Alcatel-Lucent OMNISTACK 6300 User Manual

Part No. 060191-10, Rev. B April 2004

OmniStack® 6300-24

Users Guide

An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support. You’ll also receive regular software updates to maintain and maximize your Alcatel product’s features and functionality and on-site hardware replacement through our global network of highly qualified service delivery partners. Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page, you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel’s Service Programs, see our web page at www.ind.alcatel.com, call us at 1-800-995-2696, or email us at support@ind.alcatel.com.

This Manual documents OmniStack 6300-24 hardware and software.

The functionality described in this Manual is subject to change without notice.

Alcatel France. OmniSwitch Omni Switch/Router™, SwitchExpert Inc. All other brand and product names are trademarks of their respective companies.

and the Alcatel logo are registered trademarks of Compagnie Financiére Alcatel, Paris,

and OmniStack® are registered trademarks of Alcatel Internetworking, Inc.

, the Xylan logo are trademarks of Alcatel Internetworking,

26801 West Agoura Road

Calabasas, CA 91301

(818) 880-3500 FAX (818) 880-3505

info@ind.alcatel.com

US Customer Support-(800) 995-2696

International Customer Support-(818) 878-4507

Internet-http://eservice.ind.alcatel.com

This equipment has been tested and found to comply with the limits for Class A digital

Warning

device pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions in this guide, may cause interference to radio communications. Operation of this equipment in a residential area is likely to cause interference, in which case the user will be required to correct the interference at his own expense.

The user is cautioned that changes and modifications made to the equipment without approval of the manufacturer could void the user’s authority to operate this equipment. It is suggested that the user use only shielded and grounded cables to ensure compliance with FCC Rules.

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the radio interference regulations of the Canadian department of communications.

Le present appareil numerique níemet pas de bruits radioelectriques depassant les limites applicables aux appareils numeriques de la Class A prescrites dans le reglement sur le brouillage radioelectrique edicte par le ministere des communications du Canada.

Chapter 1: Introduction 1-1

Key Features 1-1 Description of Software Features 1-2 System Defaults 1-5

Chapter 2: Initial Configuration 2-1

Connecting to the Switch 2-1

Configuration Options 2-1 Required Connections 2-2 Remote Connections 2-3

Basic Configuration 2-3

Console Connection 2-3 Setting Passwords 2-4 Setting an IP Address 2-4

Manual Configuration 2-4 Dynamic Configuration 2-5

Enabling SNMP Management Access 2-6

Community Strings 2-6 Trap Receivers 2-7

Saving Configuration Settings 2-7

Managing System Files 2-8

Chapter 3: Configuring the Switch 3-1

Using the Web Interface 3-1 Navigating the Web Browser Interface 3-2

Home Page 3-2 Configuration Options 3-2 Panel Display 3-3 Main Menu 3-3

Basic Configuration 3-8

Displaying System Information 3-8 Displaying Switch Hardware/Software Versions 3-10 Displaying Bridge Extension Capabilities 3-11 Setting the Switch’s IP Address 3-12

Manual Configuration 3-13

Using DHCP/BOOTP 3-14 Enabling Jumbo Frames 3-15 Managing Firmware 3-15

Downloading System Software from a Server 3-16 Saving or Restoring Configuration Settings 3-17

Downloading Configuration Settings from a Server 3-17 Console Port Settings 3-18

Contents

Telnet Settings 3-21

Configuring Event Logging 3-23

System Logs 3-23 System Logs Configuration 3-24 Remote Logs Configuration 3-25 Sending Simple Mail Transfer Protocol Alerts 3-27 Resetting the System 3-29 Setting the System Clock 3-29

Configuring SNTP 3-30 Setting the Time Zone 3-31

Simple Network Management Protocol 3-31

Enabling SNMP 3-33 Setting Community Access Strings 3-33 Specifying Trap Managers and Trap Types 3-34 Configuring SNMPv3 Management Access 3-35

Setting an Engine ID 3-35 Configuring SNMPv3 Users 3-36 Configuring SNMPv3 Groups 3-38 Setting SNMPv3 Views 3-40

User Authentication 3-41

Configuring the Logon Password 3-41 Configuring Local/Remote Logon Authentication 3-42 Configuring HTTPS 3-45

Replacing the Default Secure-site Certificate 3-46

Configuring the Secure Shell 3-47

Generating the Host Key Pair 3-49

Configuring the SSH Server 3-51 Configuring Port Security 3-52 Configuring 802.1x Port Authentication 3-54

Displaying 802.1x Global Settings 3-55

Configuring 802.1x Global Settings 3-57

Configuring Port Authorization Mode 3-58

Displaying 802.1x Statistics 3-59

Access Control Lists 3-61

Configuring Access Control Lists 3-61

Setting the ACL Name and Type 3-62

Configuring a Standard IP ACL 3-62

Configuring an Extended IP ACL 3-63

Configuring a MAC ACL 3-66 Configuring ACL Masks 3-68

Specifying the Mask Type 3-68

Configuring an IP ACL Mask 3-69

Configuring a MAC ACL Mask 3-71 Binding a Port to an Access Control List 3-72

Filtering IP Addresses for Management Access 3-73

Contents

Port Configuration 3-75

Displaying Connection Status 3-75 Configuring Interface Connections 3-77 Creating Trunk Groups 3-79

Statically Configuring a Trunk 3-80 Enabling LACP on Selected Ports 3-81 Configuring LACP Parameters 3-83 Displaying LACP Port Counters 3-85 Displaying LACP Settings and Status for the Local Side 3-86

Displaying LACP Settings and Status for the Remote Side 3-88 Setting Broadcast Storm Thresholds 3-90 Configuring Port Mirroring 3-91 Configuring Rate Limits 3-92 Showing Port Statistics 3-93

Alcatel Mapping Adjacency Protocol (AMAP) 3-98

Configuring AMAP 3-98 Displaying AMAP Detected Devices 3-99

Address Table Settings 3-100

Setting Static Addresses 3-100 Displaying the Address Table 3-101 Changing the Aging Time 3-102

Spanning Tree Algorithm Configuration 3-103

Displaying Global Settings 3-104 Configuring Global Settings 3-107 Displaying Interface Settings 3-111 Configuring Interface Settings 3-114 Configuring Multiple Spanning Trees 3-116 Displaying Interface Settings for MSTP 3-119 Configuring Interface Settings for MSTP 3-121

VLAN Configuration 3-122

Overview 3-122

Assigning Ports to VLANs 3-123

Forwarding Tagged/Untagged Frames 3-125 Enabling or Disabling GVRP (Global Setting) 3-125 Displaying Basic VLAN Information 3-126 Displaying Current VLANs 3-127 Creating VLANs 3-129 Adding Static Members to VLANs (VLAN Index) 3-130 Adding Static Members to VLANs (Port Index) 3-132 Configuring VLAN Behavior for Interfaces 3-133 Configuring Private VLANs 3-135

Enabling Private VLANs 3-135

Configuring Uplink and Downlink Ports 3-136 Configuring Protocol-Based VLANs 3-136

Configuring Protocol Groups 3-137

vii

Contents

Mapping Protocols to VLANs 3-137

Class of Service Configuration 3-139

Setting the Default Priority for Interfaces 3-139 Mapping CoS Values to Egress Queues 3-141 Selecting the Queue Mode 3-143 Setting the Service Weight for Traffic Classes 3-143 Mapping Layer 3/4 Priorities to CoS Values 3-145 Selecting IP Precedence/DSCP Priority 3-145 Mapping IP Precedence 3-146 Mapping DSCP Priority 3-147 Mapping IP Port Priority 3-149 Mapping CoS Values to ACLs 3-150 Changing Priorities Based on ACL Rules 3-151

Quality of Service 3-153

Configuring Quality of Service Parameters 3-153 Configuring a Class Map 3-154 Creating QoS Policies 3-156 Attaching a Policy Map to Ingress and Egress Queues 3-159

Multicast Filtering 3-160

Layer 2 IGMP (Snooping and Query) 3-160

Configuring IGMP Snooping and Query Parameters 3-161 Displaying Interfaces Attached to a Multicast Router 3-162 Specifying Static Interfaces for a Multicast Router 3-163 Displaying Port Members of Multicast Services 3-164 Assigning Ports to Multicast Services 3-165

Configuring Domain Name Service 3-166

Configuring General DNS Server Parameters 3-167 Configuring Static DNS Host to Address Entries 3-169 Displaying the DNS Cache 3-171

Chapter 4: Command Line Interface 4-1

Using the Command Line Interface 4-1

Accessing the CLI 4-1 Console Connection 4-1 Telnet Connection 4-1

Entering Commands 4-3

Keywords and Arguments 4-3 Minimum Abbreviation 4-3 Command Completion 4-3 Getting Help on Commands 4-3

Showing Commands 4-4 Partial Keyword Lookup 4-5 Negating the Effect of Commands 4-5 Using Command History 4-5

viii

Contents

Understanding Command Modes 4-5 Exec Commands 4-6 Configuration Commands 4-6

Command Line Processing 4-7 Command Groups 4-9 Line Commands 4-10

line 4-10

password 4-12

timeout login response 4-13

exec-timeout 4-14

password-thresh 4-14

silent-time 4-15

databits 4-16

parity 4-16

speed 4-17

stopbits 4-17

disconnect 4-18

show line 4-18 General Commands 4-19

enable 4-19

disable 4-20

configure 4-20

show history 4-21

reload 4-22

end 4-22

exit 4-22

quit 4-23 System Management Commands 4-23

Device Designation Commands 4-24

prompt 4-24 hostname 4-25

User Access Commands 4-25

username 4-25 enable password 4-26

IP Filter Commands 4-27

management 4-27 show management 4-28

Web Server Commands 4-29

ip http port 4-29 ip http server 4-30 ip http secure-server 4-30 ip http secure-port 4-31

Secure Shell Commands 4-32

ip ssh server 4-34

Contents

ip ssh timeout 4-35 ip ssh authentication-retries 4-36 ip ssh server-key size 4-36 delete public-key 4-37 ip ssh crypto host-key generate 4-37 ip ssh crypto zeroize 4-38 ip ssh save host-key 4-38 show ip ssh 4-39 show ssh 4-39 show public-key 4-40

Event Logging Commands 4-41

logging on 4-41 logging history 4-42 logging host 4-43 logging facility 4-43 logging trap 4-44 clear logging 4-44 show logging 4-45

SMTP Alert Commands 4-46

logging sendmail host 4-47 logging sendmail level 4-47 logging sendmail source-email 4-48 logging sendmail destination-email 4-48 logging sendmail 4-49 show logging sendmail 4-49

Time Commands 4-50

sntp client 4-50 sntp server 4-51 sntp poll 4-52 show sntp 4-52 clock timezone 4-53 calendar set 4-53 show calendar 4-54

System Status Commands 4-54

show startup-config 4-54 show running-config 4-57 show system 4-59 show users 4-60 show version 4-60

Frame Size Commands 4-61

jumbo frame 4-61

Flash/File Commands 4-62

copy 4-62 delete 4-64 dir 4-65

Contents

whichboot 4-66

boot system 4-66 Authentication Commands 4-67

Authentication Sequence 4-67

authentication login 4-68 authentication enable 4-69

RADIUS Client 4-70

radius-server host 4-70 radius-server port 4-70 radius-server key 4-71 radius-server retransmit 4-71 radius-server timeout 4-72 show radius-server 4-72

TACACS+ Client 4-73

tacacs-server host 4-73 tacacs-server port 4-73 tacacs-server key 4-74 show tacacs-server 4-74

Port Security Commands 4-75

port security 4-75

802.1x Port Authentication 4-76 authentication dot1x default 4-77 dot1x default 4-77 dot1x max-req 4-78 dot1x port-control 4-78 dot1x operation-mode 4-79 dot1x re-authenticate 4-79 dot1x re-authentication 4-80 dot1x timeout quiet-period 4-80 dot1x timeout re-authperiod 4-80 dot1x timeout tx-period 4-81 show dot1x 4-81

Access Control List Commands 4-83

IP ACLs 4-85

access-list ip 4-85 permit, deny (Standard ACL) 4-86 permit, deny (Extended ACL) 4-87 show ip access-list 4-89 access-list ip mask-precedence 4-89 mask (IP ACL) 4-90 show access-list ip mask-precedence 4-93 ip access-group 4-94 show ip access-group 4-94 map access-list ip 4-95 show map access-list ip 4-96

Contents

match access-list ip 4-96 show marking 4-97

MAC ACLs 4-98

access-list mac 4-98 permit, deny (MAC ACL) 4-99 show mac access-list 4-100 access-list mac mask-precedence 4-101 mask (MAC ACL) 4-102 show access-list mac mask-precedence 4-104 mac access-group 4-104 show mac access-group 4-105 map access-list mac 4-105 show map access-list mac 4-106 match access-list mac 4-106

ACL Information 4-107

show access-list 4-107 show access-group 4-108

SNMP Commands 4-108

snmp-server community 4-109 snmp-server contact 4-110 snmp-server location 4-110 snmp-server host 4-111 snmp-server enable traps 4-112 show snmp 4-113 snmp-server 4-114 snmp-server engine-id 4-114 show snmp engine-id 4-115 snmp-server view 4-115 show snmp view 4-116 snmp-server group 4-117 show snmp group 4-117 snmp-server user 4-119 show snmp user 4-119

DHCP Commands 4-120

DHCP Client 4-120

ip dhcp client-identifier 4-120 ip dhcp restart client 4-121

DNS Commands 4-122

ip host 4-122 clear host 4-123 ip domain-name 4-123 ip domain-list 4-124 ip name-server 4-125 ip domain-lookup 4-126 show hosts 4-127

xii

Contents

show dns 4-127 show dns cache 4-128 clear dns cache 4-128

Interface Commands 4-129

interface 4-130 description 4-131 speed-duplex 4-131 negotiation 4-132 capabilities 4-133 flowcontrol 4-134 combo-forced-mode 4-135 shutdown 4-135 switchport broadcast packet-rate 4-136 clear counters 4-137 show interfaces status 4-138 show interfaces counters 4-139 show interfaces switchport 4-140

Mirror Port Commands 4-141

port monitor 4-141 show port monitor 4-142

AMAP Configuration 4-143

amap enable 4-144 amap run 4-144 amap discovery timer 4-144 amap common timer 4-145 show amap 4-145

Rate Limit Commands 4-146

rate-limit 4-146

Link Aggregation Commands 4-147

channel-group 4-148 lacp 4-149 lacp system-priority 4-150 lacp admin-key (Ethernet Interface) 4-151 lacp admin-key (Port Channel) 4-152 lacp port-priority 4-153 show lacp 4-153

Address Table Commands 4-157

mac-address-table static 4-157 clear mac-address-table dynamic 4-158 show mac-address-table 4-158 mac-address-table aging-time 4-159 show mac-address-table aging-time 4-160

Spanning Tree Commands 4-160

spanning-tree 4-161 spanning-tree mode 4-162

xiii

Contents

spanning-tree forward-time 4-163 spanning-tree hello-time 4-164 spanning-tree max-age 4-164 spanning-tree priority 4-165 spanning-tree pathcost method 4-166 spanning-tree transmission-limit 4-166 spanning-tree mst-configuration 4-167 mst vlan 4-167 mst priority 4-168 name 4-169 revision 4-169 max-hops 4-170 spanning-tree spanning-disabled 4-171 spanning-tree cost 4-171 spanning-tree port-priority 4-172 spanning-tree edge-port 4-172 spanning-tree portfast 4-173 spanning-tree link-type 4-174 spanning-tree mst cost 4-175 spanning-tree mst port-priority 4-176 spanning-tree protocol-migration 4-176 show spanning-tree 4-177 show spanning-tree mst configuration 4-178

VLAN Commands 4-179

Editing VLAN Groups 4-179

vlan database 4-180 vlan 4-180

Configuring VLAN Interfaces 4-181

interface vlan 4-181 switchport mode 4-182 switchport acceptable-frame-types 4-183 switchport ingress-filtering 4-183 switchport native vlan 4-184 switchport allowed vlan 4-185 switchport forbidden vlan 4-186

Displaying VLAN Information 4-187

show vlan 4-187

Configuring Protocol-based VLANs 4-187

protocol-vlan protocol-group (Configuring Groups) 4-188 protocol-vlan protocol-group (Configuring Interfaces) 4-189 show protocol-vlan protocol-group 4-190 show interfaces protocol-vlan protocol-group 4-190

Configuring Private VLANs 4-191

pvlan 4-191 show pvlan 4-192

xiv

Contents

GVRP and Bridge Extension Commands 4-192

bridge-ext gvrp 4-193 show bridge-ext 4-193 switchport gvrp 4-194 show gvrp configuration 4-194 garp timer 4-195 show garp timer 4-196

Priority Commands 4-197

Priority Commands (Layer 2) 4-197

switchport priority default 4-197 queue mode 4-198 queue bandwidth 4-199 queue cos-map 4-200 show queue mode 4-201 show queue bandwidth 4-201 show queue cos-map 4-202

Priority Commands (Layer 3 and 4) 4-202

map ip port (Global Configuration) 4-203 map ip port (Interface Configuration) 4-203 map ip precedence (Global Configuration) 4-204 map ip precedence (Interface Configuration) 4-204 map ip dscp (Global Configuration) 4-205 map ip dscp (Interface Configuration) 4-206 map access-list ip 4-207 show map ip port 4-208 show map ip precedence 4-208 show map ip dscp 4-209

Quality of Service Commands 4-210

class-map 4-211 match 4-212 policy-map 4-213 class 4-214 set 4-214 police 4-215 service-policy 4-216 show class-map 4-216 show policy-map 4-217 show policy-map interface 4-217

Multicast Filtering Commands 4-218

IGMP Snooping Commands 4-218

ip igmp snooping 4-218 ip igmp snooping vlan static 4-219 ip igmp snooping version 4-220 show ip igmp snooping 4-220 show mac-address-table multicast 4-221

Contents

IGMP Query Commands (Layer 2) 4-222

ip igmp snooping querier 4-222 ip igmp snooping query-count 4-222 ip igmp snooping query-interval 4-223 ip igmp snooping query-max-response-time 4-224 ip igmp snooping router-port-expire-time 4-224

Static Multicast Routing Commands 4-225

ip igmp snooping vlan mrouter 4-225 show ip igmp snooping mrouter 4-226

IP Interface Commands 4-227

Basic IP Configuration 4-227

ip address 4-227 ip default-gateway 4-228 ip dhcp restart 4-229 show ip interface 4-229 show ip redirects 4-230 ping 4-230

Appendix A: Software Specifications A-1

Software Features A-1 Management Features A-2 Standards A-2 Management Information Bases A-3

Appendix B: Troubleshooting B-1

Glossary

Index

xvi

Tables

Table 1-1. Key Features 1-1 Table 1-2. System Defaults 1-5 Table 3-4. Main Menu 3-3 Table 3-2. Configuration Options 3-3 Table 3-1. SNMPv3 Security Models and Levels 3-32 Table 3-22. Compatible Operating Systems 3-45 Table 3-30. 802.1X Statistics 3-59 Table 3-45. LACP Port Counters Information 3-85 Table 3-47. LACP Settings - Local Side 3-86 Table 3-49. LACP Settings - Remote Side 3-88 Table 3-54. Displaying Port Statistics 3-94 Table 3-85. Mapping CoS Values to Egress Queues 3-141 Table 3-86. Priority Levels 3-141 Table 3-91. Mapping IP Precedence 3-146 Table 3-93. Mapping DSCP Priority 3-147 Table 3-95. Mapping CoS Values to ACLs 3-150 Table 4-1. Command Modes 4-5 Table 4-2. Configuration Command Modes 4-7 Table 4-3. Keystroke Commands 4-7 Table 4-4. Command Groups 4-9 Table 4-5. Line Commands 4-10 Table 4-6. General Commands 4-19 Table 4-7. System Management Commands 4-23 Table 4-8. Device Designation Commands 4-24 Table 4-9. User Access Commands 4-25 Table 4-10. User Access Levels 4-26 Table 4-11. IP Filter Commands 4-27 Table 4-12. Web Server Commands 4-29 Table 4-13. Compatible Operating Systems 4-31 Table 4-14. Secure Shell Commands 4-32 Table 4-15. Secure Shell Information 4-39 Table 4-16. Event Logging Commands 4-41 Table 4-17. Logging Messages 4-42 Table 4-19. Remote Logging Parameters 4-46 Table 4-20. SMTP Alert Commands 4-46 Table 4-18. System Logging Parameters 4-46 Table 4-21. Time Commands 4-50 Table 4-22. System Status Commands 4-54 Table 4-23. Frame Size Commands 4-61 Table 4-24. Flash/File Commands 4-62 Table 4-25. File Directory 4-65 Table 4-26. Authentication Commands 4-67

xvii

Tables

Table 4-27. Authentication Sequence 4-67 Table 4-28. RADIUS Commands 4-70 Table 4-29. TACACS+ Commands 4-73 Table 4-30. Port Security Commands 4-75 Table 4-31. 802.1X Port Authentication Commands 4-76 Table 4-32. ACL Information 4-84 Table 4-33. IP ACLs 4-85 Table 4-34. Priority Queue Mapping 4-95 Table 4-35. MAC ACLs 4-98 Table 4-36. Priority Queue Mapping 4-105 Table 4-37. ACL Information 4-107 Table 4-38. SNMP Commands 4-108 Table 4-1. SNMP Engine ID 4-115 Table 4-2. SNMP View 4-116 Table 4-3. SNMP Group 4-118 Table 4-4. SNMP User 4-120 Table 4-39. DHCP Clients 4-120 Table 4-40. DNS Commands 4-122 Table 4-41. DNS Cache 4-128 Table 4-42. Interface Commands 4-129 Table 4-43. Interfaces Switchport Parameters 4-140 Table 4-44. Mirror Port Commands 4-141 Table 4-45. AMAP Commands 4-143 Table 4-46. Rate Limit Commands 4-146 Table 4-47. Linnk Aggregation Commands 4-147 Table 4-48. LACP Counters 4-154 Table 4-49. LACPDUs 4-155 Table 4-50. LACP Neighbours Information 4-156 Table 4-51. LACP System ID 4-156 Table 4-52. Address Table Commands 4-157 Table 4-53. Spanning Tree Commands 4-160 Table 4-54. VLAN Commands 4-179 Table 4-55. Editing VLAN Groups 4-179 Table 4-56. Configuring VLAN Interfaces 4-181 Table 4-57. Displaying VLAN Information 4-187 Table 4-58. Protocol VLANs 4-188 Table 4-59. Configuring Private VLAN Groups 4-191 Table 4-60. GVRP and Bridge Extension Commands 4-192 Table 4-61. Priority Commands 4-197 Table 4-62. Priority Commands (Layer 2) 4-197 Table 4-63. Priority Queue Mapping 4-200 Table 4-64. Priority Commands (Layer 3 and 4) 4-202 Table 4-65. Mapping IP Precedence 4-205 Table 4-66. Mapping IP DSCP Precedence 4-206 Table 4-5. Mapping CoS Values to ACL Rules 4-207

xviii

Table 4-67. Quality of Service Commands 4-210 Table 4-68. Multicast Filtering Commands 4-218 Table 4-69. IGMP Snooping Commands 4-218 Table 4-70. IGMP Query Commands (Layer 2) 4-222 Table 4-71. Static Multicast Routing Commands 4-225 Table 4-72. IP Configuration 4-227 Table B-1. Troubleshooting Chart B-1

xix

Tables

Figures

Figure 3-1. Home Page 3-2 Figure 3-3. Ports Panel 3-3 Figure 3-5. System Information 3-9 Figure 3-6. Switch Information 3-10 Figure 3-7. Bridge Exentsion Configuration 3-12 Figure 3-8. IP Configuration 3-13 Figure 3-9. Selecting DHCP Mode 3-14 Figure 3-10. Enabling Jumbo Frame Support 3-15 Figure 3-11. Transfering an Operation Code Image File from a Server 3-16 Figure 3-12. Selecting the Start-up Operation Code Image File 3-16 Figure 3-13. Transfering a Configuration File from a Server 3-17 Figure 3-14. Setting the Start-up Configuration File 3-18 Figure 3-1. Console Port Settings 3-20 Figure 3-2. Telnet Settings 3-22 Figure 3-3. Logging Information 3-24 Figure 3-4. Enabling System Logging 3-25 Figure 3-5. Enabling Remote Logging and Adding Host IP Addresses 3-26 Figure 3-6. Enabling and Configuring SMTP Alerts 3-28 Figure 3-15. Resetting the System 3-29 Figure 3-16. SNTP Configuration 3-30 Figure 3-17. Clock Time Zone 3-31 Figure 3-7. Enabling the SNMP Agent 3-33 Figure 3-18. SNMP Configuration 3-34 Figure 3-19. Configuring SNMP Trap Managers 3-35 Figure 3-8. Setting an Engine ID 3-36 Figure 3-9. Configuring SNMPv3 Users 3-37 Figure 3-10. Configuring SNMPv3 Groups 3-39 Figure 3-11. Configuring SNMPv3 Views 3-40 Figure 3-20. Setting Passwords 3-42 Figure 3-21. Authentication Settings 3-44 Figure 3-23. HTTPS Settings 3-46 Figure 3-24. Secure Shell Host-Key Settings 3-50 Figure 3-25. Secure Shell Server Settings 3-51 Figure 3-26. Configuring Port Security 3-53 Figure 3-27. 802.1X Information 3-55 Figure 3-28. 802.1X Configuration 3-57 Figure 3-29. 802.1X Port Configuration 3-59 Figure 3-31. 802.1X Statistics 3-60 Figure 3-32. ACL Configuration 3-62 Figure 3-33. Configuring a Standard ACL 3-63 Figure 3-34. Configuring an Extended ACL 3-65 Figure 3-35. Configuring a MAC ACL 3-67

xxi

Figures

Figure 3-36. ACL Mask Configuration 3-68 Figure 3-37. ACL IP Mask Configuration 3-70 Figure 3-38. ACL MAC Mask Configuration 3-71 Figure 3-39. ACL Port Binding 3-73 Figure 3-12. Filtering IP Addresses 3-74 Figure 3-40. Port Information 3-75 Figure 3-41. Port Configuration 3-78 Figure 3-42. Trunk Membership 3-80 Figure 3-43. LACP Configuration 3-82 Figure 3-44. LACP Aggregation Port Settings 3-84 Figure 3-46. LACP Port Counters Information 3-86 Figure 3-48. LACP Settings - Local Side 3-87 Figure 3-50. LACP Port Settings - Remote Side 3-89 Figure 3-51. Port Broadcast Control 3-90 Figure 3-52. Mirror Port Configuration 3-92 Figure 3-53. Output Rate Limit Port Configuration 3-93 Figure 3-55. Displaying Port Statistics 3-97 Figure 3-56. AMAP Settings 3-99 Figure 3-57. AMAP Information 3-100 Figure 3-58. Setting a Static Address Table 3-101 Figure 3-59. Setting a Dynamic Address Table 3-102 Figure 3-60. Address Aging 3-103 Figure 3-61. Spanning Tree BPDUs 3-103 Figure 3-62. STA Information 3-106 Figure 3-63. STA Configuration 3-110 Figure 3-64. STA Port Roles 3-112 Figure 3-65. STA Port Information 3-113 Figure 3-66. STA Port Configuration 3-116 Figure 3-67. MSTP Vlan Configuration 3-117 Figure 3-68. MSTP Port Information 3-119 Figure 3-69. MSTP Port Configuration 3-122 Figure 3-70. Tagged and Untagged Frames 3-123 Figure 3-71. Port Based VLANs 3-125 Figure 3-72. GVRP Status 3-126 Figure 3-73. Basic VLAN Information 3-126 Figure 3-74. VLAN Current Table 3-128 Figure 3-75. VLAN Static List 3-129 Figure 3-76. VLAN Static Table 3-131 Figure 3-77. VLAN Static Membership by Port 3-132 Figure 3-78. VLAN Port Configuration 3-134 Figure 3-79. Configuring PVLANs 3-135 Figure 3-80. PVLAN Status 3-135 Figure 3-81. PVLAN Link Status 3-136 Figure 3-82. Protocol VLAN Configuration 3-137 Figure 3-83. Protocol VLAN Port Configuration 3-138

xxii

Figures

Figure 3-84. Port Priority Configuration 3-140 Figure 3-87. Traffic Classes 3-142 Figure 3-88. Selecting the Queue Mode 3-143 Figure 3-89. Queue Scheduling 3-144 Figure 3-90. IP Precedence/DSCP Priority Status 3-145 Figure 3-92. Assigning CoS Values to IP Precedence 3-146 Figure 3-94. Mapping IP DSCP Priority 3-148 Figure 3-13. Globally Enabling the IP Port Priority Status 3-149 Figure 3-14. Mapping Switch Ports and Trunks to IP TCP/UDP Priority 3-149 Figure 3-96. ACL CoS Priority 3-151 Figure 3-97. ACL Marker 3-152 Figure 3-98. Configuring Class Maps 3-155 Figure 3-99. Configuring Policy Maps 3-158 Figure 3-100. Service Policy Settings 3-159 Figure 3-101. IGMP Configuration 3-162 Figure 3-102. Multicast Router Port Information 3-163 Figure 3-103. Static Multicast Router Port Configuration 3-164 Figure 3-104. IP Multicast Registration Table 3-165 Figure 3-105. IGMP Member Port Table 3-166 Figure 3-106. DNS Configuration 3-168 Figure 3-107. DNS Static Host Table 3-170 Figure 3-108. Displaying the DNS Cache 3-171

xxiii

Figures

xxiv

Chapter 1: Introduction

This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.

Key Features

Table 1-1. Key Features

Feature Description

Configuration Backup and Restore

Authentication Console, Telnet, web – User name / password, RADIUS, TACACS+

Access Control Lists Supports up to 32 IP or MAC ACLs DHCP Client Supported DNS Server Supported Port Configuration Speed, duplex mode and flow control Rate Limiting Input and output rate limiting per port Port Mirroring One or more ports mirrored to single analysis port Port Trunking Supports up to 6 trunks using either static or dynamic trunking (LACP) Broadcast Storm

Control Static Address Up to 16K MAC addresses in the forwarding table IEEE 802.1D Bridge Supports dynamic data switching and addresses learning Store-and-Forward

Switching Spanning Tree

Protocol Virtual LANs Up to 255 using IEEE 802.1Q, port-based, protocol-based, or private VLANs Traffic Prioritization Default port priority, traffic class map, queue scheduling, IP Precedence, or

QoS Supports Quality of Service (QoS) Multicast Filtering Supports IGMP snooping and query

Backup to TFTP server

Web – HTTPS; Telnet – SSH SNMP version 3 – MD5 or SHA password Port – IEEE 802.1x, MAC address filtering

Supported

Supported to ensure wire-speed switching while eliminating bad frames

Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP)

Differentiated Services Code Point (DSCP)

1-1

Introduction

Table 1-1. Key Features

Feature Description

AMAP Configures Alcatel Mapping Adjacency Protocol (AMAP) parameters and displays

information on attached AMAP-aware devices

Description of Software Features

The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Broadcast storm suppression prevents broadcast traffic storms from engulfing the network. Port-based and protocol-based VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. CoS priority queueing ensures the minimum delay for moving real-time multimedia data across the network. While multicast filtering provides support for real-time network applications. Some of the management features are briefly described below.

Configuration Backup and Restore – You can save the current configuration settings to a file on a TFTP server, and later download this file to restore the switch configuration settings.

Authentication – This switch authenticates management access via the console port, Telnet or web browser. User names and passwords can be configured locally or can be verified via a remote authentication server (i.e., RADIUS or TACACS+). Port-based authentication is also supported via the IEEE 802.1x protocol. This protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request user credentials from the 802.1x client, and then verifies the client’s right to access the network via an authentication server.

Other authentication options include HTTPS for secure management access via the web, SSH for secure management access over a Telnet-equivalent connection, IP address filtering for SNMP/web/Telnet management access, and MAC address filtering for port access.

Access Control Lists – ACLs provide packet filtering for IP frames (based on address, protocol, TCP/UDP port number or TCP control code) or any frames (based on MAC address or Ethernet type). ACLs can by used to improve performance by blocking unnecessary network traffic or to implement security controls by restricting access to specific network resources or protocols.

Port Configuration – You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use the full-duplex mode on ports whenever possible to double the throughput of switch connections. Flow control should also be enabled to control network traffic during periods of congestion and prevent the loss of packets when port buffer thresholds are exceeded. The switch supports flow control based on the IEEE 802.3x standard.

1-2

Description of Software Features

Rate Limiting – This feature controls the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.

Port Mirroring – The switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.

Port Trunking – Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail. The switch supports up to 6 trunks.

Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from overwhelming the network. When enabled on a port, the level of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.

Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.

IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses.

Store-and-Forward Switching – The switch copies each frame into its memory before forwarding them to another port. This ensures that all frames are a standard Ethernet size and have been verified for accuracy with the cyclic redundancy check (CRC). This prevents bad frames from entering the network and wasting bandwidth.

To avoid dropping frames on congested ports, the switch provides 1 MB for frame buffering. This buffer can queue packets awaiting transmission on congested networks.

Spanning Tree Protocol – The switch supports these spanning tree protocols:

Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol adds a level of fault tolerance by allowing two or more redundant connections to be created between a pair of LAN segments. When there are multiple physical paths between segments, this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network. This prevents the creation of network loops. However, if the chosen path should fail for any reason, an alternate path will be activated to maintain the connection.

Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the convergence time for network topology changes to about 10% of that required by the

1-3

Introduction

older IEEE 802.1D STP standard. It is intended as a complete replacement for STP, but can still interoperate with switches running the older standard by automatically reconfiguring ports to STP-compliant mode if they detect STP protocol messages from attached devices.

Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs. It simplifies network management, provides for even faster convergence than RSTP by limiting the size of each region, and prevents VLAN members from being segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).

Virtual LANs – The switch supports up to 255 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically learned via GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can:

• Eliminate broadcast storms which severely degrade performance in a flat network.

• Simplify network management for node changes/moves by remotely configuring VLAN membership for any port, rather than having to manually change the network connection.

• Provide data security by restricting all traffic to the originating VLAN.

• Use private VLANs to restrict traffic to pass only between data ports and the uplink ports, thereby isolating adjacent ports within the same VLAN, and allowing you to limit the total number of VLANs that need to be configured.

Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using eight priority queues with strict or Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can independent priorities for delay-sensitive data and best-effort data.

This switch also supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic can be prioritized based on the priority bits in the IP frame’s Type of Service (ToS) octet. When these services are enabled, the priorities are mapped to a Class of Service value by the switch, and the traffic then sent to the corresponding output queue.

Quality of Service – Differentiated Services (DiffServ) provides policy-based

management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.

be used to provide

1-4

System Defaults

Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to ensure that it does not interfere with normal network traffic and to guarantee real-time delivery by setting the required priority level for the designated VLAN. The switch uses IGMP Snooping and Query to manage multicast group registration.

AMAP – The AMAP protocol enables a switch to discover the topology of other AMAP-aware devices in the network. The protocol allows each switch to determine if other AMAP-aware switches are adjacent to it.

System Defaults

The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file (page 3-18).

The following table lists some of the basic system defaults.

Table 1-2. System Defaults

Function Parameter Default

Console Port Connection

Authentication Privileged Exec Level Username “admin”

Web Management HTTP Server Enabled

Baud Rate auto Data bits 8 Stop bits 1 Parity none Local Console Timeout 0 (disabled)

Password “admin”

Normal Exec Level Username “guest”

Enable Privileged Exec from Normal Exec Level

RADIUS Authentication Disabled TACACS Authentication Disabled

802.1x Port Authentication Disabled HTTPS Enabled SSH Enabled Port Security Disabled

HTTP Port Number 80 HTTP Secure Server Enabled HTTP Secure Port Number 443

Password “guest” Password “super”

1-5

Introduction

Table 1-2. System Defaults

Function Parameter Default

SNMP Community Strings “public” (read only)

Traps Authentication traps: enabled

IP Filtering Dis abl ed

Port Configuration Admin Status Enabled

Auto-negotiation Enabled Flow Control Disabled Port Capability 1000BASE-T –

AMAP Status Enabled

Common Phase Timeout Interval 300 seconds

Discovery Phase Timeout Interval 30 seconds Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None

LACP (all ports) Disabled Broadcast Storm

Protection

Spanning Tree Protocol

Address Table Aging Time 300 seconds

Status Enabled (all ports)

Broadcast Limit Rate 500 packets per second

Status Enabled, MSTP

Fast Forwarding (Edge Port) Disabled

“private” (read/write)

Link-up-down events: enabled

10 Mbps half duplex 10 Mbps full duplex 100 Mbps half duplex 100 Mbps full duplex 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled

1000BASE-SX/LX/LH – 1000 Mbps full duplex Full-duplex flow control disabled Symmetric flow control disabled

(Defaults: All values based on IEEE 802.1s)

1-6

+ 432 hidden pages

Alcatel-Lucent OMNISTACK 6300 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Chapter 1: Introduction

Key Features

Description of Software Features

System Defaults