Loading...
Release Notes
OmniSwitch 6800/6850/9000
Release 6.1.3.R01
These release notes accompany release 6.1.3.R01 software for the OmniSwitch 6800, 6850, and 9000 hardware. They provide important information on individual software features and hardware modules. Since much of the information in these release notes is not included in the hardware and software user manuals, it is important that you read all sections of this document before installing new hardware or loading new software.
Contents
•Related Documentation, see page 2.
•System Requirements, see page 4.
•Memory Requirements, see page 4.
•UBoot, FPGA, MiniBoot, BootROM, and Upgrade Requirements, see page 4.
•New Hardware Supported, see page 5.
•Supported Hardware/Software Combinations, see page -9.
•New Software Features, see page -11.
•Software Supported, see page 13.
•Supported Traps, see page 37.
•Unsupported Software Features, see page 42.
•Unsupported CLI Commands, see page 42.
•Unsupported MIBs, see page 44.
•Open Problem Reports, and Feature Exceptions, see page 48.
•Switch Management, see page 48.
•Layer 2, see page 53.
•Layer 3, see page 65.
•Advanced Routing, see page 69.
•Quality of Service, see page 72.
•Security, see page 74.
•System, see page 78.
•Technical Support, see page 86.
Release Notes |
page 1 |
Part Number 032067-10, Rev D |
|
Copyright 2006 Alcatel Internetworking, Inc. |
|
Related Documentation
Related Documentation
These release notes should be used in conjunction with the OmniSwitch 6800, 6850, and 9000. The following are the titles and descriptions of the user manuals that apply to the OmniSwitch 6800, 6850, and 9000.
Note. User manuals can be downloaded at http://www.alcatel.com/enterprise/en/resource_library/ user_manuals.html.
•OmniSwitch 6800 Series Getting Started guide
Describes the hardware and software procedures for getting an OmniSwitch 6800 Series switch up and running.
•OmniSwitch 6850 Series Getting Started Guide
Describes the hardware and software procedures for getting an OmniSwitch 6850 Series switch up and running.
•OmniSwitch 9000 Series Getting Started Guide
Describes the hardware and software procedures for getting an OmniSwitch 9000 Series switch up and running.
•OmniSwitch 6800 Series Hardware User Guide
Complete technical specifications and procedures for all OmniSwitch 6800 Series chassis, power supplies, and fans.
•OmniSwitch 6850 Series Hardware User Guide
Complete technical specifications and procedures for all OmniSwitch 6850 Series chassis, power supplies, and fans.
•OmniSwitch 9000 Series Hardware User Guide
Complete technical specifications and procedures for all OmniSwitch 9000 Series chassis, power supplies, and fans.
•OmniSwitch CLI Reference Guide
Complete reference to all CLI commands supported on the OmniSwitch. Includes syntax definitions, default values, examples, usage guidelines, and CLI-to-MIB variable mappings.
•OmniSwitch 6800/6850/9000 Network Configuration Guide
Includes network configuration procedures and descriptive information on all the major software features and protocols included in the base software package. Chapters cover Layer 2 information (Ethernet and VLAN configuration), Layer 3 information (routing protocols), security options (Authenticated Switch Access (ASA)), Quality of Service (QoS), link aggregation.
•OmniSwitch 6800/6850/9000 Series Switch Management Guide
Includes procedures for readying an individual switch for integration into a network. Topics include the software directory architecture, software rollback protections, authenticated switch access, managing switch files, system configuration, using SNMP, and using web management software (WebView).
page 2 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Related Documentation
•OmniSwitch 6800/6850/9000 Series Advanced Routing Configuration Guide
Includes network configuration procedures and descriptive information on all the software features and protocols included in the advanced routing software package. Chapters cover multicast routing (DVMRP and PIM), BGP, OSPF, and OSPFv3.
•Upgrade Instructions for 6.1.3.R01
Provides instructions for upgrading the OmniSwitch 6800, 6850, 9000 to 6.1.3.R01.
•Technical Tips, Field Notices
Contracted customers can visit our customer service website at: http://eservice.ind.alcatel.com.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 3 |
System Requirements
System Requirements
Memory Requirements
•OmniSwitch 6800 Series Release 6.1.3.R01 requires 256 MB of SDRAM and 64MB of flash memory. This is the standard configuration shipped.
•OmniSwitch 6850 Series Release 6.1.3.R01 requires 256 MB of SDRAM and 64MB of flash memory. This is the standard configuration shipped.
•OmniSwitch 9000 Series Release 6.1.3.R01 requires 256 MB of SDRAM and 128MB of flash memory. This is the standard configuration shipped.
Configuration files and the compressed software images—including web management software (WebView) images—are stored in the flash memory. Use the show hardware info command to determine your SDRAM and flash memory.
UBoot, FPGA, Miniboot, BootROM, and Upgrade Requirements
Note. Field upgrade of existing OmniSwitch units is required prior to loading this release. See the Upgrading OmniSwitch 6800, 6850, and 9000 Series Switches to 6.1.3.R01 upgrade instructions for more information.
The software versions listed in this section are the minimum required, except where otherwise noted.
OmniSwitch 6800 Series
•Miniboot: 6.1.2.49.R03 or later
•BootROM: 6.1.2.49.R03 or later
OmniSwitch 6850 Series
•UBoot: 6.1.3.601.R01 or later
•Miniboot.uboot: 6.1.3.601.R01 or later
OmniSwitch 9000 Series
•UBoot NI: 6.1.1.167.R02 or later
•UBoot CMM: 6.1.1.167.R02 or later
•Miniboot.uboot CMM: 6.1.1.167.R02 or later
•FPGA CMM: Major Revision: 2 Minor Revision: 25 (displays as 0x19)
POE Firmware
• 5.01
page 4 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
New Hardware Supported
New Hardware Supported
The following new hardware is supported subject to the feature exceptions and problem reports described later in these release notes.
New Chassis
The following new OmniSwitch 6850 Series chassis are available in this release.
Note. The USB port on the OmniSwitch 6850 Series units is not supported in this release.
OS6850-24L
The OmniSwitch 6850-24L is a stackable edge/workgroup switch offering 20 unshared 10/100Base-T ports, as well as four combo ports individually configurable to be 10/100/1000Base-T or 1000 Base-X high speed connections.
OS6850-48L
The OmniSwitch 6850-48L is a stackable edge/workgroup switch offering 44 unshared 10/100Base-T ports, as well as four combo ports individually configurable to be 10/100/1000Base-T or 1000Base-X high speed connections.
OS6850-P24L
The OmniSwitch 6850-P24L is a stackable edge/workgroup switch offering 20 unshared 10/100Base-T Power over Ethernet (PoE) ports, as well as four combo ports individually configurable to be 10/100/1000 Base-T PoE or 1000 Base-X high speed connections.
OS6850-P48L
The OmniSwitch 6850-P48L is a stackable edge/workgroup switch offering 44 unshared 10/100Base-T Power over Ethernet (PoE) ports, as well as four combo ports individually configurable to be 10/100/1000 Base-T PoE or 1000 Base-X high speed connections.
OS6850-U24X
The OmniSwitch 6850-U24X is a stackable edge/workgroup switch offering 22 1000Base-X MiniGBIC SFP ports, two (2) 10 Gigabit XFP slots, as well as two combo ports individually configurable to be 10/100/1000 Base-T ports.
Note. OmniSwitch 6850 units and OmniSwitch 6800 units should not be mixed in the same stack. See the OmniSwitch 6850 Series Hardware Users Guide for more information on OmniSwitch 6850 hardware features.
The following new OmniSwitch 9000 Series chassis are available in this release:
OS9800
The OmniSwitch 9800 chassis supports a high-performance switch fabric and provides 16 slots for Ethernet, Gigabit Ethernet, and/or 10 Gigabit Ethernet Network Interface (NI) modules. An additional two slots are reserved for primary and redundant Chassis Management Modules (CMMs). The OmniSwitch 9800
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 5 |
New Hardware Supported
supports a maximum of four power supplies and up to 384 10/100/1000 copper ports and/or 1000 Mbps fiber ports. It is suitable for wiring closet installations. It can also be equipped with up to 96 10 Gigabit Ethernet ports for use as the core switch.
Note. OmniSwitch 9700 NI modules and OmniSwitch 7700 NI modules should not be mixed in the same chassis. See the OmniSwitch 9000 Series Hardware Users Guide for more information on OmniSwitch 9000 hardware features.
New Chassis Management Module (CMM)
The following CMM is available in this release:
OS9800-CMM
The Chassis Management Module (CMM) is the management unit for OmniSwitch 9000 switches. In its role as the management unit, the CMM provides key system services, including:
•Console, USB, and Ethernet management port connections to the switch
•Software and configuration management, including the Command Line Interface (CLI)
•Web-based management (WebView)
•SNMP management
•Power distribution
•Switch diagnostics
•Important availability features, including redundancy (when used in conjunction with another CMM), software rollback, temperature management, and power management
•The CMM also contains the switch fabric unit for the OmniSwitch 9000. Data passing from one NI module to another passes through the CMM fabric. When two CMMs are installed, both fabrics are normally active.
Note. The USB port on the front panel of the CMM is not supported in this release.
New Network Interface (NI) Modules
The following NI modules are available in this release:
OS9-GNI-P24
Provides 24 auto-sensing twisted-pair Power over Ethernet (PoE) ports, individually configurable as 10BaseT, 100BaseTX, or 1000BaseT.
OS9-XNI-U6
Provides six 10 Gigabit XFP slots.
page 6 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
New Hardware Supported
New Power over Ethernet Components/Enhancements
OmniSwitch 9000 OS-IP-SHELF PoE Power Shelf
The OS-IP-SHELF unit is the peripheral power shelf for the chassis that provides the electrical current used for PoE ports. Up to four 600W OS-IP-SHELF specific power supply modules are available. These are load sharing modules that can provide up to a maximum of 2400W PoE power source.
OmniSwitch 9600 Support for PS-510W AC/PS-360W AC
The 510W and 360W power supplies can be used as an alternate power source for PoE on the OmniSwitch 9600. A single 510W power supply allocates 380W for the PoE functionality; Similarly, a single 360W power supply allocates 230W for the PoE functionality. Only one power supply module can be installed per switch, not both. These power modules support load sharing across all the POE NIs in the OmniSwitch 9600 chassis.
Note that the 510W/360W power supplies are only supported on the OmniSwitch 9600 and not on the OmniSwitch 9700 or OmniSwitch 9800.
New Ethernet Transceivers (SFPs)
The following Gigabit Ethernet, dual-speed Ethernet, and 100FX Ethernet transceivers are available in this release:
Gigabit Ethernet Transceiver (SFP MSA)
SFP-GIG-T - 1000Base-T Gigabit Ethernet Transceiver (SFP MSA) - Supports category 5, 5E, and 6 copper cabling up to 100m. SFP only works in 1000 Mbit/s speed and full-duplex mode.
Dual Speed Ethernet Transceivers
SFP-DUAL-MM - Dual Speed 100Base-FX or 1000Base-X Ethernet optical transceiver (SFP MSA). Supports multimode fiber over 1310nm wavelength (nominal) with an LC connector. Typical reach of 550m at Gigabit speed and 2km at 100Mbit speed.
Note:
•at 100Mbit speed, this SFP can interoperate with SFP-100-LC-MM or similar transceiver on the other end.
•at Gigabit speed, this SFP cannot interoperate with SFP-GIG-SX or similar transceiver on the other end running over 850nm wavelength.
SFP-DUAL-SM10 - Dual Speed 100Base-FX or 1000Base-X Ethernet optical transceiver (SFP MSA). Supports single mode fiber over 1310nm wavelength (nominal) with an LC connector. Typical reach of 10km at Gigabit speed and 100Mbit speed.
Note:
•at 100Mbit speed, this SFP can interoperate with SFP-100-LC-SM15 or similar transceiver.
•at Gigabit speed, this SFP can interoperate with SFP-GIG-LX or similar transceiver.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 7 |
New Hardware Supported
100FX Ethernet Transceivers
SFP-100-BX20LT - 100Base-BX SFP transceiver with an SC type interface. This bi-directional transceiver is designed for use over single mode fiber optic on a single strand link up to 20KM point-to-point. This transceiver is normally used in the central office (OLT) transmits 1550nm and receives 1310nm optical signal.
SFP-100-BX20NU - 100Base-BX SFP transceiver with an SC type interface. This bi-directional transceiver is designed for use over single mode fiber optic on a single strand link up to 20KM point-to-point. This transceiver is normally used in the client (ONU) transmits 1310nm and receives 1550nm optical signal.
SFP-100-LC-MM - 100Base-FX SFP transceiver. Supports multi mode fiber over 1310nm wavelength (nominal) with an LC connector.
SFP-100-LC-SM15 - 100Base-FX SFP transceiver. Supports single mode fiber over 1310nm wavelength (nominal) with an LC connector. Typical reach of 15 Km.
SFP-100-LC-SM40 - 100Base-FX SFP transceiver Supports single mode fiber over 1310nm wavelength (nominal) with an LC connector. Typical reach of 40 Km.
Supported Configuration Matrix for New Ethernet Transceivers
The following table shows the Ethernet transceiver configurations supported with the 6.1.3.R01 release:
SFP |
OS6800/OS6850 |
OS6800-U24 |
OS6850-U24X |
OS9-GNI-U24 |
Combo Ports |
Non-Combo |
|||
|
Ports |
|
|
|
|
|
|
|
|
|
|
|
|
|
SFP-GIG-T - 1000Base-T Giga- |
supported |
supported |
supported |
supported |
bit Ethernet Transceiver (SFP |
|
|
|
|
MSA). |
|
|
|
|
|
|
|
|
|
SFP-DUAL-MM - Dual Speed |
unsupported |
unsupported |
supported |
supported |
100Base-FX or 1000Base-X Ether- |
|
|
|
|
net optical transceiver. |
|
|
|
|
|
|
|
|
|
SFP-DUAL-SM10 - Dual Speed |
unsupported |
unsupported |
supported |
supported |
100Base-FX or 1000Base-X Ether- |
|
|
|
|
net optical transceiver (SFP MSA) |
|
|
|
|
|
|
|
|
|
SFP-100-BX20LT - 100Base-BX |
unsupported |
unsupported |
supported |
unsupported |
SFP bi-directional transceiver. |
|
|
|
|
|
|
|
|
|
SFP-100-BX20NU - 100Base-BX |
unsupported |
unsupported |
supported |
unsupported |
SFP bidirectional transceiver. |
|
|
|
|
|
|
|
|
|
SFP-100-LC-MM - 100Base-FX |
unsupported |
unsupported |
supported |
unsupported |
SFP transceiver. |
|
|
|
|
|
|
|
|
|
SFP-100-LC-SM15 - 100Base-FX unsupported |
unsupported |
supported |
unsupported |
|
SFP transceiver. |
|
|
|
|
|
|
|
|
|
SFP-100-LC-SM40 - 100Base-FX unsupported |
unsupported |
supported |
unsupported |
|
SFP transceiver. |
|
|
|
|
|
|
|
|
|
page 8 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Supported Hardware/Software Combinations
Supported Hardware/Software Combinations
The following table shows the 6.1 software releases that support each of the listed OS9000, OS6850, and OS6800 module types:
Module Type |
Part Number |
6.1.1.R01 |
6.1.1.R02 |
6.1.2.R03 |
6.1.3.R01 |
|
|
|
|
|
|
OS96/9700 CMM, REV B |
902369 |
supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS96/9700 CMM, REV C |
902444 |
supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9800 CMM |
902492 |
not supported |
not supported |
n/a |
supported |
|
|
|
|
|
|
OS9-GNI-C24, ASIC A1 |
902367 |
supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9-GNI-U24, ASIC A1 |
902370 |
supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9-XNI-U2, ASIC A1 |
902379 |
supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9-GNI-C24, ASIC B2 |
902394 |
not supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9-GNI-U24, ASIC B2 |
902396 |
not supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9-XNI-U2, ASIC B2 |
902397 |
not supported |
supported |
n/a |
supported |
|
|
|
|
|
|
OS9-GNI-P24, ASIC B2 |
902395 |
not supported |
not supported |
n/a |
supported |
|
|
|
|
|
|
OS9-XNI-U6, ASIC B2 |
902398 |
not supported |
not supported |
n/a |
supported |
|
|
|
|
|
|
|
|
|
|
|
|
OS6850-24 |
902457 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-48 |
902495 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-24X |
902458 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-48X |
902462 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-P24 |
902459 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-P48 |
902463 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-P24X |
902460 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-P48X |
902464 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6850-U24X |
902418 |
n/a |
n/a |
not supported |
supported |
|
|
|
|
|
|
OS6850-24L |
902487 |
n/a |
n/a |
not supported |
supported |
|
|
|
|
|
|
OS6850-48L |
902489 |
n/a |
n/a |
not supported |
supported |
|
|
|
|
|
|
OS6850-P24L |
902488 |
n/a |
n/a |
not supported |
supported |
|
|
|
|
|
|
OS6850-P48L |
902490 |
n/a |
n/a |
not supported |
supported |
|
|
|
|
|
|
|
|
|
|
|
|
OS6800-24 |
902349 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6800-48 |
902350 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6800-24L |
902377 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6800-48L |
902378 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OS6800-U24 |
902351 |
n/a |
n/a |
supported |
supported |
|
|
|
|
|
|
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 9 |
Supported Hardware/Software Combinations
To determine the ASIC revision for a specific NI, use the show ni command. For example, the following show ni output display shows a B2 revision level for NI 1:
DC-Core ->> show ni 1 |
|
Module in slot 1 |
|
Model Name: |
OS9-GNI-C24, |
Description: |
10-1000 RJ45, |
Part Number: |
902394-40, |
Hardware Revision: |
C13, |
Serial Number: |
G1511279, |
Manufacture Date: |
MAY 03 2006, |
Firmware Version: |
, |
Admin Status: |
POWER ON, |
Operational Status: |
UP, |
Power Consumption: |
51, |
Power Control Checksum: |
0x0, |
MAC Address: |
00:d0:95:e6:54:80, |
ASIC - Physical 1: |
BCM56504_B2 |
CPLD - Physical 1: |
0005/00 |
UBOOT Version : |
6.1.1.167.R02 |
UBOOT-miniboot Version : |
No Miniboot |
POE SW Version : |
n/a |
To determine the CMM board revision, use the show cmm command. For example, the following show cmm output display shows a C revision level for the CMM board:
DC-Core |
->> show cmm |
|
Module in slot CMM-A-1 |
|
|
Model |
Name: |
OS9700-CFM, |
Description: |
FABRIC BOARD, |
|
Part Number: |
902444-10, |
|
Hardware Revision: |
C11, |
|
Serial Number: |
G1810128, |
|
Manufacture Date: |
MAY 08 2006, |
|
Firmware Version: |
2, |
|
Admin |
Status: |
POWER ON, |
Operational Status: |
UP, |
|
Power |
Consumption: |
27, |
Power |
Control Checksum: |
0x0, |
MAC Address: |
00:d0:95:e0:6c:ac, |
|
page 10 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
New Software Features
New Software Features
The following software features and/or the platforms they are supported on are new with the 6.1.3.R01 release, subject to the feature exceptions and problem reports described later in these release notes:
Feature Summary
Feature |
Platform |
Software Package |
|
|
|
802.1Q 2005 (MSTP) |
all |
base |
|
|
|
802.1W (RSTP) Default |
all |
base |
|
|
|
802.1x Device Classification |
OS9000 |
base |
|
|
|
Access Control Lists (ACLs) for IPv6 |
OS6850/OS9000 |
base |
|
|
|
ACL Manager (ACLMAN) |
OS9000 |
base |
|
|
|
Authenticated Switch Access - TACACS+ |
all |
base |
|
|
|
BGP Graceful Restart |
all |
base |
|
|
|
DHCP Option-82 |
OS9000 |
base |
|
|
|
DHCP Snooping |
OS9000 |
base |
|
|
|
Generic UDP Relay |
all |
base |
|
|
|
IP DoS Enhancements |
OS6850/OS9000 |
base |
|
|
|
IP Multicast Switching (IPMS) - Proxying |
all |
base |
|
|
|
IPv6 Multicast Switching (IPMS) - Proxying |
OS6850/OS9000 |
base |
|
|
|
IP Route Map Redistribution |
all |
base |
|
|
|
L2 DHCP Snooping |
all |
base |
|
|
|
L2 Static Multicast Addresses |
all |
base |
|
|
|
L2 MAC Address Table Size Enhancement |
OS9000 |
base |
|
|
|
OSPFv3 |
OS6850/OS9000 |
base |
|
|
advanced routing |
|
|
|
PIM |
all |
base |
PIM-SSM (Source-Specific Multicast) |
|
advanced routing |
|
|
|
Policy Based Routing (Permanent Mode) |
OS6850 |
base |
|
|
|
Port Mapping |
OS9000 |
base |
|
|
|
Port Mirroring (1:128) |
OS6850/OS9000 |
base |
|
|
|
Power over Ethernet (PoE) |
OS9000 |
base |
|
|
|
Redirection Policies |
OS6850 |
base |
(Port and Link Aggregate) |
|
|
|
|
|
Secure Copy (SCP) |
OS9000 |
base |
|
|
|
Server Load Balancing (SLB) |
OS6850/OS9000 |
base |
|
|
|
SSH Public Key Authentication |
OS9000 |
base |
|
|
|
Syslog to Multiple Hosts |
all |
base |
|
|
|
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 11 |
New Software Features
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Feature |
Platform |
Software Package |
|
|
|
|
|
|
|
VLAN Range Support |
all |
base |
|
|
|
|
|
|
|
VLAN Stacking and Translation |
OS6850/OS9000 |
base |
|
|
|
|
|
|
|
VRRPv3 |
OS6850/OS9000 |
base |
|
|
|
|
|
|
page 12 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
Software Supported
In addition to the new software features introduced with the 6.1.3.R01 release, the following software features are also supported in 6.1.3.R01, subject to the feature exceptions and problem reports described later in these release notes:
Feature Summary
Feature |
Platform |
Software Package |
|
|
|
802.1Q |
all |
base |
|
|
|
802.1d/1w Spanning Tree |
all |
base |
|
|
|
802.1x Multiple Client Support |
all |
base |
|
|
|
802.1x Device Classification |
all |
base |
(Access Guardian) |
|
|
|
|
|
Access Control Lists (ACLs) |
all |
base |
|
|
|
ACL & Layer 3 Security |
all |
base |
|
|
|
ACL Manager (ACLMAN) |
OS6850/OS9000 |
base |
|
|
|
Authenticated Switch Access |
all |
base |
|
|
|
Authenticated VLANs |
all |
base |
|
|
|
Automatic VLAN Containment (AVC) |
all |
base |
|
|
|
Basic IPv4 Routing |
all |
base |
|
|
|
Basic IPv6 Routing (static, RIPng) |
all |
base |
|
|
|
BGP4 |
all |
base |
|
|
|
BPDU Shutdown Ports |
OS6800/OS9000 |
base |
|
|
|
Command Line Interface (CLI) |
all |
base |
|
|
|
DHCP Relay |
all |
base |
|
|
|
DHCP Option-82 |
all |
base |
|
|
|
DHCP Snooping |
all |
base |
|
|
|
DNS Client |
all |
base |
|
|
|
Dynamic VLAN Assignment (Mobility) |
all |
base |
|
|
|
DVMRP |
all |
base |
|
|
|
End User Partitioning |
all |
base |
|
|
|
Ethernet Interfaces |
all |
base |
|
|
|
Flood/Storm Control |
all |
base |
|
|
|
Health Statistics |
all |
base |
|
|
|
HTTP/HTTPS Port Configuration |
all |
base |
|
|
|
Interswitch Protocols (AMAP) |
all |
base |
|
|
|
IP Multicast Switching (IPMS) |
all |
base |
|
|
|
IPv6 Multicast Switching (MLD) |
OS6850/OS9000 |
base |
|
|
|
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 13 |
Software Supported
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Feature |
Platform |
Software Package |
|
|
|
|
|
|
|
IPv6 (NPD) |
all |
base |
|
|
|
|
|
|
|
IPX Routing |
all |
base |
|
|
|
|
|
|
|
Learned Port Security (LPS) |
all |
base |
|
|
|
|
|
|
|
Link Aggregation (static & 802.3ad) |
all |
base |
|
|
|
|
|
|
|
Multicast Routing |
all |
base |
|
|
|
|
|
|
|
Multinetting |
all |
base |
|
|
|
|
|
|
|
NTP Client |
all |
base |
|
|
|
|
|
|
|
OSPFv2 |
all |
base |
|
|
|
|
|
|
|
Partitioned Switch Management |
all |
base |
|
|
|
|
|
|
|
Per-VLAN DHCP Relay |
all |
base |
|
|
|
|
|
|
|
PIM-SM |
all |
base |
|
|
PIM-SSM (Source-Specific Multicast) |
|
|
|
|
|
|
|
|
|
Policy Server Management |
all |
base |
|
|
|
|
|
|
|
Policy Based Routing (Permanent Mode) |
OS6850/OS9000 |
base |
|
|
|
|
|
|
|
Port Mapping |
all |
|
|
|
|
|
|
|
|
Port Mirroring (1:24) |
OS6800 |
base |
|
|
|
|
|
|
|
Port Monitoring |
all |
base |
|
|
|
|
|
|
|
Power over Ethernet (PoE) |
OS6850/OS9000 |
base |
|
|
|
|
|
|
|
Quality of Service (QoS) |
all |
base |
|
|
|
|
|
|
|
Redirection Policies |
OS6850/OS9000 |
base |
|
|
(Port and Link Aggregate) |
|
|
|
|
|
|
|
|
|
RMON |
all |
base |
|
|
|
|
|
|
|
Router Discovery Protocol (RDP) |
all |
base |
|
|
|
|
|
|
|
Routing Protocol Preference |
all |
base |
|
|
|
|
|
|
|
Secure Copy (SCP) |
all |
base |
|
|
|
|
|
|
|
Secure Shell (SSH) |
all |
base |
|
|
|
|
|
|
|
SSH Public Key Authentication |
all |
base |
|
|
|
|
|
|
|
sFlow |
OS6850/OS9000 |
base |
|
|
|
|
|
|
|
Smart Continuous Switching |
all |
base |
|
|
Hot Swap |
|
|
|
|
Management Module Failover |
|
|
|
|
Power Monitoring |
|
|
|
|
Redundancy |
|
|
|
|
|
|
|
|
|
SNMP |
all |
base |
|
|
|
|
|
|
|
Source Learning |
all |
base |
|
|
|
|
|
|
|
Software Rollback |
all |
base |
|
|
|
|
|
|
|
Spanning Tree |
all |
base |
|
|
|
|
|
|
|
Switch Logging |
all |
base |
|
|
|
|
|
|
page 14 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Feature |
Platform |
Software Package |
|
|
|
|
|
|
|
Text File Configuration |
all |
base |
|
|
|
|
|
|
|
User Definable Loopback Interface |
all |
base |
|
|
|
|
|
|
|
VLANs |
all |
base |
|
|
|
|
|
|
|
VRRP |
all |
base |
|
|
|
|
|
|
|
Web-Based Management (WebView) |
all |
base |
|
|
|
|
|
|
Feature Descriptions
802.1Q
Alcatel-Lucent’s 802.1Q is an IEEE standard for sending frames through the network tagged with VLAN identification. 802.1Q tagging is the IEEE version of VLANs. It is a method of segregating areas of a network into distinct VLANs. By attaching a label, or tag, to a packet, it can be identified as being from a specific area or identified as being destined for a specific area.
When a port is enabled to accept tagged traffic, by default both 802.1Q tagged and untagged traffic is automatically accepted on the port. Configuring the port to accept only tagged traffic is also supported.
802.1Q 2005 (MSTP)
802.1Q 2005 (Q2005) is a new version of Multiple Spanning Tree Protocol (MSTP) that is a combination of the 802.1D 2004 and 802.1S protocols. This implementation of Q2005 also includes improvements to edge port configuration and provides administrative control to restrict port role assignment and the propagation of topology change information through bridge ports.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series.
802.1W (RSTP) Default
The Rapid Spanning Tree Protocol (RSTP) is now the default Spanning Tree protocol for the OmniSwitch 6800/6850/9000 regardless of which mode (flat or 1x1) is active.
802.1x Device Classification (Access Guardian)
In addition to the authentication and VLAN classification of 802.1x clients (supplicants), this implementation of 802.1x secure port access extends this type of functionality to non-802.1x clients (non-suppli- cants). To this end device classification policies are introduced to handle both supplicant and nonsupplicant access to 802.1x ports.
Supplicant policies use 802.1x authentication via a remote RADIUS server and provide alternative methods for classifying supplicants if the authentication process either fails or does not return a VLAN ID.
Non-supplicant policies use MAC authentication via a remote RADIUS server or can bypass authentication and only allow strict assignment to specific VLANs. MAC authentication verifies the source MAC address of a non-supplicant device via a remote RADIUS server. Similar to 802.1x authentication, the switch sends RADIUS frames to the server with the source MAC address embedded in the username and password attributes.
Device Classification is supported on the OmniSwitch 6800 Series and OmniSwitch 6850 Series. The 6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 15 |
Software Supported
Access Control Lists (ACLs)
Access Control Lists (ACLs) are Quality of Service (QoS) policies used to control whether or not packets are allowed or denied at the switch or router interface. ACLs are sometimes referred to as filtering lists.
ACLs are distinguished by the kind of traffic they filter. In a QoS policy rule, the type of traffic is specified in the policy condition. The policy action determines whether the traffic is allowed or denied.
In general, the types of ACLs include:
•Layer 2 ACLs—for filtering traffic at the MAC layer. Usually uses MAC addresses or MAC groups for filtering.
•Layer 3/4 ACLs—for filtering traffic at the network layer. Typically uses IP addresses or IP ports for filtering; note that IPX filtering is not supported.
•Multicast ACLs—for filtering IGMP traffic.
Access Control Lists (ACLs) for IPv6
The 6.1.3.R01 release provides support for IPv6 ACLs on the OmniSwitch 6850 Series and OmniSwitch 9000 Series. The following QoS policy conditions are now available for configuring ACLs to filter IPv6 traffic:
source ipv6 destination ipv6 ipv6
nh (next header) flow-label
Note the following when using IPv6 ACLs:
•Trusted/untrusted behavior is the same for IPv6 traffic as it is for IPv4 traffic.
•IPv6 policies do not support the use of network groups, service groups, map groups, or MAC groups.
•IPv6 multicast policies are not supported.
•Anti-spoofing and other UserPorts profiles/filters do not support IPv6.
•The default (built-in) network group, “Switch”, only applies to IPv4 interfaces. There is no such group for IPv6 interfaces.
Note. IPv6 ACLs are not supported on A1 NI modules. Use the show ni command to verify the version of the NI module. Contact your Alcatel-Lucent support representative if you are using A1 boards.
ACL & Layer 3 Security
The following additional ACL features are available for improving network security and preventing malicious activity on the network:
•ICMP drop rules—Allows condition combinations in policies that will prevent user pings, thus reducing DoS exposure from pings. Two condition parameters are also available to provide more granular filtering of ICMP packets: icmptype and icmpcode.
page 16 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
•TCP connection rules—Allows the determination of an established TCP connection by examining TCP flags found in the TCP header of the packet. Two condition parameters are available for defining a TCP connection ACL: established and tcpflags.
•Early ARP discard—ARP packets destined for other hosts are discarded to reduce processing overhead and exposure to ARP DoS attacks. No configuration is required to use this feature, it is always available and active on the switch. Note that ARPs intended for use by a local subnet, AVLAN, and VRRP are not discarded.
•UserPorts—A port group that identifies its members as user ports to prevent spoofed IP traffic. When a port is configured as a member of this group, packets received on the port are dropped if they contain a source IP network address that does not match the IP subnet for the port.
•UserPorts Profile—In addition to spoofed traffic, it is also possible to configure a global UserPorts profile to specify additional types of traffic, such as BPDU, RIP, OSPF, and/or BGP, to monitor on user ports. The UserPorts profile also determines whether user ports will filter the unwanted traffic or will administratively shutdown when the traffic is received. Note that this profile only applies to those ports that are designated as members of the UserPorts port group.
•DropServices—A service group that improves the performance of ACLs that are intended to deny packets destined for specific TCP/UDP ports. This group only applies to ports that are members of the UserPorts group. Using the DropServices group for this function minimizes processing overhead, which otherwise could lead to a DoS condition for other applications trying to use the switch.
ACL Manager
The Access Control List Manager (ACLMAN) is a function of the Quality of Service (QoS) application that provides an interactive shell for using common industry syntax to create ACLs. Commands entered using the ACLMAN shell are interpreted and converted to Alcatel CLI syntax that is used for creating QoS filtering policies.
This implementation of ACLMAN also provides the following features:
•Importing of text files that contain common industry ACL syntax.
•Support for both standard and extended ACLs.
•Creating ACLs on a single command line.
•The ability to assign a name, instead of a number, to an ACL or a group of ACL entries.
•Sequence numbers for named ACL statements.
•Modifying specific ACL entries without having to enter the entire ACL each time to make a change.
•The ability to add and display ACL comments.
•ACL logging extensions to display Layer 2 through 4 packet information associated with an ACL.
ACLMAN is supported on the OmniSwitch 6850 Series. The 6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 17 |
Software Supported
Authenticated Switch Access
Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, or HTTP require authentication via the local user database or via a third-party server. The type of server may be an authentication-only mechanism or an authentication, authorization, and accounting (AAA) mechanism.
AAA servers are able to provide authorization for switch management users as well as authentication. (They also may be used for accounting.) User login information and user privileges may be stored on the servers. In addition to the Remote Authentication Dial-In User Service (RADIUS) and Lightweight Directory Access Protocol (LDAP) servers, using a Terminal Access Controller Access Control System (TACACS+) server is now supported with the 6.1.3.R01 release.
Authentication-only servers are able to authenticate users for switch management access, but authorization (or what privileges the user has after authenticating) are determined by the switch. Authenticationonly servers cannot return user privileges to the switch. The authentication-only server supported by the switch is ACE/Server, which is a part of RSA Security’s SecurID product suite. RSA Security’s ACE/ Agent is embedded in the switch.
By default, switch management users may be authenticated through the console port via the local user database. If external servers are configured for other management interfaces but the servers become unavailable, the switch will poll the local user database for login information if the switch is configured for local checking of the user database. The database includes information about whether or not a user is able to log into the switch and what kinds of privileges or rights the user has for managing the switch.
Authenticated VLANs
Authenticated VLANs control user access to network resources based on VLAN assignment and a user log-in process; the process is sometimes called user authentication or Layer 2 Authentication. (Another type of security is device authentication, which is set up through the use of port-binding VLAN policies or static port assignment.) The number of possible AVLAN users is 1048.
Layer 2 Authentication is different from Authenticated Switch Access, which is used to grant individual users access to manage the switch.
The Mac OS X 10.3.x is supported for AVLAN web authentication using JVM-v1.4.2.
Automatic VLAN Containment (AVC)
In an 802.1s Multiple Spanning Tree (MST) configuration, it is possible for a port that belongs to a VLAN, which is not a member of an instance, to become the root port for that instance. This can cause a topology change that could lead to a loss of connectivity between VLANs/switches. Enabling Automatic VLAN Containment (AVC) helps to prevent this from happening by making such a port an undesirable choice for the root.
When AVC is enabled, it identifies undesirable ports and automatically configures them with an infinite path cost value.
Balancing VLANs across links according to their Multiple Spanning Tree Instance (MSTI) grouping is highly recommended to ensure that there is not a loss of connectivity during any possible topology changes. Enabling AVC on the switch is another way to prevent undesirable ports from becoming the root for an MSTI.
page 18 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
Basic IPv4 Routing
Internet Protocol (IP) is a network-layer (Layer 3) protocol that contains addressing and control information that allow packets to be forwarded on a network. IP is the primary network-layer protocol in the Internet protocol suite. Along with the Transmission Control Protocol (TCP), IP represents the heart of the Internet protocols. IP is associated with several Layer 3 and Layer 4 protocols. These protocols are built into the base code loaded on the switch and they include:
•Transmission Control Protocol (TCP)
•User Datagram Protocol (UDP)
•Bootstrap Protocol (BOOTP)/Dynamic Host Configuration Protocol (DHCP)
•Simple Network Management Protocol (SNMP)
•Telnet
•File Transfer Protocol (FTP)
•Address Resolution Protocol (ARP)
•Internet Control Message Protocol (ICMP)
•RIP I / RIP II
The base IP software allows one to configure an IP router interface, static routes, a default route, the Address Resolution Protocol (ARP), the router primary address, the router ID, the Time-to-Live (TTL) Value, IP-directed broadcasts, and the Internet Control Message Protocol (ICMP). In addition, this software allows one to trace an IP route, display Transmission Control Protocol (TCP) information, and display User Datagram Protocol (UDP) information.
OmniSwitch 9000 supports hardware routing/flooding to static arp with multicast MAC address.
Note. The switch operates only in single MAC router mode. In this mode, each router VLAN is assigned the same MAC address, which is the base chassis MAC address for the switch.
BGP4
The Border Gateway Protocol (BGP) is an exterior routing protocol that guarantees the loop-free exchange of routing information between autonomous systems. There are three versions of the BGP protocol— versions 2, 3, and 4. The Alcatel-Lucent implementation supports BGP version 4 as defined in RFC 1771.
The Alcatel-Lucent implementation of BGP is designed for enterprise networks, specifically for border routers handling a public network connection, such as the organization’s Internet Service Provider (ISP) link. Up to 65,000 route table entries and next hop routes can be supported by BGP.
BGP Graceful Restart
BGP Graceful Restart is now supported and is enabled by default. On OmniSwitch devices in a redundant CMM configuration, during a CMM takeover/failover, interdomain routing is disrupted. Alcatel-Lucent Operating System BGP needs to retain forwarding information and also help a peering router performing a BGP restart to support continuous forwarding for inter-domain traffic flows by following the BGP graceful restart mechanism.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 19 |
Software Supported
BPDU Shutdown Ports
It is possible to configure a global UserPorts profile, as described in “ACL & Layer 3 Security”, to monitor BPDU on user ports. Such a profile also determines whether user ports will filter BPDU or will administratively shutdown when BPDU are received on the port. Note that this functionality only applies to ports that are designated as members of the UserPorts port group.
A port configured to administratively shutdown when BPDU are detected will generate an inferior BPDU every 5 seconds. This will prevent loops in the network if two BPDU shutdown ports are accidentally bridged together either through an external loop or through a hub, since both ports would be receiving inferior BPDUs.
Command Line Interface (CLI)
Alcatel-Lucent’s command line interface (CLI) is a text-based configuration interface that allows you to configure switch applications and to view switch statistics. Each CLI command applicable to the switch is defined in the CLI Reference guide. All command descriptions listed in the Reference Guide include command syntax definitions, defaults, usage guidelines, example screen output, and release history.
The CLI uses single-line text commands that are similar to other industry standard switch interfaces.
DHCP Relay
DHCP Relay allows you to forward DHCP broadcast requests to configurable DHCP server IP address in a routing environment.
DHCP Relay is configured using the IP helper set of commands.
DHCP Option-82 (Relay Agent Information Option)
The DHCP Option-82 feature enables the relay agent to insert identifying information into client-origi- nated DHCP packets before the packets are forwarded to the DHCP server. The implementation of this feature is based on the functionality defined in RFC 3046.
When DHCP Option-82 is enabled, communications between a DHCP client and a DHCP server are authenticated by the relay agent. To accomplish this task, the agent adds Option-82 data to the end of the options field in DHCP packets sent from a client to a DHCP server.
If the relay agent receives a DHCP packet from a client that already contains Option-82 data, the packet is dropped by default. However, it is possible to configure a DHCP Option-82 policy that directs the relay agent to drop, keep, or replace the existing Option-82 data and then forward the packet to the server.
DHCP Option-82 is supported on the OmniSwitch 6800 Series and OmniSwitch 6850 Series. The 6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series.
DHCP Snooping
DHCP Snooping improves network security by filtering DHCP packets received from devices outside the network and building and maintaining a binding table (database) to log DHCP client access information. There are two levels of operation available for the DHCP Snooping feature: switch level or VLAN level.
To identify DHCP traffic that originates from outside the network, DHCP Snooping categorizes ports as either trusted or untrusted. A port is trusted if it is connected to a device inside the network, such as a DHCP server. A port is untrusted if it is connected to a device outside the network, such as a customer switch or workstation. The port trust mode is also configurable through the CLI.
Additional DHCP Snooping functionality includes the following:
page 20 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
•Traffic Suppression—Prevents the flooding of DHCP packets on the default VLAN for a DHCP Snooping port. Note that enabling traffic suppression on a port will prevent DHCP traffic between a DHCP server and client that belong to the same VLAN domain.
•IP Source Filtering—Restricts DHCP Snooping port traffic to only packets that contain the client source MAC address and IP address obtained from the DHCP lease information. The DHCP Snooping binding table is used to verify the client lease information for the port that is enabled for IP source filtering.
•Rate Limiting—Limits the number of DHCP packets on a port. This functionality is provided using the QoS application to configure ACLs for the port.
DHCP Snooping is supported on the OmniSwitch 6800 Series and OmniSwitch 6850 Series. The 6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series.
DNS Client
A Domain Name System (DNS) resolver is an internet service that translates host names into IP addresses. Every time you enter a host name, a DNS service must look up the name on a server and resolve the name to an IP address. You can configure up to three domain name servers that will be queried in turn to resolve the host name. If all servers are queried and none can resolve the host name to an IP address, the DNS fails. If the DNS fails, you must either enter an IP address in place of the host name or specify the necessary lookup tables on one of the specified servers.
Dynamic VLAN Assignment (Mobility)
Dynamic assignment applies only to mobile ports and requires the additional configuration of VLAN rules. When traffic is received on a mobile port, the packets are examined to determine if their content matches any VLAN rules configured on the switch. Rules are defined by specifying a port, MAC address, protocol, network address, binding, or DHCP criteria to capture certain types of network device traffic. It is also possible to define multiple rules for the same VLAN. A mobile port is assigned to a VLAN if its traffic matches any one VLAN rule.
DVMRP
Distance Vector Multicast Routing Protocol (DVMRP) is a dense-mode multicast routing protocol. DVMRP—which is essentially a “broadcast and prune” routing protocol—is designed to assist routers in propagating IP multicast traffic through a network. DVMRP works by building per-source broadcast trees based on routing exchanges, then dynamically creating per-source, group multicast delivery trees by pruning the source’s truncated broadcast tree.
End User Partitioning (EUPM)
EUPM is used for customer login accounts that are configured with end-user profiles (rather than functional privileges specified by partitioned management). Profiles specify command areas as well as VLAN and/or port ranges to which the user has access. These profiles are typically used for end users rather than network administrators.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 21 |
Software Supported
Ethernet Interfaces
Ethernet and Gigabit Ethernet port software is responsible for a variety of functions that support Ethernet, Gigabit, and 10 Gigabit Ethernet ports. These functions include initialization of ports, notifying other software modules when a port goes down, configuration of basic line parameters, gathering of statistics for Ethernet and Gigabit Ethernet ports, and responding to administrative enable/disable requests.
Configurable parameters include: autonegotiation (copper ports 10/100/1000), trap port link messages, flood control, line speed, duplex mode, inter-frame gap, resetting statistics counters, and maximum and peak flood rates.
Flood control is configurable on ingress interfaces (flood rate and including/excluding multicast).
Generic UDP Relay
In addition to BOOTP/DHCP relay, generic UDP relay is available. Using generic UDP relay, traffic destined for well-known service ports (e.g., NBNS/NBDD, DNS, TFTP, and TACACS) or destined for a user-defined service port can be forwarded to a maximum of 256 VLANs on the switch.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series.
Health Statistics
To monitor resource availability, the NMS (Network Management System) needs to collect significant amounts of data from each switch. As the number of ports per switch (and the number of switches) increases, the volume of data can become overwhelming. The Health Monitoring feature can identify and monitor a switch’s resource utilization levels and thresholds, improving the efficiency in data collection.
Health Monitoring provides the following data to the NMS:
•Switch-level input/output, memory and CPU utilization levels
•Module-level and port-level input/output utilization levels For each monitored resource, the following variables are defined:
•Most recent utilization level (percentage)
•Average utilization level over the last minute (percentage)
•Average utilization level over the last hour (percentage)
•Maximum utilization level over the last hour (percentage)
•Threshold level
Additionally, Health Monitoring provides the capacity to specify thresholds for the resource utilization levels it monitors, and generates traps based on the specified threshold criteria.
HTTP/HTTPS Port Configuration
The default HTTP port and the default Secure HTTP (HTTPS) port can be configured for the embedded Web server in the switch.
page 22 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
Interswitch Protocol (AMAP)
Alcatel-Lucent Interswitch Protocols (AIP) are used to discover adjacent switches and retain mobile port information across switches. By default, AMAP is enabled.
Alcatel-Lucent Mapping Adjacency Protocol (AMAP) is used to discover the network topology of Alca- tel-Lucent switches in a particular installation. Using this protocol, each switch determines which switches are adjacent to it by sending and responding to Hello update packets. For the purposes of AMAP, adjacent switches are those that:
•Have a Spanning Tree path between them
•Do not have any switch between them on the Spanning Tree path that has AMAP enabled
IP DoS Enhancements
By default, the switch filters the following denial of service (DoS) attacks, which are security attacks aimed at devices that are available on a private network or the Internet:
•ARP Flood Attack - OS6800/OS6850/OS9000
•Invalid IP Attack - OS6850/OS9000
•Multicast IP and MAC Address Mismatch - OS6850/OS9000
•Ping Overload - OS6850/OS9000
•Packets with loopback source IP address - OS6850/OS9000
The 6.1.3.R01 release provides support for these enhancements on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series as noted above.
IP Multicast Switching (IPMS)
IP Multicast Switching is a one-to-many communication technique employed by emerging applications such as video distribution, news feeds, conferencing, netcasting, and resource discovery (OSPF, RIP2, and BOOTP). Unlike unicast, which sends one packet per destination, multicast sends one packet to all devices in any subnetwork that has at least one device requesting the multicast traffic. Multicast switching also requires much less bandwidth than unicast techniques and broadcast techniques since the source hosts only send one data stream to the ports on which destination hosts that request it are attached.
Destination hosts signal their intent to receive a specific multicast stream by sending a request to do so to a nearby switch using Internet Group Management Protocol (IGMP). The switch then learns on which ports multicast group subscribers are attached and can intelligently deliver traffic only to the respective ports. This mechanism is often referred to as IGMP snooping (or IGMP gleaning). Alcatel-Lucent’s implementation of IGMP snooping is called IP Multicast Switching (IPMS). IPMS allows OmniSwitch 9000 Series switches to efficiently deliver multicast traffic in hardware at wire speed.
Both IGMP version 3 (IGMPv3), which handles forwarding by source IP address and IP multicast destination, and IGMP version 2 (IGMPv2), which handles forwarding by IP multicast destination address only, are supported. IPMS is supported on IPv4 and IPv6 (MLD) on the OmniSwitch 6850 Series and OmniSwitch 9000 Series. The OmniSwitch 6800 Series only supports IPMS for IPv4.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 23 |
Software Supported
IP Multicast Switching (IPMS) - Proxying
IP multicast proxying and configuring the IGMP and MLD unsolicited report interval are now available with this implementation of IPMS. Proxying enables the aggregation of IGMP and MLD group membership information and the reduction in reporting queriers. The unsolicited report interval refers to the time period in which to proxy any changed IGMP membership state.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series. IPv6 IPMS Proxying is not supported on the OmniSwitch 6800 Series.
IP Route Map Redistribution
Route map redistribution provides the ability to control which routes from a source protocol are learned and distributed into the network of a destination protocol. A route map consists of one or more userdefined statements that can determine which routes are allowed or denied access to the network. In addition, a route map may also contain statements that modify route parameters before they are redistributed.
Redistribution is configured by specifying a source and destination protocol and the name of an existing route map. Criteria specified in the route map is applied to routes received from the source protocol.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series.
IPv6 (NPD)
IPv6 (documented in RFC 2460) is designed as a successor to IPv4. The changes from IPv4 to IPv6 fall primarily into the following categories:
•Address size increased from 32 bits (IPv4) to 128 bits (IPv6)
•Dual Stack IPv4/IPv6
•ICMPv6
•Neighbor Discovery
•Stateless Autoconfiguration
•RIPng
•Static Routes
•Tunneling: Configured and 6-to-4 dynamic tunneling
•Ping, traceroute
•FTP and Telnet servers
•DNS client using Authority records
OmniSwitch 9000 switches support hardware-based IPv6 routing.
Note. The switch operates only in single MAC router mode. In this mode, each router VLAN is assigned the same MAC address, which is the base chassis MAC address for the switch
page 24 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Software Supported
IPX Routing
The Internet Packet Exchange (IPX) protocol, developed by Novell for NetWare, is a Layer 3 protocol used to route packets through IPX networks. (NetWare is Novell’s network server operating system.) This implementation of IPX routing is software based with limited performance.
IPX specifies a connectionless datagram similar to the IP packet of TCP/IP networks. An IPX network address consists of two parts: a network number and a node number. The IPX network number is assigned by the network administrator. The node number is the Media Access Control (MAC) address for a network interface in the end node.
L2 DHCP Snooping
By default, DHCP broadcasts are flooded on the default VLAN for the client/server port. If the DHCP client and server are both members of the same VLAN domain, the broadcast packets from these sources are bridged as Layer 2 traffic and not processed by the relay agent. As a result, any active relay agent features (e.g., information Option-82, DHCP Snooping) are not applied to this type of DHCP traffic. The DHCP Relay application has a traffic suppression feature that suppresses the broadcast of DHCP packets and forwards these packets to the relay agent for processing.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series.
L2 MAC Address Table Size Enhancement
There are now two source learning modes available for the OmniSwitch 9000 Series switches: synchronized and distributed. By default the switch runs in the synchronized mode, which allows a total MAC address tables size of 16K per chassis. Enabling the distributed mode for the switch increases the table size to 16K per module and up to 64K per OmniSwitch 9000 chassis.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 9000 Series; increasing the MAC address table size is not supported on the OmniSwitch 6800 Series and OmniSwitch 6850 Series.
L2 Static Multicast Addresses
Static multicast MAC addresses are used to send traffic intended for a single destination multicast MAC address to multiple switch ports within a given VLAN. A static multicast address is assigned to one or more switch ports for a given VLAN. The ports associated with the multicast address are then identified as egress ports. When traffic received on ports within the same VLAN is destined for the multicast address, the traffic is forwarded on the egress ports that are associated with the multicast address.
One of the benefits of using static multicast addresses is that multicast traffic is switched in hardware and no longer subject to flood limits on broadcast traffic.
The 6.1.3.R01 release provides support for this feature on the OmniSwitch 6800 Series, OmniSwitch 6850 Series, and OmniSwitch 9000 Series.
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
page 25 |
Software Supported
Learned Port Security (LPS)
Learned Port Security (LPS) provides a mechanism for authorizing source learning of MAC addresses on 10/100/1000, Gigabit, and Gigabit Ethernet ports. Using LPS to control source MAC address learning provides the following benefits:
•A configurable source learning time limit that applies to all LPS ports.
•A configurable limit on the number of MAC addresses allowed on an LPS port.
•Dynamic configuration of a list of authorized source MAC addresses.
•Static configuration of a list of authorized source MAC addresses.
•Two methods for handling unauthorized traffic: Shutting down the port or only blocking traffic that violates LPS criteria.
LPS has the following limitations:
•You cannot configure LPS on 10 Gigabit ports.
•You cannot configure LPS on link aggregate ports.
Link Aggregation (static & 802.3ad)
Alcatel-Lucent’s link aggregation software allows you to combine several physical links into one large virtual link known as a link aggregation group. Using link aggregation can provide the following benefits:
•Scalability. You can configure up to 32 link aggregation groups that can consist of 2, 4, or 8 Ethernetports.
•Reliability. If one of the physical links in a link aggregate group goes down, the link aggregate group can still operate.
•Ease of Migration. Link aggregation can ease the transition from a Gigabit Ethernet backbone to a 10 Gigabit Ethernet backbone.
•Interoperability with Legacy Switches. Static link aggregation can interoperate with OmniChannel on legacy switches.
Alcatel’s link aggregation software allows you to configure the following two different types of link aggregation groups:
•Static link aggregate groups
•Dynamic (802.3ad) link aggregate groups
Multicast Routing
The OmniSwitch 9000 switches support multicast routing on IPv4 and includes configuration options for multicast address boundaries, the Distance Vector Multicast Routing Protocol (DVMRP), and ProtocolIndependent Multicast (PIM).
Multicast traffic consists of a data stream that originates from a single source and is sent to hosts that have subscribed to that stream. Live video broadcasts, video conferencing, corporate communications, distance learning, and distribution of software, stock quotes, and news services are examples of multicast traffic.
Multicast traffic is distinguished from unicast traffic and broadcast traffic.
page 26 |
OmniSwitch 6800/6850/9000—Release 6.1.3.R01 |
Loading...