3Com SUPERSTACK 2200 manual

® S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION C ONSOLE U SER G UIDE P art No. 801-00310-000 Published September 1996 Revision 01[...]

3Com Corporation ■ 5400 Bayfront Plaza ■ Santa Clara, California ■ 95052-8145 © 3Com Corporation, 1996. All rights r eserved. No part of this documentation may be reproduced in any form or b y any means or used to make any derivativ e work (such as translation, transformation, or adaptation) without permission from 3C om Corporation. 3Com Co[...]

C ONTENTS A BOUT T HIS G UIDE Introduction 1 How to Use This Guide 2 Con ventions 3 Switch 2200 Documentation 4 Documentation Comments 5 P ART II NTRODUCTION 1 S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW About Switch 2200 Administration 1-1 Configuration T asks 1-1 2 H OW TO U SE THE A DMINISTRATION C ONSOLE Initial User Access 2-1[...]

Administration C onsole Inter face P arameters 2-10 Adjusting the Screen Height 2-10 Disabling the Reboot and Abor t Keys 2-11 Remote Access P arameters 2-11 Pr eventing Disconnections 2-11 Enabling Timeout of Remote Sessions 2-12 Setting Timeout Inter val for Remot e Sessions 2-13 Running Scripts of Administration C onsole T asks 2-13 Getting Help[...]

Setting Up SNMP on Y our System 3-15 Displaying SNMP Settings 3-15 Configuring C ommunity Strings 3-15 Administering SNMP T rap Repor ting 3-16 Displaying T rap Inf ormation 3-16 Configuring T rap Repor ting 3-17 Removing T rap Destinations 3-18 Flushing T rap Destinations 3-19 Setting Up SMT Event P ro xying 3-19 4 A DMINISTERING Y OUR S YSTEM E[...]

8 A DMINISTERING FDDI R ESOURCES Administering FDDI Stations 8-1 Displaying Station Information 8-2 Setting the Connection P olicies 8-3 Setting Neighbor Notification Timer 8-5 Enabling and Disabling Status Repor ting 8-5 Administering FDDI P aths 8-6 Displaying P ath Inf ormation 8-6 Setting tvxLo werBound 8-7 Setting tmaxLow erBound 8-8 Setting [...]

Administering STP Bridge P arameters 10-7 Enabling and Disabling STP on a Bridge 10-7 Setting the Bridge Priority 10-7 Setting the Bridge Maximum Age 10-8 Setting the Bridge Hello Time 10-9 Setting the Bridge F orward Delay 10-9 Setting the STP Group Addr ess 10-10 11 A DMINISTERING B RIDGE P ORTS Displaying Bridge P ort Information 11-1 Setting th[...]

Loading P ack et F ilters 12-22 Assigning P acket F ilters to P or ts 12-22 Unassigning P acket Filt ers from P orts 12-24 13 C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Using Groups in P acket F ilters 13-1 Listing Groups 13-2 Displaying Groups 13-3 Creating New Groups 13-4 Deleting Groups 13-6 Adding Addr esses and P orts [...]

B T ECHNICAL S UPPORT Online T echnical S er vices B-1 3Com Bulletin Board Service B-1 Access by Modem B-1 Access by ISDN B-2 W orld Wide W eb Site B-2 3ComF orum on CompuSer ve® B-2 3ComF actsSM Automated F ax Ser vice B-3 Suppor t from Y our Network Supplier B-3 Suppor t from 3C om B-4 Returning Pr oducts for Repair B-4 I NDEX[...]

A BOUT T HIS G UIDE Introduction The SuperStack™ II Switch 2200 Administr ation Console User Guide provides all the information you need t o configure and manage your S witch 2200 once it is installed and the system is attached to the network. P r ior to using this guide, y ou should have alr eady installed and set up your system using the Super[...]

2 A BOUT T HIS G UIDE How to U se This Guide This guide is organiz ed by types of tasks you ma y need to perform on the Switch 2200. The parts of the guide are described in T able 1. T able 1 Description of Guide Parts Part Contents I: Introduction Introducing Switch 2200 administration Learning about the various system configurations and the quick[...]

Conventions 3 C on v en tions T able 2 and T able 3 list icon and tex t conv entions that are used throughout this guide. IV: Bridging Configuring bridge and bridge port parameters Administering the Spanning Tree Protocol bridge and bridge port parameters Displaying and configuring bridge port addresses Creating and using packet filters Creating ad[...]

4 A BOUT T HIS G UIDE S witch 2200 Documentation T he follo wing documents comprise the Switch 2200 documentation set. If you want to order a document that you do not ha ve or or der additional documents, contact your sales representativ e for assistance . ■ SuperStack™ II Switch 2200 Unpacking Instructions Describes how to unpack your S witch [...]

Documentation Comments 5 ■ SuperStack™ II Switch 2200 Getting Star ted Describes all the procedures necessar y for planning y our configuration and for installing , cabling , powering up , and troubleshooting your Switch 2200 system. (Shipped with system/P ar t No . 801-00309-000) ■ SuperStack™ II Switch 2200 Operation Guide Pr ovides inf [...]

I Chapter 1 Over view of SuperStack™ II Swit ch 2200 Administration Chapter 2 How to Use the Administration C onsole I NTRODUCTION[...]

1 S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW This chapter introduces y ou to SuperStack™ II Swit ch 2200 administration and briefly describes the system parameters that you can configure . About S witch 2200 Administr ation The Switch 2200 software is installed at the factor y in flash memory on the system processor . Because [...]

1-2 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW T able 1-1 General System C ommands Task Quick Command For Details, See. . . Run a script of commands to set up a system Write a script of Console commands with the values you assign so that you can quickly configure one or more systems. You can run the same script on a num[...]

Configuration Tasks 1-3 Save, restore, or reset nonvolatile data in the system Provide a backup for nonvolatile data, restore nonvolatile data to the system, or reset nonvolatile data to defaults. system nvData page 6-2 Reboot the system Restart the system. Disconnects rlogin and telnet sessions. system reboot page 4-4 T able 1-2 System Management [...]

1-4 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW Configure SNMP management Display current SNMP configurations and specify the type of authorization for SNMP management. snmp display snmp community page 3-15 Configure SNMP trap reporting Display SNMP trap reporting information, add or modify trap reporting destination con[...]

Configuration Tasks 1-5 Configure Spanning Tree Protocol (STP) parameters for a bridge Enable or disable STP and set the bridge priority, the maximum age of stored configuration message information, the period between the generation of messages by a root bridge, the amount of time a bridge spends in the listening and learning states, and the group [...]

1-6 C HAPTER 1: S UPER S TACK ™ II S WITCH 2200 A DMINISTRATION O VERVIEW T able 1-4 Ethernet Commands Task Quick Command For Details, See. . . Display Ethernet port information Display label, status, and statistic information on Ethernet ports in a summarized or detailed format. ethernet summary ethernet detail page 7-1 Label an Ethernet port As[...]

Configuration Tasks 1-7 T able 1-5 FDDI Commands Task Quick Command For Details, See. . . Display FDDI information Display information about the system’s FDDI station, paths, MAC, and ports. MAC information is available in a summarized or detailed format. fddi station displa y fddi path displa y fddi mac summary fddi mac detail fddi port display [...]

2 H OW TO U SE THE A DMINISTRATION C ONSOLE This chapter familiariz es you with user access lev els of the Superstack™ II Switch 2200 A dministration Console and explains how t o: ■ Move ar ound within the menu hierarch y to perform tasks ■ Set up the inter face parameters ■ Access online help ■ Use scripts for per forming A dministration[...]

2-2 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Each time you access the Administration C onsole , the system prompts y ou for an access level and passw ord , as shown here: Select access level (read, write, administer): Password: The passwor ds are stored in non v olatile (NV ) memor y . Y ou must enter the password corr ectly before y o[...]

Using Menus to Perform Tasks 2-3 Read Acc ess Example If you have r ead access, the system menu contains only the display options shown here: Menu options: ------------------------------------------------------------------ display - Display the system configuration baseline - Administer statistics baseline Type ‘q’ to return to the previous men[...]

2-4 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Administr ation C onsole Menu Structure The follo wing sections show the menu paths for performing tasks from the top-level menu and pr ovide a brief description of each top-lev el menu option. See “Selecting Menu Options” on page 2-8 for instructions on actually using the menu system. T[...]

Using Menus to Perform Tasks 2-5 FDDI Menu F rom the fddi menu , you can view information about and configur e the FDDI station, paths, MAC, and ports. (See Figure 2-3.) F or example, to enable the LL C ser vice of the FDDI MAC, you ent er fddi at the top-lev el menu, mac at the fddi menu , and then llcS ervice at the mac menu. Figur e 2-3 FDDI Me[...]

2-6 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Figur e 2-4 Bridging Menu Hierarchy f or Administ er Access IP Menu F rom the ip menu, y ou can view information about and configure Int ernet Pr otocol (IP) interfaces and routes. Y ou can also administer the Addr ess Resolution Pr otocol (ARP) and the Routing Inf ormation P rotocol (RIP),[...]

Using Menus to Perform Tasks 2-7 SNMP Menu F rom the snmp menu, you can configur e SNMP community strings and trap reporting. (See F igure 2-6.) For example , to flush all trap reporting destinations, you ent er snmp at the top-level menu, trap at the snmp menu, and then flush at the trap menu. Figur e 2-6 SNMP Menu Hierarchy f or Administ er Ac[...]

2-8 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Selec ting Menu Options Y ou selec t a menu option at the selection prompt by entering its name (or enough of the name to uniquely identify it within the par ticular menu). F or example, to access the system menu from the top-level menu, you ent er : Select a menu option: system OR Select a [...]

Using Menus to Perform Tasks 2-9 If you enter a command incorrectly , you receive a pr ompt telling you that what you entered was not v alid or was ambiguous. Y ou must re-enter the command from the point at which it became incorrect. Entering V alues When you reach the lev el at which you per form a specific task, you are prompted f or a value . [...]

2-10 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Administr ation C onsole Interface P aramet ers Y ou can change t wo A dministration Console int er face parameters: the screen height and the functioning of the reboot and abor t control keys. Adjusting the Screen Height Y ou can change the Administration Console ’ s screen height to inc[...]

Remote Access Parameters 2-11 Example: Do you want this to be the new default screen height? (y/n): y Disabling the Reboot and Abor t Keys As shipped , the Administration Console allows you t o use the [Ctrl + X] or [Ctrl + C] key combinations within the Administration Console . These key strokes allow you to r eboot the system [Ctrl + X] or r esta[...]

2-12 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE T o ensure that your Administration Console session will not be pr e-empted by remote access , you can lock the Administration Console . Remote access is prohibited only f or that par ticular session. The Administr ation Console is alw ays locked when y ou are in the middle of a command . F[...]

Running Scripts of Administration Console Tasks 2-13 Setting Timeout Interval for Remote Sessions Y ou can set the timeout inter v al for r emote sessions to an y value from 30 minutes to 60 minutes. B y default, the timeout inter v al is 30 minutes. T o set the telnet timeout inter v al: 1 F rom the top lev el of the Administration C onsole , ente[...]

2-14 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE The task you scripted is run in the A dministration C onsole. The next example shows how you can script these tasks t o initially configure your system: ■ Setting up the Console port baud rate ■ Setting the system name ■ Assigning an IP address f or management ■ Checking the IP con[...]

Running Scripts of Administration Console Tasks 2-15 # This script performs some start-up configurations. # # Set the Console serial port baud rate. # system consoleSpeed 300 # Console port baud rate # # Set the system name # system name Engineering Switch2200_4 # # Assign an IP address to the Switch 2200. # ip interface define 158.101.112.99 # IP [...]

2-16 C HAPTER 2: H OW TO U SE THE A DMINISTRATION C ONSOLE Getting Help in the Administr ation C onsole If you need assistance when using the Administration C onsole , it has online Help and an outlining feature , both of which can be accessed from any menu level. These f eatures ar e described in this section. Online Help The Administration C onso[...]

Exiting the Administration Console 2-17 Exiting the Administr ation C onsole If you are using an rlogin session t o access the system, exiting will terminate the session. If you are accessing the system through the C onsole serial port, exiting returns you t o the passwor d prompt. T o exit from the Administration Console: 1 Return to the top level[...]

II Chapter 3 Configuring Management Access to the System Chapter 4 Administering Y our System Environment Chapter 5 Baselining Statistics Chapter 6 Saving , Restoring, and Resetting Nonvolatile Data S YSTEM -L EVEL F UNCTIONS[...]

[...]

3 C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM This chapter describes how to configure management access to the SuperStack™ II Switch 2200 stackable switch through a serial connection or an IP inter face. I t also describes how to configure the S witch 2200 so that you can manage it using the Simple Network Management Pr otocol (SNMP). About[...]

3-2 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM In-band or Out-of-band? By default, the Switch 2200 system pro vides in-band management through its Ethernet and FDDI ports. In-band management, management using the same network that carries regular data traffic , is often the most convenient and inexpensive way to access y our syste[...]

Setting Up an IP Interface for Management 3-3 Setting Up an IP Inter face for Management IP is a standard networking protocol used for communications among various networking devices. T o access the system using TCP/IP or t o manage the system using SNMP , you must set up IP for y our system as described in this section. General Setup Pr ocess Y ou[...]

3-4 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM ■ Broadcast Addr ess The system uses the IP address when it br oadcasts packets to other stations on the same subnet. In par ticular , the system uses this address for sending RIP updates. By default, the system uses a direc ted broadcast (all 1 s in the host field). ■ Cost The sy[...]

Setting Up an IP Interface for Management 3-5 IP forwarding is enabled, RIP is active, ICMP router discovery is disabled. Index IP address Subnet mask Cost Ports 1 158.101.1.1 255.255.255.0 1 1 2 158.101.4.1 255.255.255.0 1 2 3 158.101.6.1 255.255.255.0 1 5 4 158.101.8.1 255.255.255.0 1 8 Defining an Inter face When you define an inter face , you[...]

3-6 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM 3 Enter the subnet mask of the network to which the inter face is to be connected. 4 Enter the broadcast address to be used on the interface. 5 Enter the cost value of the int er face. 6 Enter the port(s) that you want to include in the inter face . Separate nonconsecutive ports with c[...]

Setting Up an IP Interface for Management 3-7 Removing an Interface Y ou might want to remove an inter face if you no longer need to communicate with IP on the ports associated with that inter face . T o remove an IP inter face definition: 1 F rom the top lev el of the Administration C onsole , enter: ip interface remove 2 Enter the index numbers [...]

3-8 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM ■ Gateway IP Addr ess This address tells the r outer how t o forward packets whose destination address matches the route ’ s IP address and subnet mask. The system forwards such packets to the indicated gateway . ■ Status The status of the route pr ovides the inf ormation describ[...]

Setting Up an IP Interface for Management 3-9 Defining a S tatic Route Y ou might want to define a static route to transmit system traffic , such as system pings or SNMP response , through a consistent route . Before y ou define static routes, you must define at least one IP inter face . (See “D efining an Inter face ” on page 3-5.) Static[...]

3-10 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Flushing a Route Flushing delet es all learned routes fr om the routing table . T o flush all learned routes, enter the following from the top lev el of the Administration C onsole: ip route flush All learned routes are immediat ely deleted from the r outing table. Setting the Defaul[...]

Setting Up an IP Interface for Management 3-11 Administering the ARP Cache The Switch 2200 uses the A ddress Resolution P r otocol (ARP) to find the MAC addresses corr esponding to the IP addr esses of hosts and routers on the same subnets. An ARP cache is a table of k nown IP addresses and their corresponding MAC addr esses. Displaying the ARP C [...]

3-12 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Flushing ARP C ache Entries Y ou might want to delete all entries from the ARP cache if the MAC address has changed. T o remove all entries from the ARP cache , enter the follo wing command from the top level of the A dministration C onsole: ip arp flush The ARP cache entries are imme[...]

Setting Up an IP Interface for Management 3-13 Pinging uses the Internet C ontrol Message P r otocol (ICMP) echo facility to send an ICMP echo request packet to the IP station you specify . I t then waits for an ICMP echo reply packet. Possible r esponses from pinging are: ■ Alive ■ No answer ■ Network is unreachable. A network is unreachable[...]

3-14 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM Displaying IP Statistics T he IP statistics you can view are described in T able 3-3. T o display IP statistics, enter the following fr om the top level of the Administration C onsole: ip statistics Statistics are display ed , as shown in this example: IP forwarding is enabled, RIP is[...]

Setting Up SNMP on Your System 3-15 Setting Up SNMP on Y our Sy stem T o manage the Switch 2200 from an external management application, you must configure SNMP community strings and set up trap repor ting as described in this section. Y ou can manage the Switch 2200 using an SNMP-based external management application. This application (an SNMP ma[...]

3-16 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM in the request matches the agent’ s read-write community . Only the SNMP get and get-next requests are va lid if the community string in the request matches the read-only community . Community string length When you set a community string, you can specify any value up to 48 characte[...]

Setting Up SNMP on Your System 3-17 Here is an example display of the SNMP trap r epor ting information: Trap Descriptions: Trap #Description 1 MIB II: Coldstart 2 MIB II: Authentication Failure 3 Bridge MIB: New Root 4 Bridge MIB: Topology Change 5 LANplex Systems MIB: System Overtemperature 10 LANplex Systems MIB: Address Threshold 12 LANplex Opt[...]

3-18 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM 3 Enter the trap number(s). Separate a series of more than two trap numbers with a hyphen (-) and nonsequential trap numbers by commas. Enter all if you want to enable all the traps for the destination. The trap numbers y ou enter allow the tr ap specified by that number to be sent t[...]

Setting Up SNMP on Your System 3-19 Flushing T rap Destinations When flushing the SNMP trap reporting destinations, you remove all trap destination address information f or the SNMP agent. T o flush all SNMP trap repor ting destinations: 1 F rom the top lev el of the Administration C onsole , enter: snmp trap flush Y ou receive the following pr o[...]

3-20 C HAPTER 3: C ONFIGURING M ANAGEMENT A CCESS TO THE S YSTEM occurring locally on the one Switch 2200 and to those r eported by other stations on the FDDI ring (including other Switch 2200s). ■ Enable local SNMP traps and disable the proxying of remote SMT events on ever y Switch 2200 in y our network. Local traps will be reported to the mana[...]

4 A DMINISTERING Y OUR S YSTEM E NVIRONMENT This chapter f ocuses on the administration of your SuperStack™ II Swit ch 2200 system envir onment, which involv es: ■ Displaying the current system configuration ■ Setting system passwor ds ■ Setting the system name ■ Changing the system date and time ■ Rebooting Displa ying the Sy stem C o[...]

4-2 C HAPTER 4: A DMINISTERING Y OUR S YSTEM E NVIRONMENT ■ System temperatur e has exceeded the maximum lev el for normal operation ■ F an failure ■ P ower supply failur e Setting P asswor ds The A dministration Console supports three levels of passwor d: one for browsing or viewing only (read), one for configuring network parameters (write[...]

Setting the System Name 4-3 The administration console password has been successfully changed. 6 Repeat steps 1 through 5 f or each level of passwor d you want to configur e. Setting the Sy stem Name Y ou should give the Switch 2200 an easily recognizable and unique name to help you manage the system. F or example , you might want to name the syst[...]

4-4 C HAPTER 4: A DMINISTERING Y OUR S YSTEM E NVIRONMENT 4 Pr ess [Return] when you want the system to start keeping the time that you entered. Example: Enter the new system time (mm/dd/yy hh:mm:ss xM): 09/30/96 10:00:00 AM Press RETURN at the exact time: Rebooting the Sys te m If your system is connected to the Administration C onsole through an [...]

5 B ASELINING S TATISTICS This chapter describes ho w baselining statistics work in the SuperStack™ II Switch 2200, and how to set, display , enable, or disable a baseline statistic. About Setting Baselines Normally , statistics for MA Cs and por ts start compiling at system power-up . Baselining allows you t o view statistics over the period of [...]

5-2 C HAPTER 5: B ASELINING S TATISTICS Setting Baselines Setting a baseline resets the counters to zero . The accumulated t otals since power up are maintained b y the system. The baseline is time-stamped. T o set a baseline, enter the following commands fr om the top level of the Administration C onsole: system baseline set A message similar to t[...]

6 S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA This chapter describes the non volatile (NV ) data in the SuperStack™ II Switch 2200 system and how to save , restore , and reset the data. About W ork ing with Non v olatile Da ta If you want to transfer NV data from one syst em to another , save the system ’ s NV data and restore it a[...]

6-2 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA Sa ving NV Data When NV data is saved , it is written to a disk file on a host computer . The information can then be retriev ed from the disk file when you use the restore command . T o save NV data: 1 F rom the top lev el of the Administration C onsole , enter: system nvDa[...]

Restoring NV Data 6-3 The failure message v aries depending on the problem encounter ed while saving the NV data. At the end of the sav e , you are returned t o the previous menu. Restoring NV Data When you rest ore system NV data, the soft ware presents y ou with a proposal for ho w to restor e the data. This pr oposal is based on the restoration [...]

6-4 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA T o restore the NV data: 1 F rom the top lev el of the Administration C onsole , enter: system nvData restore Y ou are prompted for inf ormation for rest oring the NV data sav ed to a file. Pr ess [Return] at a prompt to use the v alue specified in brackets. Any entr y for I[...]

Examining a Saved NV Data File 6-5 Examining a Sa v ed NV Data F ile After saving NV data to a file , you can examine the header information of that file. T o examine the file: 1 F rom the top lev el of the Administration C onsole , enter: system nvData examine Y ou are prompted for inf ormation for examining a sa ved NV data file. Press [Retur[...]

6-6 C HAPTER 6: S AVING , R ESTORING , AND R ESETTING N ONVOLATILE D ATA Resetting NV Data to Defaults At times you ma y not want to restor e the system NV data. Instead, you may want to reset the v alues to the factor y defaults so that you can start configuring the system from the original settings . CAUTION: Resetting the NV data means that all[...]

III Chapter 7 Administering Ethernet P or ts Chapter 8 Administering FDDI Resour ces Chapter 9 Setting Up the System f or Roving Analysis E THERNET AND FDDI P ARAMETERS[...]

[...]

7 A DMINISTERING E THERNET P ORTS This chapter describes how to: ■ View Ethernet por t information ■ Configur e Ethernet port labels ■ Enable or disable an Ethernet port Displa ying Ethernet P ort Information Y ou can display either a summar y of Ethernet port information or a detailed report. When you displa y a summar y of Ethernet port in[...]

7-2 C HAPTER 7: A DMINISTERING E THERNET P ORTS port rxFrames rxBytes rxFrameRate rxByteRate 1 406430 36336795 0 0 12 242400 29275605 0 0 port rxPeakByteRate rxPeakFrameRate noRxBuffers alignmentErrs 1 90484 163 0 0 12 58438 394 0 0 port fcsErrs lengthErrs rxInternalErrs rxDiscards 1 0 0 0 0 12 0 0 0 0 port rxUnicasts rxMulticasts txFrames txBytes [...]

Displaying Ethernet Port Information 7-3 An example of a summar y display for E thernet por ts is shown here: T able 7-1 describes the information provided about an Ethernet port. port portLabel portState 1 Office113_SPARCstation5 on-line 12 Office322_Quadra900 on-line port rxFrames txFrames rxBytes txBytes 1 406876 1423733 36377226 234900612 12 24[...]

7-4 C HAPTER 7: A DMINISTERING E THERNET P ORTS portLabel 32-character string containing a user-defined name. The maximum length of the string is 32 characters, including the null terminator. portState Current software operational state of this port. Possible values are on-line and off-line. portType Specific description of this port’s type. requ[...]

Displaying Ethernet Port Information 7-5 txFrameRate Average number of frames transmitted per second by this port during the most recent sampling period. Sampling periods are 1 second long and are not configurable. txFrames The number of frames transmitted by this port txInternalErrs Number of frames discarded because of an internal error during tr[...]

7-6 C HAPTER 7: A DMINISTERING E THERNET P ORTS F rame P roc essing and Ethernet Statistics All frames on the Ethernet network are received pr omiscuously by an Ethernet port. However , frames may be discarded f or the following r easons: ■ There is no buff er space av ailable. ■ The frame is in error . F igure 7-1 shows the order in which thes[...]

Displaying Ethernet Port Information 7-7 F rames are deliv ered to an Ethernet port by bridge and management applications. However , a frame may be discarded for the follo wing reasons: ■ The Ethernet port is disabled. ■ There is no r oom on the transmit queue. ■ An error occurred during frame transmission. F igure 7-2 shows the order in whic[...]

7-8 C HAPTER 7: A DMINISTERING E THERNET P ORTS Labeling a P ort Port labels ser v e as useful refer ence points and as an accurate means of identifying your ports for management. Y ou may want to label your Ethernet ports so that you can easily identify the device specifically attached to each por t (for example , LAN, workstation, or ser v er). [...]

8 A DMINISTERING FDDI R ESOURCES This chapter describes how t o display information about and configur e the SuperStack™ II Switch 2200 system and its: ■ FDDI station ■ FDDI paths ■ Media Access Contr ol (MAC) ■ FDDI por ts This chapter , which covers adv anced FDDI topics , is intended for users familiar with the FDDI MIB. Under normal [...]

8-2 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Displaying S tation Information When you displa y FDDI station information, you receive inf ormation about the station, including its configuration, status repor ting, and the most per tinent statistics about general station activit y and errors. 1 Enter the follo wing from the top level of the A dmin[...]

Administering FDDI Stations 8-3 Setting the C onnection Policies The connectP olic y attribute is a bit string representing the connection policies in effect on a station. A connec tion ’ s typ e is defined b y the types of the two por ts inv olved (A, B, M, or S) in the connec tion. Y ou can set the corresponding bit for each of the connection [...]

8-4 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T o set the connec tion policies of an FDDI station: 1 F rom the top lev el of the Administration C onsole , enter: fddi station connectPolicy Y ou are prompted for a station. The Switch 2200 has one station, which appears in brackets. 2 Pr ess Return. 3 Enter the value of the connection policy for tha[...]

Administering FDDI Stations 8-5 Setting Neighbor Notification Timer The T-notify attribute is a timer used in the Neighbor Notification pr otocol to indicate the interval of time between the generation of Neighbor Information F rames (NIF). NIF frames allow stations to discover their upstream and downstream neighbors . The T-notify value has a ra[...]

8-6 C HAPTER 8: A DMINISTERING FDDI R ESOURCES 2 Pr ess [Return]. 3 Enter the new statusReporting value ( enabled or disabled ). See the following example: Select station [1]: Station 1 - Enter new value (disabled,enabled) [enabled]: disabled Administ ering FDDI P aths FDDI’ s dual, counter-rotating ring consists of a primar y ring and a secondar[...]

Administering FDDI Paths 8-7 3 Enter the path ( p = primar y , s = secondar y). See the following example of path inf ormation: T able 8-3 describes these statistics. Setting tvxLow erBound The tvxLow erBound attribute specifies the minimum time value of f ddiMAC TvxV alue that will be used by an y MAC that is configur ed onto this path. A MAC us[...]

8-8 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T o set tvxLowerBound: 1 F rom the top lev el of the Administration C onsole , enter: fddi path tvxLowerBound Y ou are prompted for a station, path, and value. The Swit ch 2200 has one station, which appears in brackets. 2 Pr ess [Return]. 3 Enter the path ( p = primar y , s = secondar y). 4 Enter the [...]

Administering FDDI MACs 8-9 Setting maxT-Req The maxT-Req attribute specifies the maximum time v alue of fddiMA CT-Req that will be used by any MA C that is configured onto this path. T-Req is the value that a MA C bids during the claim process to determine a ring ’ s operational token rotation time, T_Opr . The lo west T-Req bid on the ring be[...]

8-10 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Displaying MA C Information FDDI MAC inf ormation can be viewed in a summary or in detail. When you display a summary of various FDDI MAC statistics , you receiv e information about the MAC, including received and transmitted frames and received and transmitted bytes . The detailed displa y includes t[...]

Administering FDDI MACs 8-11 The follo wing example shows the detail display of FDDI MA C information: rxFrames rxBytes rxFrameRate rxByteRate 103666 23089968 36 7582 rxPeakFrameRate rxPeakByteRate lostCount lateCount 48 10308 0 0 notCopiedCount notCopiedThresh notCopiedRatio notCopiedCond 0 6550 0 inactive errorCount frameErrThresh frameErrorRatio[...]

8-12 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T able 8-4 describes the information provided for the FDDI MA C. T able 8-4 Description of Fields f or FDDI MA C Attributes Field Description currentPath Path on which this MAC is currently located (primary or secondary) downstream MAC address of this MAC’s downstream neighbor downstreamType Indicat[...]

Administering FDDI MACs 8-13 oldDownstream Previous value of the MAC address of this MAC’s downstream neighbor oldUpstream Previous value of the MAC address of this MAC’s upstream neighbor ringOpCount Number of times that this MAC has entered the operational state from the nonoperational state rmtState State of the ring management as defined in[...]

8-14 C HAPTER 8: A DMINISTERING FDDI R ESOURCES F rame P roc essing and FDDI MAC Statistics All frames on the FDDI network are receiv ed promiscuously by an FDDI MAC. However , a frame might be discarded for the follo wing reasons: ■ There is no buff er space av ailable. ■ The frame is in error . tvxCapab Maximum time value of the valid transmi[...]

Administering FDDI MACs 8-15 ■ LL C ser vice is disabled . ■ This is an NSA F rame and the A-bit is set. F igure 8-1 shows the order in which these discard tests are made . Figur e 8-1 How Fr ame Pr ocessing Aff ects FDDI MAC Receive F rame S tatistics F rames are deliv ered to an FDDI MA C by bridges and management applications. However , a fr[...]

8-16 C HAPTER 8: A DMINISTERING FDDI R ESOURCES F igure 8-2 shows the order in which the discard tests are made . Figur e 8-2 How Fr ame Pr ocessing Aff ects FDDI MAC T ransmit F rame S tatistics Setting the F rame Error Thr eshold The Fr ameErrorThreshold attribute determines when a MAC condition r epor t is generated because too many frame err or[...]

Administering FDDI MACs 8-17 See the following example: Select MAC [1]: MAC 1 - Enter new value [655]: Setting the Not C opied Thr eshold The NotCopiedThr eshold attribute determines when a MAC condition r epor t is generated because too many frames could not be copied . Not-copied frames occur when there is no buffer space a vailable in the statio[...]

8-18 C HAPTER 8: A DMINISTERING FDDI R ESOURCES Enabling and Disabling LL C Ser vice The L ogical Link Contr ol (LL C) ser vice allows LL C frames to be sent and received on the MA C. LL C frames are all data frames transmitted on the network. I f there is something wrong on y our network, you may want to turn off data (user) traffic for a MA C by[...]

Administering FDDI Ports 8-19 Administ ering FDDI P orts Within an FDDI station, the PHY and PMD entities make up a por t. A por t (consisting of the PHY/PMD pair that connects to the fiber media) is located at both ends of a physical connection and determines the characteristics of that connection. Each FDDI por t is one of f our types: A, B, M, [...]

8-20 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T able 8-5 describes the t ype of information pro vided for an FDDI port. Setting lerAlarm The lerAlarm attribute is the link error rate (LER) v alue at which a link connection generates an alarm. If the LER value is greater than the alarm setting, then SMT sends a Status Repor t F rame (SRF) to the n[...]

Administering FDDI Ports 8-21 values so that y ou are only receiving alarms if y our network is in poor health. The SMT Standard r ecommended value is 8. The lerAlarm value must be higher than the lerCutoff v alue so that the network manager will be aler ted to a problem before the PHY (port) is actually remov ed from the network. T o set lerAlarm [...]

8-22 C HAPTER 8: A DMINISTERING FDDI R ESOURCES T o set the lerCutoff : 1 F rom the top lev el of the Administration C onsole , enter: fddi port lerCutoff Y ou are prompted for a port number and an estimated link error rate value at which the link connection will be broken. 2 Enter the por t number . 3 Enter the estimated link error rat e value . V[...]

Administering FDDI Ports 8-23 Setting the Po r t Pa t hs In the Switch 2200 you can assign the A and B ports to either the primar y or the secondar y path. T o assign por ts to paths: 1 F rom the top lev el of the Administration C onsole , enter: fddi port path Y ou are prompted for a port. 2 Enter the port(s) you want to configure. 3 Select the D[...]

9 S ETTING U P THE S YSTEM FOR R OVING A NALYSIS This chapter describes how t o set up the SuperStack™ II Switch 2200 system for ro ving analysis. With roving analysis, you can monitor Ethernet por t activit y either locally or remotely using a network analyz er attached to the system. About Roving Ana lysi s Roving analysis is the monitoring of [...]

9-2 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS the remote port is located. T he remote system must be locat ed on the same FDDI ring as the system to which the analyzer is attached . F igure 9-1 shows the process for establishing local and remote monit oring of por ts. Figur e 9-1 Roving Analysis of Local and Remot e Ethernet P orts[...]

Adding an Analyzer Port 9-3 T o display the roving analysis configurations, enter the following from the top level of the A dministration Console: analyzer display The configurations are displa yed as shown in the f ollowing example: Ethernet ports configured as analyzer ports: Ethernet Port Address 9 00-80-3e-0a-3b-02 Ethernet ports being monito[...]

9-4 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS Once the analyzer port is set, it is disabled from receiving or transmitting any other data. Instead, it transmits the data it receives from the monitor ed por t to the network analyzer . I f you ha ve enabled Spanning T ree on this por t, it is automatically disabled as long as the por[...]

Starting Port Monitoring 9-5 Starting Port Monitoring After you ha ve a local or remote port configured for the network analyzer , you can start monitoring por t activity . 3Com rec ommends that you AL W A YS configure the analyzer port before configuring the monitored ports. T o star t monitoring a new port: 1 F rom the top lev el of the Admini[...]

9-6 C HAPTER 9: S ETTING U P THE S YSTEM FOR R OVING A NALYSIS Y ou are then prompted for an FDDI port through which the data should be forwarded, as shown below : Select FDDI port (1-2): 2 Once you successfully configure a port to monitor , all the data received and transmitted on the por t is forwarded to the selected analyzer por t, as well as [...]

IV Chapter 10 Administ ering the Bridge Chapter 11 Administ ering Bridge P orts Chapter 12 Creating and Using P ack et F ilters Chapter 13 C onfiguring Address and P or t Groups to Use in P acket Filters B RIDGING P ARAMETERS[...]

10 A DMINISTERING THE B RIDGE This chapter describes how to view the bridge setup and how to configure the following bridge-lev el parameters: ■ IP fragmentation ■ IPX snap translation ■ Address thr eshold ■ Address aging time ■ Spanning T ree P rotocol (STP) parameters F or information about configuring the bridge port, see Chapter 11.[...]

10-2 C HAPTER 10: A DMINISTERING THE B RIDGE The follo wing example shows a display of bridge inf ormation. Each item in the bridge parameter list is described in T able 10-1. stpState timeSinceLastTopologyChange enabled 1 hr 28 mins 31 secs topologyChangeCount 2 topologyChangeFlag BridgeIdentifier false 8000 00803e0f2b00 designatedRoot stpGroupAdd[...]

Displaying Bridge Information 10-3 T able 10-1 Bridge Attributes Parameter Description addressCount Number of addresses in the bridge address table addrTableSize Maximum number of addresses that will fit in the bridge address table addrThreshold Reporting threshold for the total number of addresses known on this bridge. When this threshold is reach[...]

10-4 C HAPTER 10: A DMINISTERING THE B RIDGE maxAge The maximum age value at which the stored configuration message information is judged too old and discarded. This value is determined by the root bridge. mode Operational mode of the bridge. Valid value is transparent for IEEE 802.1d Transparent bridging. peakAddrCount Peak value of addressCount p[...]

Enabling and Disabling IP Fragmentation 10-5 Enabling and Disabling IP F r agmenta tion When IP fragmentation is enabled , large FDDI packets are “fragmented” into smaller packets. IP fragmentation allows FDDI and Ethernet stations connected to the Switch 2200 to communicate using IP ev en if the FDDI stations are transmitting packets that woul[...]

10-6 C HAPTER 10: A DMINISTERING THE B RIDGE Setting the Addr ess Thr eshold The address thr eshold for a bridge is the reporting threshold for the total number of Ethernet addresses known to the system. When this thr eshold is reached , the SNMP trap addressThresholdE vent is generated. Address threshold values The range of v alid v alues for this[...]

Administering STP Bridge Parameters 10-7 Administ ering STP Bridge P aramet ers Y ou can enable or disable Spanning T ree Pr otocol in the system and set the following STP bridge paramet ers: priorit y , maximum age, hello time, and forward delay. For more inf ormation about how the Spanning T ree parameters interact at the bridge level to create a[...]

10-8 C HAPTER 10: A DMINISTERING THE B RIDGE T o configure the STP bridge priorit y : 1 F rom the top lev el of the Administration C onsole , enter: bridge stpPriority 2 Enter the priority value at the prompt. If your configuration was successful, you return to the pr evious menu. If the configuration was not successful, you are notified that y[...]

Administering STP Bridge Parameters 10-9 Setting the Bridge Hello Time Hello time is the period between the generation of configuration messages by a root bridge . I f the probability of losing configuration messages is high, shor tening the time makes the protocol mor e robust. However , lengthening the time lowers the o verhead of the algorithm[...]

10-10 C HAPTER 10: A DMINISTERING THE B RIDGE Setting the STP Group A ddress The STP gr oup address is a single address that bridges listen t o when receiving STP inf ormation. Each bridge on the net w ork sends STP packets to the group address . Ever y bridge on the network receiv es STP packets sent to the group address , regardless of which brid[...]

11 A DMINISTERING B RIDGE P ORTS This chapter describes ho w to view bridge port information and configure the following: ■ Multicast packet threshold ■ Spanning T ree P rotocol (STP) parameters ■ Bridge por t addresses Displa ying Bridge P ort Information Bridge por t information includes the STP configurations f or the bridge port. Y ou c[...]

11-2 C HAPTER 11: A DMINISTERING B RIDGE P ORTS The follo wing example shows a bridge port summar y displa y. port rxFrames rxDiscards txFrames Ethernet 1 411180 0 1353766 Ethernet 12 243559 0 1184225 port portId stp state fwdTransitions Ethernet 1 0x8003 enabled forwarding 1 Ethernet 12 0x800e enabled forwarding 1 The follo wing example shows a br[...]

Displaying Bridge Port Information 11-3 T able 11-1 describes the t ype of information pro vided for the bridge port. T able 11-1 Bridge Port Attributes Parameter Description designatedBridge Identification of the designated bridge of the LAN to which the port is attached designatedCost Cost through this port to get to the root bridge. The designat[...]

11-4 C HAPTER 11: A DMINISTERING B RIDGE P ORTS rxFrames Number of frames that have been received by this port from its segment. A frame received on the interface corresponding to this port is only counted by this object if the frame is for a protocol being processed by the local bridging function, including bridge management frames. rxMcastExcDisc[...]

Displaying Bridge Port Information 11-5 state Spanning Tree state (blocking, listening, learning, forwarding, disabled) in which the port is currently operating: Blocking : The bridge continues to run the Spanning Tree algorithm on that port, but the bridge does not receive data packets from the port, learn locations of station addresses from it, o[...]

11-6 C HAPTER 11: A DMINISTERING B RIDGE P ORTS F rame P roc essing and Bridge Port Statistics All frames received on a physical (E thernet or FDDI) inter face and not explicitly directed to the Switch 2200 ar e delivered to the corr esponding bridge por t. A frame is then either for w arded to another bridge port or discarded . A frame might be di[...]

Setting the Multicast Limit 11-7 F igure 11-2 shows the order in which the discard decisions are made . Figur e 11-2 How Fr ame Pr ocessing Aff ects T ransmit Bridge P or t Statistics Setting the Multicast Limit Y ou can assign a multicast pack et firewall thr eshold to a bridge port on the Switch 2200 to limit the f or warding rate of multicast t[...]

11-8 C HAPTER 11: A DMINISTERING B RIDGE P ORTS 4 Enter the new multicast threshold v alue for the port(s). See the example below : Ethernet port 4 - Enter new value [0]: 400 Ethernet port 5 - Enter new value [0]: 400 Administ ering STP Bridge P ort P aramet ers Y ou can enable or disable the Spanning T ree Pr otocol for one or mor e por ts on the [...]

Administering STP Bridge Port Parameters 11-9 The follo wing example shows v alues being set for mor e than one port: Ethernet port 4 - Enter new value (disabled,enabled) [enabled]: disabled Ethernet port 5 - Enter new value (disabled,enabled) [enabled]: disabled Setting the Port P ath C ost Y ou can set the path cost for a bridge por t. The path c[...]

11-10 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Setting the Port Priority The STP port priorit y influences the choice of port when the bridge has two por ts connected to the same LAN, creating a loop . The port with the lowest por t priority will be the one used by the Spanning T r ee Pr otocol. Port priority value Port priority is a 1-oc tet va[...]

Administering Port Addresses 11-11 Administ ering P ort Addresses Y ou can administer the MAC addresses of stations connected to E thernet and FDDI por ts on the Switch 2200. Listing Addr esses Y ou can display MAC addresses curr ently associated with the selected por ts . Each address type (static or dynamic), assigned por t , and age are also lis[...]

11-12 C HAPTER 11: A DMINISTERING B RIDGE P ORTS Adding New Addr esses When you assign new MA C addresses to the selected ports, these addresses are added as statically configured addr esses. A statically configured address is never aged and can never be learned on a diff erent Ethernet port. T o add a MAC address: 1 F rom the top lev el of the A[...]

Administering Port Addresses 11-13 Flushing A ll Addr esses Y ou can flush all static and dynamic MAC addresses from the selected por t(s). Static MAC addresses are those that you specified using the add menu option. D ynamic MAC addr esses are those that wer e automatically learned by the bridge. T o flush all addresses: 1 F rom the top lev el [...]

11-14 C HAPTER 11: A DMINISTERING B RIDGE P ORTS T o freeze all dynamic addresses: 1 F rom the top lev el of the Administration C onsole , enter: bridge port address freeze Y ou are prompted for the port t ype. 2 Enter Ethernet , FDDI , o r all . Y ou are prompted for the port number(s). 3 Enter the number(s) of the por t(s) or all . The dynamic ad[...]

12 C REATING AND U SING P ACKET F ILTERS This chapter describes how t o create and edit packet filters using the packet filter language. This chapter also provides instructions for ho w to: ■ List, display , and delete currently defined filters ■ Load packet filter definitions creat ed in an ASCII-based editor onto the Switch 2200 system [...]

12-2 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Listing P acket F ilters When you list the packet filters f or the system, the filter identification, filter name (if any), and filter assignments are displayed . T o list the currently defined pack et filters , enter the following fr om the top level of the Administration C onsole: bri[...]

Displaying Packet Filters 12-3 Displa ying P acket F ilters When displaying the contents of a single packet filter , you selec t the packet filter using the filter id (which you can obtain b y listing the packet filters as described in the previous section). The packet filter instructions are displayed; however , any comments in the original p[...]

12-4 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS C oncepts f or Writing a F ilter Befor e writing a packet filter , you should understand thsee basic concepts: ■ How the packet filter language works ■ The basic elements of a packet filter ■ How to implement sequential tests in a packet filter ■ The pre-pr ocessed and run-time sto[...]

Creating Packet Filters 12-5 T able 12-2 describes the instruc tions and stacks of a packet filter . T able 12-2 Packet F ilter Instructions and Stacks — Descriptions and Guidelines Element Descriptions and Guidelines Instructions Each instruction in a packet filter definition must be on a separate line in the packet filter definition file. Inst[...]

12-6 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Basic Elements of a P acket F ilter Before creating a packet filter , you must decide which par t of the packet you want to filter . Y ou can filter Ethernet packets by the destination address, source address , t ype/length, or some par t of the data. Y ou can filter FDDI packets by the de[...]

Creating Packet Filters 12-7 The Ethernet and FDDI packet fields in F igure 12-1 are used as operands in the packet filter . T he two simplest operands are described in T able 12-3. The oper ators that you specify in the packet filter allow the filter to make a logical decision about whether the packet should be for warded or discarded . These [...]

12-8 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Implementing Sequential T ests in a Packet F ilter F ilter language expressions ar e normally evaluat ed to completion — a packet is accepted if the value remaining on the top of the stack is non-zero . Frequently , however , a single test is insufficient to filter packets effectively . Wh[...]

Creating Packet Filters 12-9 The follo wing example shows the use of both accept and reject in a packet filter . This packet filter was created f or a network running both Phase I and Phase II AppleT alk. TM The goal of the filter is to eliminate the AppleT alk traffic. Name “Filter AppleTalk datagrams” pushField.w 12 # Get the type field. [...]

12-10 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Run-time storage of packet filters Fo r run-time storage of packet filter programs, each Switch 2200 system provides a maximum of 8192 byt es. T here is no explicit system or per-packet-filter overhead; however , per f ormance considerations can result in unused areas of the run-time stora[...]

Creating Packet Filters 12-11 4 Apply a logic operation to the values in st eps 2 and 3. The operator y ou use depends on what comparison you want to make. V ariations on these f our basic steps of writing packet filters include: ■ Use pushTop for each additional comparison you int end to make with the pushF ield value . This opcode makes a dupl[...]

12-12 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Pack et F ilter Solution The solution described here is to cr eate a highly sophisticated packet filter that prevents only the br oadcast packets from the market data ser vers from being forwarded onto the segments that are not par t of an active trading floor . Before writing the packet ?[...]

Creating Packet Filters 12-13 The pseudocode translates into the f ollowing packet filter: Name “IP XNS ticker bcast filter” # Assign this filter in the multicast path # of a port only--this is very important # # XNS FILTERING SECTION # pushField.w 12 # get the type field of the packet and # place it on top of the stack. pushLiteral.w 0x0600 #[...]

12-14 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS The rest of this section concentrates on the parts of the filter , showing you how to translate the pseudocode ’ s requirements into filter language. T he large filter on page 12-13 is brok en down into subsets to show how you can create small filters that per form one or two tasks , an[...]

Creating Packet Filters 12-15 4 Enter executable instruction #3: eq # if the two values on the top of the stack are equal, # then return a non-zero value Packet F ilter T wo . This filter is designed to accept packets within the socket range of 0x76c and 0x898. T hese steps show how to cr eate this filter: 1 Name the filter : “Socket range fil[...]

12-16 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Combining a Subset of the F ilters. The next filter accepts IP packets with a socket range of 0x76c (1900) and 0x898 (2200). T he filter combines packet filters one and two , modifying them for IP . T hese steps show how to create this filter . 1 Name the filter : “Only IP pkts w/in so[...]

Creating Packet Filters 12-17 Combining All the F ilters. T ogether , the four packet filters work to per form the solution to the pr oblem: filtering the broadcast packets from the market data ser v ers. These steps show how to cr eate this filter: 1 Name the filter : “Discard XNS & IP pkts w/in socket range” 2 P er form st eps 2 throu[...]

12-18 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS The maximum length of a packet filter definition is 4096 bytes . The editor assumes a terminal capability no higher than a glass tty (that is, it does not assume an addressable screen). Y ou can place any ASCII printable character into the editing buffer at the cursor position. If a charac [...]

Creating Packet Filters 12-19 T able 12-6 Packet F ilter Editor Commands Command Keys Description List buffer Ctrl+l Displays each of the lines in the editing buffer and then redisplays the line currently being edited Next Line Ctrl+n Moves cursor to next line; positions cursor at start of line Previous Line Ctrl+p Moves cursor to previous line; po[...]

12-20 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Using an External T ext Editor T o use an ASCII-based editor to create a packet filter : 1 Create the definition in a text file. 2 F rom a networked workstation, ftp the file to the Switch 2200 on which you want to load the filter . 3 Load the filter as described in “Loading Packet Fi[...]

Editing, Checking and Saving Packet Filters 12-21 T o edit a pack et filter using the Switch 2200 system line edit or: 1 F rom the top lev el of the Administration C onsole , enter: bridge packetFilter edit 2 Enter the packet filter id number . Specifying a filter id loads that filter into the edit buffer . 3 Edit the filter . For mor e inform[...]

12-22 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Loading P acket F ilters When you cr eate packet filters using an external text editor , you must load the filters onto the system fr om the network host on which you cr eated them. Once loaded, the packet filter definition is converted into the internal format that is used by the packet [...]

Assigning Packet Filters to Ports 12-23 it meets the forwarding criteria. A pack et that does not meet the f or warding criteria defined in the filter is discarded . T o assign a pack et filter: 1 F rom the top lev el of the Administration C onsole , enter: bridge packetFilter assign 2 Enter the id number of the packet filter to be assigned . T[...]

12-24 C HAPTER 12: C REATING AND U SING P ACKET F ILTERS Unassigning P acket F ilters from P or ts T o unassign a pack et filter from one or more ports, the pack et filter must have been pr eviously assigned to at least one port. T o unassign a pack et filter: 1 F rom the top lev el of the Administration C onsole , enter: bridge packetFilter una[...]

13 C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS This chapter describes how to use address and port groups as filtering criteria in a packet filter , and how to administer address and por t groups. Using Gr oups in P acket F ilters Y ou can use address groups (a list of MAC addr esses) and port groups (a list of Switch 2200 [...]

13-2 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Port group packet filter example In this example, packets are not for warded to ports in groups 3 and 8. Name “Discard Groups 3 and 8” pushSPGM # Get source port group mask pushLiteral.l 0x0084 # Select bits 3 and 8 and # If port group bits 3 & 8 are comm[...]

Displaying Groups 13-3 Address gr oup example In this example, three address groups are defined in the system. The first address group has an id of 1 and the name Accounting . This gr oup uses an address group mask of 1 (the bit set in the mask) . Address Groups Address Group 1 - Accounting Address group mask - bit 1 Address Group 2 - Development[...]

13-4 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS members of the group . The name of the addr ess group in this example is Development , and the group has five members. Select address group to be displayed [1-n]: 2 Address Group 2 - Development 05-39-24-56-ab-ee 08-29-34-fd-32-14 08-29-34-dd-ee-01 09-34-56-32-12[...]

Creating New Groups 13-5 Enter the ports in this syntax: < Ethernet | E | FDDI | F > [port] < port number > As you enter each address or port, the system attempts to add it to the group. If the address or por t y ou enter is already a member of the group , the system displays a message , as shown next, and the address or por t is ignore[...]

13-6 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Port group example In this example , a new por t group is cr eated and loaded on the system. The bit in the por t gr oup mask for the gr oup is 12 and the name of the group is Educ ation . One por t is enter ed and assigned to the group . Select a bit in the port [...]

Adding Addresses and Ports to Groups 13-7 Adding Addr esses and P orts to Groups When adding addresses or ports to an existing group, you can either enter the addresses or ports at the prompts or impor t them fr om a file. At least one address group or port group must exist before you can add addresses or por ts. (See “Creating New Groups” on [...]

13-8 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS Enter the ports in this syntax: < Ethernet | E | FDDI | F > [port] < port number > As you enter each address or port, the system attempts to add it to the group. If the address or por t you enter is already a member of the gr oup , a message is display[...]

Removing Addresses or Ports from a Group 13-9 Port group example This example sho ws a por t successfully added to the Manufacturing por t group . Select port group to be modified [1-4]: 2 Adding ports to group 2 - Manufacturing Enter the ports to be added - type q to return to the menu: Port: Ethernet 3 Port: q Removing Addr esses or P orts from a[...]

13-10 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS As you enter addresses and ports, the system attempts to remov e them from the group. If the address or port is not found in the group , a warning message is displayed , as shown here: Warning: Specified address was not a member of the address group. OR Warning: [...]

Loading Groups 13-11 Loading Gr oups There is no explicit menu item to load addr ess and por t groups that are defined in a file on a remote host. However , you can “load ” groups by creating a script on a remot e host (which includes your address or port group) and then running that script. The follo wing example shows a script that builds a[...]

13-12 C HAPTER 13: C ONFIGURING A DDRESS AND P ORT G ROUPS TO U SE IN P ACKET F ILTERS[...]

V Appendix A P acket Filter Opcodes , Examples, and Sytax Errors Appendix B T echnical Suppor t A PPENDIXES[...]

A P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS This appendix: ■ Describes the specific opcodes you can use when creating a packet filter ■ Pr ovides numerous examples of commonly used packet filters ■ Describes the possible syntax errors you might receiv e when loading a packet filter F or information on creating and using p[...]

A-2 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS pushField.size <offset> Description : Pushes a field from the target packet onto the stack. Packet data starting at <offset> is copied onto the stack. The most significant byte of the field is the byte at the specified offset. The number of bytes pushed is deter[...]

Opcodes A-3 pushTop Description: Pushes the current top of the stack onto the stack (that is, it reads the top of the stack and pushes the value onto the stack). The size of the push is determined by the size of the contents of the stack. Storage Needed: 1 byte pushSAGM Description: Pushes the source address group mask (SAGM) onto the top of the st[...]

A-4 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS pushSPGM Description: Pushes the source port group mask (SPGM) onto the top of the stack. The SPGM is a bitmap representing the groups to which the source port of a packet belongs. This instruction pushes 4 bytes on to the stack. Each port group mask is represented by a sin[...]

Opcodes A-5 ne (not equal) Description: Pops two values from the stack and compares them. If they are not equal, a byte containing the value non-zero is pushed onto the stack; otherwise, a byte containing 0 is pushed. The size of the operands is determined by the contents of the stack. Storage Needed: 1 byte lt (less than) Description: Pops two val[...]

A-6 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS gt (greater than) Description: Pops two values from the stack and performs an unsigned comparison. If the first is greater than the second, a byte containing the value non-zero is pushed onto the stack; otherwise, a byte containing 0 is pushed. The size of the operands is d[...]

Opcodes A-7 or (bit-wise OR) Description: Pops two values from the stack and pushes the bit-wise OR of these values back onto the stack. The size of the operands and the result are determined by the contents of the stack. Storage Needed: 1 byte xor (bit-wise exclusive-OR) Description: Pops two values from the stack and pushes the bit-wise exclusive[...]

A-8 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS reject Description: Conditionally rejects the packet being examined. A byte is popped from the stack. If it is non-zero, the packet is rejected and evaluation of the filter ends immediately; otherwise, filter evaluation continues with the next instruction. Storage Needed: 1[...]

Packet Filter Examples A-9 P acket F ilter Examples The follo wing examples of using the packet filter language star t with basic packet filter concepts. Destination Addr ess F ilter This filter operates on the destination addr ess field of a frame. I t allows packets to be forwarded that are destined for stations with an Organizationally Uniqu[...]

A-10 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS T y pe F ilter This filter operates on the type field of a frame. I t allows packets to be forwarded that are IP frames. T o customize this filter to another type value , change the literal value loaded in the pushLiteral.w instruction. name “Forward IP frames” push[...]

Packet Filter Examples A-11 Sourc e Addr ess and T y pe F ilter This filter operat es on the source address and type fields of a frame. It allows XNS packets to be forwarded that are from stations with an OUI of 08-00-02. T o customize this filter to another OUI value , change the literal value loaded in the last pushLiteral.l instruction. Note [...]

A-12 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS Addr ess Group F ilter This filter accepts only frames whose sour ce and destination address are in the same group . name “Forward Same Source and Destination” pushSAGM # Get source address group mask pushDAGM # Get destination address group # mask and # Compare if so[...]

Common Syntax Errors A-13 C ommon S yntax Errors When a packet filter definition is loaded, the definition is checked for syntax errors. The syntax errors and their causes are listed in T able A-1. T able A-1 Possible S yntax Errors When Loading P acket F ilters Syntax Error Description Opcode not found An opcode was expected on the line and was[...]

A-14 A PPENDIX A: P ACKET F ILTER O PCODES , E XAMPLES , AND S YNTAX E RRORS Invalid characters in number The number specified as an offset or literal is improperly formatted. Possible causes are 1) lack of white space setting off the number, and 2) invalid characters in the number. Note: The radix of the number is determined by the first 1 or 2 ch[...]

B T ECHNICAL S UPPORT 3Com pro vides easy access to technical support information through a variety of ser vices. This appendix describes these services. Online T echnical Ser vices 3C om offers w orldwide product suppor t seven days a w eek, 24 hours a day , through the follo wing online systems: ■ 3Com Bulletin Board Service (3ComBBS) ■ W orl[...]

B-2 A PPENDIX B: T ECHNICAL S UPPORT Acc ess b y ISDN ISDN users can dial in to 3ComBBS using a digital modem f or fast access up to 56 Kbps. T o access 3ComBBS using ISDN, dial the following number : (408) 654 2703 W orld Wide W eb Site Access the latest networking information on 3C om ’ s W orld Wide Web sit e by entering our URL into your Inte[...]

Support from Your Network Supplier B-3 3ComF acts SM Automated F ax Ser vice 3Com C orporation ’ s interactive fax ser vice , 3ComF ac ts , provides data sheets, technical articles, diagrams, and troubleshooting instructions on 3Com products 24 hours a day , seven days a w eek. Call 3ComF ac ts using your touch-t one telephone and international a[...]

B-4 A PPENDIX B: T ECHNICAL S UPPORT Suppor t from 3C om If you are unable t o receive support from your network supplier , technical suppor t contracts are available fr om 3Com. In the U.S. and Canada, call (800) 876-3266 f or customer service. If you are outside the U.S. and Canada, contac t your local 3C om sales office to find your authorized[...]

I NDEX Numerics 3Com Bulletin Board Service (3ComBBS) B-1 3Com sales offices B-4 3ComF acts B-3 3ComF o rum B-2 A abort at prompts 2-9 enabling CTL+C 2-11 accept opcode 12-8, A-7 access levels 2-1 address adding static 11-12 aging time 10-6 filters A-9 flushing 11-13 for SNMP trap repor ting 3-17 freezing 11-13 in routing table 3-7 IP 3-3 IP to [...]

2 I NDEX baud rate console serial por t 3-2 bell, warning 4-1 blocking state 11-5 bridge See also packet filter address threshold, setting 10-6 aging time, setting 10-6 designated 11-3 IP fragmentation, enabling 10-5 IPX Snap T ranslation, enabling 10-5 menus 2-5 Spanning T ree bridge priorit y , setting 10-7 enabling 10-7 forward delay , setting [...]

I NDEX 3 por tState 7-8 station MAC addresses 11-11 Ethernet address and restoring NV data 6-3 for the monitored por t 9-5 Ethernet port analyzer attached 9-3 displaying information 7-1 label 7-4 labeling 7-8 setting state (on-line or off-line) 7-8 static MAC addresses 11-12 statistics 7-3 F fan, warning 4-2 fax ser vice B-3 FDDI commands, quick 1-[...]

4 I NDEX Internet Contr ol Message Pr otocol. See ICMP IP address translation 3-11 ARP cache 3-11 inter face 3-3 management access 3-1 menus 2-6 pinging 3-12 RIP mode 3-12 route table 3-8 routes 3-7 statistics, displaying 3-14 IP address and restoring NV data 6-3 configuring 3-5 for IP inter face 3-3 in routing table 3-7 IP fragmentation enabling [...]

I NDEX 5 multicast frames and pack et filters 12-1 multicast limit configuring 11-7 defined 11-7 N name opcode A-1 naming the Switch 2200 4-3 ne opcode A-5 neighbor notification and LLC Ser vice 8-18 network monitoring. Se e r oving analysis and analyz er network supplier suppor t B-3 network troubleshooting 9-1 not opcode A-7 NotCopiedThr esho[...]

6 I NDEX path cost defined 11-9 setting 11-9 path. See FDDI path and backplane paths PHY and FDDI por ts 8-19 ping IP station 3-12 PMD and FDDI por ts 8-19 port See also FDDI port bridging priorit y 11-10 for analyzer 9-3 including in IP inter face 3-4 label 8-20 maximum number in group 13-7 path cost 11-9 speed, setting 3-2 state, setting 7-8 typ[...]

I NDEX 7 S SAGM (source addr ess group mask) 13-1 screen height adjusting 2-10 scripts for the Administration C onsole examples 2-15 running 2-13 serial port (console) for management 3-1 rebooting the system 4-4 setting baud rate 3-2 Ser vice A ccess P oints (SAPs) and pack et filters 12-4 shiftl opcode A-8 shiftr opcode A-8 SMT (Station Managemen[...]

8 I NDEX Switch 2200 administration over view 1-1 and network monitoring 9-1 bell warning 4-1 documentation 4 fan warning 4-2 naming 4-3 NV data restoration 6-3 por ts and IP interfaces 3-6 power supply warning 4-2 quick commands 1-1 rebooting 4-4 resetting to system defaults 6-6 system backup 6-2 system configuration, displaying 4-1 system date a[...]