions Defining VLAN Rules page 8-18 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Defining MAC Range Rules A MAC range rule is simi lar to a MAC address rul e, but allows th e user to specify a ran ge of MAC addresses. Th is is useful wh en it is necessary t o define rules for a large nu mber of sequent[...]

  • Page 187

    Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-19 Use the no form of the vlan ip command to remove an IP network addr ess rule. -> vlan 1200 no ip 134.10.0.0 Defining IPX Network Address Rules IPX network addre ss rules capture frames tha t contain an IPX network addres[...]

  • Page 188

    Configuring VLAN Rule Definitions Defining VLAN Rules page 8-20 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Defining Protocol Rules Protocol rules cap ture frames that contain a prot ocol type that matches the protocol value specified in the rule. There are several generic protoc ol parameter valu es to select from; IP Et hernet[...]

  • Page 189

    Defining VLAN Rules Configuring VLAN Rule Definitions OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-21 Defining Custom (User) Rules A custom rule captures mobile port fra mes that contai n a specified pattern of data at a specified location. Custom rules require the u ser to specify the fo llowing parameter values: To define[...]

  • Page 190

    Application Example: DHCP Rules Defining VLAN Rules page 8-22 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Application Example: DHCP Rules This application example shows how Dynamic Host Co nfiguration Protocol (D HCP) port an d MAC address rules are used in a DHCP-ba s ed netwo rk. DHCP is buil t on a client-serve r model in whi[...]

  • Page 191

    Defining VLAN Rules Applica tion Example: DHCP Rules OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-23 The following tabl e summarizes th e VLAN architectu re and rules fo r all devices in this network co nfigu- ration. The di agram on the follo wing page il lustrates th is network configurat ion. Device VLAN Membership Rule [...]

  • Page 192

    Application Example: DHCP Rules Defining VLAN Rules page 8-24 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 DHCP Port and MAC Rule Application Example OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch 6648 OmniSwitch Client 1 DHCP Port Rule Client 2 DHCP Port Rule Client 3 DHCP Port Rule Client 4 DHCP Port Rule Client 5 D[...]

  • Page 193

    Defining VLAN Rules Verifying VLAN Rule Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 8-25 V erifying VLAN Rule Configuration To display info rmation about VLAN rules co nfigured on t he switch, use the show commands li sted below: For more information abou t the resulting display from th is command, see t he Om[...]

  • Page 194

    Verifying VLAN Rule Configuration Defining VLAN Rules page 8-26 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]

  • Page 195

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 9-1 9 Configuring Por t Mapping Port Mapping is a security feature, which controls communic ation betwee n p eer users. Each session comprises a session ID, a set of user ports, and/or a set of network ports. The user port s within a session cannot communicate with eac h othe r and[...]

  • Page 196

    Port Mapping Specifications Configuring Port Mapping page 9-2 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Mapping Specifications Por t Mapping Defaults The following ta ble shows port ma pping default values. Quick Steps for Configuring Por t Mapping Follow the step s below for a quick tutori al on configur ing port mapping[...]

  • Page 197

    Configuring Port Mappin g Creating/ Deleting a Port Mapping Session OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 9-3 Creating/Deleting a Por t Mapping Session Before port mapping can be used, it is necessary to creat e a port mapping session. The following subsec- tions describe how to cr eate and dele te a port mapping sessi[...]

  • Page 198

    Enabling/Disabling a Port Mapping Session Configuring Port Mapping page 9-4 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Enabling/Disabling a Por t Mapping Session By default, the port mapping session will be disabl ed. The following subsections descri be how to enable and disable the port mapping sessi on with the port mapping co[...]

  • Page 199

    Configuring Port Mappin g Sample Port Mapping Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 9-5 Sample Por t Mapping Configuration This section provi des an example port mapping netwo rk configuratio n. In addition , a tutorial is also included that provides steps on how to config ure the example port mappi ng se[...]

  • Page 200

    Verifying the Port Mapping Configuration Configuring Port Mapping page 9-6 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Example Por t Mapping Configuration Steps The following ste ps provide a quick tutorial that configures t he port mapping sessi on shown in the diagram on page 9-5 . 1 Create two port mappin g sessions on Switch [...]

  • Page 201

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-1 10 Using Interswitch Pr otocols Alcatel Interswitch Proto col s (AIP) are used to di scover adja cent switches and retain mobile port informa- tion across switches. The foll owing protoco l is supported: • Alcatel Mapping Adjacency Prot ocol (AMAP), which is used to discover[...]

  • Page 202

    AIP Specifications Using Interswitch Protocols page 10-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 AIP Specifications AMAP Defaults Sta ndards Not applica ble at this time. AM AP is Alcatel pro pri- etary protocol. Maximum number of IP addr esses propagated by AMAP 255 Parameter Description Command Default AMAP status amap Ena[...]

  • Page 203

    Using Interswitch Protocols AMAP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-3 AMAP Over view The Alcatel Mapping Adjacency Prot ocol (AMAP) is used to discover the topology of Om niSwitches or Omni S/Rs in a particul ar installation. Using this protocol, each switch determines which Om niSwitches or Omni S/Rs ar[...]

  • Page 204

    AMAP Overview Using Interswitch Protocols page 10-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The transmission states are illu strated here. Discover y T r ansmission State When AMAP is active, at startup al l act ive switch ports are in the discov ery transmission state. In this state, ports send out Hello pack ets and wait f[...]

  • Page 205

    Using Interswitch Protocols Config uring A MAP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-5 Common T ransmission and Remote Switches If an AMAP switch is connected to multiple AM AP switches via a h u b, the switch sends and receives Hello traffic to and from t he remote switc hes throug h the same port . If one of the r[...]

  • Page 206

    Configuring AMAP Using Interswitch Protocols page 10-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring the AMAP Common Timeout Inter val The common timeout in terval is used on ly in the common transmission state to det ermine the time int er- val between sending Hell o update packets. A switch se nds an update for a por[...]

  • Page 207

    Using Interswitch Protocols Config uring A MAP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 10-7 Displaying AMAP Information Use the show amap command to view a list of adjacent sw itches and the ir associated MAC addresses, interfaces, VLANs, and IP addresses. For remote switc hes that stop sending He llo packets a nd that a[...]

  • Page 208

    Configuring AMAP Using Interswitch Protocols page 10-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 A simplified vi sual illustrati on of these conn ections is show n here for exampl e purposes only: See the OmniSwitch CLI Reference Guide for informatio n about the show amap command. OmniSwitch 7800 Remo te Sw it ch B 0020da:032c[...]

  • Page 209

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-1 11 Configuring 802.1Q 802.1Q is the IEEE standard for se gmenting networks into VLANs. 80 2.1Q segmentation is done by adding a specific tag to a packet. In this Chapter This chapter describ es the basic components of 802.1 Q VLANs and how to configur e them through the Comman[...]

  • Page 210

    802.1Q Specifications Configuring 802.1Q page 11-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 802.1Q Specifications Note. Up to 4093 V LANs can be assigned to a tagged port or link aggregation group. However, each assignment coun ts as a sing le VL AN port associ ation. Once the maxi mum number of VLAN port associa- tions is re[...]

  • Page 211

    Configuring 802.1Q 802.1Q Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-3 802.1Q Over view Alcatel’s 802.1Q is an IEEE sta ndard for sending fra mes through the network ta gged with VL AN identifi - cation. This chap ter details procedure s for configuring and mon itoring 802.1Q tag ging on a single port in a swi[...]

  • Page 212

    802.1Q Overview Configuring 802.1Q page 11-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The port can only be assigned to one unta gged VLAN (in every case, this w ill be the defa ult VLAN). In the example above the de fault VLA N is VLAN 1. The po rt can be assigned to as many 802.1Q VLANs as necessary, up to 4093 per port or 3[...]

  • Page 213

    Configuring 802.1Q Configuring an 802.1Q VLAN OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-5 Configuring an 802.1Q VLAN The following sec tions detail p rocedures for crea ting 802.1Q V LANs and assigni ng ports to 802.1Q VLANs. Enabling T agging on a Port To set a port to be a tagged port, yo u must specify a VLAN identi [...]

  • Page 214

    Configuring an 802.1Q VLAN Configuring 802.1Q page 11-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling T agging with Link Aggregation To enable tag ging on link a ggregation g roups, enter t he link aggr egation group identification number in place of the slot and port number, as shown: -> vlan 5 802.1q 8 (For further i[...]

  • Page 215

    Configuring 802.1Q Configuring an 802.1Q VLAN OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-7 Configuring the Frame T ype Once a port has been set to receive and send tagged fra mes, it will be able to receive or send tagged or untagged traffic. Tagged traffic wi l l be subject to 802.1Q rules, wh ile untagged traffic will [...]

  • Page 216

    Configuring an 802.1Q VLAN Configuring 802.1Q page 11-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Show 802.1Q Information After configur ing a port or link aggregation group to be a tagged port, y ou can view the settings by using the show 802.1q command, as demonstrated: -> show 802.1q 3/4 Acceptable Frame Type : Any Frame[...]

  • Page 217

    Configuring 802.1Q Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-9 Application Example In this section the steps to create 8 02. 1Q conne ctions between switches are show n. The following d iagram shows a simple n etwork employing 802.1Q on both regular ports and li nk aggrega- tion groups. The following[...]

  • Page 218

    Application Example Configuring 802.1Q page 11-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following steps apply to Stack 2. They wil l attach port 2/1 to VLAN 2, and set the port to accept 802.1Q tagged traf fic only: 1 Create VLAN 2 by enteri ng vlan 2 as shown below (VLAN 1 is the defa ult VLAN for the switch): -> vl[...]

  • Page 219

    Configuring 802.1Q Verifying 802.1Q Configuratio n OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 11-11 The following steps ap ply to Stack 3. They will at tach ports 4/1 and 4/2 as link aggregation gro up 5 to VLAN 3. 1 Configure stati c link aggregation grou p 5 by entering th e following: -> static linkagg 5 size 2 2 Assi[...]

  • Page 220

    Verifying 802.1Q Configuration Configuring 802.1Q page 11-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 221

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-1 12 Configuring Static Link Aggregation Alcatel’s static link aggregation software allows yo u to combine several physi cal links into one lar ge virtual link know n as a link aggregation gro up . Using link aggregation can provide th e following b enefits: • Scalability . [...]

  • Page 222

    Static Link Aggregation Specifications Configuring Static Link Aggregation page 12-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Static Link Aggregation Specifications The table below lists specifi cations for stat ic groups. Static Link Aggregation Default V alues The table belo w lists default values and th e comman ds to modi[...]

  • Page 223

    Configuring Static Link Aggregati on Quick Steps for Configuring Static L ink Aggregation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-3 Quick Steps for Configuring Static Link Aggregation Follow the steps belo w for a quick tutorial on conf iguring a static aggregate link betwe en two switches. Additional informat ion on [...]

  • Page 224

    Quick Steps for Configuring Static Link Aggr egation Configuring Static Link Aggregation page 12-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note. Optional . You can verify your static link aggregation settin gs with the show linkagg command. For example: -> show linkagg 1 Static Aggregate SNMP Id : 400000 01, Aggregate Num[...]

  • Page 225

    Configuring Static Link Aggregation Static Link Aggregation Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-5 Static Link Aggregation Over view Link aggregati on allows yo u to combine 2, 4 , or 8 physic al connection s on a single sw itch or 2, 4, 8, or 16 links in a stac k into large vi rtual connecti ons known as [...]

  • Page 226

    Static Link Aggregation Overview Co nfiguring Static Link Aggregation page 12-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Relationship to Other Features Link aggregat ion groups are supported by other switch software featu res. The fo llowing fe atures have C LI commands or comma nd parameters that support lin k aggregation : [...]

  • Page 227

    Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-7 Configuring Static Link Aggregation Gr oups This section describes how t o use Alcatel’s Command Line Interface (CLI) comman ds t o configure static link aggregate groups. See “Configuring Manda[...]

  • Page 228

    Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Creating and Deleting a Static Link Aggregate Gr oup The following subsections desc ribe how to create and dele te static lin k aggregate groups with th e static linkagg size command. Creating a S[...]

  • Page 229

    Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-9 Adding and Deleting Por ts in a Static Aggregate Group The following su bsections desc ribe how to add and dele te ports in a static agg regate group with the static agg agg num command. Adding Por [...]

  • Page 230

    Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6624/660 0-U24/6600-P24 V alid Port Assignme nt Locations Number of Links (Aggregate Size) OmniSwitch 6624/6600-U24 /6600-P24 Maximum V ali d Port Assignme nt (Port Spee d) 2 1–2 (10/[...]

  • Page 231

    Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-11 OmniSwitch 66 48 V alid Port Assi gnment Locations Number of Links (Aggregate Size) OmniSwitch 6648 Maximum V alid Port Assignment (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–18 (10/10 0) [...]

  • Page 232

    Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6624/660 0-U24/6600 -P24 V alid Port Con figuration Locations Number of Links (Aggregate Size) OmniSwitch 6602-24 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10[...]

  • Page 233

    Configuring Static Link Aggregation Configuring Static Link Aggregation Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-13 OmniSwitch 66 02-48 V alid Port Config uration Locations Number of Links (Aggregate Size) OmniSwitch 6602-48 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–1[...]

  • Page 234

    Configuring Static Link Aggregation Grou ps Configuring Static Link Aggregation page 12-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 On an OmniSwitch 66 24 or 6600-U24 you must install either an OS6600 -GNI-C2 or OS6600-GNI- U2 expansion module in th e left-hand expansi on slot before you can use ports 25 and 26 for link aggreg[...]

  • Page 235

    Configuring Static Link Aggregati on Modif ying Static Aggregation Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-15 Modifying Static Aggregation Gr oup Parameters This section describes how to modify the follo wing static aggregat e group parameters: • Static aggregate group name (see “M odifying the St[...]

  • Page 236

    Application Example Configuring Static L ink Aggregation page 12-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Application Example Static link aggregation groups are tr eated by the switch’s software the same way it treat s individual physi - cal ports. Th is section demo nstrates this b y providing a sample network co nfigura[...]

  • Page 237

    Configuring Static Link Aggregati on Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 12-17 5 Repeat steps 1 through 4 on Switch B. All the co mmands wou ld be the same except yo u would substi - tute the appropriat e port numbers. Note. Optional . Use the sho w 802.1q command to display 802.1Q confi gurations[...]

  • Page 238

    Displaying Static Link Aggregation Con figuration and Statistics Configuring Static Link Aggregation page 12-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Static Link Aggregation Configuration and Statistics You can use Command Line Interface (CLI) show commands to display the current configuration and statistics of l[...]

  • Page 239

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-1 13 Configuring Dynamic Link Aggregation Alcatel’s dynamic l ink aggregation software allows you to combine severa l physical link s into one large virtual link know n as a link aggregation gro up . Using link aggregation can provide th e following b enefits: • Scalability [...]

  • Page 240

    Dynamic Link Aggregation Specifications C onfiguring Dynamic Link Aggregation page 13-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Dynamic Link Aggregation Specifications The table below lists specifications for dynami c aggregation gr oups and ports: IEEE Specifications Su pported 802.3ad — Ag gregation of Multi ple Link Seg[...]

  • Page 241

    Configuring Dynamic Link Aggregation Dy namic Link Aggregation Default Values OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-3 Dynamic Link Aggregation Default V alues The table below lists default values fo r dynamic aggregate groups. Parameter Description Command Default V alue/Comments Group Admi nistrative S tat e lacp l[...]

  • Page 242

    Quick Steps for Configuring Dynamic Lin k Aggr egation Configuring Dynamic Link Aggregation page 13-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring Dynamic Link Aggregation Follow the steps below for a quic k tutorial o n configurin g a dynamic aggregate link between two switches. Additional informat io[...]

  • Page 243

    Configuring Dynamic Link Aggregation Quick Step s for Configur ing Dynamic Link Aggregation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-5 Note. As an option, you can verify your dynamic aggregat ion group settings with the show linkagg command on ei ther the act or or partner switch. For ex ample: -> show linkagg 2 Dyn[...]

  • Page 244

    Quick Steps for Configuring Dynamic Lin k Aggr egation Configuring Dynamic Link Aggregation page 13-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 An example of what these commands look like entered sequentiall y on the command line on the partner switch: -> lacp linkagg 2 size 8 admin key 5 -> lacp agg 2/9 actor admin key [...]

  • Page 245

    Configuring Dynamic Link Aggregation Dynamic Link Aggregation Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-7 Dynamic Link Aggregation Over view Link aggregati on allows yo u to combine 2, 4 , or 8 physic al connection s on a single sw itch or 2, 4, 8, or 16 links in a stac k into large vi rtual connecti ons known [...]

  • Page 246

    Dynamic Link Aggregation Overview Co nfiguring Dynamic Link Aggregation page 13-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Example of a Dyna mic Aggr egate Gr oup Network Dynamic aggregate groups can be creat ed between tw o OmniSwitc h 6600 Family switches, between an OmniSwitch 6600 Family swi tch and an OmniSwitch 7700 /78[...]

  • Page 247

    Configuring Dynamic Link Aggregation Dynamic Link Aggregation Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-9 Relationship to Other Features Link aggregation groups are supp orted by other switch software features. For ex ampl e, you can co nfigure 802.1Q tag ging on link aggregation g roups in additi on to configu[...]

  • Page 248

    Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Dynamic Link Aggregate Gr oups This section describes how t o use Alcatel’s Command Line Inte rface (CLI) commands to create, modi fy, and delete dynamic aggregate g roups. See “Con[...]

  • Page 249

    Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-11 Creating and Deleting a Dynamic Aggregate Group The following su bsections descri be how to crea te and delete dynamic aggregat e groups with t he lacp linkagg size command. Creating a Dynamic Ag[...]

  • Page 250

    Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Por ts to Join and Removing Ports in a Dynamic Aggregate Group The following subsec tions describe how to co nfigure ports with the same admi nistrative key (which al lows them to be ag[...]

  • Page 251

    Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-13 OmniSwitch 6624 /6600-U24/660 0-P24 V alid Port Configuratio n Locations Number of Links (Aggregate Size) OmniSwitch 66 24/6600-U24/6600-P24 Maximum V alid Port Configur ation (Port Spee d) 2 1?[...]

  • Page 252

    Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6648 V alid Port Configuratio n Location s Number of Links (Aggregate Size) OmniSwitch 6648 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–18 (10/[...]

  • Page 253

    Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-15 OmniSwitch 6624 /6600-U24/660 0-P24 V alid Port Configuratio n Locations Number of Links (Aggregate Size) OmniSwitch 6602-24 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–1[...]

  • Page 254

    Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 OmniSwitch 6602-48 V alid Port Configur ation Locations Number of Links (Aggregate Size) OmniSwitch 6602-48 Maximum V alid Port Configuration (Port Spee d) 2 1–2 (10/100) 9–10 (10/ 100) 17–18[...]

  • Page 255

    Configuring Dynamic Link Aggregation Conf iguring Dynamic Link Aggregate Gr oups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-17 On an OmniSwitch 6624, 6600-U24 , or 6600-P24 yo u must install either an OS6 600-GNI-C2 or OS66 00- GNI-U2 expan sion module in the left-han d expansion sl ot before y ou can use port s 25 and 2[...]

  • Page 256

    Configuring Dynamic Link Aggregate Groups Configuring Dynamic Link Aggregation page 13-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 As an option, you can use the ethernet , fastethernet , and gigaethernet keywords before the slot and port number to document t he interface type or make the command look consiste nt with early-ge [...]

  • Page 257

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-19 Modifying Dynamic Link Aggregate Gr oup Parameters The table on page 13 -3 lists default group and port settings fo r Alcatel’s dynamic link aggregation soft- ware. These paramet ers en[...]

  • Page 258

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 For example, to n ame dynamic aggregat e group 4 “Eng ineering” you w ould enter: -> lacp linkagg 4 name Engineering Note. If you want to spec ify spaces within a name, t he name mu[...]

  • Page 259

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-21 Deleting a Dynamic Aggregate Actor Administrative Key To remove an act or switch administ rative key from a dynamic aggrega te group’s configu ration use the no form of the lacp linkagg[...]

  • Page 260

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Restoring the Dynamic Aggre gate Gr oup Actor System ID To remove the use r-configured a ctor switch system ID from a dynamic aggregate grou p’s configuration use the no form of the lacp[...]

  • Page 261

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-23 For example, to reset t he partner system priority of dynamic agg regate group 4 to its default value you would enter: -> lacp linkagg 4 no partner syste m priority Modifying the Dynam[...]

  • Page 262

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. A port may belong to only one aggregate grou p. In addition, mobile ports cann ot be aggregated. See Chapter 7, “Assi gning Ports to VLANs,” for more informatio n on mobile ports[...]

  • Page 263

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-25 Note. Specifying none remove s all administrativ e states from the LACPDU co nfigurat ion. For example: -> lacp agg 5/49 actor admin state none For exampl e, to set bits 0 ( active ) a[...]

  • Page 264

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 For exampl e, to modify the system ID of dyn amic aggr egate actor po rt 3 in slot 7 to 00:20:da:06:ba:d3 you would enter: -> lacp agg 7/3 actor system id 00 :20:da:06:ba:d3 As an optio[...]

  • Page 265

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-27 Modifying the Actor Port Priority By default, the actor port priority (used to converge dynamic key changes) is 0. The follow ing subsec- tions describe how to confi gure a user-specified[...]

  • Page 266

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Modifying Dynamic Aggregat e Par tner Por t Parameters This section describ es how to modify the following d ynamic aggregate partner po rt parameters: • Partner port system admi nistrat[...]

  • Page 267

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-29 Note. Specifying none remove s all administrativ e states from the LACPDU co nfigurat ion. For example: -> lacp agg 7/49 partner admin sta te none For exampl e, to set bits 0 ( active [...]

  • Page 268

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. Since indivi dual bits with the LACPDU frame are set with the lac p agg partner admin state command you can set some bits on and restore other bits to de fault values wi thin the sam[...]

  • Page 269

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-31 Configuring the Partner Por t System ID You can configure the part ner port system ID by entering la cp agg , the slot numbe r, a slash ( / ), the port number, partner admin system id , a[...]

  • Page 270

    Modifying Dynamic Link Aggregate Group Para meters Configuring Dynamic Link Aggregation page 13-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Restoring the Partner Por t System Priority To remove a user-c onfigured syste m priority from a dyna mic aggregate grou p partner port’s con figuration use the no form of the lacp agg p[...]

  • Page 271

    Configuring Dynamic Link Aggregation Mo difyin g Dynamic Link Aggregate Group Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-33 For example, to modify the port priority o f dynamic aggregat e partner port 3 in sl ot 4 to 100 you would enter: -> lacp agg 4/3 partner admin port priority 100 As an option, you can [...]

  • Page 272

    Application Examples Configuring Dynamic Link Aggregation page 13-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Application Examples Dynamic link aggregatio n groups are treated by the switch’s software th e same way it tr eats individu al physical ports.Th is section demonstrates this feature by providing sample netwo rk conf[...]

  • Page 273

    Configuring Dynamic Link A ggregation Application Examples OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-35 Link Aggregation and Spanning T ree Example As shown in the figu re on page 13-34 , VLAN 10, which uses the Spanning Tree Protocol (S TP) with a priority of 15, has been configu red to use dynamic aggrega te group 7. [...]

  • Page 274

    Application Examples Configuring Dynamic Link Aggregation page 13-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Link Aggregation and QoS Example As shown in the figu re on page 13-34 , VLAN 12, wh ich uses 802 .1Q frame tagg ing and 802. 1p prioritiza- tion, has bee n configured to use dynami c aggregate group 7. The actual phys[...]

  • Page 275

    Configuring Dynamic Link A ggregation Application Examples OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-37 10 Repeat steps 1 through 9 on Switch C. All the co mmands wou ld be the same except yo u would substi - tute the appropriat e port numbers. Note. If you do not use t he qos apply command any QoS policies yo u configu[...]

  • Page 276

    Displaying Dynamic Link Aggregation Configuration a nd Statistics Configuring Dynamic Link Aggregatio n page 13-38 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Dynamic Link Aggregation Configuration and Statistics You can use Command Line Interface (CLI) show commands to display the current configuration and statistics [...]

  • Page 277

    Configuring Dynamic Link Aggregat ion Displaying Dynami c Link Aggregation Configuration and Statistics OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 13-39 A screen similar to the follow ing would be display ed: Dynamic Aggregable Port SNMP Id : 2001, Slot/Port : 2/1, Administrative State : ENABLED, Operational State : DOWN, P[...]

  • Page 278

    Displaying Dynamic Link Aggregation Configuration a nd Statistics Configuring Dynamic Link Aggregatio n page 13-40 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 279

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-1 14 Configuring IP Internet Protocol (IP) is primarily a ne twork-layer (La yer 3) protoco l that contain s addressing and control information that en ables packets to be forwarded. Al ong with Transmi ssion Contro l Protocol (TCP), IP represents the heart of the Internet proto[...]

  • Page 280

    IP Specifications Configuring IP page 14-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • Managing IP – “Internet Control M essage Protocol (ICMP)” on page 14-19 – “Using the Ping Command” on page 14-23 – “Tracing an IP Route” on page 14 -23 – “Displayin g TCP Information” o n page 14-23 – “Displayin[...]

  • Page 281

    Configuring IP Quick Steps for Configuring IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-3 Quick Steps for Configuring IP For warding Using only IP, which is always enabled on the switch, devi ces connected to ports on the same VLAN are able to commun icate at Laye r 2. The initi al configur ation for all Alca[...]

  • Page 282

    IP Overview Configuring IP page 14-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IP Over view IP is a network-layer (Laye r 3) protocol t hat contains add ressing and control information t hat enables packets to be forwarded on a netwo rk. IP is the prim ary network-layer pro tocol in t he Internet protocol suite. Along with TC [...]

  • Page 283

    Configuring IP IP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-5 Additional IP Protocols There are several additional IP-relate d protocols that may be used with IP forwarding. These protocols are included as part of the base code. • Address Resolution Prot ocol (ARP)—Used to matc h the IP address of a device [...]

  • Page 284

    IP Forwarding Configuring IP page 14-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IP For warding Network device traffic is br idged (switched) at the Layer 2 level between ports that are assig ned to the same VLAN. However, if a devic e n eeds to communicate with another de vice that belongs to a different VLAN, then Layer 3 ro[...]

  • Page 285

    Configuring IP IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-7 Configuring an IP Router Inter face IP is enabled by de fault. Using IP, devices connec ted to ports on the same VLAN are able to communi- cate. Howe ver, to forwa rd packets to a different VLA N, you must cr eate an IP route r interface on each VL[...]

  • Page 286

    IP Forwarding Configuring IP page 14-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Note. Assign only ports to th e VLAN th at are ca pable of handling t he MTU size restrictions configured for the IP interface(s) asso ciated with the VLAN. For example, if an interface MTU size is gre ater than 1500, do not assign 10/100 Ethernet[...]

  • Page 287

    Configuring IP IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-9 Creating a Static Route Static routes are user-def in ed and carry a hi gher priority tha n routes created b y dynamic routing proto- cols.That is, stat ic routes always ha ve priority over dyn amic routes regardless o f the metric val ue. Static r[...]

  • Page 288

    IP Forwarding Configuring IP page 14-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Address Resolution Protocol (ARP) To send packets on a locally connect ed network, the switch use s ARP to matc h the IP address of a devi ce with its physical (MAC) address. To send a data packet to a dev ice with whic h it has not p [...]

  • Page 289

    Configuring IP IP Forwarding OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-11 Note. You can also use the no arp command to delete a dynami c entry from the table. Clearing Dynamic ARP Entries Dynamic entries can be cleared using t he clear arp-cache command. This command c lears all dynamic entries. Permanent entrie s must [...]

  • Page 290

    IP Forwarding Configuring IP page 14-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 • An IP mask (e. g. 255.0.0.0 ) used to identi fy which pa rt of the ARP pa cket IP address is compa red to the filter IP address. • An optional VLAN ID to specify tha t the filter is only app lied to ARP packets from t hat VLAN. • Which ARP[...]

  • Page 291

    Configuring IP IP Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-13 IP Configuration IP is enabled on the switch by de fault and th ere are few option s that can, or ne ed to be, c onfigured. This section provides instruct ions for some basic IP configurat ion options. Configuring the Router Primar y Address Th[...]

  • Page 292

    IP Configuration Configuring IP page 14-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 IP-Directed Broadcasts An IP directed broadcast is an IP datagram th at has al l zeroes or a ll 1’s in the ho st portion of the destina- tion IP address. The packet is sent t o the broadcast add ress of a subnet to which t he sender is not di[...]

  • Page 293

    Configuring IP IP Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-15 • Trap generation . If the total penalty v alue exceeds th e set port scan p enalty value threshold, a tra p is generated to alert the administrator tha t a port scan may be in progress. For example, imagine that a switch is se t so that TCP [...]

  • Page 294

    IP Configuration Configuring IP page 14-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 In the next minute, 10 more T CP and UDP closed po rt packets are rec eived, along with 200 UDP open port packets. Th is would bring the total penalty valu e to 4300, as sh own with th e following eq uation: (100 previous minute value) + (10 TC[...]

  • Page 295

    Configuring IP IP Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-17 Setting the Port Scan Penalty V alue Threshold The port scan pena lty value t hreshold is the h ighest point a the total pe nalty value for t he switch can reach before a trap is generated in forming the administrator that a port scan is in pro[...]

  • Page 296

    IP Configuration Configuring IP page 14-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following ta ble lists ip servic e command options for specifying TCP/ UDP services and also includes the well-known port number a ssociated with each service: service port ftp 21 ssh 22 telnet 23 http 80 secure-http 44 3 avlan-http 260 avl[...]

  • Page 297

    Configuring IP Managing IP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-19 Managing IP The following sec tions descri be IP commands th at can be used t o monitor and trouble shoot IP forward ing on the switch. Internet Control Message Pr otocol (ICMP) ICMP is a network layer protocol with in the IP protocol suite that pro[...]

  • Page 298

    Managing IP Configuring IP page 14-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Activating ICMP Contr ol Messages ICMP messages are ident ified by a type and a code . This number pa ir speci fies an ICMP message. For example, ICMP type 4, code 0, speci fies the source quench ICMP message. To enable or disable an IC MP message, [...]

  • Page 299

    Configuring IP Managing IP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-21 In additi on to th e icmp type command, several common ly used ICMP messages have been separate CLI commands for co nvenience . These comman ds are listed below with th e ICMP messag e name, type, and code: These commands are entered as the icmp typ[...]

  • Page 300

    Managing IP Configuring IP page 14-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting the Minimum Packet Gap The minimum packet g ap is the time required between se nding messages of a like type. For instan ce, if the minimum packet gap for Ad dress Mask request messa ges is 40 microseconds, and an Address Mask message is sen[...]

  • Page 301

    Configuring IP Managing IP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 14-23 Using the Ping Command The ping command is used to test whethe r an IP destination can be reach ed from the loc al switch. This command sends an ICMP e cho request to a destination an d then waits for a reply. To p ing a destination , enter the ping[...]

  • Page 302

    Verifying the IP Configuration Configuring IP page 14-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying UDP Information UDP is a secondary transport-laye r pr otocol that uses IP for del ivery. UDP is not connection-o riented and does not prov ide reliable end-to-end de livery of data grams. But some appl ications can saf[...]

  • Page 303

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-1 15 Configuring IPv6 Internet Protocol version 6 (IPv6) is the ne xt generation of Internet Pr otocol version 4 (IPv4 ). Both versions are support ed along with the abilit y to tunnel IPv6 traffic over IPv4 . Implementing IPv6 solves the limited address problem currently fac in[...]

  • Page 304

    IPv6 Specifications Configur ing IPv6 page 15-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IPv6 Specifications IPv6 Defaults The following ta ble lists the de faults for IPv6 confi guration thro ugh the ip command. RFCs Supported 2460– Inte rnet Protoc ol, Version 6 (IPv6) Specifica tion 2461– Neighbor Discovery for IP Vers[...]

  • Page 305

    Configuring IPv6 Quick Steps for Configuring IPv6 Routing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-3 Quick Steps for Configuring IPv6 Routing The following tuto rial assumes that VLAN 200 and VLAN 300 already exist in the switch conf iguration. For information abo ut how to configure VLANs, see Chapter 4, “Configurin[...]

  • Page 306

    IPv6 Overview Configur ing IPv6 page 15-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IPv6 Over view IPv6 provides the b asic functiona lity that i s offered with IPv4 but includes the fol lowing enhance ments and features not available with IPv4: • Increased IP address size —IPv6 uses a 128-bit address, a subs tantial incre[...]

  • Page 307

    Configuring IPv6 IPv6 Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-5 IPv6 Addressing One of the main differences between IP v6 and IPv4 is that the address si ze increased from 32 bits to 128 bits. Going to a 128-bit addre ss also increases th e si ze of the address space to the point wher e runnin g out of IPv6 a[...]

  • Page 308

    IPv6 Overview Configur ing IPv6 page 15-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Since the last four words of the ab ove a ddress are uncompressed values, th e double colo n indicates tha t the first four words of the address all conta in zeros. Note that using the double colon is only allowed once within a single address. [...]

  • Page 309

    Configuring IPv6 IPv6 Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-7 Stateless autoconfig uration is not a vailable for a ssigning a global unicast or an ycast address to an IPv6 interface. In other words, manu al configuratio n is required to a ssign a non-li nk-local add ress to an inte r- face. See “Assign in[...]

  • Page 310

    IPv6 Overview Configur ing IPv6 page 15-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 6to4 Site to 6to4 Site over IPv4 Domain In this scenario, isolated IPv6 sites have connecti vity over an IPv4 network through 6to4 bor der routers. An IPv6 6to4 tunn el interface is configur ed on each border router an d assigned an IPv6 addr e[...]

  • Page 311

    Configuring IPv6 IPv6 Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-9 In the above diagram: 1 6to4 relay router ad vertises a route to 2002:: /16 on its IPv6 router interface. 2 IPv6 host traffic received by the relay route r that has a n ext hop address that mat ches 2002::/16 i s routed to the 6to4 tunnel interfa[...]

  • Page 312

    Configuring an IPv6 Interface Configuring IPv6 page 15-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring an IPv6 Inter face The ipv6 interface command is used t o create an IPv6 interfac e for a VLAN or a tunn el. Note the fo llow- ing when configuring an IPv6 interface: • A unique inte rface name is re quired for b ot[...]

  • Page 313

    Configuring IPv6 Configuring an IPv6 Interface OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-11 Use the show ipv6 interf ace command to verify t he interface configu ration for the swit ch. For more info r- mation about this command, see the OmniSwitch CLI Reference Guide. Modifying an IPv6 Inter face The ipv6 interface com[...]

  • Page 314

    Assigning IPv6 Addresses Configur ing IPv6 page 15-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Assigning IPv6 Addresses As was previously mentione d, when an IPv6 interface is crea ted for a VLAN or a configured tunnel, an IPv6 link-local a ddress is automatical ly created for that interface. This is also true when a devic e, [...]

  • Page 315

    Configuring IPv6 Assigning IPv6 Addresses OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-13 Removing an IPv6 Address To remove an IPv6 address from an interfac e, use the no form of the ipv6 address command. -> no ipv6 address 4100:1000::20/6 4 v6if-v200 Note that the subnet router a nycas t address is automat ically dele[...]

  • Page 316

    Configuring IPv6 Tunnel Interfaces Configuring IPv6 page 15-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring IPv6 T unnel Inter faces There are two type s of tunnels supp orted: 6to4 and conf igured . Both types fa cilitate the interaction of IPv6 with IPv4 networks by pr oviding a mechanism for car r ying IPv6 traffic [...]

  • Page 317

    Configuring IPv6 Verifying the IPv6 Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 15-15 V erifying the IPv6 Configuration A summary of the show command s used for veri fying the IPv 6 configuration is given h ere: For more information abou t the display s that resu lt from these co mmands, see the OmniSwitch CLI [...]

  • Page 318

    Verifying the IPv6 Configuration Configuring IPv6 page 15-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 319

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-1 16 Configuring RIP Routing Information Prot ocol (RIP) is a widely used Interior G ateway Protocol (IGP) th at uses hop count as its routin g metric. RIP-enab led routers update neighbo ring routers by transmitting a copy of their own routing table. The RIP rout ing table uses[...]

  • Page 320

    RIP Specifications Configuring RIP page 16-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RIP Specifications RIP Defaults The following table list s the defaults for RI P configuratio n through the ip ri p command. RFCs Supported RFC 1058–RIP v1 RFC 2453–RIP v2 RFC 1722–RIP v2 Prot ocol Applica bility S tatement RFC 1724–[...]

  • Page 321

    Configuring RIP Quick Steps for Configuring RIP R outing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-3 Quick Steps for Configuring RIP Routing To forward packets to a devic e on a different VLAN , you must create a router port on each VLAN. To route packets u sing RIP, you must en able RIP and create a RIP interface on th[...]

  • Page 322

    RIP Overview Configuring RIP page 16-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 14 Use the ip rip redist-filter command to redistribute all local routes. For example: -> ip rip redist-filter local 0.0. 0.0 0.0.0.0 15 Enable RIP redistri bution using the ip rip redist status command. For example: -> ip rip redist status [...]

  • Page 323

    Configuring RIP RIP Routing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-5 RIP deletes rout es from the database if th e next switch to that destinati on says the route co ntains more than 15 hops. In addition, all ro utes through a gateway are delete d by RIP if no updates are received from that gateway for a specified ti[...]

  • Page 324

    RIP Routing Configuring RIP page 16-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RIP Routing Loading RIP When the switch i s initially co nfigured, RIP must be l oaded into switc h memory. Use th e ip load rip command to load RIP. To remove RIP from switch memo ry, you must manually ed it the boot.cfg file. The boot.cfg file is[...]

  • Page 325

    Configuring RIP RIP Routing OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-7 Creating a RIP Inter face You must create a RIP interfa ce on a VLAN’s IP router p ort to enable RI P routing. Ente r the ip rip inter- face command followed by the IP ad dress of the VLAN ro uter port. For example, to create a RIP i nter- face on[...]

  • Page 326

    RIP Routing Configuring RIP page 16-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring the RIP In terface Receive Option The RIP receive option defi nes the type(s) of RIP packets that the interface wi ll accept. Using thi s command will overri de RIP default behavior. Other de vices must be able to inte rpret the info rm[...]

  • Page 327

    Configuring RIP RIP Opti ons OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-9 RIP Options The following sec tions detail p rocedures for config uring RIP option s. RIP must be load ed and enabled o n the switch before you can configu re any of the RIP configurati on options. Configuring the RIP Forced Hold-down Inter val The[...]

  • Page 328

    RIP Redistribution Configuring RIP page 16-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 3 Configuring a RIP Redistribut ion Filter – Creating a Filter – Configuri ng a Redistributio n Filter Action (o ptional) – Configuri ng a Redistribut ion Metric (opti onal). Enabling RIP Redistribution Use the ip rip redist status com[...]

  • Page 329

    Configuring RIP RIP Redistribution OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-11 Configuring a Redistribution Metric When redist ributing routes into RIP, th e metric for th e redistributed route is calcula ted as a summation of the route’s met ric and the corre sponding metric in the redistrib ution polic y. This is t[...]

  • Page 330

    RIP Redistribution Configuring RIP page 16-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating a Redistribution Filter Use the ip rip redist-filter command to create a RIP redist ribution fi lter. Enter the command, the ro ute type, and destin ation IP address and mask of the traffic you w ant to redi stribute. Only ro utes m[...]

  • Page 331

    Configuring RIP RIP Redistribution OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-13 Configuring a Redistribu tion Filter Metric You can priori tize redistribu tion of route ty pes to a net work by assig ning a metric val ue to a route t ype(s). The default re distribution filter met ric is 1. How ever, you can low er the pr[...]

  • Page 332

    RIP Security Configuring RIP page 16-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 RIP Security By default, th ere is no authen tication u sed for a RIP. Ho wever, you can configure a password for a RIP interface. To c onfigure a pa ssword, you must first select the authentication type (simple or MD5), then configure a passwo rd[...]

  • Page 333

    Configuring RIP Verifying the RIP Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 16-15 Configuring Passwords If you configure si mple or MD5 aut hentication y ou must configure a t ext string that will be used a s the password for the R IP interface. If a pa ssword is used, all switches tha t are intend ed to com[...]

  • Page 334

    Verifying the RIP Configuration Configuring RIP page 16-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 335

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-1 17 Configuring RDP The Router Discov ery Protocol (RDP) is an extensio n of ICMP that allows end hosts to dis cover routers on their networks. Th is implementation of R DP suppor ts th e router requ irements as defi ned in RFC 12 56. In This Chapter This chapter describes the [...]

  • Page 336

    RDP Specifications Configuring RDP page 17-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RDP Specifications RDP Defaults RFCs Supported RFC 1256–ICMP Route r Discovery Messages Router advertisem ents Supported Host solicitations Only responses to solicita tions support ed in this release. Maximum number of RDP interfaces per s[...]

  • Page 337

    Configuring RDP Quick Steps for Configuring RDP OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-3 Quick Steps for Configuring RDP Configuring RDP i nvolves enabling RDP operation on the switch and creating RDP interfa ces to adver- tise VLAN route r IP addres ses on the LAN. Ther e is no ord er of config uration involved. F o[...]

  • Page 338

    Quick Steps for Configuring RDP Configuring RDP page 17-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 -> show ip router-discovery interface Marketing Name = Marketing, IP Address = 11.255.4.1, IP Mask = 255.0.0.0, IP Interface status = Enabled, RDP Interface status = Enabled, VRRP Interface status = Disabled, Advertisement ad[...]

  • Page 339

    Configuring RDP RDP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-5 RDP Over view End hosts (clients) sen ding traffic to other n etworks need to forward their traffic to a router. In order to do this, hosts need t o find out if one or more ro uters ex ist o n their LAN and learn th eir IP addresses. One way to dis[...]

  • Page 340

    RDP Overview Configuring RDP page 17-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 RDP Inter face s An RDP interface is created by enabling RDP on an IP router interface. Onc e en abled, the RDP interface becomes active and joins the all -ro uters IP mult icast group (224.0 .0.2). The interface then transmits 3 initial router ad[...]

  • Page 341

    Configuring RDP RDP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-7 Security Concerns ICMP RDP packets are not authenticated, whic h ma kes th em vulnerable to th e following attac ks: • Passive monitoring —Attackers can use RDP to re-route traffi c from vulnerable sy stems through the attacker’s sy stem. Thi[...]

  • Page 342

    Enabling/Disabling RDP Configuring RDP page 17-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Enabling/Disabling RDP RDP is included in t he base softwa re and is av ailable when th e switch starts up . However, by defa ult this feature is no t operationa l until it is enab led on the swit ch. To enable RDP operatio n on the swit[...]

  • Page 343

    Configuring RDP Creating an RDP Interface OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-9 When an RDP interface is created, it is automatical ly config ured with the following defau lt paramete r values: It is only necessary t o change the abo ve parameter value s if the defa ult value is no t sufficient . The follow- ing s[...]

  • Page 344

    Creating an RDP Interface Configuring RDP page 17-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting the Maximum Advertisement Inter val To set the maximum amo unt of time, in secon ds, that RDP wi ll allow between adv ertisements, use the ip router-discovery interfa ce max-advertisement-interval command. Fo r example , the f[...]

  • Page 345

    Configuring RDP Verifying the RDP Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 17-11 Setting the Preference Levels for Router IP Addresses A preferen ce level is a ssigned to ea ch router IP ad dress contai ned within a n advertise ment pack et. Hosts will select the IP ad dress with th is highest prefere nce l[...]

  • Page 346

    Verifying the RDP Configuration Configuring RDP page 17-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 347

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-1 18 Configuring DHCP Relay The User Datagram Protocol (UDP) is a conn ectionless transpo rt protocol that runs on top of IP ne tworks. The DHCP Relay allows you to use nonroutable protocols (such as UDP) in a routing envir onment. UDP is used for applications that do not requir[...]

  • Page 348

    DHCP Relay Specifications Configuring DHCP Relay page 18-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 DHCP Relay Specifications The following ta ble lists specifica tions for th e DHCP Relay. RFCs Supported 0951–Bootstrap Protocol 1534–Inter operation Between DHCP an d BOOTP 1541–Dynami c Host Configur ation Protoco l 154[...]

  • Page 349

    Configuring DHCP Relay DHCP Relay Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-3 DHCP Relay Defaults The following tabl e describes the defa ult values of th e DHCP Relay parameters. Parameter Description Comma nd Default V alue/Comments Default UDP service. ip udp relay BOOTP/DHCP Forward delay time value for DHC[...]

  • Page 350

    Quick Steps for Setting Up DHCP Relay Configuring DHCP Relay page 18-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Setting Up DHCP Relay You should config ure DHCP Relay on switches wh ere packets are rout ed between IP ne tworks. There is no separat e command for enabl ing or disabling t he relay servic e. DHCP [...]

  • Page 351

    Configuring DHCP Relay DHCP Relay Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-5 DHCP Relay Over view The DHCP Relay service, its correspond ing port numbers, and con figurable options are as follows: • DHCP Relay Service: BOOTP/DHCP • UDP Port Numbers 6 7/68 for Request/ Response • Configurable opti ons: DH[...]

  • Page 352

    DHCP Relay Overview Configuring DHCP Relay page 18-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 DHCP and the OmniSwitch The unique characteristi cs of the DHCP protocol requ ire a good plan be fore setting up the switch in a DHCP environment. Since DHCP clients initially have no IP address, placeme nt of these clients in a VLAN[...]

  • Page 353

    Configuring DHCP Relay DHCP Relay Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-7 External DHCP Relay Application The DHCP Relay may be configured on a router that is external to the switch. In this app licati on exampl e the switched ne twork has a single VLAN configured with mu ltiple segments. A ll of the n etwo[...]

  • Page 354

    DHCP Relay Overview Configuring DHCP Relay page 18-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Internal DH CP Relay The intern al DHCP R elay is configur ed using the UDP forwarding feature in the switch, avail able through the ip helper address command. For more information, see “DHCP Relay Imple mentation” o n page 18-9 [...]

  • Page 355

    Configuring DHCP Relay DHCP Relay Implementation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-9 DHCP Relay Implementation The OmniSwitch allows you t o configure the DHCP Re lay feature in one of tw o ways. You can set up a global DHCP request or you can set up the DHCP Re lay based on the VLAN of the DHCP request. Bo th o[...]

  • Page 356

    DHCP Relay Implementation Configuring DHCP Relay page 18-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Per-VLAN DHCP For the Per-VLAN DHCP service , you must identif y the number of the VLAN th at makes the relay request. Identifying the VLAN You may enter one or more server IP addresses to which p ackets will be sent from a spe[...]

  • Page 357

    Configuring DHCP Relay DHCP Relay Implementation OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-11 Setting the For ward Delay Forward Delay is a time period that gives the local se rver a chance to respond to a client before the relay forwards it further out in the netw ork. The UDP packet that t he client sends contains the[...]

  • Page 358

    Using Automatic IP Configuratio n Configuring DHCP Relay page 18-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using Automatic IP Configuration An additional functio n of the DHCP Relay feature enables a switch to broadc ast a BootP or DHCP request packet at boot time to ob tain an IP address for default VLAN 1. Th is function i[...]

  • Page 359

    Configuring DHCP Relay Configuring UDP Port Relay OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-13 Configuring UDP Por t Relay In addition to configuring a relay operatio n for BOOTP/DHCP traf fic on the switc h, it is also possi ble to configure rel ay for generic UD P se rvice ports (i.e., NBN S/NBDD, othe r well-known UD[...]

  • Page 360

    Configuring UDP Port Relay Configuring DHCP Relay page 18-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Enabling/Disabling UDP Por t Relay By default, a global relay operation i s enabled for BOOTP/DHCP relay well-known ports 67 and 68, which becomes active when an IP network host addre ss for a DHCP server is sp ecified. To ena[...]

  • Page 361

    Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-15 Configuring DHCP Security Features There are two DHCP security features avai lable: DHCP re lay agent info rmation optio n (Optio n-82) and DHCP Snooping. The DHCP Opti on-82 feature enables th e relay agent to insert [...]

  • Page 362

    Configuring DHCP Security Features Configuring DHCP Relay page 18-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 How the Relay Agent Processes DHCP Packets fr om the Client The following table describes how th e relay agent processes DHCP packet s received from client s when the Option-82 feature is e nabled for the switch: How t[...]

  • Page 363

    Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-17 Enabling the Relay Agent Information Option-82 Use the ip helper a gent-infor mation command to enable the DHCP Opti on-82 feature for the switch. For example: -> ip helper agent-information ena ble This same comman[...]

  • Page 364

    Configuring DHCP Security Features Configuring DHCP Relay page 18-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 When DHCP Snooping is fi rst enabled, all ports are con sidered untr usted. It is important to then config ure ports connected to a DHCP server inside the network as a truste d port. See “Configuring th e Port Trust [...]

  • Page 365

    Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-19 • Make sure th at Option-8 2 data insert ion is alway s enabled a t the switch o r VLAN level. See “Enabling DHCP Snooping” on page 18-19 for more information. • The DHCP sever must su pport the Option-82 featu[...]

  • Page 366

    Configuring DHCP Security Features Configuring DHCP Relay page 18-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 VLAN-Level DHCP Snooping To enable DHCP Snooping at the VLAN level, use the ip helper dhcp-snooping vlan command. For example, the following command enables DHCP Snooping for VLAN 200: -> ip helper dhcp-snooping vla[...]

  • Page 367

    Configuring DHCP Relay Configuring DHCP Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-21 Note it is necessa ry to configure po rts that are connected to DHCP serv ers within the network and/or fire- wall as truste d ports so that necessary DHCP tr affic to /from the server is not bloc ked. Configurin g the[...]

  • Page 368

    Configuring DHCP Security Features Configuring DHCP Relay page 18-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Synchronizing the Binding T able To synchronize the contents of t he dhcpBinding.db file with the bi nding table contents that resi des in memory, use the ip helper dhcp-snoo ping b inding action command. This command [...]

  • Page 369

    Configuring DHCP Relay Verifying the DHCP Relay Co nfiguration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 18-23 V erifying the DHCP Relay Configuration To display information about the DHCP Relay and BOOTP/DHCP, use the show commands listed below. For more information about the resulting di splays from these c ommands, see [...]

  • Page 370

    Verifying the DHCP Relay Configuration Configuring DHCP Relay page 18-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 371

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-1 19 Configuring VRRP The Virtual Route r Redundancy Pro tocol (VRRP) is a standard router redu ndancy protoco l supported in IP version 4. It is based on RFC 2338 an d provides redundancy by eliminating the single poi nt of failure inherent in a default route environment. In Th[...]

  • Page 372

    VRRP Specifications Configuring VRRP page 19-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 VRRP Specifications VRRP Defaults The following ta ble lists the de faults for VRRP con figuration th rough the vrrp command and the rele vant command keywords: In addition, other defa ults fo r VRRP include: RFCs Supported RFC 2338–V ir[...]

  • Page 373

    Configuring VRRP Quick Steps for Creating a Virtual Router OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-3 Quick Steps for Creating a V ir tual Router 1 Create a virtual router. Specify a virtual ro uter ID (VRID) and a VLAN ID. For example: -> vrrp 6 4 The VLAN must alre ady be created o n the switch. Fo r information a[...]

  • Page 374

    VRRP Overview Configuring VRRP page 19-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 VRRP Over view VRRP allows rou ters on a LAN to ba ck up a defau lt route. VRRP dyn amically assi gns responsibi lity for a virtual router to a physical router (VRRP ro uter) on th e LAN. The virtual router is associated with an IP address (or s[...]

  • Page 375

    Configuring VRRP VRRP Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-5 If OmniSwitch A becomes unavai lable, Omn iSwitch B beco mes the master r outer. OmniSwit ch B will then respond to ARP requests for IP addre ss A using the virtual router’s MAC address (00:00:5E:00:01 :01). It will also forward p ackets for IP[...]

  • Page 376

    VRRP Overview Configuring VRRP page 19-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 If backup routers are configured with priori ty values th at are close in value, there may be a ti ming confli ct, and the first backup to take over may not be the one wi th the highest priority; a back up with a high er prior- ity will then pre[...]

  • Page 377

    Configuring VRRP Interaction With Other Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-7 VRRP T racking A virtual router’s prior ity may be conditionally modified to prevent ano ther router from ta king over as master. Tracking policies are used to condit ionally modify the priority setting whenever a VLAN, slot/ [...]

  • Page 378

    Configuration Overview Configuring VRRP page 19-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuration Over view VRRP is part of the base software . At startup, VRRP is loaded onto the switch and is enabled. Virtual routers must first be configured and enabled as desc ribed in the sections . Since VRRP is implemen ted on mu[...]

  • Page 379

    Configuring VRRP Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-9 • Preempt mode . By default, p reempt mode is e nabled. Use no preempt to turn it off, and preempt to turn it back on. For more informati on about the p reempt mode, see “Setting Preemp tion for Virtua l Routers” on page 19-11 . ?[...]

  • Page 380

    Configuration Overview Configuring VRRP page 19-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring the Adver tisement Inter val The advertisement interval is c onfigurable, b ut all vi rtual routers with the same VR ID should be confi g- ured with the same va lue. Mismatched values will create network problems. If you cha[...]

  • Page 381

    Configuring VRRP Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-11 In the above example, virtual router 6 is disabled. (If you are modi fying an existi ng virtual ro uter, the virtual router m ust be disabled b efore it m ay be modified.) The virtual ro uter priority is then set to 50. The priority val[...]

  • Page 382

    Configuration Overview Configuring VRRP page 19-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 A virtual router must be disabled before it may be modified. Use the vrrp command to disable the virtual router first; then use the command agai n to modify the parameters. For example: -> vrrp 7 3 disable -> vrrp 7 3 priority 200[...]

  • Page 383

    Configuring VRRP Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-13 Creating T racking Policies To create a tracking poli cy, use the vrr p track command and specify the amou nt to decrease a virt ual router’s priority an d the slot/port, IP address, or IP int erface name to b e tracked. For ex ample:[...]

  • Page 384

    Verifying the VRRP Configuration Configuring VRRP page 19-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying the VRRP Configuration A summary of the show commands used for verifying the VRRP co nfiguration is given h ere: For more information abou t the displays that result fro m these command s, see the OmniSwitch CLI Ref[...]

  • Page 385

    Configuring VRRP VRRP Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-15 VRRP Application Example In addition to pro viding redund ancy, VRRP can assist in load balan cing outgoin g traffic. The figu re below shows two virtual rou ters with th eir hosts splitting traffic between t hem. Half of the hosts ar[...]

  • Page 386

    VRRP Application Example Configuring VRRP page 19-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The same VRRP configuration mu st be set up on each OmniSwitch 6600 stack. The VRRP router that contains, or owns, the IP address will automatica lly become the ma ster for that virtua l router. If the IP address is a virtual a [...]

  • Page 387

    Configuring VRRP VRRP Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 19-17 VRRP T racking Example The figure below sh ows two VRRP routers with two virtu al routers backing up one IP address on each VRRP router respectivel y. Virtual router 1 serves as the defau lt gateway on Om niSwitch A for clien ts 1 and[...]

  • Page 388

    VRRP Application Example Configuring VRRP page 19-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The preempt o ption must be enabled on virtual r outer 1; otherwise the origi nal master will not be able to take over. See “Setting Preemption for Virtual Routers” on page 19 -11 for more information about enabling preempti[...]

  • Page 389

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-1 20 Managing Authentication Ser vers This chapter desc ribes authent ication servers a nd how th ey are used with t he swit ch. The types of servers described include Remote Authent ication Dial-In Us er Service (RADIUS), Lightweight Directory Access Protocol (LDAP), and SecurI[...]

  • Page 390

    Authentication Server Specification s Managing Authentication Servers page 20-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Authentication Ser ver Specifications RADIUS RFCs Supported RFC 2865–Remote Authenticatio n Dial In User Service (RADIUS) RFC 2866–RADIUS Acco unting RFC 2867–RADI US Accounting Mo difications for T u[...]

  • Page 391

    Managing Authentication Servers Server Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-3 Ser ver Defaults The defaults for authentica tion server configuration on the swit ch are listed in the t ables in the n ext sections. RADIUS Authentication Ser vers Defaults for the aaa radius-server co mmand are as follo ws: * [...]

  • Page 392

    Quick Steps For Configuring Authentication Servers Managing Auth entication Servers page 20-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps For Configuring Authentication Ser vers 1 For RADIUS or LDAP servers, config ure user attribute informati on on the servers. See “RADIUS Servers” on page 20-9 and “LDAP Serve[...]

  • Page 393

    Managing Authentication Servers Se rver Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-5 Ser ver Over view Authentication servers are somet imes referred to as AAA servers (authenti cation, authorization, and accounting). These servers ar e us ed for storing informat ion about use rs who want to manage the swit ch ([...]

  • Page 394

    Server Overview Managing Authentication Servers page 20-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 A RADIUS server supporting the chall enge and response mechanism as defined in RADIUS RFC 2865 may access an ACE/Server for authentication purposes. The ACE/Server i s then used for user authenti ca- tion, and the RADIUS server [...]

  • Page 395

    Managing Authentication Servers Se rver Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-7 Por t-Based Network Access Contro l (802.1X) For devices authenticati ng on an 802.1X port on the switch, only RADIUS authenticati on servers are supported. The RADIUS server contains a database of user names and password s, and[...]

  • Page 396

    ACE/Server Managing Authentication Servers page 20-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACE/Ser ver An external ACE/Server may be used for authenticat ed switch access. It cannot be used for Layer 2 authentication or for policy management. Attributes ar e not supported on ACE/Servers. These valu es must be configu red o[...]

  • Page 397

    Managing Authentication Servers RADIUS Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-9 RADIUS Ser vers RADIUS is a st andard authent ication and accounting protocol de fined in RFC 2865 and RFC 286 6. A built-in RADIUS client is available in th e switch . A RADIUS server th at supports Vend or Specific Attributes (V[...]

  • Page 398

    RADIUS Servers Managing Authentication Servers page 20-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 19 20 21 22 23 Callbac k-Num ber Callback-Id Unassigned Frame-Route Framed-IPX-Network Not supported. These attr ibutes are used fo r dial-up sessions; not applicab le to the RADIUS c lient in the sw itch. 24 State Sent in challe[...]

  • Page 399

    Managing Authentication Servers RADIUS Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-11 V endor-Specific Attributes for RADIUS The Alcatel RADIUS c lient supports at tribute 26, wh ich includes a vendor ID and some a dditional sub - attributes call ed subtypes. The vendor ID and t he subtypes colle ctively are call [...]

  • Page 400

    RADIUS Servers Managing Authentication Servers page 20-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Functional Pr ivileges on the Ser ver Configuring t he functional pr ivileges attribu tes ( Alcatel-Acce-Priv-F- x ) can be cumbersome because it requires using read and write bitmas ks for command families on the swi[...]

  • Page 401

    Managing Authentication Servers RADIUS Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-13 RADIUS Accounting Serv er Attributes The following tabl e lists the standard a ttributes supp orted for RADIU S accounting serv ers. The attributes in the radius.ini file may be modified if necessary. Num. S tandard Attribute Des[...]

  • Page 402

    RADIUS Servers Managing Authentication Servers page 20-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 The following table lists the VSAs supported for RADIUS accounting servers. Th e attributes in the radius.ini file may be modifi ed if ne cessary. Configuring the RADIUS Client Use the aaa radius-server command to co nfigure RADI[...]

  • Page 403

    Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-15 LDAP Ser vers Lightweight Direct ory Access Protocol (LDAP) is a st an dard directory server protocol. The LDAP client in the switch is based on several RFCs: 179 8, 2247, 2251, 2252, 2253, 2254, 2255, and 22 56. The prot o- col wa[...]

  • Page 404

    LDAP Servers Managing Au thentication Servers page 20-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 LDAP servers are a lso able to im port and expo rt di rectory dat abases using LDIF (LDAP Data Interchange Format). LDIF File Structure LDIF is used to transfer data to LDAP servers in order to build directories or modi fy LDAP da[...]

  • Page 405

    Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-17 uid: yname ou: people description: <list of option al attributes> . . . Directory Entries Directory entries are used to store d ata in directory servers. LDAP–e nabled directory entries contain infor- mation about an object[...]

  • Page 406

    LDAP Servers Managing Au thentication Servers page 20-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Directory Searches DNs are always the starting poi nt for searches un less indicate d otherwise in the directory schema. Searches involve the use of various criteria including scopes and filt ers which must be predefined, and util[...]

  • Page 407

    Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-19 Modified attribute values ar e replaced with other giv en values by su bmitting repla ce requests to the se rver, which then translates an d pe rforms the requests. Directory Compare and Sor t LDAP will compare d irectory entries w[...]

  • Page 408

    LDAP Servers Managing Au thentication Servers page 20-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Password Policies an d Directory Ser vers Password policies applied to user accounts va ry slightly from o ne director y server to ano ther. Normally, only the pa ssword ch anging poli cies can be set by users through the director[...]

  • Page 409

    Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-21 Director y Ser ver Schema for LDAP Authentication Object classes and attribute s will need to be modifi ed according ly to include LDAP authentication in the network (object classes and att ributes are used specific all y here to m[...]

  • Page 410

    LDAP Servers Managing Au thentication Servers page 20-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 For more information about configur ing users on the switch, see t he Switch Security chapter of the OmniSwitch 6600 Family Switch Ma nagement Guide . Configuring Authentication Key Attributes The alp2key tool is prov ided on the [...]

  • Page 411

    Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-23 • Switch VLAN number cli ent joins in mu ltiple authorit y mode (0=single authority; 2=mu ltiple author- ity); variabl e-length d igits. • Switch slot number to wh ich client connects: n n • Switch port number to wh ich clien[...]

  • Page 412

    LDAP Servers Managing Au thentication Servers page 20-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Dynamic Logging Dynamic loggin g may be performed by an LDAP-e nabled directory serve r if an LDAP server i s config- ured first in the list of auth entication servers configur ed through the aaa accounting vlan or aaa account- in[...]

  • Page 413

    Managing Authentication Servers LDAP Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-25 For exampl e: “ASA 0 : CONSOLE IP 65.97.233.108 Jones” Configuring the LDAP Authentication Client Use the aaa ldap-server command to configure LD AP authenticati on parameters on the switch. The server name, host name or IP add[...]

  • Page 414

    LDAP Servers Managing Au thentication Servers page 20-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The distingu ished name must be di fferent from the searchbase name. Modifying an LDAP Authentication Server To modify an LDAP auth entication server, use the aaa ldap-se rver command wi th the server name; or, if you have j[...]

  • Page 415

    Managing Authentication Servers Verifying the Authentication Server Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 20-27 V erifying the Authentication Ser ver Configuration To display information abo u t authenticat ion servers, use the following comman d: An example of the out put for this command i s given in ?[...]

  • Page 416

    Verifying the Authentication Server Configuration Managing Authentication Servers page 20-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 417

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-1 21 Configuring Authenticated VLANs Authenticated VLANs control user access to network resources based on VLAN assignmen t and a user log-in process; the process is someti mes called user authenticat ion or Layer 2 Authe ntication. (Anot her type of security is device authent i[...]

  • Page 418

    Authenticated Network Overview Co nfiguring Authenticated VLANs page 21-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Authenticated Network Over view An authenticat ed network invo lves several comp onents as show n in this illust ration. This chapter describes all o f these compon ents in deta il, except the external a uthentic[...]

  • Page 419

    Configuring Authenticated VLANs A uthenticated Network Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-3 • Web browser client . Any standard Web browser may be used (Netscape or Internet Explorer). An IP address is required prio r to authenticatio n. See “Web Browser Authe ntication Client” on page 21-7 for mor[...]

  • Page 420

    AVLAN Configuration Overview Configuring Authenticated VLANs page 21-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 A VLAN Configuration Over view Configuring authent icated VLANs requires several majo r steps. The steps are ou tlined here and descri bed throughout th is chapter. See “Sample AVLAN Configuration ” on page 21-5[...]

  • Page 421

    Configuring Authenticated VLANs AVLAN Configuration Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-5 Sample A VLAN Configuration 1 Enable at lea st one authent icated VLAN: -> vlan 2 authentication enable Note that this command does not create a VLAN; th e VLAN must already be created. For information about creat[...]

  • Page 422

    AVLAN Configuration Overview Configuring Authenticated VLANs page 21-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 6 Enable authe ntication by specifying the authentication mo de (single mode o r multiple mod e) and the server. Use the R ADIUS or LDAP serv er name(s) co nfigured in step 5. For exam ple: -> aaa authentication [...]

  • Page 423

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-7 Setting Up Authentication Clients The following sec tions describe the Telnet aut hentication c lient, Web bro wser authenticat ion client , and Alcatel’s proprietary AV-Client. For informa tion about removing[...]

  • Page 424

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 with one authenticated VLAN. The addres s may be a ssigned dynamically if a DHCP server is located in the netwo rk. DHCP is requir ed in netw orks with mul tiple authe nticated VL ANs. • Configure a DHCP serv[...]

  • Page 425

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-9 Installing Files for Mac OS 9.x Clients 1 In the browser URL command line, enter the au thentication DNS name (con figured through the aaa avlan dns command). The au thentication page displa ys. 2 Click on the l[...]

  • Page 426

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To set root access: 1 Open the NetInfo from t he HardDisk/Applica tion/Utilities fol der. 2 Select Domain > Security > Authentic ate. Enter the admi nistrator’s password if req uired. 3 Select Domain &g[...]

  • Page 427

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-11 SSL for W eb Browser Clients A Secure Socket Layer (SSL) is used to authent icate Web browser clie nts. A certificate fro m a Certifica- tion Author ity (CA) or a self-si gned (private ) certificat e must be in[...]

  • Page 428

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Installing the A V -Client The AV-Client is a proprietary Windo ws-based applicat ion that i s installed on c lient end st ations. The installati on instructi ons are prov ided in this chapter. The AV-Client do[...]

  • Page 429

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-13 Windows 95 Install the 32-bit DLC pr otocol program and the update patch from the Microsoft FTP site (ftp.microsoft.com). Fro m the FTP site, download the MSDLC32.EXE an d DLC32UPD.EXE files (or the latest DLC [...]

  • Page 430

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 3 We recommend that you foll ow the instructions on the screen regarding closing all Wi ndows programs before proceedin g with the instal lation. Click on the Ne xt button. Th e following w indow displays.[...]

  • Page 431

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-15 4 From this window you may install the cl ient at the de fault destinat ion folder shown o n the screen or you may click the Brow se button to select a different directory. Clic k on the Next button. The softwa[...]

  • Page 432

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Windows 95 and Windows 98 1 Download the AV-Cl ient from the Alc atel website on to the Windows deskt op. 2 Double-click the AV-Client icon . The installation routine begin s and the followin g window displ ays[...]

  • Page 433

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-17 4 From this window you may install the cl ient at the de fault destinat ion folder shown o n the screen or you may click the Brow se button to select a different directory. Clic k on the Next button. The softwa[...]

  • Page 434

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting the A V -Client as Primar y Network Login Windows 95 and Windows 98 If your operating system is Windo ws 95 or Windows 98, yo u must configure the AV-C lient as the primary network logi n. This is do ne[...]

  • Page 435

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-19 Selecting a Dialog Mode The AV-Client has two dialo g modes, basic and extended . In basic dia log mode, the clie nt prompts the user for a username and a password onl y. In extended mode, which is requ ired fo[...]

  • Page 436

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Viewing A V -Client Components The configuration u tility includes a screen that lists each component, version and build date for the AV- Client. To vi ew this screen, click on the Ve rsion tab and a screen sim[...]

  • Page 437

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-21 Logging Into the Network Through an A V -Client Once the AV-Client softwa re has been loaded on a user’s PC workstat ion , an AV-Clien t icon will be created on the Windows deskto p in the task b ar. Follow t[...]

  • Page 438

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Logging Off the A V - Client 1 To log off the AV -Client, point yo ur mouse to the A V-Client icon in your Windows syst em tray and execute a right-cl ick to select Logo ff. The fo llowing scre en displays. 2 T[...]

  • Page 439

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-23 Configuring the A V -Client for DHCP For an AV-Client , DHCP configuratio n is not re quired. AV-Clients do not require an IP address t o authen- ticate, but they may want an IP address fo r IP communication i [...]

  • Page 440

    Setting Up Authentication Clients Configuring Authenticated VLANs page 21-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 1 To configure the DHCP p arameters, access the AV-Client configu ration utility and select the DHCP tab. The following screen di splays: 2 Click the box ne xt to “Enable DHCP Operations ”. Several optio ns[...]

  • Page 441

    Configuring Authenticated VLANs Setting Up Authentication Clients OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-25 4 To apply the change, click the Apply button. Wh en you clic k the OK button, the screen will close and the change will take effect. If you decide no t to impleme nt the ch ange, cli ck the Cancel button and t[...]

  • Page 442

    Configuring Authenticated VLANs Configuring Authenticated VLANs page 21-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Authenticated VLANs At least one authenticat ed VLAN must be configured on the switch. For more informati on about VLANs in general, see Chapter 4, “Confi guring VLA Ns.” To configure an authent i[...]

  • Page 443

    Configuring Authenticated VLANs Configuring Authenticated VLANs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-27 Configuring Authentication IP Addresses Authentication c lients connect to an IP address on the switch for authen tication. (Web bro wser clients ma y enter a DNS name rather th an the IP address; see “Setting [...]

  • Page 444

    Configuring Authenticated Ports Configuring Authenticated VLANs page 21-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Binding and Authenticated VLANs By default, au thenticated VLANs d o not support po rt binding rules. Th ese rules are used for assigning devices to authenticated VLANs when devic e traffic co ming in on an[...]

  • Page 445

    Configuring Authenticated VLANs Setting Up a DNS Path OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-29 Setting Up a DNS Path A Domain Name Server (DNS) name may be configured so that Web browser clients may enter a URL on the browser co mmand line in stead of an au thentica tion IP address. A Domain Name Server must be set [...]

  • Page 446

    Setting Up the DHCP Server Configuring Authenticated VLANs page 21-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Before Authentication Normally, authentic ation clients c annot traffic in th e default VLAN, so authenticati on clients do not belong to any VLAN whe n they connect to the switch. Eve n if DHCP relay is enable d, the[...]

  • Page 447

    Configuring Authenticated VLANs Setting Up the DHCP Server OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-31 When this command is specified, the switch will act as a relay for aut hentication DHCP pack ets only; non- authentica tion DHCP pa ckets will not b e relayed. For more information about using t he ip helper avla n on[...]

  • Page 448

    Configuring the Server Authority Mo de Configuring Authenticated VLANs page 21-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring the Ser ver Authority Mode Authenticatio n servers for Layer 2 authentication are configured in one of two mod es: single authorit y or multiple authorit y. Single authority mode uses a single [...]

  • Page 449

    Configuring Authenticated VLANs Configuring the Server Authority Mode OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-33 To configure au thentication in single mode, use the aaa authentication vlan command with the single-mode keyword and name(s) of the relevant server an d any backups. At leas t one server must be specified;[...]

  • Page 450

    Configuring the Server Authority Mo de Configuring Authenticated VLANs page 21-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Multiple Mode Multiple autho rity mode assoc iates different serve rs with particu lar VLANs. This mode is typically us ed when one party is pro viding the network and another is prov iding the[...]

  • Page 451

    Configuring Authenticated VLANs Specifying Accounting Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 21-35 To configure au thentication in multiple mode, use the aaa authentication vlan command with the multiple-mode keyword, the relevant VLAN ID, an d the names of the servers. The VLAN ID is required, and at least one [...]

  • Page 452

    Verifying the AVLAN Configuration C onfiguring Au thenticated VLANs page 21-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying the A VLAN Configuration To verify the authenticated VLAN configuration, use the following show commands: For more information about these commands, see the OmniSwitch CLI Reference Guide . show aa[...]

  • Page 453

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-1 22 Configuring 802.1X Physical devices attached to a LAN port on the swit ch throu gh a point- to-point LAN c onnection may be authentica ted through the switch thro ugh port-base d network acc ess control. Th is control is available through the IEEE 802.1X stan dard implement[...]

  • Page 454

    802.1X Specifications Conf iguring 802.1X page 22-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 802.1X Specifications 802.1X Defaults The following table lists the defaults for 802 .1X port co nfiguration con figuration th rough the 802.1x command and the relevant command keywords: Note. By default, accounti ng is disabled for 8[...]

  • Page 455

    Configuring 802.1X Quick Steps for Configuring 802 .1X OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-3 Quick Steps for Configuring 802.1X 1 Configure the port as a mobi le port and an 802.1X port usin g the following vlan port commands: -> vlan port mobile 3/1 -> vlan port 3/1 802.1x enable The port is set up automati[...]

  • Page 456

    Quick Steps for Configuring 802.1X Configuring 802.1X page 22-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Optional. To display the number of 802.1x users on the switch, use the show 802.1x users command: ->show 802.1x users Slot MAC Port User Port Address State Name -----+------------------+--------- -----------+-----------[...]

  • Page 457

    Configuring 802.1X 802.1X Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-5 802.1X Over view The 802.1X standard defines port-based network access controls, and provides th e structure for authe nti- cating physi cal devices atta ched to a LAN. It uses the Extensib le Authentica tion Protocol (EAP). There are three c[...]

  • Page 458

    802.1X Overview Configuring 802.1X page 22-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • If the authentication server doe s not return a VLAN ID, then the supplicant is classified according t o any device cla ssification policies tha t are configured for the port. See “Using Access Guardian Poli- cies” on pag e 22-8 for [...]

  • Page 459

    Configuring 802.1X 802.1X Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-7 802.1X ports may also be init ialized if there a pro blem on the port. Init ializing a port dro ps connectivity to the port and requ ires the port to be re-authenticated. See “Initializing an 802.1X Port” on page 22 -13 . 802.1X Accountin[...]

  • Page 460

    Using Access Guardian Po licies Configuring 802.1X page 22-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Using Access Guardian Policies In addition to the authent ication and VLAN classi fica tion of 802.1x clients (supplicants), the Access Guardian exten ds this type of functional ity to no n-802.1x cli ents (non-supplican ts).[...]

  • Page 461

    Configuring 802.1X Using Access Guardian Poli cies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-9 The order in which policies are applied to cl ient traf fic i s determined by the order in which t he policy wa s configured. For example, if a comp ound non-supplicant poli cy is conf igured by specify ing MA C authenti- cati[...]

  • Page 462

    Setting Up Port-Based Network A ccess Control Configu ring 802.1X page 22-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Setting Up Por t-Based Network Access Contro l For port-based network access cont rol, 802.1X must be enabl ed for the switch and the switch must know which servers to use for authent icating 802.1X supplicants[...]

  • Page 463

    Configuring 802.1X Setting Up Port-Based Network Access Control OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-11 Configuring 802.1X Por t Parameters By default, when 802.1X is enabled o n a port, the po rt is configured for bidir ectional cont rol, automa tic authorization, a nd re-authentica tion. In additi on, there are s[...]

  • Page 464

    Setting Up Port-Based Network A ccess Control Configu ring 802.1X page 22-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. The authentication server timeout ma y also be configured (with th e server-timeout keyword) but the value is always superseded by the va l ue set for the RADIUS server th rough the aaa radius-server comm[...]

  • Page 465

    Configuring 802.1X Setting Up Port-Based Network Access Control OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-13 Initializing an 802.1X Por t An 802.1X port may be reinitializ ed. This is useful i f there is a pro blem on the port. The reinitializat ion process drop s connectivit y with the sup plicant an d forces the sup p[...]

  • Page 466

    Configuring Access Guardian Policies Configuring 802.1X page 22-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Access Guardian Policies The Access Guardian provides fu nctionality that allows the confi guration of 802.1x device classification policies for supplicants (8 02.1x clients) and non-supplicants (n on-802.1x [...]

  • Page 467

    Configuring 802.1X Configuring Access Guardian Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-15 Configuring Supplicant Policies Supplicant policies are used to cl assify 802. 1x devices c onnected to 802 .1x-enabled switc h ports when 802.1x authen tication does not return a VLAN ID o r authenticatio n fails. To co[...]

  • Page 468

    Configuring Access Guardian Policies Configuring 802.1X page 22-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Non-supplicant Policies Non-supplicant policies are used to classify non-802.1x devices connected to 802.1x-enabl ed switch ports. There are two types of no n-suppli cant policies. One type uses MAC auth enti[...]

  • Page 469

    Configuring 802.1X Configuring Access Guardian Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-17 Note that this type of policy d oes not use 802.1x or MAC authentication. As a re sul t, all of the avail able policy keywords restrict the assignment of the non-supplican t device to only those VLANs t hat are non- auth[...]

  • Page 470

    Configuring Access Guardian Policies Configuring 802.1X page 22-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 802.1x 2/10 non-sup plicant policy aut hentication pass vlan 10 blo ck fail group-mob ility default-vl an If the MAC authentication process is successful but does not return a VLAN ID for the device, then the following o[...]

  • Page 471

    Configuring 802.1X Verifying the 802.1X Port Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 22-19 V erifying the 802.1X Por t Configuration A summary of the show commands used for verifying the 80 2.1X port configuration is g iven here: For more information abou t the display s that resu lt from these co mmands, s[...]

  • Page 472

    Verifying the 802.1X Port Configuration Configuring 802.1X page 22-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 473

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-1 23 Managing Policy Ser vers Quality of Service (QoS) policies that are configur ed through Alcatel’s PolicyView networ k management application are stored on a Lightweight Director y Access Protoco l (LDAP) server. PolicyV iew is an OmniVista application t hat runs on an att[...]

  • Page 474

    Policy Server Specification s Managing Policy Servers page 23-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Policy Ser ver Specifications The following ta bles lists import ant information ab out LDAP policy serve rs: Policy Ser ver Defaults Defaults for the policy server command are as follows: LDAP Policy Se rvers RFCs Support[...]

  • Page 475

    Managing Policy Servers Policy Server Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-3 Policy Server Over view The Lightweigh t Directory Acce ss Protocol (LDA P) is a stand ard directory server prot ocol. The LDAP policy server client in the sw itch is based on RFC 2251. Currently, only LDA P servers are supported [...]

  • Page 476

    Modifying Policy Servers Managing Policy Ser vers page 23-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Modifying Policy Ser vers Policy servers are automatically conf igured when the server is installe d; however, policy server parame- ters may be modified i f necessary. Note. SSL configuratio n must be done manually throug h t[...]

  • Page 477

    Managing Policy Servers Modifying Policy Servers OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-5 Modifying the Por t Number To modify the port, enter the policy server command with the port keyword an d the releva nt port number. -> policy server 10.10.2.3 port 50 00 Note that th e port numbe r must ma tch the port numbe[...]

  • Page 478

    Modifying Policy Servers Managing Policy Ser vers page 23-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring a Secure Socket Layer for a Policy Ser ver A Secure Socket Layer (SSL) may be configured be tween the polic y server an d the swit ch. If SSL is enabled, the PolicyVi ew applica tion can no longer write polici es t[...]

  • Page 479

    Managing Policy Servers Verifying the Policy Server Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 23-7 Interaction With CLI Policies Policies configured via PolicyView can only be modi fied through PolicyView. Th ey cannot be modified through the CLI. Any policy management do ne throug h the CLI only affects poli[...]

  • Page 480

    Verifying the Policy Server Conf iguration Managing Policy Servers page 23-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006[...]

  • Page 481

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-1 24 Configuring QoS Alcatel’s QoS software prov ides a way to manipulate flows coming th rough the switch based on user- configur ed policie s. The flow man ipu lation (generally referred to as Quali ty of Service or QoS ) may be as simple as allowi ng/denying traffic, or as [...]

  • Page 482

    QoS Specifications Configuring QoS page 24-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 QoS Specifications Maximum number of po licy rules 128 Limits for Layer 3 rules with particular action s: ACL (Filter rules) Priority rules Bandwidth/ T o S rules 802.1p rules 62 30 64 29 Maximum number of poli cy condition s 2048 Maximum nu[...]

  • Page 483

    Configuring QoS QoS General Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-3 QoS General Over view Quality of Service (QoS) refers to transmission quality and available service that is measured an d some- times guaranteed in advance for a particular ty pe of traffic in a network. QoS le nds itself to ci rcuit- switc[...]

  • Page 484

    QoS Policy Overview Configuring QoS page 24-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 QoS Policy Over view A policy (or a policy rule ) is made up of a condition and an actio n. The condition specifi es pa rameters that the switch will examine in inc oming flows, such as destination address or Type of Serv ice (ToS) bits. Th[...]

  • Page 485

    Configuring QoS Interaction With Other Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-5 It is possible to configure a vali d QoS rule that is ac tive on the swit ch, however the swit ch is not able to enforce the rule b ecause some ot her switch function (for example, rout ing) is disa bled. See the condition and co[...]

  • Page 486

    Condition Combinations Configuring QoS page 24-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Condition Combinations The CLI prevents you from configuring in valid condition combinations that are never allowed; ho wever, it does allow you to create combinat ions that are supporte d in some scenario. For example, you might configu[...]

  • Page 487

    Configuring QoS Condition /Action Combinations OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-7 Condition/Action Combinations Conditions and acti ons are combined in policy rules. The CLI prevents you fro m configurin g invalid condition/acti on combinations t hat are never allo wed; however, it doe s allow you to create com[...]

  • Page 488

    Condition/Action Combinations Configuring QoS page 24-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 destination IP address or network group destination TCP/UDP port IP protocol 802.1p routing/bridging when qos classifyl3 bridged is enabled source MAC or MAC group source VLAN disposition priority bridging source VLAN maximum band[...]

  • Page 489

    Configuring QoS QoS Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-9 QoS Defaults The following ta bles list the defa ults for global QoS p a rameters, individual port settin gs, policy rules, and default policy rules. Global QoS Defaults Use the qos reset command is to reset gl obal values to their defaults. Descri[...]

  • Page 490

    QoS Defaults Configuring QoS page 24-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 QoS Por t Defaults Use the qos port reset command to reset port settings to the defaults. Policy Rule Defaults The following are default s for the poli cy rule command: * However, policy rules co nfigured with s ource and dest ination condit ions [...]

  • Page 491

    Configuring QoS QoS Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-11 Policy Action Defaults The following are defaults for t he poli cy action command: Note that in the current software release, the deny and dr op options produce the same effect that is, the traffic is si lently drop ped. Note. There are no default[...]

  • Page 492

    QoS Configuration Overview Configuring QoS page 24-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 QoS Configuration Over view QoS configuratio n involves the following general steps: 1 Configuring Global Par ameters . In addit ion to enabling/ disabling QoS, g lobal configurat ion includes settings such a s global po rt parameter[...]

  • Page 493

    Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-13 Configuring Global QoS Parameters This section describes the glob al QoS configurat ion, which includes enabling and disabl ing QoS, apply- ing and acti vating the co nfiguration, controlling th e QoS log d isplay, and co nfi[...]

  • Page 494

    Configuring Global QoS Parameters Configuring QoS page 24-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using the QoS Log The QoS software in the switch creates its own log for QoS-spe cific eve nts. You may modi fy the number of lines in the log or change the level of detail given in the log. Th e PolicyView app lication, which[...]

  • Page 495

    Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-15 Note. If you change the number of log l ines, the QoS log may be comp letely cleare d. To chang e the log lines without c learing the log, set the lo g lines in the boot.c fg file; the log will be set to the speci fied number[...]

  • Page 496

    Configuring Global QoS Parameters Configuring QoS page 24-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying the QoS Log To view the QoS log, use the show qos log command. The displa y is similar to the following: **QOS Log** Insert rule 0 Rule index at 0 Insert rule 1 Rule index at 1 Insert rule 2 Rule index at 2 Enable r[...]

  • Page 497

    Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-17 To change the flow timeout, enter the qos flow timeout com i mand with the desired number of seconds. For exampl e: -> qos flow timeout 100 The timeout will no t be active on the switch u ntil you enter th e qos apply comm[...]

  • Page 498

    Configuring Global QoS Parameters Configuring QoS page 24-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Classifying Bridged T raffic as Layer 3 In some network configurati ons you may want to force the switch to cla ssify bridged traffic as routed (Layer 3) traffic. Typically this op tion is used for QoS filtering. See Chapter 2[...]

  • Page 499

    Configuring QoS Configurin g Global QoS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-19 V erifying Global Settings To display information abo ut the glob al configuration, use the following show commands: For more information abo ut the syntax and di splays of these comman ds, see the OmniSwitch CLI Refer- ence [...]

  • Page 500

    QoS Ports and Queues Configuring QoS page 24-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 QoS Por ts and Queues Queue para meters may be mo dified on a port basis. Fo ur default queues are creat ed for each port on t he switch at start up. When a flow coming into the switch matches a policy , it is queued based on: • Paramete[...]

  • Page 501

    Configuring QoS QoS Ports and Queues OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-21 To configure th e global settin g on the switch , use the qos trust ports command. For exampl e: -> qos trust ports To configure indivi dual ports as truste d, use the qos port trusted command with the desired sl ot/port number. For ex [...]

  • Page 502

    Creating Policies Configuring QoS page 24-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating Policies This section describ es how to create polic ies in general. Fo r information about configuri ng specific types of policies, see “Policy Applications” on pa ge 24-49 . Basic commands for creating policies are as foll ows:[...]

  • Page 503

    Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-23 4 Use the qos apply command to apply the po licy to the configuration. For example: -> qos apply Note. ( Optional ) To verify that the rule has been configured, use the show policy rule command. The display is similar to the following : -&[...]

  • Page 504

    Creating Policies Configuring QoS page 24-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating Policy Conditions This section describ es how to create po licy condition s in general. C reating policy co nditions for partic ular types of network sit uations is described late r in this chapter. Note. Policy condition confi gurat[...]

  • Page 505

    Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-25 Note. You cannot remove al l parameters from a polic y cond ition. A condition must be configured with at least one parameter. Deleting Policy Conditions To remove a policy condition, use the no form of the command. For example: -> no poli[...]

  • Page 506

    Creating Policies Configuring QoS page 24-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. If you combine priority with 802.1p , dscp , tos , or map , in an action, the priority value is use d to prioritiz e the flow. Removing Action Parameters To remove an action parame ter or return the parame ter to its defau lt, use no wi[...]

  • Page 507

    Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-27 In addition, a policy rule may be admi nistratively disabled or re-enabled using the policy rule command. By default rules are enab led. Fo r a list of rule defaults, see “Policy Rule Defaults” on page 24-10 . Information abo ut using the[...]

  • Page 508

    Creating Policies Configuring QoS page 24-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Layer 3 Rules With Compatible Ac tions More than one rule may have the same co ndition. Fo r example, two La yer 3 rules may h ave the same IP address con dition but differen t actions. If the a ctions are comp atible, both rules wil l be app[...]

  • Page 509

    Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-29 Saving Rules The save option marks the policy rule so that the rule will be captured in an ASCII text fil e (using the configuration snapshot command) and saved t o the working director y (using the write m emory command or copy running-confi[...]

  • Page 510

    Creating Policies Configuring QoS page 24-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying Policy Configuration To view information ab out policy rules, conditions, a nd actions confi gured on the swit ch, use the follo w- ing commands: When the command is used to show output for all pending and applied poli cy configura[...]

  • Page 511

    Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-31 In this example, the rule my_rule does not displa y because it is inactive . Rules are i nactive if they are administratively di sabled through the policy rule command, or if the rule cannot be enforced by the current h ardware. Alth ough my_[...]

  • Page 512

    Creating Policies Configuring QoS page 24-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 T esting Conditions Before applying poli cies to the configuration thro ugh the qos apply command, you may want to see how the policies will be used to classify traffic. Or you ma y want to see how t heoretical traffic would be classi- fied b[...]

  • Page 513

    Configuring QoS Creating Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-33 To test a theo retical con dition again st the set of applied policies, enter the command with the applied keyword. The switch will display info rmation ab out the pote ntial traffic and attempt to match it to a pol icy (applied policies only[...]

  • Page 514

    Using Condition Groups in Policies Configuring QoS page 24-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using Condition Gr oups in Policies Condition groups ar e made up of multiple IP addre sses, MAC addresses, servic es, or ports to which you want to apply the same action or poli cy rule. Instead of crea ting a separa te cond[...]

  • Page 515

    Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-35 3 Attach the condi tion to a polic y rule. (For more i nformation about co nfiguring rule s, see “Creati ng Policy Rules” on page 24 -26 .) In this example, actio n act4 has alre ady been co nfigured. For example: -> p[...]

  • Page 516

    Using Condition Groups in Policies Configuring QoS page 24-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To remove addresses from a network group, use no and the rel evant address(es) . For example: -> policy network group netgroup3 no 173.21.4.39 This command deletes the 173.21 .4.39 address from netgroup3 af ter the next qo[...]

  • Page 517

    Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-37 In this example, a policy service calle d telnet1 is created with the TCP protocol number ( 6 ) and the well- known Telnet destination por t number ( 23 ). -> policy service telnet1 protocol 6 destination ip port 23 A shor[...]

  • Page 518

    Using Condition Groups in Policies Configuring QoS page 24-38 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 This command conf igures a conditi on called c6 with service grou p serv_group . All of the service s speci- fied in the service group will be included i n the condit ion. (For more informati on about con figuring c ondi- tio[...]

  • Page 519

    Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-39 Note. MAC group configuration is not acti ve until the qos apply command is entered. To delete addresses from a MAC group, use no and the relevant address(es): -> policy mac group macgrp2 no 08: 00:20:00:00:00 This command[...]

  • Page 520

    Using Condition Groups in Policies Configuring QoS page 24-40 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 This command specifies tha t port 2/1 will be d eleted from the techpubs port group at the next qos apply . To delete a port group, use the no form of the policy port gro up command with the relev ant port group name. The por[...]

  • Page 521

    Configuring QoS Using Condition Groups in Policies OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-41 -> policy action MaxBw maximum ban dwidth 10k -> policy rule PortRule condition Ports action MaxBw In this example, if both ports 1 and 2 are active p orts, 10000 bps is distrib uted over the two p orts. If one of the p[...]

  • Page 522

    Using Condition Groups in Policies Configuring QoS page 24-42 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying Condition Gr oup Configuration To display information abo ut condition gro ups, use the following show commands: See the OmniSwitch CLI Reference Guide for more information about th e syntax and output for t hese c[...]

  • Page 523

    Configuring QoS Using Map Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-43 Using Map Gr oups Map groups are u sed to map 802. 1p, ToS, or DSCP va lues to different values. On the Om niSwitch 6600 , the followi ng mapping sc enarios are su pported: • 802.1p to 802. 1p • ToS or DSCP to 802.1p (the reve rse is not s[...]

  • Page 524

    Using Map Groups Configuring QoS page 24-44 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 How Map Groups W ork When mapping from 802.1p to 802.1p, the acti on will result in remapping the sp ecified values. Any values that are not specified in th e map gr oup are preser ved. In this example, a map grou p is created for 802 .1p bits[...]

  • Page 525

    Configuring QoS Using Map Groups OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-45 To delete a map group, use the no form of the policy map group command. The map grou p must not be associated with a policy action. For example: -> no policy map group tosGroup If tosGroup is currently associated with an actio n, an error m[...]

  • Page 526

    Applying the Configuration Configuring QoS page 24-46 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Applying the Configuration Configuratio n for policy rules and many global QoS pa rameters must sp ecifically be ap plied to the config- uration with the qos apply command. Any parameters config ured without thi s command are mainta [...]

  • Page 527

    Configuring QoS Applying the Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-47 Deleting the Pending Configuration Policy settings that have been configured but not applied thro ugh the qos apply command may be returned to the la st applied se ttings through the qos revert command. For example: -> qos revert [...]

  • Page 528

    Applying the Configuration Configuring QoS page 24-48 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Interaction W ith LDAP Policies The qos apply , qos revert , and qos flush commands do not af fect policies created thro ugh the Policy- View application . Separate commands are use d for loading an d flushing LDAP policies on th e s[...]

  • Page 529

    Configuring QoS Policy Applications OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-49 Policy Applications Policies are used to classify incoming flows and treat the relevant outgoing flows. There are many ways to classify the traffic and many ways to apply QoS parameters to the traffic. Classifying tr affic may be a s simple[...]

  • Page 530

    Policy Applications Configuring QoS page 24-50 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Note. If multiple addresses, services, or po rts should be gi ven the same prio rity, use a policy condi tion group to specify the group and associat e the group wit h the condit ion. See “Using Condition Groups in Policies” on page 24-[...]

  • Page 531

    Configuring QoS Policy Applications OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 24-51 -> policy condition ip_traffic2 so urce ip 10.10.5.3 -> policy action flowShape maximum bandwidth 1k -> policy rule rule2 condition tra ffic2 action flowShape Note that the bandwidth may be specified in abbreviated units, in this c[...]

  • Page 532

    Policy Applications Configuring QoS page 24-52 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 -> policy condition my_condition s ource ip 10.10.3.0 mask 255.255.2 55.0 -> policy action my_action 802.1p 5 -> policy rule marking condition m y_condition action my_action In the next example, the policy map group command specifi[...]

  • Page 533

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-1 25 Configuring ACLs Access Control L ists (ACLs) are Quality o f Service (Qo S) policies used to control wh ether or not packets are allo wed or denied at the swit ch or router interf ace. ACLs are sometimes referred to as filtering lists. ACLs are distin guished by th e kind [...]

  • Page 534

    ACL Specifications Configuring ACLs page 25-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACL Specifications These specifications are t he same as those for QoS in general: ACL Defaults The following ta ble shows the defaults for ACLs: Note that in the current software release, the deny and dr op options produce the same effect;[...]

  • Page 535

    Configuring ACLs Quick Steps for Creating ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-3 Quick Steps for Creating ACLs 1 Set the global disposi tion for bridged or rout ed traffic. By default, all flow s that do match any pol icies are allowed on t he switch. Typica lly, you may wan t to deny traffic fo r all Layer 3 [...]

  • Page 536

    ACL Overview Configuring ACLs page 25-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACL Over view ACLs provide mo derate security bet ween networks. The following il lustration sho ws how ACLs may be used to filter sub network traffic throug h a private net work, func tioning like an internal fi rewall for LANs. When traffic arr[...]

  • Page 537

    Configuring ACLs ACL Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-5 Rule Precedence The switch attempts to classify fl ows c oming into the switc h according to pre cedence. For Lay er 2 flows, the rule wi th the highe st precedence will be appli ed to the flow . For Layer 3 flow s, all rules that mat ch the flow [...]

  • Page 538

    ACL Overview Configuring ACLs page 25-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Example: Layer 3 Rules With Compatible Actions More than one rule may have the same co ndition. Fo r example, two La yer 3 rules may h ave the same IP address con dition but differen t actions. If the a ctions are comp atible, both rules wil l be[...]

  • Page 539

    Configuring ACLs ACL Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-7 Interaction With Other Features • IP Routing —IP routing must b e enabled on th e switch for Layer 3 ACLs. See Chapter 14, “Configur- ing IP,” for more information about setting up ro uting. • Routing Protocols —Layer 3 filtering is co[...]

  • Page 540

    ACL Configuration Overview Configuring ACLs page 25-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 ACL Configuration Over view This section describes the QoS CLI commands used spec ifically to configure ACLs. ACLs are basically a type of QoS policy, and the commands used to co nfigure ACLs are a subset of the switch’s QoS comma[...]

  • Page 541

    Configuring ACLs Setting the Global Disposition OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-9 Important. If you set the glob al bridged d isposition (u sing the q os defaul t bridge d dispos ition command) to deny or drop , it will result in droppi ng all Layer 2 t raffic from the switch that does not match any policy to [...]

  • Page 542

    Creating Condition Groups For ACLs Configuring ACLs page 25-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Creating Condition Gr oups For ACLs Condition grou ps for ACLs are ma de up of multipl e IP addresses, MAC addresses, services, or IP ports to which you wan t to apply the sa me disposition . Instead of creating a separate c[...]

  • Page 543

    Configuring ACLs Configuring ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-11 For exampl e: -> policy port group pgroup1 3/1-2 4/3 5/4 -> policy condition c2 source port group pgroup1 In this example, a Layer 2 condition ( c2 ) specifies that traffic matche s the ports incl uded of the pgroup1 port group. The con[...]

  • Page 544

    Configuring ACLs Configuring ACLs page 25-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 rule7 will take precedence over the other rules. (For more information about precedence, se e “Rule Prece- dence” on page 25-5 .) The action config ured for the rule, a1 , allows traffic from 10.10.4. 8, so the flow will be accepted on th[...]

  • Page 545

    Configuring ACLs Configuring ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-13 Layer 2 ACL: Example 1 In this example, the default bridge d disposition i s accept (the default). Since the default is accept , the qos default bridged disposition command would only need to be entered if the disposition had previously been [...]

  • Page 546

    Configuring ACLs Configuring ACLs page 25-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Layer 3 ACLs The QoS software in the switch fi lters routed traffic at Layer 3. For Lay er 3 filters, ty pically IP routing must be enabled; however, the switc h may be configured to filt er Layer 3 headers in bridged traffic. Use the qos cla[...]

  • Page 547

    Configuring ACLs Configuring ACLs OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-15 Layer 3 ACL: Example 2 This example uses condition gro ups to combine mult iple IP addre sses in a single co ndition. The default disposition is set to deny . -> qos default routed disposition deny -> policy network group GroupA 192 .60[...]

  • Page 548

    Configuring ACLs Configuring ACLs page 25-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 To filter multicast cli ents, specify the mul ticast IP ad dre ss, which is the add ress of the multic ast group or stream, and sp ecify the cli ent IP address, VL AN, MAC address, or slot/port . For example: -> qos default multicast dispo[...]

  • Page 549

    Configuring ACLs Using ACL Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-17 Using ACL Security Features The following ad ditional AC L features are available for improvi ng network security and prev enting mali- cious activit y on the network: • UserPorts —A port group that identi fies its members as u[...]

  • Page 550

    Using ACL Security Features Configuring ACLs page 25-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring a DisablePor ts ACL An additional met hod for dealing with spoofed IP traffic is t o create a Disabl ePorts ACL that will adminis- tratively disab le ports that rece ive this type of traffic. To achieve this result, a p[...]

  • Page 551

    Configuring ACLs Using ACL Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-19 5 Create a rule that denies all source IP addres ses rece iv ed on the port group defi ned in Step 1 a nd spec- ify a precedence for t his rule. For example: -> policy rule noSpoof condition d enyip action badDisablePorts prec e[...]

  • Page 552

    Using ACL Security Features Configuring ACLs page 25-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 2 Add the services c reated in St ep 1 to a se rvice group ca lled DropServices using the policy service group command. For example: -> policy service group DropServices tcp135 tcp445 udp137 udp138 udp445 Note that the DropServi[...]

  • Page 553

    Configuring ACLs Using ACL Security Features OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-21 Configuring ICMP Dr op Rules Combining a L ayer 2 condi tion for sour ce VLAN with a Layer 3 condition fo r IP protocol is supported. Use these two cond itions togeth er in a policy t o block ICMP echo req uest and reply p ackets w[...]

  • Page 554

    Verifying the ACL Configuration Configuring ACLs page 25-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V erifying the ACL Configuration To display information abo ut ACLs, use the same show commands that are used for displaying any QoS policies. These commands include: When a show command is used t o display out put for all pe n[...]

  • Page 555

    Configuring ACLs Verifying the ACL Configuration OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 25-23 To display only policy rules th at are active (enabled) on the switch, use th e show active policy rule command. For example: -> show active policy rule Policy From Prec Enab Inact Refl Log Save Matches +my_rule5 cli 0 Yes N[...]

  • Page 556

    ACL Application Exa mple Configuring ACLs page 25-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 ACL Application Example In this applica tion for IP filt ering, a policy is created to deny Telnet traffic from the outside world to an engineering group in a private network. Set up a polic y rule called outside to de ny Telnet traff[...]

  • Page 557

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-1 26 Configuring IP Multicast Switching IP Multicast Switc hing is a on e-to-many commu nication tech nique employ ed by emerging a pplications such as video distribution , news feeds, con ferencing, net casting, and resour ce discovery (OSPF, RIP2, BOOTP). Unlike unicast , whic[...]

  • Page 558

    IPMS Specifications Configuring IP Multicast Switching page 26-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 IPMS Specifications The table below lists specifications for Alcatel’s IPMS software. IPMS Default V alues The table below lists default valu es for Alcatel’ s IPMS software. RFCs Supported RFC 2236 — Internet Gr ou[...]

  • Page 559

    Configuring IP Multicast Switching IPMS Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-3 IPMS Over view A multicast group is defined by a multi cast group address, wh ich is a Class D IP address in the range 224.0.0.0 to 239.255.25 5.255. (Addresses in the ra nge 239.0.0.0 to 239 .255.255. 255 are reserved for bound[...]

  • Page 560

    IPMS Overview Configuring IP Multicast Switching page 26-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Reserved Multicast Addresses The Internet Assigned Numbers Au thority (IANA) created the range fo r multicast addr esses, which is 224.0.0.0 to 239.25 5.255.255. Howe ver, as the table below shows, certain addresse s ar e reser[...]

  • Page 561

    Configuring IP Multicast Switching Configuring IPMS on a Switch OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-5 Configuring IPMS on a Switch This section describes how to use Command Line Interface (CLI) commands to enable and disable IP Multicast Switchi ng (IPMS) switch wi de (see “ Enabling and Disabling IPMS on a Swit[...]

  • Page 562

    Configuring IPMS on a Switch Configuring IP Multicast Switching page 26-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Configuring a Static Neighbor You can configure a port as an IPMS static neighb or port by entering ip multicast static-neighbor followed by the VLAN num ber (which must be between 0 and 4095), a space, the slot [...]

  • Page 563

    Configuring IP Multicast Switching Configuring IPMS on a Switch OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-7 Removing a Static Querier To reset the port so th at it is no longer an IPMS static que rier port you use the no form of the ip multic ast static-querier command b y enterin g ip multicast no static-queri er follo[...]

  • Page 564

    Modifying IPMS Parameters Configuring IP Multicast Switching page 26-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Modifying IPMS Parameters The table in “IPMS Default Values” on page 26-2 lists defa ult values for IPMS parameters. The fo llowing sections descri be how to use CLI commands to modi fy these parameters. Modifyi[...]

  • Page 565

    Configuring IP Multicast Switch ing Modifying IPMS Parameters OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-9 Configuring the Membership Timeout You can modify the IPMS membership timeout from 0 to 42949672 95 seconds by entering ip multicast membership-timeout followed by the new value. For example, to set the membership t[...]

  • Page 566

    Modifying IPMS Parameters Configuring IP Multicast Switching page 26-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Restoring the Querier Timeout To restore the neighbor querier to its default (i.e., 260 seconds) val ue you use the no form of the ip multicast querier-timeout command by entering: -> ip multicast no querier-time[...]

  • Page 567

    Configuring IP Multicast Switching IPMS Application Example OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-11 IPMS Application Example The figure below shows a samp le network with the sw itch sending multicast video. A client attached to Port 5 needs to be configured as a static neighbor an d another client att ached to Por[...]

  • Page 568

    IPMS Application Example C onfiguring IP Multicast Switching page 26-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 5 Modify the leave timeout from its default value of 10 seconds to 120 seco nds by entering: -> ip multicast leave-timeout 120 An example of what these commands look like entered sequenti ally on the co mmand lin[...]

  • Page 569

    Configuring IP Multicast Switching Displaying IPMS Configurations and Statistics OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 26-13 Displaying IPMS Configurations and Statistics Alcatel’s IP Multicast Switching (IPMS ) show commands provide t ools to moni tor IPMS traf fic and settings and to t roubleshoot problems. These c[...]

  • Page 570

    Displaying IPMS Configurations and Statis tics Configuring IP Multicast Switching page 26-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 571

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-1 27 Diagnosing Switch Pr oblems Several tools are available for diagn osing problems that may occur with the switch. These t ools include • Port Mi rroring • Port Moni toring • Remote Monitoring (RMON) probes • Switch Heal th Monito ring Port mirroring cop ies all incom[...]

  • Page 572

    In This Chapter Diagnosing Switch Problems page 27-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 • Deleting a Po rt Monitoring Session —see “Deleting a Port Monito ring Sessio n” on page 27-21 . • Pausing a Port Mo nitoring Session —see “Pausing a Port Monitoring Session” on page 27-21 . • Configuring th e pers[...]

  • Page 573

    Diagnosing Switch Problems Port Mirroring Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-3 Por t Mirroring Overview The following sectio ns detail the specificatio ns, defaults, a nd quick set u p steps for the po rt mirroring feature. Detaile d procedur es are found in “Port Mirroring” on page 27 -12 . Note. A [...]

  • Page 574

    Port Mirroring Overview Diagnosing Switch Problems page 27-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Por t Mirroring Defaults The following table shows port mir roring default values. Global Port Mirr oring Defa ults Parameter Description CLI Co mmand Default V alue/Comments Mirroring Session Creation port mirroring sourc e [...]

  • Page 575

    Diagnosing Switch Problems Port Mirroring Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-5 Quick Steps for Configuring Port Mirroring 1 Create a port mirrori ng session . Be sure to sp ecify the p ort mirror ing session ID , source (mirrored) and destination (mirroring) slot/ports, and unblock ed VLAN ID ( op tional[...]

  • Page 576

    Port Monitoring Overview Diagnosing Switch Problems page 27-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Por t Monitoring Over view The following sec tions detail the specifica tions, defa ults, and quick se t up steps for the port mirroring feature. Detaile d procedur es are found in “Port Moni toring Overview ” on page 27[...]

  • Page 577

    Diagnosing Switch Problems Port Monitoring Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-7 Quick Steps for Configuring Port Monitoring 1 To create a port monitori ng session use the port monitoring source command by entering port monitoring , followed by the port monitoring session ID, source , and the slot and por[...]

  • Page 578

    Remote Monitoring (RMON) Overview Diagnosing Switch Problems page 27-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Remote Monitoring (RMON) Over view The following sec tions detail th e specifica tions, defaul ts, and quick set u p steps for the RMON feat ure. Detailed proc edures are found in “Remote Monitoring (RMON)” on p[...]

  • Page 579

    Diagnosing Switch Problems Remote Monitoring (RMON) Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-9 RMON Probe Defaults The following ta ble shows Remote Network Moni toring defaul t values. Global RMON Probe Defaults Quick Steps for Enabling/Disabling RMON Probes 1 Enable an inactive (or disable an active) RMON pr[...]

  • Page 580

    Switch Health Overview Di agnosing Switch Problems page 27-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Switch Health Over view The following sec tions detail the specifica tions, defa ults, and quick se t up steps for the switch health feature. Detaile d procedur es are found in “Monitoring Switch Hea lth” on page 27-32 . [...]

  • Page 581

    Diagnosing Switch Problems Switch Health Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-11 Switch Health Defaults The following tabl e shows Switch Health d efault values. Global Swi tch Health D efaults Quick Steps for Configuring Switch Health 1 Display the heal th threshold li mits, health sampli ng interval sett[...]

  • Page 582

    Port Mirroring Diagnosing Switch Problems page 27-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Mirroring You can set u p port mirroring for any pair of Et hernet port s within the same switch chassi s. Ethernet port s supporting port mirro ring include 10BaseT/100BaseTX (RJ-45) and 1000BaseLX (LC) M iniGBIC connectors. Wh[...]

  • Page 583

    Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-13 How Por t Mirroring W orks When a frame is received on a mirrored port, it is copied and sent to the mi rroring port. The received frame is actually t ransmitted twice across t he switch backpl ane–once fo r normal bridging and t he[...]

  • Page 584

    Port Mirroring Diagnosing Switch Problems page 27-14 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Using Por t Mirr oring with External RMON Pr obes Port mirroring is a help ful monitoring tool when used in co njunction with an external RMON probe. Once you set up port mirror ing, the probe can collect all relevant RMON statistics [...]

  • Page 585

    Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-15 Creating a Mirroring Session Before port mirroring can be used, it is nece ssary to create a port mirro ring session. The port mirroring source destina tion CLI command can be used to create a mirro ring session between a mirror ed (a[...]

  • Page 586

    Port Mirroring Diagnosing Switch Problems page 27-16 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 This command line specifies mir roring session 6, with the source (m irrored) port located in slot 2/po rt 3, and the destination (mi rroring) port located in slot 2/port 4. The mirroring port on VLAN 750 is prot ected from Spanning T[...]

  • Page 587

    Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-17 In this example the command specifies port mirroring sessi on 6, with the mirro red (active) port locat ed in slot 2/port 3, and th e mirroring port l ocated in slot 6/port 4. The mi rroring status is di sabled (i.e., port mirroring i[...]

  • Page 588

    Port Mirroring Diagnosing Switch Problems page 27-18 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Enabling or Disabling a Por t Mirroring Session (Shorthand) Once a port mirroring sessi on configuration has been created, th is command is useful fo r enabling or disabling it (tur ning port mirrorin g on or off) without having to re[...]

  • Page 589

    Diagnosing Switch Problems Port Mirroring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-19 Deleting A Mirr oring Session The no form of the port mirroring command can be used to delete a previously created mirro ring session configuratio n between a mi rrored port and a mirroring po rt. To delete a mirroring session, enter [...]

  • Page 590

    Port Monitoring Diagnosin g Switch Problems page 27-20 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Por t Monitoring An essential tool of the network engineer is a net work packet capture device. A packet capture device i s usually a PC-based comput er, such as the Sniffer ® , tha t provides a me ans for unde rstanding an d measu[...]

  • Page 591

    Diagnosing Switch Problems Port Monitoring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-21 In addition, you can also sp ecify optional parameters sh own in the t able below. These parameters mu st be entered af ter the slot and port numbe r. For example, t o configure port monitoring session 6 on port 2/3 and admini strati[...]

  • Page 592

    Port Monitoring Diagnosin g Switch Problems page 27-22 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Por t Monitoring Session Persistence By default, a p ort monitoring sessi on will neve r be disabled . To modify the le ngth of time befo re a port monitoring sessi on is disabled fro m 0 (the default, wh ere the session[...]

  • Page 593

    Diagnosing Switch Problems Port Monitoring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-23 For example, to c onfigure port mo nitoring session 6 o n port 2/3 with a data fil e called “use r_port” in th e /flash directory enter that will no t overwrite older packets if th e fil e size is exceeded e nter: -> port moni[...]

  • Page 594

    Port Monitoring Diagnosin g Switch Problems page 27-24 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Por t Monitoring Status and Data A summary of the sho w commands used for displaying po rt monitoring sta tus and po rt monitoring d ata are given here: For example, to disp lay port monitoring data use the show port moni[...]

  • Page 595

    Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-25 Remote Monitoring (RMON) Remote Network Monit oring (RMON) is an SNMP protocol used to manage networks remo tely. RMON probes can be used to collect , interpret and forward statis tical data about network traffic from design[...]

  • Page 596

    Remote Monitoring (RMON) Diagnosing Switch Pro blems page 27-26 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 RMON probes can be enabled or disabled via CLI commands. Configuratio n of Alarm threshold valu es for RMON traps is a function reserv ed for RMON-monitoring NMS stations. This feature support s basic RMON 4 group impl emen[...]

  • Page 597

    Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-27 Enabling or Disabling RMON Pr obes To enable or disable an indi vidual RMON probe, enter the rmon probes CLI command. Be sure to spec- ify the type of probe ( stats / history / alarm ), followed by the e ntry number (optiona[...]

  • Page 598

    Remote Monitoring (RMON) Diagnosing Switch Pro blems page 27-28 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying RMON T ables Two separate commands can be used to retrieve and vi ew Remote Monitoring data: show rmon probes and show rmon events . The retrieved statistics appear in a table format (a coll ection of re lated da[...]

  • Page 599

    Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-29 Displaying Statistics for a Particular RMON Probe To view statistics for a particul ar current RMON probe, e nter the show rmon probes command, specifying an entry number for a particular probe, such as: -> show rmon prob[...]

  • Page 600

    Remote Monitoring (RMON) Diagnosing Switch Pro blems page 27-30 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Sample Display fo r Histor y Probe The display shown here identifies RMON Pro be 10325’s Owner descri ption and interfac e location (Analyzer-p:12 8.251.18.166 on slot 1, por t 35), the total number of Hi story Control Bu[...]

  • Page 601

    Diagnosing Switch Problems Remote Monitoring (RMON) OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-31 Displaying a List of RMON Events RMON Events are actions that occur based on Alarm co nditions detect ed by an RMON probe. To view a list of logged RMON Events, ent er the show rmon events co mmand without sp ecifying an en [...]

  • Page 602

    Monitoring Switch Health Diagnosing Switch Problems page 27-32 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Monitoring Switch Health To monitor resource availability, the NMS (Netwo rk Manageme nt System) nee ds to collect si gnificant amounts of data from each switch. As the nu mber of ports per switch (and the n umber of switche[...]

  • Page 603

    Diagnosing Switch Problems Monitoring Switch Health OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-33 The following sections incl ude a discussion of CLI command s that can be used to conf igure resource parameters and monito r or reset statistics for switch resources. Thes e commands include: • health threshold —Configu[...]

  • Page 604

    Monitoring Switch Health Diagnosing Switch Problems page 27-34 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Resource and T emperature Thresholds Health Monito ring software monitors threshold levels for the switch’s consumable resources— bandwidth, RAM memory, and CPU capacity —as well as the ambient chassis te m[...]

  • Page 605

    Diagnosing Switch Problems Monitoring Switch Health OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-35 Displaying Health Threshold Limits The show health threshold command is used to view all current heal th thresholds on the switch, as well as individual th resholds for input t raffic (RX), output/input tr affic (TX/RX), mem[...]

  • Page 606

    Monitoring Switch Health Diagnosing Switch Problems page 27-36 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Configuring Sampling Intervals The sampling interval is the period of time be tween polls of the switch’s consumable reso urces to moni- tor performance vis-a-vis previ o usly specified thresholds. The health interval comm[...]

  • Page 607

    Diagnosing Switch Problems Monitoring Switch Health OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 27-37 V iewing Health Statistics for the Switch The show health command can be used t o display health statistics for the switch. To display he alth statistics, en ter the show health command, followed by the slot/port l ocation a[...]

  • Page 608

    Monitoring Switch Health Diagnosing Switch Problems page 27-38 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 V iewing Health Statistics for a Specific Inter face To view health statistics fo r slot 4/port 3, ente r the show health command, followed by the approp riate slot and port numbers. A scre en similar to the following examp [...]

  • Page 609

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-1 28 Using Switch Logging Switch logging is a n event logg ing utility t hat is useful in ma intaining an d servicing th e switch. Switch logging uses a formatted string mech anism to either reco rd or discard ev ent data from switc h applications. The log records are copied to [...]

  • Page 610

    Switch Logging Specifications Using Switch Logging page 28-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Switch Logging Specifications Functionality Sup ported High-level event logging mechanism that for- wards requests from applications to enabled logging devic es. Functionality Not Supported Not intended fo r debugging indi vi[...]

  • Page 611

    Using Switch Logging Switch Logging Defaults OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-3 Switch Logging Defaults The following ta ble shows switch l ogging default v alues. Global Switch Logging Defaults Parameter Description CLI Co mmand Default V alue/Comments Enabling/Di sabling switch lo gging swlog Enabled Switch l[...]

  • Page 612

    Quick Steps for Configuring Switc h Logging Using Switch Logging page 28-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Quick Steps for Configuring Switch Logging 1 Enable switch lo gging by usi ng the following c ommand: -> swlog 2 Specify the ID of the appl ication to be logged al ong with the logging se verity le vel. ->[...]

  • Page 613

    Using Switch Logging Switch Logging Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-5 Switch Logging Over view Switch logging uses a format ted string me chanism to proc ess log requests fro m switch application s. When a log request i s received, swi tch logging co mpares the severity l evel included with the reques[...]

  • Page 614

    Switch Logging Commands Overview Using Switch Logging page 28-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Switch Logging Commands Over view This section describ es the switch lo gging CLI comma nds, for enabling or disabling switc h logging, displaying th e current status of the switch logging feature, and di splaying stored l[...]

  • Page 615

    Using Switch Logging Switch Logging Commands Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-7 STP 11 APPID_SP ANNI NG TREE LINKAGG 12 APPID_LINKAGG REGA TION QOS 13 APPID_QOS RSVP 14 APPID_RSVP IP 15 APPID_IP IPMS 17 APPID_IP MS AMAP 18 APPID_XMAP GMAP 19 APPID_GMAP AAA 20 APPID_ AAA IPC-MON 21 APPID_ IPC_MON IP-HEL[...]

  • Page 616

    Switch Logging Commands Overview Using Switch Logging page 28-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 The level keywor d assigns the error-type severity level to the specified applica tion IDs. Values range from 2 (highest seve rity) to 9 (low est severity). The values are defined in t he following table: Specifying the Se[...]

  • Page 617

    Using Switch Logging Switch Logging Commands Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-9 Removing the Severity Level To remove the switch l ogging severity l evel, enter the no swlog appid level command, including the application ID and severity-level values. The following is a t ypical example: -> no swlog [...]

  • Page 618

    Switch Logging Commands Overview Using Switch Logging page 28-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Disabling an IP Address from Receiving Switch Logging Output To disable a partic ular IP address from rec eiving switch logg ing output, ent er the followin g command: -> no swlog output socket No confirmation message w[...]

  • Page 619

    Using Switch Logging Switch Logging Commands Overview OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 28-11 Configuring the Switch Logging File Size By default, th e size of the switch logging file i s 128000 byt es. To configure the size of the switch loggin g file use the swlog output flash file- size command. To use this comm[...]

  • Page 620

    Switch Logging Commands Overview Using Switch Logging page 28-12 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006 Displaying Switch Logging Records The show log swlog command can produce a display showin g all switch logging informatio n or you can display information ac cording to session , timestamp, appl ication ID or severi ty lev[...]

  • Page 621

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-1 29 Monitoring Memor y Debug memory mo nitor commands ca n monitor memory allocation an d free memory (such as detect ion of invalid free addresses and maintena nce of size statis tics). These commands are useful for monitoring logging of even ts, leak detect ion, classificat i[...]

  • Page 622

    Memory Monitoring Specifications Monitoring Memory page 29-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Memor y Monitoring Specifications The following ta ble shows Memory Mo nitoring specific ations: Memor y Monitoring Defaults The following table shows M emory Monitoring default valu es: Functionality Supported Fence Post/ Ba[...]

  • Page 623

    Monitoring Memory Quick Steps for Configuring Memory Monitoring OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-3 Quick Steps for Configuring Memor y Monitoring 1 Use the following com mands to enable Memory Mo nitoring. (Memory Monit oring is factory disabl ed by default.) For example: -> debug memory monitor enable 2 To [...]

  • Page 624

    Debug Memory Commands Overview Monitoring Memory page 29-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Debug Memor y Commands Over view The Debug Memory Commands prov ide monitoring of memory allocat ion and free memory. By provid- ing a method to enable/di sable memory mon itoring and display memor y usage reports, these comman[...]

  • Page 625

    Monitoring Memory Configuring Debug Memory Commands OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-5 Displaying the Memor y Monitor Log The debug memory monitor show log command displays memo ry monitoring lo g information. By enter- ing this command, a display similar to t he following will appear onscre en: -> debug mem[...]

  • Page 626

    Configuring Debug Memory Commands Monitoring Memory page 29-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Displaying the Memor y Monitor Global Statistics The debug memory monitor show log global command can display memory monito ring global statis- tics. By specifyi ng the global varia ble to view global statistics, a display s[...]

  • Page 627

    Monitoring Memory Configuring Debug Memory Commands OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-7 Displaying the Memor y Monitor T ask Statistics The debug memory monitor show log task command can disp lay memory monitoring task statistics. B y specifying the task variable to view task statisti cs, a display simil ar to t[...]

  • Page 628

    Configuring Debug Memory Commands Monitoring Memory page 29-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Task Name Current Cumulative -------------+-------------+-------- --------- TrapMgr 4548 63976 Elpc 2336 2392 VlanMgr 208 149672 PortMgr 804 75424 Gateway 84 140 CfgMgr 228 897491 tCS_HSM 1240 2500 tCS_CMS 188 328 tCS_PRB 31[...]

  • Page 629

    Monitoring Memory Configuring Debug Memory Commands OmniSwitch 6600 Family Network Configurati on Guide April 2006 page 29-9 Displaying the Memor y Monitor Size Statistics The debug memory moni tor show log size command can display memory monitoring size st atistics. By entering the size variable to view si ze statistics, a display simil ar to the [...]

  • Page 630

    Configuring Debug Memory Commands Monitoring Memory page 29-10 OmniSwitch 6600 Fam ily Network Configuration Guide April 2006[...]

  • Page 631

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-1 A Software License and Copyright Statements This appendix co ntains Alcate l and third-pa rty software ven dor license and copyright st atements. Alcatel License Agreement ALCA TEL INTERNETWORKING, INC. (“AII”) SOF TW ARE LICENSE AGREEMENT IMPORTANT. Please re ad the terms [...]

  • Page 632

    Alcatel License Agreement Software License and Copyright Statements page A-2 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 3. Confidentiality. AII considers the Licensed File s to contain valuable t rade secrets of AII, t he unautho- rized disclosure of which could cause irrepa rable harm to AII. Except as expressly set forth here[...]

  • Page 633

    Software License and Copyright St atements Alcatel License Agreement OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-3 10. Governing Law. This License Agreement shall be constr ued and governed in accordance with the laws of the Sta te of Califo rnia. 11. Severabil ity. Should a ny term of this Li cense Agreement be declared v[...]

  • Page 634

    Third Party Licenses and Notices Software License and Copyright Statements page A-4 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 Third Par ty Licenses and Notices The licenses and notices related only to su ch third party software are set forth below: A. Booting and Debugging Non-Proprietary Software A small, separate software po[...]

  • Page 635

    Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-5 C. Linux Linux is wri tten and distrib uted under the GNU General Public License w hich means th at its source co de is freely- distrib uted and ava ilable to the general public. D. GNU GENERAL PUBLIC LI[...]

  • Page 636

    Third Party Licenses and Notices Software License and Copyright Statements page A-6 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 verbatim or with mod ifications and/or t ranslated into another language. (Hereinafter , translation is included wi thout limitati on in the term “mo difi cation”. ) Each licensee is a ddressed as ?[...]

  • Page 637

    Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-7 b Accompany it wi th a written of fer, valid for at least three yea rs, to give any th ird party, for a charg e no more than your cost of physi cally performing source distri bution, a complete machine-r[...]

  • Page 638

    Third Party Licenses and Notices Software License and Copyright Statements page A-8 OmniSwitch 6600 Fam ily Network Configur ation Guide April 2006 consistent application o f that syste m; it is up to th e author/do nor to decide i f he or she is willing to dist rib- ute software throug h any other system an d a licensee cannot impose t hat choice.[...]

  • Page 639

    Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-9 Appendix: How to Apply These T erms to Y our New Programs If you develop a new program, and you w ant it to be of th e greatest possible u se to the publ ic, the best way to achieve this is to make it fr[...]

  • Page 640

    Third Party Licenses and Notices Software License and Copyright Statements page A-10 OmniSwitch 6600 Family Network Con figuration Guide April 2006 Material copyright Li nux Online Inc. Design and compilation copyright (c)1994-200 2 Linux Online Inc. Linux is a regist ered trad emark of Linus Torvalds Tux the Penguin, featured in our logo, wa s cre[...]

  • Page 641

    Software License and Copyright Statements Third Party Licenses and Notices OmniSwitch 6600 Family Network Configurati on Guide April 2006 page A-11 H. Apptitude, Inc. Provided with th is product is certai n network moni toring software (“Me terWorks/RMON”) licensed from Apptitude, Inc., wh ose copyright notice is as follo ws: Copyright (C) 1 99[...]

  • Page 642

    Third Party Licenses and Notices Software License and Copyright Statements page A-12 OmniSwitch 6600 Family Network Con figuration Guide April 2006 L. Wind River Systems, Inc. Provided with th is product is certain software (“ Run-Time Module”) licensed from Wind River Sy stems, Inc. Licensee is prohibited from: (i) copying the Ru n-Time Module[...]

  • Page 643

    OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-1 Index Numerics 802.1p trusted ports 38-20 802.1Q 25-1 application examples 25-9 defaults 25-2 enabling tagging 25-5, 25-6 frame type 25-7 overview 25-3 specifications 25-2 trusted ports 38-5, 38-20 verify information about 25-11 802.1Q ports trusted 38-20 802.1X 36-1 Access Guar[...]

  • Page 644

    Index Index-2 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 policies 38-49 policy map groups 38-43 Port Mapping 23-2 port mirroring 41-5 port monitoring 41-7 QoS 38-22, 38-49 RIP 30-3 RMON 41-9 source learning 16-2 Spanning Tree Algorithm and Protocol 19-7, 19-29 static link aggreg ation 26-3, 26-16 switch health 41-11 switch log[...]

  • Page 645

    Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-3 dynamic link aggregation 27-3 ethernet port 15-3 IP 28-2, 29-2 IPMS 40-2 memory monitoring 43-2 mobile ports 21-2 policy servers 37-2 Port Mapping 23-2 port mirroring 41-4 port monitoring 41-6 QoS 38-9 RDP 31-2 RDP interface 31-9 RIP 30-2 RMON 41-9 source learning 16-2, 17[...]

  • Page 646

    Index Index-4 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 F Fast Spanning Tree 19-4 filtering lists see ACLs flow command 15-14 flow control 15-14, 15-23 flow control wait time 15-15 flow wait time command 15-15 fragments built-in policies 38-1 1 classifying 38-17 frame type 25-7 H health interval command 41-36 health statistic[...]

  • Page 647

    Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-5 ip multicast switc hing command 40-5 ip rip force-holddowntimer command 30-9 ip rip host-route command 30-9 ip rip interface au th-key command 30-15 ip rip interf ace auth- type command 30-14 ip rip interface command 30-7 ip rip interface me tric command 30-8 ip rip interf[...]

  • Page 648

    Index Index-6 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 LDAP servers see policy servers used for QoS policies 37-3 Lightweight Director y Access Protocol see LDAP servers line speed 15-16 link aggregation 802.1Q 25-6 dynamic link aggregation 27-1 enabling tagging 25-6 Spanning Tree parameters 19-21, 19-23, 19-25, 19-27, 19-28[...]

  • Page 649

    Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-7 policy server flush command 37-6 compared to qos flush command 37-7 policy server load command 37-6 policy servers defaults 37-2 downloading policies 37-6 installing 37-3 SSL 37-6 policy service command 39-10 policy service group command 38-34, 39-10 policy service groups [...]

  • Page 650

    Index Index-8 O mniSwitch 6600 Family Network Configuration Guid e Apr il 2006 qos stats interval command 38-18 qos trust ports command 38-21 Quality of Service see QoS queues shared 38-20 R RADIUS accounting servers standard attributes 34- 13 used for 802.1X 36-13 used for authenticated VLANs 35-35 VSAs 34-14 RADIUS authentic ation servers 34-9 fu[...]

  • Page 651

    Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-9 show 802.1q command 25-8, 25-11 show 802.1x command 36-3 show aaa accounting vlan command 35-6 show aaa authentication alvan command 35-6 show amap command 24-7 show arp command 28-10 show avlan user command 35-26 show health command 41-37 show health interval command 41-3[...]

  • Page 652

    Index Index-10 OmniSwi tch 6600 Family Network Configuration Guid e Apr il 2006 static VLAN port assignment 21-4 STP see Spanning Tree Algor ithm and Protocol subnet mask 28-9 switch health application examples 41-11 defaults 41-11 monitoring 41-32 specifications 41-10 switch health statistics resetting 41-38 viewing 41-37 switch logging applicatio[...]

  • Page 653

    Index OmniSwitch 6600 Family Network Configurati on Guide April 2006 Index-11 VLANs 18-1, 18-6 802.1Q 25-3 administrative st atus 1 8-7 application examples 18-3, 18-13, 21-3 authentication 18-12 default VLAN 21-1, 21-13 defaults 18-2 description 18-7 enabling tagging 25-3 IP router ports 28-7 MAC address aging time 16-7 operational status 18-6 por[...]

  • Page 654

    Index Index-12 OmniSwi tch 6600 Family Network Configuration Guid e Apr il 2006[...]