Alcatel OmniSwitch 6600-P24, OmniSwitch 6624, OmniSwitch 6602-24, OmniSwitch 6602-48, OmniSwitch 6648 Network Configuration Manual
...
Part No. 060179-10, Rev. F
April 2006
OmniSwitch 6600 Family
Network Configuration Guide
www.alcatel.com
This user guide documents release 5.4 of the
OmniSwitch 6600 Family Network Configuration Guide.
The functionality described in this guide is subject to change without notice.
Copyright © 2006 by Alcatel Internetworking, Inc. All rights reserved. This document may not be reproduced in whole or in part without the express written permission of Alcatel Internetworking, Inc.
®
Alcatel
and Alcatel OmniVista
and the Alcatel logo are registered trademarks of Alcatel. Xylan®, OmniSwitch®, OmniStack®,
®
are registered trademarks of Alcatel Internetworking, Inc.
OmniAccess™, Omni Switch/Router™, PolicyView™, RouterView™, SwitchManager™, VoiceView™,
WebView™, X-Cell™, X-Vision™, and the Xylan logo are trademarks of Alcatel Internetworking, Inc.
This OmniSwitch product contains components which may be covered by one or more of the following
U.S. Patents:
• U.S. Patent No. 6,339,830
• U.S. Patent No. 6,070,243
• U.S. Patent No. 6,061,368
• U.S. Patent No. 5,394,402
• U.S. Patent No. 6,047,024
• U.S. Patent No. 6,314,106
• U.S. Patent No. 6,542,507
• U.S. Patent No. 6,874,090
International Customer Support—(818) 878-4507
ii OmniSwitch 6600 Family Network Configuration Guide April 2006
26801 West Agoura Road
Calabasas, CA 91301
(818) 880-3500 FAX (818) 880-3505
info@ind.alcatel.com
US Customer Support—(800) 995-2696
Internet—http://eservice.ind.alcatel.com
Contents
About This Guide ....................................................................................................... xxv
Supported Platforms ....................................................................................................... xxv
Who Should Read this Manual? .................................................................................... xxvi
When Should I Read this Manual? ................................................................................ xxvi
What is in this Manual? ................................................................................................ xxvii
What is Not in this Manual? ........................................................................................xxviii
How is the Information Organized? ............................................................................xxviii
Documentation Roadmap .............................................................................................. xxix
Related Documentation ................................................................................................. xxxi
User Manuals Web Site ...............................................................................................xxxiii
Technical Support .......................................................................................................xxxiii
Chapter 1 Configuring Ethernet Ports ....................................................................................15-1
In This Chapter ..............................................................................................................15-1
Ethernet Specifications ..................................................................................................15-2
Ethernet Port Defaults ...................................................................................................15-3
Configuring Ethernet Ports Tutorial ..............................................................................15-4
Ethernet Ports Overview ...............................................................................................15-6
OmniSwitch 6648 ...................................................................................................15-6
OmniSwitch 6624 ...................................................................................................15-7
OmniSwitch 6600-U24 ..........................................................................................15-7
OmniSwitch 6600-P24 ...........................................................................................15-8
OmniSwitch 6602-24 .............................................................................................15-8
OmniSwitch 6602-48 .............................................................................................15-9
10/100 Crossover Supported ..................................................................................15-9
Gigabit Copper SFPs Supported ............................................................................15-9
Valid Port Settings ...............................................................................................15-10
Setting Ethernet Port Parameters ................................................................................15-13
Setting Trap Port Link Messages .........................................................................15-13
Enabling Trap Port Link Messages ...............................................................15-13
Disabling Trap Port Link Messages ..............................................................15-13
Setting Flow Control ............................................................................................15-14
Enabling Flow Control ..................................................................................15-14
Disabling Flow Control .................................................................................15-14
Setting Flow Control Wait Time ..........................................................................15-15
Configuring the Flow Control Wait Time .....................................................15-15
Restoring the Flow Control Wait Time .........................................................15-16
OmniSwitch 6600 Family Network Configuration Guide April 2006 iii
Contents
Setting Interface Line Speed ................................................................................15-16
Configuring Duplex Mode ...................................................................................15-17
Enabling and Disabling Interfaces .......................................................................15-18
Configuring Inter-frame Gap Values ...................................................................15-18
Resetting Statistics Counters ................................................................................15-19
Configuring Flood Rates ......................................................................................15-20
Enabling the Maximum Flood Rate ..............................................................15-20
Enabling Maximum Flood Rate for Multicast Traffic ..................................15-20
Configuring Flood Rate Values .....................................................................15-21
Configuring a Port Alias ......................................................................................15-21
Configuring Auto Negotiation, Crossover, and Flow Control Settings ...............15-22
Enabling and Disabling Auto Negotiation ....................................................15-22
Configuring Crossover Settings ....................................................................15-23
Enabling and Disabling Flow ........................................................................15-23
Verifying Ethernet Port Configuration ........................................................................15-25
Chapter 2 Managing Source Learning .................................................................................16-1
In This Chapter ..............................................................................................................16-1
Source Learning Specifications .....................................................................................16-2
Source Learning Defaults .............................................................................................16-2
Sample MAC Address Table Configuration .................................................................16-2
MAC Address Table Overview .....................................................................................16-4
Using Static MAC Addresses ........................................................................................16-4
Configuring Static MAC Addresses .......................................................................16-5
Static MAC Addresses on Link Aggregate Ports ............................................16-6
Using Static Multicast MAC Addresses .......................................................................16-6
Configuring Static Multicast MAC Addresses .......................................................16-6
Static Multicast MAC Addresses on Link Aggregate Ports ............................ 16-7
Configuring MAC Address Table Aging Time ............................................................16-7
Displaying MAC Address Table Information ...............................................................16-9
Chapter 3 Configuring Learned Port Security ......................................................................17-1
In This Chapter ..............................................................................................................17-1
Learned Port Security Specifications ............................................................................17-2
Learned Port Security Defaults ....................................................................................17-2
Sample Learned Port Security Configuration ...............................................................17-3
Learned Port Security Overview ...................................................................................17-4
How LPS Authorizes Source MAC Addresses ......................................................17-5
Dynamic Configuration of Authorized MAC Addresses .......................................17-5
Static Configuration of Authorized MAC Addresses ............................................17-6
Understanding the LPS Table ................................................................................17-6
Enabling/Disabling Learned Port Security ....................................................................17-7
Configuring a Source Learning Time Limit ..................................................................17-7
iv OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Configuring the Number of MAC Addresses Allowed .................................................17-8
Configuring Authorized MAC Addresses .....................................................................17-8
Configuring an Authorized MAC Address Range ........................................................17-9
Selecting the Security Violation Mode .......................................................................17-10
Restoring the Operational State of an LPS Port ...................................................17-10
Displaying Learned Port Security Information ...........................................................17-11
Chapter 4 Configuring VLANs ..................................................................................................18-1
In This Chapter ..............................................................................................................18-1
VLAN Specifications ....................................................................................................18-2
VLAN Defaults ............................................................................................................18-2
Sample VLAN Configuration .......................................................................................18-3
VLAN Management Overview .....................................................................................18-5
Creating/Modifying VLANs .........................................................................................18-6
Adding/Removing a VLAN ...................................................................................18-6
Enabling/Disabling the VLAN Administrative Status ...........................................18-7
Modifying the VLAN Description .........................................................................18-7
Defining VLAN Port Assignments ...............................................................................18-7
Changing the Default VLAN Assignment for a Port .............................................18-8
Configuring Dynamic VLAN Port Assignment .....................................................18-8
Configuring VLAN Rule Classification ..........................................................18-9
Enabling/Disabling VLAN Mobile Tag Classification .................................18-10
Enabling/Disabling Spanning Tree for a VLAN .........................................................18-11
Enabling/Disabling VLAN Authentication .................................................................18-12
Configuring VLAN Router Interfaces ........................................................................18-12
What is Single MAC Router Mode? ....................................................................18-12
Bridging VLANs Across Multiple Switches ...............................................................18-13
Verifying the VLAN Configuration ............................................................................18-14
Chapter 5 Configuring Spanning Tree Parameters ...........................................................19-1
In This Chapter ..............................................................................................................19-1
Spanning Tree Specifications ........................................................................................19-2
Spanning Tree Bridge Parameter Defaults ...................................................................19-2
Spanning Tree Port Parameter Defaults ........................................................................19-3
Multiple Spanning Tree (MST) Region Defaults ..........................................................19-3
Spanning Tree Overview ...............................................................................................19-4
How the Spanning Tree Topology is Calculated ...................................................19-4
Bridge Protocol Data Units (BPDU) ...............................................................19-5
Topology Examples .........................................................................................19-7
OmniSwitch 6600 Family Network Configuration Guide April 2006 v
Contents
Spanning Tree Operating Modes ..................................................................................19-9
Using the Flat Spanning Tree Mode ......................................................................19-9
Using 1x1 Spanning Tree Mode ...........................................................................19-10
Configuring Spanning Tree Bridge Parameters ..........................................................19-12
Bridge Configuration Commands Overview ........................................................19-12
Selecting Bridge Protocol .....................................................................................19-14
Configuring the Bridge Priority ...........................................................................19-14
Configuring the Bridge Hello Time .....................................................................19-15
Configuring the Bridge Max Age Time ...............................................................19-16
Configuring the Bridge Forward Delay Time ......................................................19-17
Enabling/Disabling the VLAN BPDU Switching Status .....................................19-18
Configuring the Path Cost Mode ..........................................................................19-18
Configuring Spanning Tree Port Parameters ..............................................................19-19
Bridge Configuration Commands Overview ........................................................19-19
Enabling/Disabling Spanning Tree on a Port .......................................................19-21
Spanning Tree on Link Aggregate Ports .......................................................19-21
Configuring Port Priority .....................................................................................19-22
Port Priority on Link Aggregate Ports ...........................................................19-23
Configuring Port Path Cost ..................................................................................19-23
Path Cost for Link Aggregate Ports ...............................................................19-25
Configuring Port Mode ........................................................................................19-26
Mode for Link Aggregate Ports .....................................................................19-27
Configuring Port Connection Type ......................................................................19-27
Connection Type on Link Aggregate Ports ...................................................19-28
Sample Spanning Tree Configuration .........................................................................19-29
Example Network Overview ................................................................................19-29
Example Network Configuration Steps ................................................................19-30
Verifying the Spanning Tree Configuration ...............................................................19-32
Chapter 6 Using 802.1s Multiple Spanning Tree ................................................................20-1
In This Chapter ..............................................................................................................20-1
MST Specifications .......................................................................................................20-2
Spanning Tree Bridge Parameter Defaults ....................................................................20-2
Spanning Tree Port Parameter Defaults ........................................................................20-3
MST Region Defaults ...................................................................................................20-3
MST General Overview ................................................................................................20-4
How MSTP Works .................................................................................................20-4
Comparing MSTP with STP and RSTP .................................................................20-7
What is a Multiple Spanning Tree Instance (MSTI) ..............................................20-7
What is a Multiple Spanning Tree Region .............................................................20-8
What is the Common Spanning Tree .....................................................................20-9
What is the Internal Spanning Tree (IST) Instance ................................................20-9
What is the Common and Internal Spanning Tree Instance ...................................20-9
MST Configuration Overview ....................................................................................20-10
Using Spanning Tree Configuration Commands .................................................20-10
Understanding Spanning Tree Modes ..................................................................20-11
vi OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
MST Interoperability and Migration ...........................................................................20-12
Migrating from Flat Mode STP/RSTP to Flat Mode MSTP ................................20-12
Migrating from 1x1 Mode to Flat Mode MSTP ...................................................20-13
Quick Steps for Configuring an MST Region .............................................................20-14
Quick Steps for Configuring MSTIs ...........................................................................20-16
Verifying the MST Configuration ...............................................................................20-19
Chapter 7 Assigning Ports to VLANs ......................................................................................21-1
In This Chapter ..............................................................................................................21-1
Port Assignment Specifications ....................................................................................21-2
Port Assignment Defaults ............................................................................................21-2
Sample VLAN Port Assignment ...................................................................................21-3
Statically Assigning Ports to VLANs ...........................................................................21-4
Dynamically Assigning Ports to VLANs ......................................................................21-4
How Dynamic Port Assignment Works .................................................................21-5
VLAN Mobile Tag Classification ...................................................................21-5
VLAN Rule Classification ..............................................................................21-8
Configuring Dynamic VLAN Port Assignment ...................................................21-10
Enabling/Disabling Port Mobility ........................................................................21-11
Ignoring Bridge Protocol Data Units (BPDU) ..............................................21-11
Understanding Mobile Port Properties ........................................................................21-13
What is a Configured Default VLAN? .................................................................21-13
What is a Secondary VLAN? ...............................................................................21-13
Configuring Mobile Port Properties .....................................................................21-16
Enable/Disable Default VLAN ......................................................................21-16
Enable/Disable Default VLAN Restore ........................................................21-17
Enable/Disable Port Authentication ..............................................................21-17
Enable/Disable 802.1X Port-Based Access Control .....................................21-18
Verifying VLAN Port Associations and Mobile Port Properties ................................21-19
Understanding ‘show vlan port’ Output ...............................................................21-19
Understanding ‘show vlan port mobile’ Output ...................................................21-20
Chapter 8 Defining VLAN Rules ...............................................................................................22-1
In This Chapter ..............................................................................................................22-1
VLAN Rules Specifications ..........................................................................................22-2
VLAN Rules Defaults ..................................................................................................22-2
Sample VLAN Rule Configuration ...............................................................................22-3
VLAN Rules Overview .................................................................................................22-4
VLAN Rule Types .................................................................................................22-4
DHCP Rules ....................................................................................................22-5
Binding Rules ..................................................................................................22-6
MAC Address Rules ........................................................................................22-6
Network Address Rules ...................................................................................22-6
Protocol Rules .................................................................................................22-6
OmniSwitch 6600 Family Network Configuration Guide April 2006 vii
Contents
Custom (User Defined) Rules .........................................................................22-7
Port Rules ........................................................................................................22-7
Understanding VLAN Rule Precedence ................................................................22-8
Configuring VLAN Rule Definitions ..........................................................................22-11
Defining DHCP MAC Address Rules ..................................................................22-12
Defining DHCP MAC Range Rules .....................................................................22-13
Defining DHCP Port Rules ..................................................................................22-13
Defining DHCP Generic Rules ............................................................................22-14
Defining Binding Rules ........................................................................................22-14
How to Define a MAC-Port-IP Address Binding Rule .................................22-15
How to Define a MAC-Port-Protocol Binding Rule .....................................22-15
How to Define a MAC-Port Binding Rule ....................................................22-16
How to Define a MAC-IP Address Binding Rule .........................................22-16
How to Define an IP-Port Binding Rule ........................................................22-16
How to Define a Port-Protocol Binding Rule ................................................22-17
Defining MAC Address Rules .............................................................................22-17
Defining MAC Range Rules ................................................................................22-18
Defining IP Network Address Rules ....................................................................22-18
Defining IPX Network Address Rules .................................................................22-19
Defining Protocol Rules .......................................................................................22-20
Defining Custom (User) Rules .............................................................................22-21
Defining Port Rules ..............................................................................................22-21
Application Example: DHCP Rules ............................................................................22-22
The VLANs ...................................................................................................22-22
DHCP Servers and Clients ............................................................................22-22
Verifying VLAN Rule Configuration .........................................................................22-25
Chapter 9 Configuring Port Mapping .....................................................................................23-1
In This Chapter ..............................................................................................................23-1
Port Mapping Specifications .........................................................................................23-2
Port Mapping Defaults ..................................................................................................23-2
Quick Steps for Configuring Port Mapping ..................................................................23-2
Creating/Deleting a Port Mapping Session ...................................................................23-3
Creating a Port Mapping Session ...........................................................................23-3
Deleting a User/Network Port of a Session .....................................................23-3
Deleting a Port Mapping Session ...........................................................................23-3
Enabling/Disabling a Port Mapping Session .................................................................23-4
Enabling a Port Mapping Session ..........................................................................23-4
Disabling a Port Mapping Session .........................................................................23-4
Configuring a Port Mapping Direction .........................................................................23-4
Configuring Unidirectional Port Mapping .............................................................23-4
Restoring Bidirectional Port Mapping ...................................................................23-4
Sample Port Mapping Configuration ............................................................................23-5
Example Port Mapping Overview ..........................................................................23-5
Example Port Mapping Configuration Steps .........................................................23-6
Verifying the Port Mapping Configuration ...................................................................23-6
viii OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Chapter 10 Using Interswitch Protocols ...................................................................................24-1
In This Chapter ..............................................................................................................24-1
AIP Specifications .........................................................................................................24-2
AMAP Defaults ............................................................................................................24-2
AMAP Overview ..........................................................................................................24-3
AMAP Transmission States ...................................................................................24-3
Discovery Transmission State .........................................................................24-4
Common Transmission State ...........................................................................24-4
Passive Reception State ...................................................................................24-4
Common Transmission and Remote Switches .......................................................24-5
Configuring AMAP .......................................................................................................24-5
Enabling or Disabling AMAP ................................................................................24-5
Configuring the AMAP Discovery Timeout Interval ............................................24-5
Configuring the AMAP Common Timeout Interval ..............................................24-6
Displaying AMAP Information ..............................................................................24-7
Chapter 11 Configuring 802.1Q .................................................................................................25-1
In this Chapter ...............................................................................................................25-1
802.1Q Specifications ...................................................................................................25-2
802.1Q Defaults Table ..................................................................................................25-2
802.1Q Overview ..........................................................................................................25-3
Configuring an 802.1Q VLAN .....................................................................................25-5
Enabling Tagging on a Port ....................................................................................25-5
Enabling Tagging with Link Aggregation .............................................................25-6
Configuring the Frame Type ..................................................................................25-7
Show 802.1Q Information ......................................................................................25-8
Application Example .....................................................................................................25-9
Verifying 802.1Q Configuration .................................................................................25-11
Chapter 12 Configuring Static Link Aggregation ..................................................................26-1
In This Chapter ..............................................................................................................26-1
Static Link Aggregation Specifications ........................................................................26-2
Static Link Aggregation Default Values .......................................................................26-2
Quick Steps for Configuring Static Link Aggregation .................................................26-3
Static Link Aggregation Overview ...............................................................................26-5
Static Link Aggregation Operation ........................................................................26-5
Relationship to Other Features ...............................................................................26-6
Configuring Static Link Aggregation Groups ...............................................................26-7
Configuring Mandatory Static Link Aggregate Parameters ...................................26-7
Creating and Deleting a Static Link Aggregate Group ..........................................26-8
Creating a Static Aggregate Group ..................................................................26-8
Deleting a Static Aggregate Group ..................................................................26-8
Adding and Deleting Ports in a Static Aggregate Group .......................................26-9
OmniSwitch 6600 Family Network Configuration Guide April 2006 ix
Contents
Adding Ports to a Static Aggregate Group ......................................................26-9
Removing Ports from a Static Aggregate Group ...........................................26-14
Modifying Static Aggregation Group Parameters .......................................................26-15
Modifying the Static Aggregate Group Name .....................................................26-15
Creating a Static Aggregate Group Name .....................................................26-15
Deleting a Static Aggregate Group Name .....................................................26-15
Modifying the Static Aggregate Group Administrative State ..............................26-15
Enabling the Static Aggregate Group Administrative State .......................... 26-15
Disabling the Static Aggregate Group Administrative State .........................26-15
Application Example ...................................................................................................26-16
Displaying Static Link Aggregation Configuration and Statistics ..............................26-18
Chapter 13 Configuring Dynamic Link Aggregation ............................................................27-1
In This Chapter ..............................................................................................................27-1
Dynamic Link Aggregation Specifications ...................................................................27-2
Dynamic Link Aggregation Default Values .................................................................27-3
Quick Steps for Configuring Dynamic Link Aggregation ............................................27-4
Dynamic Link Aggregation Overview ..........................................................................27-7
Dynamic Link Aggregation Operation ...................................................................27-7
Relationship to Other Features ...............................................................................27-9
Configuring Dynamic Link Aggregate Groups ...........................................................27-10
Configuring Mandatory Dynamic Link Aggregate Parameters ...........................27-10
Creating and Deleting a Dynamic Aggregate Group ...........................................27-11
Creating a Dynamic Aggregate Group ..........................................................27-11
Deleting a Dynamic Aggregate Group ..........................................................27-11
Configuring Ports to Join and Removing Ports in a Dynamic Aggregate Group 27-12
Configuring Ports To Join a Dynamic Aggregate Group ..............................27-12
Removing Ports from a Dynamic Aggregate Group .....................................27-18
Modifying Dynamic Link Aggregate Group Parameters ............................................27-19
Modifying Dynamic Aggregate Group Parameters .............................................27-19
Modifying the Dynamic Aggregate Group Name .........................................27-19
Modifying the Dynamic Aggregate Group Administrative State ..................27-20
Configuring and Deleting the Dynamic Aggregate Group Actor
Administrative Key .......................................................................................27-20
Modifying the Dynamic Aggregate Group Actor System Priority ...............27-21
Modifying the Dynamic Aggregate Group Actor System ID .......................27-21
Modifying the Dynamic Aggregate Group Partner Administrative Key ......27-22
Modifying the Dynamic Aggregate Group Partner System Priority .............27-22
Modifying the Dynamic Aggregate Group Partner System ID .....................27-23
Modifying Dynamic Link Aggregate Actor Port Parameters ..............................27-23
Modifying the Actor Port System Administrative State ................................27-24
Modifying the Actor Port System ID ............................................................27-25
Modifying the Actor Port System Priority ....................................................27-26
Modifying the Actor Port Priority .................................................................27-27
Modifying Dynamic Aggregate Partner Port Parameters ....................................27-28
Modifying the Partner Port System Administrative State .............................27-28
Modifying the Partner Port Administrative Key ...........................................27-30
x OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Modifying the Partner Port System ID ..........................................................27-30
Modifying the Partner Port System Priority ..................................................27-31
Modifying the Partner Port Administrative Status ........................................27-32
Modifying the Partner Port Priority ...............................................................27-32
Application Examples .................................................................................................27-34
Sample Network Overview ..................................................................................27-34
Link Aggregation and Spanning Tree Example ...................................................27-35
Link Aggregation and QoS Example ...................................................................27-36
Displaying Dynamic Link Aggregation Configuration and Statistics ........................27-38
Chapter 14 Configuring IP ...........................................................................................................28-1
In This Chapter ..............................................................................................................28-1
IP Specifications ............................................................................................................28-2
IP Defaults .....................................................................................................................28-2
Quick Steps for Configuring IP Forwarding .................................................................28-3
IP Overview ..................................................................................................................28-4
IP Protocols ............................................................................................................28-4
Transport Protocols .........................................................................................28-4
Application-Layer Protocols ...........................................................................28-4
Additional IP Protocols ...................................................................................28-5
IP Forwarding ................................................................................................................28-6
Configuring an IP Router Interface ........................................................................28-7
Modifying an IP Router Interface ....................................................................28-8
Removing an IP Router Interface ....................................................................28-8
Creating a Static Route ...........................................................................................28-9
Creating a Default Route ........................................................................................28-9
Configuring Address Resolution Protocol (ARP) ................................................28-10
Adding a Permanent ARP Entry ....................................................................28-10
Deleting a Permanent Entry from the ARP Table .........................................28-10
Clearing Dynamic ARP Entries .....................................................................28-11
Local Proxy ARP ...........................................................................................28-11
ARP Filtering ................................................................................................28-11
IP Configuration ..........................................................................................................28-13
Configuring the Router Primary Address .............................................................28-13
Configuring the Router ID ...................................................................................28-13
Configuring the Route Preference of a Router .....................................................28-13
Configuring the Time-to-Live (TTL) Value ........................................................28-13
IP-Directed Broadcasts .........................................................................................28-14
Denial of Service (DoS) Filtering ........................................................................28-14
Enabling/Disabling IP Services ............................................................................28-17
Managing IP ................................................................................................................28-19
Internet Control Message Protocol (ICMP) .........................................................28-19
ICMP Control Table ......................................................................................28-22
ICMP Statistics Table ....................................................................................28-22
Using the Ping Command ....................................................................................28-23
Tracing an IP Route ..............................................................................................28-23
Displaying TCP Information ................................................................................28-23
OmniSwitch 6600 Family Network Configuration Guide April 2006 xi
Contents
Displaying UDP Information ...............................................................................28-24
Verifying the IP Configuration ...................................................................................28-24
Chapter 15 Configuring IPv6 .......................................................................................................29-1
In This Chapter ..............................................................................................................29-1
IPv6 Specifications ........................................................................................................29-2
IPv6 Defaults .................................................................................................................29-2
Quick Steps for Configuring IPv6 Routing ...................................................................29-3
IPv6 Overview ..............................................................................................................29-4
IPv6 Addressing .....................................................................................................29-5
IPv6 Address Notation ....................................................................................29-5
IPv6 Address Prefix Notation ..........................................................................29-6
Autoconfiguration of IPv6 Addresses .............................................................29-6
Tunneling IPv6 over IPv4 ......................................................................................29-7
6to4 Tunnels ....................................................................................................29-7
Configured Tunnels .........................................................................................29-9
Configuring an IPv6 Interface .....................................................................................29-10
Modifying an IPv6 Interface ................................................................................29-11
Removing an IPv6 Interface .................................................................................29-11
Assigning IPv6 Addresses ...........................................................................................29-12
Removing an IPv6 Address ..................................................................................29-13
Configuring IPv6 Tunnel Interfaces ............................................................................29-14
Verifying the IPv6 Configuration ...............................................................................29-15
Chapter 16 Configuring RIP .........................................................................................................30-1
In This Chapter ..............................................................................................................30-1
RIP Specifications .........................................................................................................30-2
RIP Defaults ..................................................................................................................30-2
Quick Steps for Configuring RIP Routing ....................................................................30-3
RIP Overview ................................................................................................................30-4
RIP Version 2 .........................................................................................................30-5
RIP Routing ...................................................................................................................30-5
Loading RIP ...........................................................................................................30-6
Enabling RIP ..........................................................................................................30-6
Creating a RIP Interface .........................................................................................30-7
Enabling a RIP Interface ........................................................................................30-7
Configuring the RIP Interface Send Option ....................................................30-7
Configuring the RIP Interface Receive Option ...............................................30-8
Configuring the RIP Interface Metric ..............................................................30-8
Configuring the RIP Interface Route Tag .......................................................30-8
xii OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
RIP Options ...................................................................................................................30-9
Configuring the RIP Forced Hold-down Interval ..................................................30-9
Enabling a RIP Host Route ....................................................................................30-9
RIP Redistribution .........................................................................................................30-9
Enabling RIP Redistribution ................................................................................30-10
Configuring a RIP Redistribution Policy .............................................................30-10
Configuring a Redistribution Metric .............................................................30-11
Configuring a RIP Redistribution Filter ...............................................................30-11
Creating a Redistribution Filter .....................................................................30-12
Configuring a Redistribution Filter Action ...................................................30-12
Configuring a Redistribution Filter Metric ....................................................30-13
Configuring the Redistribution Filter Route Control Action ........................30-13
Configuring a Redistribution Filter Route Tag .............................................30-13
RIP Security ................................................................................................................30-14
Configuring Authentication Type ........................................................................30-14
Configuring Passwords ........................................................................................30-15
Verifying the RIP Configuration .................................................................................30-15
Chapter 17 Configuring RDP .......................................................................................................31-1
In This Chapter ..............................................................................................................31-1
RDP Specifications .......................................................................................................31-2
RDP Defaults ................................................................................................................31-2
Quick Steps for Configuring RDP ................................................................................31-3
RDP Overview ..............................................................................................................31-5
RDP Interfaces .......................................................................................................31-6
Security Concerns ..................................................................................................31-7
Enabling/Disabling RDP ...............................................................................................31-8
Creating an RDP Interface ............................................................................................31-8
Specifying an Advertisement Destination Address ................................................31-9
Defining the Advertisement Interval ......................................................................31-9
Setting the Maximum Advertisement Interval ..............................................31-10
Setting the Minimum Advertisement Interval ...............................................31-10
Setting the Advertisement Lifetime .....................................................................31-10
Setting the Preference Levels for Router IP Addresses .......................................31-11
Verifying the RDP Configuration ...............................................................................31-11
Chapter 18 Configuring DHCP Relay .........................................................................................32-1
In This Chapter ..............................................................................................................32-1
DHCP Relay Specifications ..........................................................................................32-2
DHCP Relay Defaults ...................................................................................................32-3
Quick Steps for Setting Up DHCP Relay .....................................................................32-4
OmniSwitch 6600 Family Network Configuration Guide April 2006 xiii
Contents
DHCP Relay Overview .................................................................................................32-5
DHCP .....................................................................................................................32-5
DHCP and the OmniSwitch ...................................................................................32-6
DHCP Relay and Authentication ...........................................................................32-6
External DHCP Relay Application ........................................................................32-7
Internal DHCP Relay .............................................................................................32-8
DHCP Relay Implementation .......................................................................................32-9
Global DHCP .........................................................................................................32-9
Setting the IP Address .....................................................................................32-9
Per-VLAN DHCP ................................................................................................32-10
Identifying the VLAN ...................................................................................32-10
Configuring BOOTP/DHCP Relay Parameters ...................................................32-10
Setting the Forward Delay ....................................................................................32-11
Setting Maximum Hops .......................................................................................32-11
Setting the Relay Forwarding Option ...................................................................32-11
Using Automatic IP Configuration .............................................................................32-12
Enabling Automatic IP Configuration ..................................................................32-12
Configuring UDP Port Relay ......................................................................................32-13
Enabling/Disabling UDP Port Relay ....................................................................32-14
Specifying a Forwarding VLAN ..........................................................................32-14
Configuring DHCP Security Features .........................................................................32-15
Using the Relay Agent Information Option (Option-82) .....................................32-15
How the Relay Agent Processes DHCP Packets from the Client .................32-16
How the Relay Agent Processes DHCP Packets from the Server ................. 32-16
Enabling the Relay Agent Information Option-82 ........................................32-17
Configuring a Relay Agent Information Option-82 Policy ...........................32-17
Using DHCP Snooping ........................................................................................32-17
DHCP Snooping Configuration Guidelines ..................................................32-18
Enabling DHCP Snooping .............................................................................32-19
Configuring the Port Trust Mode ..................................................................32-20
Configuring the DHCP Snooping Binding Table ..........................................32-21
Configuring the Binding Table Timeout .......................................................32-21
Synchronizing the Binding Table ..................................................................32-22
Verifying the DHCP Relay Configuration ..................................................................32-23
Chapter 19 Configuring VRRP .....................................................................................................33-1
In This Chapter ..............................................................................................................33-1
VRRP Specifications .....................................................................................................33-2
VRRP Defaults ..............................................................................................................33-2
Quick Steps for Creating a Virtual Router ....................................................................33-3
VRRP Overview ............................................................................................................33-4
Why Use VRRP? ....................................................................................................33-5
Definition of a Virtual Router ................................................................................33-5
VRRP MAC Addresses ..........................................................................................33-6
ARP Requests ..................................................................................................33-6
ICMP Redirects ...............................................................................................33-6
VRRP Startup Delay ..............................................................................................33-6
xiv OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
VRRP Tracking ......................................................................................................33-7
Interaction With Other Features ....................................................................................33-7
Configuration Overview ................................................................................................33-8
Basic Virtual Router Configuration .......................................................................33-8
Creating a Virtual Router .......................................................................................33-8
Specifying an IP Address for a Virtual Router ......................................................33-9
Configuring the Advertisement Interval ..............................................................33-10
Configuring Virtual Router Priority .....................................................................33-10
Setting Preemption for Virtual Routers ................................................................33-11
Enabling/Disabling a Virtual Router ....................................................................33-11
Setting VRRP Traps .............................................................................................33-12
Setting VRRP Startup Delay ................................................................................33-12
Creating Tracking Policies ...................................................................................33-13
Associating a Tracking Policy With a Virtual Router ..........................................33-13
Verifying the VRRP Configuration ............................................................................33-14
VRRP Application Example .......................................................................................33-15
VRRP Tracking Example .....................................................................................33-17
Chapter 20 Managing Authentication Servers ......................................................................34-1
In This Chapter ..............................................................................................................34-1
Authentication Server Specifications ............................................................................34-2
Server Defaults ..............................................................................................................34-3
RADIUS Authentication Servers ...........................................................................34-3
LDAP Authentication Servers ................................................................................34-3
Quick Steps For Configuring Authentication Servers ..................................................34-4
Server Overview ............................................................................................................34-5
Backup Authentication Servers ..............................................................................34-5
Authenticated Switch Access .................................................................................34-5
Authenticated VLANs ............................................................................................34-6
Port-Based Network Access Control (802.1X) ......................................................34-7
ACE/Server ...................................................................................................................34-8
Clearing an ACE/Server Secret ..............................................................................34-8
RADIUS Servers ...........................................................................................................34-9
RADIUS Server Attributes .....................................................................................34-9
Standard Attributes ..........................................................................................34-9
Vendor-Specific Attributes for RADIUS ......................................................34-11
Configuring Functional Privileges on the Server ..........................................34-12
RADIUS Accounting Server Attributes ........................................................34-13
Configuring the RADIUS Client ..........................................................................34-14
LDAP Servers .............................................................................................................34-15
Setting Up the LDAP Authentication Server .......................................................34-15
LDAP Server Details ............................................................................................34-15
LDIF File Structure .......................................................................................34-16
Common Entries ............................................................................................34-16
Directory Entries ...........................................................................................34-17
Directory Searches .........................................................................................34-18
OmniSwitch 6600 Family Network Configuration Guide April 2006 xv
Contents
Retrieving Directory Search Results .............................................................34-18
Directory Modifications ................................................................................34-18
Directory Compare and Sort ..........................................................................34-19
The LDAP URL ............................................................................................34-19
Password Policies and Directory Servers ......................................................34-20
Directory Server Schema for LDAP Authentication ............................................34-21
Vendor-Specific Attributes for LDAP Servers ..............................................34-21
LDAP Accounting Attributes ........................................................................34-22
Dynamic Logging ..........................................................................................34-24
Configuring the LDAP Authentication Client .....................................................34-25
Creating an LDAP Authentication Server .....................................................34-25
Modifying an LDAP Authentication Server ..................................................34-26
Setting Up SSL for an LDAP Authentication Server ....................................34-26
Removing an LDAP Authentication Server ..................................................34-26
Verifying the Authentication Server Configuration ....................................................34-27
Chapter 21 Configuring Authenticated VLANs ......................................................................35-1
In This Chapter ..............................................................................................................35-1
Authenticated Network Overview .................................................................................35-2
AVLAN Configuration Overview .................................................................................35-4
Sample AVLAN Configuration .............................................................................35-5
Setting Up Authentication Clients ................................................................................35-7
Telnet Authentication Client ..................................................................................35-7
Web Browser Authentication Client ......................................................................35-7
Configuring the Web Browser Client Language File ......................................35-8
Required Files for Web Browser Clients .........................................................35-8
SSL for Web Browser Clients .......................................................................35-11
DNS Name and Web Browser Clients ..........................................................35-11
Installing the AV-Client .......................................................................................35-12
Loading the Microsoft DLC Protocol Stack ..................................................35-12
Loading the AV-Client Software ...................................................................35-13
Setting the AV-Client as Primary Network Login ........................................35-18
Configuring the AV-Client Utility ................................................................35-18
Logging Into the Network Through an AV-Client ........................................35-21
Logging Off the AV-Client ...........................................................................35-22
Configuring the AV-Client for DHCP .................................................................35-23
Configuring Authenticated VLANs ............................................................................35-26
Removing a User From an Authenticated Network .............................................35-26
Configuring Authentication IP Addresses ............................................................35-27
Setting Up the Default VLAN for Authentication Clients ...................................35-27
Port Binding and Authenticated VLANs .............................................................35-28
Configuring Authenticated Ports .................................................................................35-28
Setting Up a DNS Path ................................................................................................35-29
Setting Up the DHCP Server .......................................................................................35-29
Enabling DHCP Relay for Authentication Clients ...............................................35-30
Configuring a DHCP Gateway for the Relay .......................................................35-31
xvi OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Configuring the Server Authority Mode .....................................................................35-32
Configuring Single Mode .....................................................................................35-32
Configuring Multiple Mode .................................................................................35-34
Specifying Accounting Servers ...................................................................................35-35
Verifying the AVLAN Configuration .........................................................................35-36
Chapter 22 Configuring 802.1X ..................................................................................................36-1
In This Chapter ..............................................................................................................36-1
802.1X Specifications ...................................................................................................36-2
802.1X Defaults ............................................................................................................36-2
Quick Steps for Configuring 802.1X ............................................................................36-3
802.1X Overview ..........................................................................................................36-5
Supplicant Classification ........................................................................................36-5
802.1X Ports and DHCP ........................................................................................36-6
Re-authentication ...................................................................................................36-6
802.1X Accounting ................................................................................................36-7
Compared to Authenticated VLANs ......................................................................36-7
Using Access Guardian Policies ...................................................................................36-8
Policy Types ...........................................................................................................36-8
Setting Up Port-Based Network Access Control ........................................................36-10
Setting 802.1X Switch Parameters .......................................................................36-10
Enabling MAC Authentication for Non-Supplicants ....................................36-10
Enabling 802.1X on Ports ....................................................................................36-10
Configuring 802.1X Port Parameters ...................................................................36-11
Configuring the Port Control Direction .........................................................36-11
Configuring the Port Authorization ...............................................................36-11
Configuring 802.1X Port Timeouts ...............................................................36-11
Configuring the Maximum Number of Requests ..........................................36-12
Re-authenticating an 802.1X Port .................................................................36-12
Initializing an 802.1X Port ............................................................................36-13
Configuring the Supplicant Polling Retry Count .................................................36-13
Configuring Accounting for 802.1X ....................................................................36-13
Configuring Access Guardian Policies .......................................................................36-14
Verifying the 802.1X Port Configuration ...................................................................36-19
Chapter 23 Managing Policy Servers .......................................................................................37-1
In This Chapter ..............................................................................................................37-1
Policy Server Specifications .........................................................................................37-2
Policy Server Defaults ...................................................................................................37-2
Policy Server Overview ................................................................................................37-3
Installing the LDAP Policy Server ................................................................................37-3
OmniSwitch 6600 Family Network Configuration Guide April 2006 xvii
Contents
Modifying Policy Servers .............................................................................................37-4
Modifying LDAP Policy Server Parameters ..........................................................37-4
Disabling the Policy Server From Downloading Policies ......................................37-4
Modifying the Port Number ...................................................................................37-5
Modifying the Policy Server Username and Password ..........................................37-5
Modifying the Searchbase ......................................................................................37-5
Configuring a Secure Socket Layer for a Policy Server ........................................37-6
Loading Policies From an LDAP Server ................................................................37-6
Removing LDAP Policies From the Switch ..........................................................37-6
Interaction With CLI Policies ................................................................................37-7
Verifying the Policy Server Configuration ...................................................................37-7
Chapter 24 Configuring QoS .......................................................................................................38-1
In This Chapter ..............................................................................................................38-1
QoS Specifications ........................................................................................................38-2
QoS General Overview .................................................................................................38-3
QoS Policy Overview ....................................................................................................38-4
How Policies Are Used ..........................................................................................38-4
Valid Policies .........................................................................................................38-4
Interaction With Other Features ....................................................................................38-5
Condition Combinations ...............................................................................................38-6
Condition/Action Combinations ...................................................................................38-7
QoS Defaults .................................................................................................................38-9
Global QoS Defaults ..............................................................................................38-9
QoS Port Defaults .................................................................................................38-10
Policy Rule Defaults .............................................................................................38-10
Policy Action Defaults .........................................................................................38-11
Default (Built-in) Policies ....................................................................................38-11
QoS Configuration Overview .....................................................................................38-12
Configuring Global QoS Parameters ..........................................................................38-13
Enabling/Disabling QoS .......................................................................................38-13
Setting the Global Default Dispositions ...............................................................38-13
Using the QoS Log ...............................................................................................38-14
What Kind of Information Is Logged ............................................................38-14
Number of Lines in the QoS Log ..................................................................38-14
Log Detail Level ............................................................................................38-15
Forwarding Log Events to PolicyView .........................................................38-15
Forwarding Log Events to the Console .........................................................38-15
Displaying the QoS Log ................................................................................38-16
Clearing the QoS Log ....................................................................................38-16
Flow Timeout .......................................................................................................38-16
Fragment Classification ........................................................................................38-17
Enabling/Disabling Fragment Classification .................................................38-17
Setting the Fragment Timeout .......................................................................38-17
Classifying Bridged Traffic as Layer 3 ................................................................38-18
Setting the Statistics Interval ................................................................................38-18
xviii OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Returning the Global Configuration to Defaults ..................................................38-18
Verifying Global Settings .....................................................................................38-19
QoS Ports and Queues .................................................................................................38-20
Shared Queues ......................................................................................................38-20
Trusted and Untrusted Ports .................................................................................38-20
Configuring Trusted Ports .............................................................................38-20
Using Trusted Ports With Policies ................................................................38-21
Verifying the QoS Port and Queue Configuration ...............................................38-21
Creating Policies .........................................................................................................38-22
Quick Steps for Creating Policies ........................................................................38-22
ASCII-File-Only Syntax ......................................................................................38-23
Creating Policy Conditions ..................................................................................38-24
Removing Condition Parameters ...................................................................38-24
Deleting Policy Conditions ...........................................................................38-25
Creating Policy Actions .......................................................................................38-25
Removing Action Parameters ........................................................................38-26
Deleting a Policy Action ...............................................................................38-26
Creating Policy Rules ...........................................................................................38-26
Disabling Rules .............................................................................................38-27
Rule Precedence ............................................................................................38-27
Saving Rules ..................................................................................................38-29
Logging Rules ...............................................................................................38-29
Deleting Rules ...............................................................................................38-29
Verifying Policy Configuration ............................................................................38-30
Testing Conditions ...............................................................................................38-32
Using Condition Groups in Policies ............................................................................38-34
ACLs ....................................................................................................................38-34
Sample Group Configuration ...............................................................................38-34
Creating Network Groups ....................................................................................38-35
Creating Services ..................................................................................................38-36
Creating Service Groups ......................................................................................38-37
Creating MAC Groups .........................................................................................38-38
Creating Port Groups ............................................................................................38-39
Port Groups and Maximum Bandwidth .........................................................38-40
Verifying Condition Group Configuration ...........................................................38-42
Using Map Groups ......................................................................................................38-43
Sample Map Group Configuration .......................................................................38-43
How Map Groups Work .......................................................................................38-44
Creating Map Groups ...........................................................................................38-44
Verifying Map Group Configuration ...................................................................38-45
Applying the Configuration ........................................................................................38-46
Deleting the Pending Configuration ..............................................................38-47
Flushing the Configuration ............................................................................38-47
Interaction With LDAP Policies ..........................................................................38-48
Verifying the Applied Policy Configuration ........................................................38-48
OmniSwitch 6600 Family Network Configuration Guide April 2006 xix
Contents
Policy Applications .....................................................................................................38-49
Basic QoS Policies ...............................................................................................38-49
Basic Commands ...........................................................................................38-50
Traffic Prioritization Example .......................................................................38-50
Bandwidth Shaping Example ........................................................................38-50
ICMP Policy Example ..........................................................................................38-51
802.1p and ToS/DSCP Marking and Mapping ....................................................38-51
Chapter 25 Configuring ACLs ......................................................................................................39-1
In This Chapter ..............................................................................................................39-1
ACL Specifications .......................................................................................................39-2
ACL Defaults ................................................................................................................39-2
Quick Steps for Creating ACLs ....................................................................................39-3
ACL Overview ..............................................................................................................39-4
Rule Precedence .....................................................................................................39-5
Example: Rule Type ........................................................................................39-5
Example: Rule Order .......................................................................................39-5
Example: Layer 3 Rules With Compatible Actions ........................................39-6
Example: Layer 3 Rules With Conflicting Actions .........................................39-6
Interaction With Other Features .............................................................................39-7
Valid Combinations ................................................................................................39-7
ACL Configuration Overview .......................................................................................39-8
Setting the Global Disposition ......................................................................................39-8
Creating Condition Groups For ACLs ........................................................................39-10
Configuring ACLs .......................................................................................................39-10
Creating Policy Conditions For ACLs .................................................................39-10
Creating Policy Actions For ACLs ......................................................................39-11
Creating Policy Rules for ACLs ...........................................................................39-11
Layer 2 ACLs .......................................................................................................39-12
Layer 2 ACL: Example 1 ..............................................................................39-13
Layer 2 ACL: Example 2 ..............................................................................39-13
Layer 3 ACLs .......................................................................................................39-14
Layer 3 ACL: Example 1 ..............................................................................39-14
Layer 3 ACL: Example 2 ..............................................................................39-15
Multicast Filtering ACLs .....................................................................................39-15
Using ACL Security Features .....................................................................................39-17
Configuring a UserPorts Group ............................................................................39-17
Configuring a DisablePorts ACL .........................................................................39-18
Configuring a DropServices Group ACL .............................................................39-19
Configuring ICMP Drop Rules ............................................................................39-21
Configuring a BPDUShutdownPorts Group ........................................................39-21
Verifying the ACL Configuration ...............................................................................39-22
ACL Application Example ..........................................................................................39-24
xx OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Chapter 26 Configuring IP Multicast Switching .....................................................................40-1
In This Chapter ..............................................................................................................40-1
IPMS Specifications ......................................................................................................40-2
IPMS Default Values ....................................................................................................40-2
IPMS Overview .............................................................................................................40-3
IPMS Example .......................................................................................................40-3
Reserved Multicast Addresses ...............................................................................40-4
IPMS and Link Aggregation ..................................................................................40-4
Configuring IPMS on a Switch .....................................................................................40-5
Enabling and Disabling IPMS on a Switch ............................................................40-5
Enabling IPMS ................................................................................................40-5
Disabling IPMS ...............................................................................................40-5
Configuring and Removing a Static Neighbor .......................................................40-5
Configuring a Static Neighbor .........................................................................40-6
Removing a Static Neighbor ...........................................................................40-6
Configuring and Removing a Static Querier ..........................................................40-6
Configuring a Static Querier ...........................................................................40-6
Removing a Static Querier ..............................................................................40-7
Configuring and Removing a Static Member ........................................................40-7
Configuring a Static Member ..........................................................................40-7
Removing a Static Member .............................................................................40-7
Modifying IPMS Parameters .........................................................................................40-8
Modifying the Leave Timeout ................................................................................40-8
Configuring the Leave Timeout ......................................................................40-8
Restoring the Leave Timeout ..........................................................................40-8
Modifying the Query Interval ................................................................................40-8
Configuring the Query Interval .......................................................................40-8
Restoring the Query Interval ...........................................................................40-8
Modifying the Membership Timeout .....................................................................40-8
Configuring the Membership Timeout ............................................................40-9
Restoring the Membership Timeout ................................................................40-9
Modifying the Neighbor Timeout ..........................................................................40-9
Configuring the Neighbor Timeout .................................................................40-9
Restoring the Neighbor Timeout .....................................................................40-9
Modifying the Querier Timeout .............................................................................40-9
Configuring the Querier Timeout ....................................................................40-9
Restoring the Querier Timeout ......................................................................40-10
Modifying the Flow Timeout ...............................................................................40-10
Configuring the Flow Timeout ......................................................................40-10
Restoring the Flow Timeout ..........................................................................40-10
Modifying the Querier Aging and Election Timeout ...........................................40-10
Configuring the Querier Aging and Election Timeout ..................................40-10
Restoring the Querier Aging and Election Timeout ......................................40-10
IPMS Application Example ........................................................................................40-11
Displaying IPMS Configurations and Statistics ..........................................................40-13
OmniSwitch 6600 Family Network Configuration Guide April 2006 xxi
Contents
Chapter 27 Diagnosing Switch Problems ................................................................................41-1
In This Chapter ..............................................................................................................41-1
Port Mirroring Overview ...............................................................................................41-3
Port Mirroring Specifications .................................................................................41-3
Port Mirroring Defaults ..........................................................................................41-4
Quick Steps for Configuring Port Mirroring ..........................................................41-5
Port Monitoring Overview ............................................................................................41-6
Port Monitoring Specifications ..............................................................................41-6
Port Monitoring Defaults .......................................................................................41-6
Quick Steps for Configuring Port Monitoring .......................................................41-7
Remote Monitoring (RMON) Overview .......................................................................41-8
RMON Specifications ............................................................................................41-8
RMON Probe Defaults ...........................................................................................41-9
Quick Steps for Enabling/Disabling RMON Probes ..............................................41-9
Switch Health Overview .............................................................................................41-10
Switch Health Specifications ...............................................................................41-10
Switch Health Defaults .........................................................................................41-11
Quick Steps for Configuring Switch Health ........................................................41-11
Port Mirroring .............................................................................................................41-12
What Ports Can Be Mirrored? .......................................................................41-12
How Port Mirroring Works ..................................................................................41-13
What Happens to the Mirroring Port ....................................................................41-13
Using Port Mirroring with External RMON Probes ............................................41-14
Creating a Mirroring Session ...............................................................................41-15
Unblocking Ports (Protection from Spanning Tree) ............................................41-15
Enabling or Disabling Mirroring Status ...............................................................41-16
Creating a Mirroring Session and Enabling Mirroring Status ..............................41-16
Disabling a Mirroring Session (Disabling Mirroring Status) ............................... 41-16
Configuring Port Mirroring Direction ..................................................................41-17
Enabling or Disabling a Port Mirroring Session (Shorthand) .............................. 41-18
Displaying Port Mirroring Status .........................................................................41-18
Deleting A Mirroring Session ..............................................................................41-19
Port Monitoring ...........................................................................................................41-20
Configuring a Port Monitoring Session ...............................................................41-20
Enabling a Port Monitoring Session .....................................................................41-21
Disabling a Port Monitoring Session ...................................................................41-21
Deleting a Port Monitoring Session .....................................................................41-21
Pausing a Port Monitoring Session ......................................................................41-21
Configuring Port Monitoring Session Persistence ...............................................41-22
Configuring a Port Monitoring Data File .............................................................41-22
Suppressing Port Monitoring File Creation .........................................................41-23
Configuring Port Monitoring Direction ...............................................................41-23
Displaying Port Monitoring Status and Data .......................................................41-24
Remote Monitoring (RMON) .....................................................................................41-25
Ethernet Statistics ..........................................................................................41-26
History (Control & Statistics) ........................................................................41-26
Alarm .............................................................................................................41-26
Event ..............................................................................................................41-26
xxii OmniSwitch 6600 Family Network Configuration Guide April 2006
Contents
Enabling or Disabling RMON Probes ..................................................................41-27
Displaying RMON Tables ....................................................................................41-28
Displaying a List of RMON Probes ..............................................................41-28
Displaying Statistics for a Particular RMON Probe ......................................41-29
Sample Display for Ethernet Statistics Probe ................................................41-29
Sample Display for History Probe .................................................................41-30
Sample Display for Alarm Probe ..................................................................41-30
Displaying a List of RMON Events ..............................................................41-31
Displaying a Specific RMON Event .............................................................41-31
Monitoring Switch Health ...........................................................................................41-32
Configuring Resource and Temperature Thresholds ...........................................41-34
Displaying Health Threshold Limits ....................................................................41-35
Configuring Sampling Intervals ...........................................................................41-36
Viewing Sampling Intervals .................................................................................41-36
Viewing Health Statistics for the Switch .............................................................41-37
Viewing Health Statistics for a Specific Interface ...............................................41-38
Resetting Health Statistics for the Switch ............................................................41-38
Chapter 28 Using Switch Logging ..............................................................................................42-1
In This Chapter ..............................................................................................................42-1
Switch Logging Specifications .....................................................................................42-2
Switch Logging Defaults ...............................................................................................42-3
Quick Steps for Configuring Switch Logging ..............................................................42-4
Switch Logging Overview ............................................................................................42-5
Switch Logging Commands Overview .........................................................................42-6
Enabling Switch Logging .......................................................................................42-6
Setting the Switch Logging Severity Level ............................................................42-6
Specifying the Severity Level .........................................................................42-8
Removing the Severity Level ..........................................................................42-9
Specifying the Switch Logging Output Device ......................................................42-9
Enabling/Disabling Switch Logging Output to the Console ........................... 42-9
Enabling/Disabling Switch Logging Output to Flash Memory .......................42-9
Specifying an IP Address for Switch Logging Output ....................................42-9
Disabling an IP Address from Receiving Switch Logging Output ...............42-10
Displaying Switch Logging Status .......................................................................42-10
Configuring the Switch Logging File Size ...........................................................42-11
Clearing the Switch Logging Files .......................................................................42-11
Displaying Switch Logging Records ....................................................................42-12
Chapter 29 Monitoring Memory .................................................................................................43-1
In This Chapter ..............................................................................................................43-1
Memory Monitoring Specifications ..............................................................................43-2
Memory Monitoring Defaults .......................................................................................43-2
Quick Steps for Configuring Memory Monitoring .......................................................43-3
Debug Memory Commands Overview .........................................................................43-4
OmniSwitch 6600 Family Network Configuration Guide April 2006 xxiii
Contents
Configuring Debug Memory Commands ......................................................................43-4
Enabling/Disabling Memory Monitoring Functions ..............................................43-4
Displaying the Memory Monitor Log ....................................................................43-5
Displaying the Memory Monitor Global Statistics ................................................43-6
Displaying the Memory Monitor Task Statistics ...................................................43-7
Displaying the Memory Monitor Size Statistics ....................................................43-9
Appendix A Software License and Copyright Statements .....................................................A-1
Alcatel License Agreement ............................................................................................ A-1
ALCATEL INTERNETWORKING, INC. (“AII”) SOFTWARE LICENSE
AGREEMENT ........................................................................................................A-1
Third Party Licenses and Notices ..................................................................................A-4
A. Booting and Debugging Non-Proprietary Software ..........................................A-4
B. The OpenLDAP Public License: Version 2.4, 8 December 2000 .....................A-4
C. Linux ..................................................................................................................A-5
D. GNU GENERAL PUBLIC LICENSE: Version 2, June 1991 ..........................A-5
E. University of California ...................................................................................A-10
F. Carnegie-Mellon University ............................................................................A-10
G. Random.c .........................................................................................................A-10
H. Apptitude, Inc. .................................................................................................A-11
I. Agranat .............................................................................................................A-11
J. RSA Security Inc. ............................................................................................ A-11
K. Sun Microsystems, Inc. ....................................................................................A-11
L. Wind River Systems, Inc. ................................................................................A-12
M. Network Time Protocol Version 4 ...................................................................A-12
Index ...................................................................................................................... Index-1
xxiv OmniSwitch 6600 Family Network Configuration Guide April 2006
About This Guide
This OmniSwitch 6600 Family Network Configuration Guide describes how to set up and monitor soft-
ware features that will allow your switch to operate in a live network environment. The software features
described in this manual are shipped standard with your OmniSwitch 6600 Family switch. These features
are used when setting up your OmniSwitch in a network of switches and routers.
Note. The OmniSwitch 6600 Family Network Configuration Guide was originally known as the
“OmniSwitch 6624/6648 Network Configuration Guide.”
Supported Platforms
This information in this guide applies to the following products:
• OmniSwitch 6624
• OmniSwitch 6648
• OmniSwitch 6600-U24
• OmniSwitch 6600-P24
• OmniSwitch 6602-24
• OmniSwitch 6602-48
OmniSwitch 6600 Family switches are next generation enterprise edge/workgroup switches. The
OmniSwitch 6624 and 6602-24 offer 24 copper 10/100 ports, the 6600-P24 offers 24 copper 10/100 Power
over Ethernet (PoE) ports, the 6648 and 6602-48 offer 48 copper 10/100 ports, and the 6600-U24 offers 24
fiber 100 ports.
In addition, OmniSwitch 6624/6600-U24/6648 switches have one expansion port that can be used for a
Gigabit Ethernet uplink module and another expansion port that can be used for a Gigabit Ethernet uplink
or a stacking module while the 6602-24/6602-48 switches offer fixed Gigabit Ethernet uplinks and fixed
stacking ports. The stacking ports on all OmniSwitch 6600 Family switches allow two to eight
OmniSwitch 6600 Family switches to be configured as one virtual chassis known as a stack.
Note. All references to OmniSwitch 6624 and 6648 switches also apply to the OmniSwitch 6600-U24,
6600-P24, 6602-24, and 6602-48 unless specified otherwise.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page xxv
Who Should Read this Manual? About This Guide
Unsupported Platforms
The information in this guide does not apply to the following products:
• OmniSwitch (original version with no numeric model name)
• OmniSwitch 6800-24
• OmniSwitch 6800-48
• OmniSwitch 6800-U24
• OmniSwitch 6800-24L
• OmniSwitch 6800-48L
• OmniSwitch 7700
• OmniSwitch 7800
• OmniSwitch 8800
• OmniSwitch 6850
• OmniSwitch 9700
• Omni Switch/Router
• OmniStack
• OmniAccess
Who Should Read this Manual?
The audience for this user guide is network administrators and IT support personnel who need to configure, maintain, and monitor switches and routers in a live network. However, anyone wishing to gain
knowledge on how fundamental software features are implemented in the OmniSwitch 6600 Family will
benefit from the material in this configuration guide.
When Should I Read this Manual?
Read this guide as soon as you are ready to integrate your OmniSwitch into your network of switches and
routers. You should already be familiar with the basics of managing a single OmniSwitch as described in
the OmniSwitch 6600 Family Switch Management Guide.
Note. The OmniSwitch 6600 Family Switch Management Guide was originally known as the “OmniSwitch
6624/6648 Switch Management Guide.”
The topics and procedures in this manual assume an understanding of the OmniSwitch stacking, directory
structure, and basic switch administration commands and procedures. This manual will help you set up
your switches to communicate with other switches in the network. The topics in this guide include
VLANs, authentication, and Quality of Service (QoS)—features that are typically deployed in a multiswitch environment.
page xxvi OmniSwitch 6600 Family Network Configuration Guide April 2006
About This Guide What is in this Manual?
What is in this Manual?
This configuration guide includes information about configuring the following features:
• VLANs, VLAN router ports, mobile ports, and VLAN rules.
• Basic Layer 2 functions, such as Ethernet port parameters, source learning, Spanning Tree, and Alcatel
interswitch protocols (AMAP and GMAP).
• Advanced Layer 2 functions, such as 802.1Q tagging, Link Aggregation, and IP Multicast Switching.
• Basic routing protocols and functions, such as static IP routes, RIP, DHCP Relay, and Virtual Router
Redundancy Protocol (VRRP).
• Security features, such as switch access control, Authenticated VLANs (AVLANs), authentication
servers, and policy management.
• Quality of Service (QoS) and Access Control Lists (ACLs) features, such as policy rules for prioritiz-
ing and filtering traffic, and remapping packet headers.
• Diagnostic tools, such as RMON, port mirroring, and switch logging.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page xxvii
What is Not in this Manual? About This Guide
What is Not in this Manual?
The configuration procedures in this manual use Command Line Interface (CLI) commands in all examples. CLI commands are text-based commands used to manage the switch through serial (console port)
connections or via Telnet sessions. Procedures for other switch management methods, such as web-based
(WebView or OmniVista) or SNMP, are outside the scope of this guide.
For information on WebView and SNMP switch management methods consult the OmniSwitch 6600
Family Switch Management Guide. Information on using WebView and OmniVista can be found in the
context-sensitive on-line help available with those network management applications.
Note. The OmniSwitch 6600 Family Switch Management Guide was originally known as the “OmniSwitch
6624/6648 Switch Management Guide.”
This guide provides overview material on software features, how-to procedures, and application examples
that will enable you to begin configuring your OmniSwitch. It is not intended as a comprehensive reference to all CLI commands available in the OmniSwitch. For such a reference to all OmniSwitch 6600
Family CLI commands, consult the OmniSwitch CLI Reference Guide.
How is the Information Organized?
Chapters in this guide are broken down by software feature. The titles of each chapter include protocol or
features names (e.g., 802.1Q) with which most network professionals will be familiar.
Each software feature chapter includes sections that will satisfy the information requirements of casual
readers, rushed readers, serious detail-oriented readers, advanced users, and beginning users.
Quick Information. Most chapters include a specifications table that lists RFCs and IEEE specifications
supported by the software feature. In addition, this table includes other pertinent information such as minimum and maximum values and sub-feature support. Most chapters also include a defaults table that lists
the default values for important parameters along with the CLI command used to configure the parameter.
Many chapters include a Quick Steps section, which is a procedure covering the basic steps required to get
a software feature up and running.
In-Depth Information. All chapters include overview sections on the software feature as well as on
selected topics of that software feature. Topical sections may often lead into procedure sections that
describe how to configure the feature just described. Serious readers and advanced users will also find the
many application examples, located near the end of chapters, helpful. Application examples include
diagrams of real networks and then provide solutions using the CLI to configure a particular feature, or
more than one feature, within the illustrated network.
page xxviii OmniSwitch 6600 Family Network Configuration Guide April 2006
About This Guide Documentation Roadmap
Documentation Roadmap
The OmniSwitch user documentation suite was designed to supply you with information at several critical
junctures of the configuration process. The following section outlines a roadmap of the manuals that will
help you at each stage of the configuration process. Under each stage, we point you to the manual or
manuals that will be most helpful to you.
Stage 1: Using the Switch for the First Time
Pertinent Documentation: OmniSwitch 6600 Family Getting Started Guide
Release Notes
A hard-copy OmniSwitch 6600 Family Getting Started Guide is included with OmniSwitch 6600 Family
switches; these guides provide all the information you need to get your switch up and running the first
time. These guides provide information on unpacking the switch, rack mounting the switch, installing
uplink and stacking modules, unlocking access control, setting the switch’s IP address, setting up a password, and setting up stacks. They also include succinct overview information on fundamental aspects of
the switch, such as hardware LEDs, the software directory structure, CLI conventions, and web-based
management.
At this time you should also familiarize yourself with the Release Notes that accompanied your switch.
This document includes important information on feature limitations that are not included in other user
guides.
Note. The OmniSwitch 6600 Family Getting Started Guide was originally known as the “OmniSwitch
6624/6648 Getting Started Guide.”
Stage 2: Gaining Familiarity with Basic Switch Functions
Pertinent Documentation: OmniSwitch 6600 Family Hardware Users Guide
OmniSwitch 6600 Family Switch Management Guide
Once you have your switch up and running, you will want to begin investigating basic aspects of its hard
ware and software. Information about OmniSwitch 6600 Family hardware is provided in the OmniSwitch
6600 Family Hardware Users Guide. This guide provides specifications, illustrations, and descriptions of
all hardware components—chassis, power supplies, uplink and stacking modules, and cooling fans. They
also include steps for common procedures, such as removing and installing switch components.
The OmniSwitch 6600 Family Switch Management Guide is the primary user guide for the basic software
features on a single switch. This guide contains information on the switch directory structure, basic file
and directory utilities, switch access security, SNMP, and web-based management. It is recommended that
you read this guide before connecting your switch to the network.
Note. The OmniSwitch 6600 Family Switch Management Guide and the OmniSwitch 6600 Family Hard-
ware Users Guide were originally known as the “OmniSwitch 6624/6648 Switch Management Guide” and
“OmniSwitch 6624/6648 Hardware Users Guide”, respectively.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page xxix
Documentation Roadmap About This Guide
Stage 3: Integrating the Switch Into a Network
Pertinent Documentation: OmniSwitch 6600 Family Network Configuration Guide
OmniSwitch 6600 Family Advanced Routing Configuration Guide
When you are ready to connect your switch to the network, you will need to learn how the OmniSwitch
implements fundamental software features, such as 802.1Q, VLANs, Spanning Tree, and network routing
protocols. The OmniSwitch 6600 Family Network Configuration Guide contains overview information,
procedures and examples on how standard networking technologies are configured in the OmniSwitch
6600 Family.
The OmniSwitch 6600 Family Advanced Routing Configuration Guide includes configuration information
for networks using Open Shortest Path First (OSPF).
Note. The OmniSwitch 6600 Family Advanced Routing Configuration Guide was originally known as the
“OmniSwitch 66/24/6648 Advanced Routing Configuration Guide.”
Anytime
The OmniSwitch CLI Reference Guide contains comprehensive information on all CLI commands
supported by the switch. This guide includes syntax, default, usage, example, related CLI command, and
CLI-to-MIB variable mapping information for all CLI commands supported by the switch. This guide can
be consulted anytime during the configuration process to find detailed and specific information on each
CLI command.
page xxx OmniSwitch 6600 Family Network Configuration Guide April 2006
About This Guide Related Documentation
Related Documentation
The following are the titles and descriptions of all the OmniSwitch 6600 Family user manuals:
• OmniSwitch 6600 Family Getting Started Guide
Describes the hardware and software procedures for getting an OmniSwitch 6600 Family switch up
and running. Also provides information on fundamental aspects of OmniSwitch software and stacking
architecture.
Note. The OmniSwitch 6600 Family Getting Started Guide was originally known as the “OmniSwitch
6624/6648 Getting Started Guide.”
• OmniSwitch 6600 Family Hardware Users Guide
Complete technical specifications and procedures for all OmniSwitch 6600 Family chassis, power
supplies, fans, and uplink and stacking modules.
Note. The OmniSwitch 6600 Family Hardware Users Guide was originally known as the “OmniSwitch
6624/6648 Hardware Users Guide.”
• OmniSwitch CLI Reference Guide
Complete reference to all CLI commands supported on the OmniSwitch 6600, 6800, 7700, 7800, and
8800. Includes syntax definitions, default values, examples, usage guidelines, and CLI-to-MIB variable mappings.
• OmniSwitch 6600 Family Switch Management Guide
Includes procedures for readying an individual switch for integration into a network. Topics include
the software directory architecture, image rollback protections, authenticated switch access, managing
switch files, system configuration, using SNMP, and using web management software (WebView).
Note. The OmniSwitch 6600 Family Switch Management Guide was originally known as the “OmniSwitch
6624/6648 Switch Management Guide.”
• OmniSwitch 6600 Family Network Configuration Guide
Includes network configuration procedures and descriptive information on all the major software
features and protocols included in the base software package. Chapters cover Layer 2 information
(Ethernet and VLAN configuration), Layer 3 information, security options (authenticated VLANs),
Quality of Service (QoS), and link aggregation.
Note. The OmniSwitch 6600 Family Network Configuration Guide was originally known as the
“OmniSwitch 6624/6648 Network Configuration Guide.”
OmniSwitch 6600 Family Network Configuration Guide April 2006 page xxxi
Related Documentation About This Guide
• OmniSwitch 6600 Family Advanced Routing Configuration Guide
Includes network configuration procedures and descriptive information on all the software features and
protocols included in the advanced routing software package OSPF.
Note. The OmniSwitch 6600 Family Advanced Routing Configuration Guide was originally known as the
“OmniSwitch 66/24/6648 Advanced Routing Configuration Guide.”
• Technical Tips, Field Notices
Includes information published by Alcatel’s Customer Support group.
• Release Note
Includes critical Open Problem Reports, feature exceptions, and other important information on the
features supported in the current release and any limitations to their support.
page xxxii OmniSwitch 6600 Family Network Configuration Guide April 2006
About This Guide User Manuals Web Site
User Manuals Web Site
All related user guides for the OmniSwitch 6600 Family can be found on our web site at
http://www.alcatel.com/enterprise/en/resource_library/user_manuals.html
All documentation on the User Manual web site is in
program for viewing. Acrobat Reader freeware is available at www.adobe.com.
Note. When printing pages from the documentation PDFs, de-select Fit to Page if it is selected in your
print dialog. Otherwise pages may print with slightly smaller margins.
PDF format and requires the Adobe Acrobat Reader
Technical Support
An Alcatel service agreement brings your company the assurance of 7x24 no-excuses technical support.
You’ll also receive regular software updates to maintain and maximize your Alcatel product’s features and
functionality and on-site hardware replacement through our global network of highly qualified service
delivery partners. Additionally, with 24-hour-a-day access to Alcatel’s Service and Support web page,
you’ll be able to view and update any case (open or closed) that you have reported to Alcatel’s technical
support, open a new case or access helpful release notes, technical bulletins, and manuals. For more information on Alcatel’s Service Programs, see our web page at eservice.ind.alcatel.com, call us at 1-800-9952696, or email us at support@ind.alcatel.com.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page xxxiii
Technical Support About This Guide
page xxxiv OmniSwitch 6600 Family Network Configuration Guide April 2006
1 Configuring Ethernet Ports
The Ethernet software is responsible for a variety of functions that support the Ethernet and Gigabit Ethernet ports on OmniSwitch 6600 Family switches. These functions include diagnostics, software loading,
initialization, configuration of line parameters, gathering statistics, and responding to administrative
requests from SNMP or CLI.
In This Chapter
This chapter describes your switch’s Ethernet port parameters and how to configure them through the
Command Line Interface (CLI). CLI Commands are used in the configuration examples. For more details
about the syntax of commands, see the OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
• “Setting Trap Port Link Messages” on page 1-13
• “Setting Flow Control” on page 1-14
• “Setting Flow Control Wait Time” on page 1-15
• “Setting Interface Line Speed” on page 1-16
• “Configuring Duplex Mode” on page 1-17
• “Enabling and Disabling Interfaces” on page 1-18
• “Configuring Inter-frame Gap Values” on page 1-18
• “Resetting Statistics Counters” on page 1-19
• “Configuring Flood Rates” on page 1-20
• “Configuring a Port Alias” on page 1-21
• “Configuring Auto Negotiation, Crossover, and Flow Control Settings” on page 1-22
For information about CLI commands that can be used to view Ethernet port parameters, see the
OmniSwitch CLI Reference Guide.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-1
Ethernet Specifications Configuring Ethernet Ports
Ethernet Specifications
IEEE Standards Supported 802.3 Carrier Sense Multiple Access with Collision Detection
(CSMA/CD)
Ports Supported Ethernet (10 Mbps)
Fast Ethernet (100 Mbps)
Gigabit Ethernet (1 Gb/1000 Mbps).
2-Port Gigabit Uplink Modules
(OmniSwitch 6624, 6648,
6600-U24, and 6600-P24 only)
Built-in Gigabit Uplink Ports
(OmniSwitch 6602-24 and
6602-48 only)
Switching/Routing Support Layer 2 Switching/Layer 3 Routing
Backbone Support Fast Ethernet and Gigabit Ethernet ports
Port Mirroring Support Fast Ethernet and Gigabit Ethernet ports
802.1Q Hardware Tagging Fast Ethernet and Gigabit Ethernet ports
– OS6600-GNI-C2 copper uplink module
– OS6600-GNI-U2 fiber uplink module
Two MiniGBIC ports
page 1-2 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Ethernet Port Defaults
Ethernet Port Defaults
The following table shows Ethernet port default values.
Parameter Description Command Default Value/Comments
Trap Port Link Messages trap port link Disabled
Flow Control flow Disabled
Flow Control Wait Time flow wait time 0 microseconds
Interface Line Speed interfaces speed Auto
Duplex Mode interfaces duplex Auto (copper ports)/Full (fiber
ports)
Interface Configuration interfaces admin Up (Enabled)
Inter-Frame Gap interfaces ifg 12 bytes
Maximum Flood Rate (for
Broadcast Traffic)
Maximum Flood Rate (for
Multicast Traffic)
Peak Flood Rate Configuration interfaces flood rate 42 Mbps (Fast Ethernet)
Auto negotiation interfaces autoneg Enable
Crossover interfaces crossover Auto for all copper ports;
Flow (pause) interfaces flow Enable
interfaces flood Enable
interfaces flood multicast Disable
496 Mbps (Gigabit Ethernet)
Disable for all fiber modules
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-3
Configuring Ethernet Ports Tutorial Configuring Ethernet Ports
Configuring Ethernet Ports Tutorial
This tutorial describes typical steps involved in configuring an Ethernet port. This example presumes that
slot (switch) 1, port 1 is an Ethernet port.
1 This step configures the line speed for slot 1, port 1 with the interfaces speed command. For example,
to set the interface line speed for slot 1, port 1 to 100 Mbps enter:
-> interfaces 1/1 speed 100
2 This step configures the interface duplex mode for the interface in slot 1, port 1 with the interfaces
duplex command. In full duplex mode, the interface transmits and receives data simultaneously. In half
duplex mode, the interface can either transmit or receive data at a given time. For example, to set the
interface duplex mode for slot 1, port 1 to full duplex enter:
-> interfaces 1/1 duplex full
Note. Duplex mode must be set to full duplex in order to set Flow Control (described below).
3 This step enables flow control for this port with the flow command. If the data buffers on the switch are
full, flow control allows the switch to continue receiving data packets once the buffered data has been
processed. For example, to enable flow control for slot 1, port 1 enter:
-> flow 1/1
4 This step configures flow control wait time for this port with the flow wait time command. Flow
control wait time specifies the amount of time (in microseconds) that the transmitting device waits
before resuming transmission of data packets to the receiving device. For example, to configure the
flow control wait time for slot 1, port 1 to 46 microseconds enter:
-> flow 1/1 wait time 46
5 Configure the peak flood rate value on this interface with the interfaces flood rate command. The
peak flood rate value can be configured in megabits per second, ranging from 0 to 10 Mbps for Ethernet, 0 to 100 Mbps for Fast Ethernet, or 0 to 996 Mbps for Gigabit Ethernet. For example, to configure
the peak flood rate value for the interface in slot 1, port 1 to 42 Mbps enter:
-> interfaces 1/1 flood rate 42
page 1-4 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Configuring Ethernet Ports Tutorial
Note. Optional. To verify the Ethernet port configuration, use the show interfaces command. The display
is similar to the one shown below, and provides additional statistics about received and transmitted bytes
and frames.
Slot/Port 1/1 :
Operational Status : down,
Type : Fast Ethernet,
MAC address : 00:d0:95:12:ed:04,
BandWidth (Megabits) : 100, Duplex : Full,
Long Accept : Disable, Runt Accept : Disable,
Long Frame Size(Bytes) : 1518, Runt Size(Bytes) : 64
Input :
Bytes Received : 0,
Lost Frames : 0,
Unicast Frames : 0,
Broadcast Frames : 0,
Multicast Frames : 0,
UnderSize Frames : 0,
OverSize Frames : 0,
Collision Frames : 0,
Error Frames : 0,
CRC Error Frames : 0,
Alignments Error : 0
Output :
Bytes transmitted : 0,
Lost Frames : 0,
Unicast Frames : 0,
Broadcast Frames : 0,
Multicast Frames : 0,
UnderSize Frames : 0,
OverSize Frames : 0,
Collision Frames : 0,
Error Frames : 0
For more information about available show commands, refer to the OmniSwitch CLI Reference Guide.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-5
Ethernet Ports Overview Configuring Ethernet Ports
Ethernet Ports Overview
This chapter describes the Ethernet software CLI commands used for configuring and monitoring your
switch’s Ethernet port parameters. These commands allow you to handle administrative or port-related
requests to and from SNMP, the CLI or WebView.
The OmniSwitch software supports the Gigabit Ethernet expansion modules (OmniSwitch 6624, 6648,
6600-U24, and 6600-P24 only) listed in the table here.
Module Description
OS6600-GNI-C2 2 port 1 Gbps Gigabit Ethernet copper uplink module.
OS6600-GNI-U2 2 port 1 Gbps Gigabit Ethernet fiber uplink module.
Note. OmniSwitch 6602-24 and 6602-48 have two built-in MiniGBIC ports.
OmniSwitch 6648
The OmniSwitch 6648 provides 48 10/100 Mbps ports and two expansion slots. The expansion slots are
empty by default. Optionally, they can hold either four Gigabit Ethernet ports or two Gigabit Ethernet
ports and two stacking connections. Port numbers 1 through 48 support both 10 Mbps Ethernet and 100
Mbps Fast Ethernet interfaces. Port numbers 49, 50, 51 and 52 support 1000 Mbps Gigabit Ethernet when
the Gigabit Ethernet modules are installed. For more information on Ethernet hardware configurations,
refer to the OmniSwitch 6600 Family Hardware Users Guide.
OmniSwitch 6648
TM
CONSOLE
OK1
PS1
PRI
TEMP
OK2
PS2
SEC
FAN
272829303132333435
25
26
34567891011
1
SEL
2
3738394041424344454647
36
1314151617181920212223
12
LINK/ACT
LINK/ACT
48
24
49 50 51 52
EXPANSION
EXPANSION/STACKING
LINK/ACT
10/100 Ethernet Ports 1 Optional Stacking or Gigabit Ethernet
LINK/ACT
page 1-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Ethernet Ports Overview
OmniSwitch 6624
The OmniSwitch 6624 provides 24 10/100 Mbps ports and two expansion slots. The expansion slots are
empty by default. Optionally, they can hold either four Gigabit Ethernet ports or two Gigabit Ethernet
ports and two stacking connections. Port numbers 1 through 24 support both 10 Mbps Ethernet and 100
Mbps Fast Ethernet interfaces. Port numbers 25, 26, 27, and 28 support 1000 Mbps Gigabit Ethernet when
the Gigabit Ethernet modules are installed. For more information on Ethernet hardware configurations,
refer to the OmniSwitch 6600 Family Hardware Users Guide.
OmniSwitch 6624
TM
OK1
OK2
CONSOLE
PS1
PS2
PRI
TEMP
SEC
FAN SEL
34567891011
1
2
1314151617181920212223
12
25 26 27 28
LINK/ACT
24
LINK/ACT
EXPANSION/STACKINGEXPANSION
LINK/ACT
LINK/ACT
10/100 Ethernet Ports 1 Optional Stacking or Gigabit Ethernet
OmniSwitch 6600-U24
The OmniSwitch 6600-U24 provides 24 100 Mbps fiber SFP ports and two expansion slots. The expansion slots are empty by default. Optionally, they can hold either four Gigabit Ethernet ports or two Gigabit Ethernet ports and two stacking connections. Port numbers 1 through 24 support 100 Mbps Fast
Ethernet interfaces. Port numbers 25, 26, 27, and 28 support 1000 Mbps Gigabit Ethernet when the Gigabit Ethernet modules are installed. For more information on Ethernet hardware configurations, refer to the
OmniSwitch 6600 Family Hardware Users Guide.
OmniSwitch 6600-U24
TM
357 911
CONSOLE
OK1
OK2
SEL
PS1
PS2 PRISEC TEMPFAN
1
2 24
2143658710912111413
13 15 17 19 21 23
1615 1817 2019 2221 2423
25 26 27 28
EXPANSION/STACKINGEXPANSION
LINK/ACT
LINK/ACT
100 Mbps Fiber SFP Ports 1 Optional Stacking or Gigabit Ethernet
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-7
Ethernet Ports Overview Configuring Ethernet Ports
35698
10
1
1
1
4
20
2
4
SEC
28
CLASS
252
S
k
C
1
S2
Sel
OK2
OmniSwitch 6600-P24
The OmniSwitch 6600-P24 provides 24 10/100 Mbps Power over Ethernet (PoE) ports and two expansion
slots. The expansion slots are empty by default. Optionally, they can hold either four Gigabit Ethernet
ports or two Gigabit Ethernet ports and two stacking connections. Port numbers 1 through 24 support both
10 Mbps Ethernet and 100 Mbps Fast Ethernet interfaces. Port numbers 25, 26, 27, and 28 support 1000
Mbps Gigabit Ethernet when the Gigabit Ethernet modules are installed. For more information on Ethernet hardware configurations, refer to the OmniSwitch 6600 Family Hardware Users Guide.
OmniSwitch 6600-P24
TM
34567891011
CONSOLE
OK1
PS1
OK2
PS2
PRI
1
SEL
TEMP
SEC
FAN
2
1314151617181920212223
12
24
25 26 27 28
LINK/ACT
LINK/ACT
EXPANSION/STACKINGEXPANSION
LINK/ACT
LINK/ACT
10/100 Power over Ethernet (PoE) Ports 1 Optional Stacking or Gigabit Ethernet
OmniSwitch 6602-24
The OmniSwitch 6602-24 provides 24 10/100 Mbps ports, two Gigabit MiniGBIC ports, and two stacking
ports. Port numbers 1 through 24 support both 10 Mbps Ethernet and 100 Mbps Fast Ethernet interfaces.
Port numbers 25 and 26 support 1000 Mbps Gigabit Ethernet and port numbers 27 and 28 are stacking
ports. For more information on Ethernet hardware configurations, refer to the OmniSwitch 6600 Family
Hardware Users Guide.
3
716151
211918
2 232
OmniSwitch 6602-24
TM
o
n
s
o
l
1 LASER PRODUCT
PS1OK
P
6
27
tac
10/100 Ethernet Ports 1 Gigabit Ethernet Ports 25 and 26
page 1-8 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Ethernet Ports Overview
315
6
9810
1311615191820
23
4
SEC
PR1
52
CLASS
9
50
S
k
1
PS1
O
PS
S
OK2
FAN
62829
303
36
353
4
8454
42
44464
48
2
OmniSwitch 6602-48
The OmniSwitch 6602-48 provides 48 10/100 Mbps ports, two Gigabit MiniGBIC ports, and two stacking ports. Port numbers 1 through 48 support both 10 Mbps Ethernet and 100 Mbps Fast Ethernet interfaces. Port numbers 49 and 50 support 1000 Mbps Gigabit Ethernet and port numbers 51 and 52 are
stacking ports. For more information on Ethernet hardware configurations, refer to the OmniSwitch 6600
Family Hardware Users Guide.
2
2
5
1 3332 34
7
140393
3
7
OmniSwitch 6602-48
TM
C
o
el
n
K1
4
s
o
l
1 LASER PRODUCT
TMP
2
5
tac
10/100 Ethernet Ports 1 Gigabit Ethernet Ports 49 and 50
10/100 Crossover Supported
By default, automatic crossover between MDI/MDIX (Media Dependent Interface/Media Dependent
Interface with Crossover) media is supported on OmniSwitch 6600 Family 10/00 ports. Therefore, either
straight-through or crossover cable can be used between two OmniSwitch 6600 Familyswitches as long as
auto negotiation is configured on both sides of the link. See “Configuring Auto Negotiation, Crossover,
and Flow Control Settings” on page 1-22 for more information.
Gigabit Copper SFPs Supported
OmniSwitch 6600 Family switches support 1 Gbps copper 1000base-T SFP transceivers, which can be
used with the built-in SFP ports on OmniSwitch 6602-24 and OmniSwitch 6602-48 switches and on the
OS6600-GNI-U2 submodule. These copper SFPs support 1000 Mbps at full duplex. They do not support
10/100 speed or half duplex mode.
In addition, configuration problems can occur if a copper SFP is plugged in after configuration changes
have been made. For example, if you are swapping SFP with different media types (copper to fiber or vice
versa), you need to use the write memory command to save the change of configuration. If you do not
save the configuration change then the boot.cfg file will still contain the old configuration but the switch
will have the default auto negotiation configuration for the new media. Therefore, Alcatel recommends
that you use the write memory command if you swap SFPs of different media types.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-9
Ethernet Ports Overview Configuring Ethernet Ports
Valid Port Settings
This table below lists valid speed, duplex, and auto negotiation settings for the different OmniSwitch 6600
Family port types.
Chassis Type
(Port Nos.)
OmniSwitch 6624
(ports 1–24)
OmniSwitch 6624
(ports 25–26)
OmniSwitch 6624
(ports 25–26)
OmniSwitch 6624
(ports 27–28)
OmniSwitch 6624
(ports 27–28)
Port Type User-Specified
Port Speed
(Mbps)
User-Specified
Duplex
Supported
Auto
Negotiation
Supported?
Supported
Copper twisted pair (RJ-45) auto/10/100 auto/full/half Yes
Wire-rate when an OS6600-
1000 full Yes
GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
1000 full Yes
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
Wire-rate when an OS6600-
1000 full Yes
GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
1000 full Yes
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
OmniSwitch 6648
(ports 1–48)
OmniSwitch 6648
(ports 49–50)
OmniSwitch 6648
(ports 49–50)
OmniSwitch 6648
(ports 51–52)
OmniSwitch 6648
(ports 51–52)
Copper twisted pair (RJ-45) auto/10/100 auto/full/half Yes
Wire-rate when an OS6600-
1000 full Yes
GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
1000 full Yes
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
Wire-rate when an OS6600-
1000 full Yes
GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
1000 full Yes
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
page 1-10 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Ethernet Ports Overview
Chassis Type
(Port Nos.)
OmniSwitch 6600-U24
(ports 1–24)
OmniSwitch 6600-U24
(ports 25–26)
OmniSwitch 6600-U24
(ports 25–26)
OmniSwitch 6600-U24
(ports 27–28)
OmniSwitch 6600-U24
(ports 27–28)
Port Type User-Specified
Port Speed
(Mbps)
User-Specified
Duplex
Supported
Auto
Negotiation
Supported?
Supported
100 Mbps fiber SFP ports 100 full/half Yes
Wire-rate when an OS6600-
1000 full Yes
GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
1000 full Yes
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
Wire-rate when an OS6600-
1000 full Yes
GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
1000 full Yes
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
OmniSwitch 6600-P24
(ports 1–24)
OmniSwitch 6600-P24
(ports 25–26)
OmniSwitch 6600-P24
(ports 25–26)
OmniSwitch 6600-P24
(ports 27–28)
OmniSwitch 6600-P24
(ports 27–28)
24 copper power in-line
twisted pair (RJ-45)
Wire-rate when an OS6600GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
Wire-rate when an OS6600GNI-U2 is installed using
LC fiber SFPs or copper
1000Base-T SFPs.
Wire-rate copper twisted
pair (1000Base-T) when an
OS6600-GNI-C2 is
installed.
auto/10/100 auto/full/half Yes
1000 full Yes
1000 full Yes
1000 full Yes
1000 full Yes
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-11
Ethernet Ports Overview Configuring Ethernet Ports
Chassis Type
(Port Nos.)
OmniSwitch 6602-24
(ports 1–24)
OmniSwitch 6602-24
(ports 25–26)
OmniSwitch 6602-48
(ports 1–48)
OmniSwitch 6602-48
(ports 49–50)
Port Type User-Specified
Port Speed
(Mbps)
User-Specified
Duplex
Supported
Auto
Negotiation
Supported?
Supported
Copper twisted pair (RJ-45) auto/10/100 auto/full/half Yes
Wire-rate when an LC fiber
SFP or copper 1000Base-T
1000 full Yes (fiber)
No (copper)
SFP is installed.
Copper twisted pair (RJ-45) auto/10/100 auto/full/half Yes
Wire-rate when an LC fiber
SFP or copper 1000Base-T
1000 full Yes (fiber)
No (copper)
SFP is installed.
page 1-12 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Setting Ethernet Port Parameters
Setting Ethernet Port Parameters
When using CLI commands to set Ethernet port parameters, keep in mind that Ethernet and Fast Ethernet
are supported only on ports 1 through 48 on the OmniSwitch 6648 and OmniSwitch 6602-48 and ports 1
through 24 on the OmniSwitch 6624, OmniSwitch 6600-P24, and OmniSwitch 6600-U24. Likewise,
Gigabit Ethernet is only supported on OmniSwitch 6648 ports 49 through 52 and OmniSwitch 6624 and
6602-24 ports 25 through 28 when the optional Gigabit expansion modules are installed. Gigabit Ethernet
is only supported on ports 25 and 26 on the OmniSwitch 6602-24 and ports 49 and 50 on the OmniSwitch
6602-48.
Setting Trap Port Link Messages
The trap port link command can be used to enable or disable (the default) trap port link messages on a
specific port, a range of ports, or all ports on a switch (slot). When enabled, a trap message will be
displayed on a Network Management Station (NMS) whenever the port state has changed.
Enabling Trap Port Link Messages
To enable trap port link messages on an entire switch, enter trap followed by the slot number and port
link enable. For example, to enable trap port link messages on all ports on slot 2 enter:
-> trap 2 port link enable
To enable trap port link messages on a single port enter trap followed by the slot number, a slash (/), the
port number, and port link enable. For example, to enable trap port link messages on slot 2 port 3 enter:
-> trap 2/3 port link enable
To enable trap port link messages on a range of ports enter trap followed by the slot number, a
slash (/), the first port number, a hyphen (-), the last port number, and port link enable. For example, to
enable trap port link messages ports 3 through 5 on slot 2 enter:
-> trap 2/3-5 port link enable
Disabling Trap Port Link Messages
To disable trap port link messages on an entire switch, enter trap followed by the slot number and port
link disable. For example, to disable trap port link messages on all ports on slot 2 enter:
-> trap 2 port link disable
To disable trap port link messages on a single port enter trap followed by the slot number, a slash (/), the
port number, and port link disable. For example, to disable trap port link messages on slot 2 port 3 enter:
-> trap 2/3 port link disable
To disable trap port link messages on a range of ports enter trap followed by the slot number, a
slash (/), the first port number, a hyphen (-), the last port number, and port link disable. For example, to
disable trap port link messages ports 3 through 5 on slot 2 enter:
-> trap 2/3-5 port link disable
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-13
Setting Ethernet Port Parameters Configuring Ethernet Ports
Setting Flow Control
The flow command can be used to enable or disable (the default) flow control on a specific port, a range of
ports, or all ports on an entire switch (slot). When the buffers on a receiving device are full, flow control
transmits pause frames to the remote link partner to delay transmission. The local port can delay transmission of data if the remote link partner transmits a pause frame.
Note. If auto-negotiation is implemented and enabled for the interface, the pause mode for this interface is
determined by auto-negotiation.
Enabling Flow Control
To enable flow control on an entire switch, enter flow followed by the slot number. For example, to enable
flow control on slot 2 enter:
-> flow 2
To enable flow control on a single port, enter flow followed by the slot number, a slash (/), and the port
number. For example, to enable flow control on port 3 on slot 2 enter:
-> flow 2/3
To enable flow control on a range of ports, enter flow followed by the slot number, a slash (/), the first port
number, a hyphen, and the last port number. For example, to enable flow control on ports 1 through 3 on
slot 2 enter:
-> flow 2/1-3
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example to enable flow control on the interface on slot 2 port 3 and document
the interface type as Fast Ethernet enter:
-> flow fastethernet 2/3
Disabling Flow Control
To disable flow control on an entire switch, enter no flow followed by the slot number. For example, to
disable flow control on slot 2 enter:
-> no flow 2
To disable flow control on a single port, enter no flow followed by the slot number, a slash (/), and the
port number. For example, to disable flow control on port 3 on slot 2 enter:
-> no flow 2/3
To disable flow control on a range of ports, enter no flow followed by the slot number, a slash (/), the first
port number, a hyphen, and the last port number. For example, to disable flow control on ports 1 through 3
on slot 2 enter:
-> no flow 2/1-3
page 1-14 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Setting Ethernet Port Parameters
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example to disable flow control on the interface on slot 2 port 3 and document
the interface type as Fast Ethernet enter:
-> no flow fastethernet 2/3
Setting Flow Control Wait Time
By default, the flow control wait time is 0 microseconds. Use the flow wait time command to configure
flow control wait time on a specific port, a range of ports, or all ports on a switch (slot). When configured, flow control wait time specifies the amount of time (in microseconds) that the transmitting device
waits before resuming transmission of data packets to the receiving device. The valid range is 0 to 30000
microseconds. (The flow control wait time on 10 Mbps ports is not configurable.)
Note. If auto-negotiation is implemented and enabled for the interface, the Pause mode for this interface is
determined by Auto-negotiation and Full-duplex.
Configuring the Flow Control Wait Time
To configure flow control wait time for an entire switch (slot), enter flow followed by the slot number,
wait, and the desired wait time in microseconds. For example, to configure a flow control wait time of 96
microseconds on slot 2 enter:
-> flow 2 wait 96
Note. Setting the flow control wait time to zero (0) accomplishes the same function as the flow no wait
command (restoring flow control wait time). See “Restoring the Flow Control Wait Time” on page 1-16
for more information.
To configure flow control wait time for a single port, enter flow followed by the slot number, a slash (/),
the port number, wait, and the desired wait time in microseconds. For example, to configure a flow
control wait time of 96 microseconds on slot 2 port 3 enter:
-> flow 2/3 wait 96
To configure flow control wait time for a range of ports, enter flow followed by the slot number, a
slash (/), the first port number, a hyphen (-), the last port number, wait, and the desired wait time in microseconds. For example, to configure a flow control wait time of 96 microseconds on ports 1 through 3 on
slot 2 enter:
-> flow 2/1-3 wait 96
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to configure the flow control wait time as 96 microseconds on slot 2
port 3 and document the interface type as Fast Ethernet enter:
-> flow fastethernet 2/3 wait 96
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-15
Setting Ethernet Port Parameters Configuring Ethernet Ports
Restoring the Flow Control Wait Time
To restore the flow control wait time (i.e., set it back to 0) for an entire switch, enter flow followed by the
slot number and no wait. For example, to restore the flow control wait time to 0 seconds on slot 2 enter:
-> flow 2 no wait
To restore the flow control wait time (i.e., set it back to 0) for a single port, enter interfaces followed by
the slot number, a slash (/), the port number, and no wait. For example, to restore the flow control wait
time of 0 seconds on slot 2 port 3 enter:
-> flow 2/3 no wait
To restore the flow control wait time (i.e., set it back to 0) for a range of ports, enter flow followed by the
slot number, a slash (/), the first port number, a hyphen (-), the last port number, and no wait. For exam-
ple, to restore the flow control wait time of 0 seconds on ports 1 through 3 on slot 2 enter:
-> flow 2/1-3 no wait
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to restore the flow control wait time of 0 seconds on slot 2 port 3 and
document the interface type as Fast Ethernet enter:
-> flow fastethernet 2/3 no wait
Setting Interface Line Speed
The interfaces speed command is used to set the line speed on a specific port, a range of ports, or all ports
on an entire switch (slot) to 10 (10 Mbps Ethernet), 100 (100 Mbps Fast Ethernet), 1000 (1000 Mbps
Gigabit Ethernet), or auto (auto-sensing). The auto setting automatically detects and matches the line
speed of the attached device. (Available settings for this command depend on the available line speeds of
your hardware interface. See “OmniSwitch 6648” on page 1-6, “OmniSwitch 6624” on page 1-7,
“OmniSwitch 6600-U24” on page 1-7, “OmniSwitch 6600-P24” on page 1-8, “OmniSwitch 6602-24” on
page 1-8, and “OmniSwitch 6602-48” on page 1-9 for more information.)
To set the line speed on an entire switch enter interfaces followed by the slot number and the desired
speed. For example, to set slot 2 to 100 Mbps enter:
-> interfaces 2 speed 100
To set the line speed on a single port enter interfaces followed by the slot number, a slash (/), the port
number, and the desired speed. For example, to set the line speed on slot 2 port 3 at 100 Mbps enter:
-> interfaces 2/3 speed 100
To set the line speed on a range of ports enter interfaces followed by the slot number, a slash (/), the first
port number, a hyphen (-), the last port number, and the desired speed. For example, to set the line speed
on ports 1 through 3 on slot 2 at 100 Mbps enter:
-> interfaces 2/1-3 speed 100
page 1-16 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Setting Ethernet Port Parameters
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to configure the line speed on slot 2 port 3 at 100 Mbps and document the interface type as Fast Ethernet enter:
-> interfaces fastethernet 2/3 speed 100
Note. Copper Gigabit Ethernet ports are always set to auto.
Configuring Duplex Mode
The interfaces duplex command is used to configure the duplex mode on a specific port, a range of ports,
or all ports on a switch (slot) to full (full duplex mode), half (half duplex mode), auto (auto-negotiation).
(The Auto option causes the switch to advertise all available duplex modes (half/full/both) for the port
during autonegotiation.) In full duplex mode, the interface transmits and receives data simultaneously. In
half duplex mode, the interface can only transmit or receive data at a given time. (Available settings for
this command depend on the available line speeds of your hardware interface. See “OmniSwitch 6648” on
page 1-6, “OmniSwitch 6624” on page 1-7, “OmniSwitch 6600-U24” on page 1-7, “OmniSwitch 6600P24” on page 1-8, “OmniSwitch 6602-24” on page 1-8, and “OmniSwitch 6602-48” on page 1-9 for more
information.)
Note. The Auto option sets both the duplex mode and line speed settings to auto-negotiation.
To configure the duplex mode on an entire slot enter interfaces followed by the slot number, duplex, and
the desired duplex setting (auto, full, or half). For example, to set the duplex mode on slot 2 to full enter:
-> interfaces 2 duplex full
To configure the duplex mode on a single port enter interfaces followed by the slot number, a slash (/),
the port number, duplex, and the desired duplex setting (auto, full, or half). For example, to set the
duplex mode on port 3 on slot 2 to full enter:
-> interfaces 2/3 duplex full
To configure the duplex mode on a range of ports enter interfaces followed by the slot number, a slash (/),
the first port number, a hyphen (-), the last port number, duplex, and the desired duplex setting (auto, full,
or half). For example, to set the duplex mode on ports 1 through 3 on slot 2 to full enter:
-> interfaces 2/1-3 duplex full
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to set the duplex mode on port 3 on slot 2 and document the port as
Fast Ethernet enter:
-> interfaces fastethernet 2/3 duplex full
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-17
Setting Ethernet Port Parameters Configuring Ethernet Ports
Enabling and Disabling Interfaces
The interfaces admin command is used to enable (the default) or disable a specific port, a range of ports,
or all ports on an entire switch (slot).
To enable or disable an entire slot enter interfaces followed by the slot number, admin, and the desired
administrative setting (either up or down). For example, to administratively disable slot 2 enter:
-> interfaces 2 admin down
To enable or disable a single port enter interfaces followed by the slot number, a slash (/), the port
number, admin, and the desired administrative setting (either up or down). For example, to administratively disable port 3 on slot 2 enter:
-> interfaces 2/3 admin down
To enable or disable a range of ports enter interfaces followed by the slot number, a slash (/), the first port
number, a hyphen (-), the last port number, admin, and the desired administrative setting (either up or
down). For example, to administratively disable ports 1 through 3 on slot 2 enter:
-> interfaces 2/1-3 admin down
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to administratively disable port 3 on slot 2 and document the port as
Fast Ethernet:
-> interfaces fastethernet 2/3 admin down
Configuring Inter-frame Gap Values
Inter-frame gap is a measure of the minimum idle time between the end of one frame transmission and the
beginning of another. By default, the inter-frame gap is 12 bytes. The interfaces ifg command can be used
to configure the inter-frame gap value (in bytes) on a specific port, a range of ports, or all ports on a switch
(slot). Values for this command range from 9 to 12 bytes.
Note. This command is only valid on Gigabit ports. Gigabit Ethernet is supported only on ports 49 through
51 on the OmniSwitch 6648 and ports 25 through 28 on the OmniSwitch 6624 and 6600-U24 when Gigabit Ethernet expansion modules are installed.
To configure the inter-frame gap on an entire slot enter interfaces, followed by the slot number, ifg, and
the desired inter-frame gap value. For example, to set the inter-frame gap value on slot 2 to 10 bytes enter:
-> interfaces 2 ifg 10
To configure the inter-frame gap on a single port enter interfaces, followed by the slot number, a slash (/),
the port number, ifg, and the desired inter-frame gap value. For example, to set the inter-frame gap value
on port 52 on slot 2 to 10 bytes enter:
-> interfaces 2/52 ifg 10
To configure the inter-frame gap on a range of ports enter interfaces, followed by the slot number, a slash
(/), the first port number, a hyphen (-), the last port number, ifg, and the desired inter-frame gap value. For
example, to set the inter-frame gap value on ports 51 through 52 on slot 2 to 10 bytes enter:
-> interfaces 2/51-52 ifg 10
page 1-18 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Setting Ethernet Port Parameters
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to set the inter-frame gap value on port 52 on slot 2 to 10 bytes and
document the port as Gigabit Ethernet enter:
-> interfaces gigaethernet 2/52 ifg 10
Note. Since the interfaces ifg command is only supported on Gigabit interfaces only the gigaethernet
keyword should be used.
Resetting Statistics Counters
The interfaces no l2 statistics command is used to reset all Layer 2 statistics counters on a specific port, a
range of ports, or all ports on a switch (slot).
To reset Layer 2 statistics on an entire slot enter interfaces followed by the slot number and no l2
statistics. For example, to reset all Layer 2 statistics counters on slot 2 enter:
-> interfaces 2 no l2 statistics
To reset Layer 2 statistics on a single port enter interfaces followed by the slot number, a slash (/), the
port number, and no l2 statistics. For example, to reset all Layer 2 statistics counters on port 3 on slot 2
enter:
-> interfaces 2/3 no l2 statistics
To reset Layer 2 statistics on a range of ports enter interfaces followed by the slot number, a slash (/), the
first port number, a hyphen (-), the last port number, and no l2 statistics. For example, to reset all Layer 2
statistics counters on ports 1 through 3 on slot 2 enter:
-> interfaces 2/1-3 no l2 statistics
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to reset all Layer 2 statistics counters on port 3 on slot 2 and document the port as Fast Ethernet:
-> interfaces fastethernet 2/3 no l2 statistics
Note. The show interfaces, show interfaces accounting, and show interfaces counters commands can
be used to display Layer 2 statistics (e.g., input and output errors, deferred frames received, unicast packets transmitted). For information on using these commands, see the OmniSwitch CLI Reference Guide.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-19
Setting Ethernet Port Parameters Configuring Ethernet Ports
Configuring Flood Rates
The following subsections describe how to enable the maximum flood rate (see “Enabling the Maximum
Flood Rate” on page 1-20), enable the maximum flood rate for multicast traffic (see “Enabling Maximum
Flood Rate for Multicast Traffic” on page 1-20), and how to configure the flood rate on an entire switch
(slot), a specific port, or a range of ports (see “Configuring Flood Rate Values” on page 1-21).
Enabling the Maximum Flood Rate
The interfaces flood command can be used to enable the maximum flood rate for a switch (slot). Note that
only one slot can be configured at a time. You cannot configure specific ports or ranges of ports.
Note. To enable flood multicasting on an interface, see “Enabling Maximum Flood Rate for Multicast
Traffic” on page 1-20.
To enable the maximum flood rate on a slot enter interfaces followed by the slot number and flood. For
example, to enable the maximum flood rate on slot 2 enter:
-> interfaces 2 flood
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to enable the maximum flood rate on slot 2 enter and document the
slot as Gigabit Ethernet enter:
-> interfaces gigaethernet 2 flood
Enabling Maximum Flood Rate for Multicast Traffic
The interfaces flood multicast command can be used to enable the maximum flood rate for multicast traffic for a switch (slot). Note that only one slot can be configured per command. You cannot configure
specific ports or ranges of ports.
Note. To enable maximum flood rate on an interface and to disable any flood multicast configuration use
the interface flood command, which is described on “Enabling the Maximum Flood Rate” on page 1-20.
To enable the maximum flood rate for multicast traffic on a slot enter interfaces followed by the slot
number and flood multicast. For example, to enable the maximum flood rate for multicast traffic on slot 2
enter:
-> interfaces 2 flood multicast
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to enable the maximum flood rate for multicast traffic on slot 2 enter
and document the slot as Gigabit Ethernet enter:
-> interfaces gigaethernet 2 flood multicast
Note. Enabling the maximum multicast flood rate with the interfaces flood multicast command will limit
IP Multicast Switching (IPMS) and non-IPMS multicast traffic.
page 1-20 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Setting Ethernet Port Parameters
Configuring Flood Rate Values
By default, the flood rate is 42 Mbps on 10/100 ports and 496 Mbps on Gigabit ports. The interfaces
flood rate command can be used to configure the peak flood rate value on a specific port, a range of ports,
or all ports on a switch (slot) in megabits per second, ranging from 0 to 9 Mbps for Ethernet, 0 to 99 Mbps
for Fast Ethernet, or 0 to 999 Mbps for Gigabit Ethernet.
Note. The flood rate cannot be higher than line speed.
To configure the peak flood rate for an entire slot enter interfaces followed by the slot number, flood
rate, and the flood rate in bytes. For example, to configure the peak flood rate on slot 2 as 42 bytes enter:
-> interfaces 2 flood rate 42
To configure the peak flood rate for a single port enter interfaces followed by the slot number, a slash (/),
the port number, flood rate, and the flood rate in bytes. For example, to configure the peak flood rate on
port 3 on slot 2 as 42 bytes enter:
-> interfaces 2/3 flood rate 42
To configure the peak flood rate for a range of ports enter interfaces followed by the slot number, a slash
(/), the first port number, a hyphen (-), the last port number, flood rate, and the flood rate in bytes. For
example, to configure the peak flood rate on ports 1 through 3 on slot 2 as 42 bytes enter:
-> interfaces 2/1-3 flood rate 42
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to configure the peak flood rate on port 52 on slot 2 as 42 bytes and
document the port as Gigabit Ethernet enter:
-> interfaces gigaethernet 2/52 flood rate 42
Configuring a Port Alias
The interfaces alias command is used to configure an alias (i.e., description) for a single port. (You
cannot configure an entire switch or a range of ports.) To use this command enter interfaces followed by
the slot number, a slash (/), the port number, alias, and the text description, which can be up to 40 characters long.
For example, to configure an alias of “ip_phone1” for port 3 on slot 2 enter:
-> interfaces 2/3 alias ip_phone1
Note. Spaces must be contained within quotes (e.g., “IP Phone 1”).
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to configure an alias of “ip_phone1” for port 3 on slot 2 and document the port as Fast Ethernet enter:
-> interfaces fastethernet 2/3 alias ip_phone1
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-21
Setting Ethernet Port Parameters Configuring Ethernet Ports
Configuring Auto Negotiation, Crossover, and Flow Control
Settings
The following subsections describe how to enable and disable auto negotiation (see “Enabling and
Disabling Auto Negotiation” on page 1-22), configuring crossover settings (see “Configuring Crossover
Settings” on page 1-23), and configuring flow control (see “Enabling and Disabling Flow” on page 1-23).
Enabling and Disabling Auto Negotiation
By default, auto negotiation is enabled. To enable or disable auto negotiation on a single port, a range of
ports, or an entire slot use the interfaces autoneg command. (See “Configuring Crossover Settings” on
page 1-23 and “Enabling and Disabling Flow” on page 1-23 for more information).
To enable or disable auto negotiation on an entire switch enter interfaces followed by the slot number,
autoneg, and either enable or disable. For example, to enable auto negotiation on slot 2 enter:
-> interfaces 2 autoneg enable
To enable or disable auto negotiation on a single port enter interfaces followed by the slot number, a slash
(/), the port number, autoneg, and either enable or disable. For example, to enable auto negotiation on
port 3 on slot 2 enter:
-> interfaces 2/3 autoneg enable
To enable or disable auto negotiation on a range of ports enter interfaces followed by the slot number, a
slash (/), the first port number, a hyphen (-), the last port number, autoneg, and either enable or disable.
For example, to enable auto negotiation on ports 1 through 3 on slot 2 enter:
-> interfaces 2/1-3 autoneg enable
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to enable auto negotiation on port 3 on slot 2 and document the port
as Ethernet enter:
-> interfaces ethernet 2/3 autoneg enable
Please note a link will not be established on any copper Ethernet port if any one of the following is true:
• The local port advertises 100 Mbps full duplex and the remote link partner is forced to 100 Mbps full
duplex.
• The local port advertises 100 Mbps full duplex and the remote link partner is forced to 100 Mbps half
duplex.
• The local port advertises 10 Mbps full duplex and the remote link partner is forced to 10 Mbps full
duplex.
• The local port advertises 10 Mbps full duplex and the remote link partner is forced to 10 half duplex.
This is due to the fact that when the local device is set to auto negotiating 10/100 full duplex it senses the
remote device is not auto negotiating. Therefore it resolves to Parallel Detect with Highest Common
Denominator (HCD), which is “10/100 Half” according to IEEE 802.3 Clause 28.2.3.1.
However, since the local device is set to auto negotiating at 10/100 full duplex it cannot form a 10/100
Mbps half duplex link in any of the above mentioned cases. One solution is to configure the local device to
auto negotiation, 10/100 Mbps, with auto or half duplex.
page 1-22 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Setting Ethernet Port Parameters
Configuring Crossover Settings
To configure crossover settings on a single port, a range of ports, or an entire slot use the
interfaces crossover command. If auto negotiation is disabled, flow control, auto speed, and auto duplex
are not accepted.
Setting the crossover configuration to auto will configure the interface or interfaces to automatically
detect crossover settings. Setting crossover configuration to mdix will configure the interface or interfaces for MDIX (Media Dependent Interface with Crossover), which is the standard for hubs and switches.
Setting crossover to mdi will configure the interface or interfaces for MDI (Media Dependent Interface),
which is the standard for end stations. And setting the crossover configuration to disable will disable
crossover configuration on an interface or interfaces.
To configure crossover settings on an entire switch enter interfaces followed by the slot number, cross-
over, and the desired setting. For example, to set the crossover configuration to auto on slot 2 enter:
-> interfaces 2 crossover auto
To configure crossover settings on a single port enter interfaces followed by the slot number, a slash (/),
the port number, crossover, and the desired setting. For example, to set the crossover configuration to auto
on port 3 on slot 2 enter:
-> interfaces 2/3 crossover auto
To configure crossover settings on a range of ports enter interfaces followed by the slot number, a slash
(/), the first port number, a hyphen (-), the last port number, crossover, and the desired setting. For example, to set the crossover configuration to auto on ports 1 through 3 on slot 2 enter:
-> interfaces 2/1-3 crossover auto
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to set the crossover configuration to auto on port 3 on slot 2 and
document the port as Fast Ethernet enter:
-> interfaces fastethernet 2/3 crossover auto
Enabling and Disabling Flow
By default, flow (pause) is enabled. To enable or disable flow control on a single port, a range of ports, or
an entire NI use the interfaces flow command. Please note that if auto negotiation is disabled then flow
control will also be disabled.
To enable or disable flow control on an entire switch enter interfaces followed by the slot number, flow,
and either enable or disable. For example, to enable flow control on slot 2 enter:
-> interfaces 2 flow enable
To enable or disable flow control on a single port enter interfaces followed by the slot number, a
slash (/), the port number, flow, and either enable or disable. For example, to enable flow control on port
3 on slot 2 enter:
-> interfaces 2/3 flow enable
To enable or disable flow control on a range of ports enter interfaces followed by the slot number, a slash
(/), the first port number, a hyphen (-), the last port number, flow, and either enable or disable. For example, to enable flow control on ports 1 through 3 on slot 2 enter:
-> interfaces 2/1-3 flow enable
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-23
Setting Ethernet Port Parameters Configuring Ethernet Ports
As an option, you can document the interface type by entering ethernet, fastethernet, or gigaethernet
before the slot number. For example, to enable flow control on port 3 on slot 2 and document the port as
Fast Ethernet enter:
-> interfaces fastethernet 2/3 flow enable
Note. If auto negotiation is disabled and then later enabled on an interface, the original flow setting will
then be restored.
page 1-24 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Ethernet Ports Verifying Ethernet Port Configuration
Verifying Ethernet Port Configuration
To display information about Ethernet port configuration settings, use the show commands listed in the
following table.
show interfaces flow control Displays interface flow control wait time settings in nanoseconds.
show interfaces Displays general interface information, such as hardware, MAC
address, input and output errors.
show interfaces accounting Displays interface accounting information.
show interfaces counters Displays interface counters information.
show interfaces counters
errors
show interfaces collisions Displays collision statistics information for Ethernet and Fast Ethernet
show interfaces status Displays line status information.
show interfaces port Displays port status information.
show interfaces ifg Displays inter-frame gap values.
show interfaces flood rate Displays peak flood rate settings.
show interfaces traffic Displays interface traffic statistics.
show interfaces capability Displays auto negotiation, flow, speed, duplex, and cross-over settings.
Displays interface error frame information for Ethernet and Fast
Ethernet ports.
ports.
These commands can be quite useful in troubleshooting and resolving potential configuration issues or
problems on your switch. For more information about the resulting displays from these commands, see the
OmniSwitch CLI Reference Guide.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 1-25
Verifying Ethernet Port Configuration Configuring Ethernet Ports
page 1-26 OmniSwitch 6600 Family Network Configuration Guide April 2006
2 Managing Source
Learning
Transparent bridging relies on a process referred to as source learning to handle traffic flow. Network
devices communicate by sending and receiving data packets that each contain a source MAC address and a
destination MAC address. When packets are received on switch network interface (NI) module ports,
source learning examines each packet and compares the source MAC address to entries in a MAC address
database table. If the table does not contain an entry for the source address, then a new record is created
associating the address with the port it was learned on. If an entry for the source address already exists in
the table, a new one is not created.
Packets are also filtered to determine if the source and destination address are on the same LAN segment.
If the destination address is not found in the MAC address table, then the packet is forwarded to all other
switches that are connected to the same LAN. If the MAC address table does contain a matching entry for
the destination address, then there is no need to forward the packet to the rest of the network.
In This Chapter
This chapter describes how to manage source learning entries in the switch MAC address table (often
referred to as the forwarding or filtering database) through the Command Line Interface (CLI). CLI
commands are used in the configuration examples; for more details about the syntax of commands, see the
OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
• Creating a static MAC address table entry on page 2-4.
• Configuring the MAC address table aging time on page 2-7.
• Displaying MAC address table information on page 2-9.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-1
Source Learning Specifications Managing Source Learning
Source Learning Specifications
RFCs supported 2674 - Definitions of Managed Objects for Bridges
with Traffic Classes, Multicast Filtering and
Virtual LAN Extensions
IEEE Standards supported 802.1Q - Virtual Bridged Local Area Networks
802.1D - Media Access Control Bridges
Number of learned MAC addresses per OmniSwitch
6600 unit
Number of learned MAC addresses total for a stack
of OmniSwitch 6600 Family units
16K
16K
Source Learning Defaults
Parameter Description Command Default
Static MAC address management status mac-address-table permanent
Static MAC address operating mode mac-address-table bridging
MAC address aging timer mac-address-table aging-time 300 seconds per VLAN
Sample MAC Address Table Configuration
The following steps provide a quick tutorial that will create a static MAC address and change the MAC
address aging timer for VLAN 200:
Note. Optional. Creating a static MAC address involves specifying an address that is not already used in
another static entry or already dynamically learned by the switch. To determine if the address is already
known to the MAC address table, enter show mac-address-table. If the address does not appear in the
show mac-address-table output, then it is available to use for configuring a static MAC address entry. For
example,
-> show mac-address-table
Legend: Mac Address: * = address not valid
Vlan Mac Address Type Protocol Operation Interface
------+-------------------+--------------+-----------+------------+---------- 1 00:00:00:00:00:01 learned 0800 bridging 8/ 1
1 00:d0:95:6a:73:9a learned aaaa0003 bridging 10/23
Total number of Valid MAC addresses above = 2
The show mac-address-table command is also useful for monitoring general source learning activity and
verifying dynamic VLAN assignments of addresses received on mobile ports.
1 Create VLAN 200, if it does not already exist, using the following command:
-> vlan 200
page 2-2 OmniSwitch 6600 Family Network Configuration Guide April 2006
Managing Source Learning Sample MAC Address Table Configuration
2 Assign switch ports 2 through 5 on slot 3 to VLAN 200--if they are not already associated with VLAN
200--using the following command:
-> vlan 200 port default 3/2-5
3 Create a static MAC address entry using the following command to assign address 000041:5BF30E to
port 3/4 associated with VLAN 200 and to specify a timeout management status for the static address:
-> mac-address-table timeout 00:2d:95:5B:F3:0E 3/4 200
4 Create a static multicast address entry using the following command to assign address 010000:3A4C10
to port 3/5 associted with VLAN 200:
-> mac-address-table static-multicast 01:00:00:3A:4C:10 3/5 200
5 Change the MAC address aging time for VLAN 200 to 1200 seconds (the default is 300 seconds) using
the following command:
-> mac-address-table aging-time 1200 vlan 200
Note. Optional. To verify the static MAC address configuration, enter show mac-address-table. For
example:
-> show mac-address-table
Legend: Mac Address: * = address not valid
Vlan Mac Address Type Protocol Operation Interface
------+-------------------+--------------+------------+------------+---------- 1 00:00:00:00:00:01 learned 0800 bridging 8/1
1 00:d0:95:6a:73:9a learned aaaa0003 bridging 10/23
200 00:2d:95:5b:f3:0e delontimeout 0 bridging 3/4
200 01:00:00:3A:4C:10 static-multicast 0 bridging 3/5
Total number of Valid MAC addresses above = 4
To verify the new aging time value for VLAN 200, enter show mac-address-table aging-time vlan
followed by 200. For example,
-> show mac-address-table aging-time vlan 200
Mac Address Aging Time (seconds) for Vlan 200 = 1200
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-3
MAC Address Table Overview Managing Source Learning
MAC Address Table Overview
Source learning builds and maintains the MAC address table on each switch. New MAC address table
entries are created in one of two ways: they are dynamically learned or statically assigned. Dynamically
learned MAC addresses are those that are obtained by the switch when source learning examines data
packets and records the source address and the port and VLAN it was learned on.
Static MAC addresses are user defined addresses that are statically assigned to a port and VLAN using the
mac-address-table command or mac-address-table static-multicast command. See “Using Static MAC
Addresses” on page 2-4 or “Using Static Multicast MAC Addresses” on page 2-6 for more information.
Accessing MAC Address Table entries is useful for managing traffic flow and troubleshooting network
device connectivity problems. For example, if a workstation connected to the switch is unable to communicate with another workstation connected to the same switch, the MAC address table might show that one
of these devices was learned on a port that belonged to a different VLAN or the source MAC address of
one of the devices may not appear at all in the address table.
Using Static MAC Addresses
Static MAC addresses are configured using the mac-address-table command. These addresses direct
network traffic to a specific port and VLAN. They are particularly useful when dealing with silent network
devices. These types of devices do not send packets, so their source MAC address is never learned and
recorded in the MAC address table. Assigning a MAC address to the silent device’s port creates a record
in the MAC address table and ensures that packets destined for the silent device are forwarded out that
port.
When defining a static MAC address for a particular slot/port and VLAN, consider the following:
• Configuring static MAC addresses is only supported on non-mobile ports.
• The specified slot/port must already belong to the specified VLAN. Use the vlan port default
command to assign a port to a VLAN before you configure the static MAC address.
• Only traffic from other ports associated with the same VLAN is directed to the static MAC address
slot/port.
• There are three types of static MAC addresses available: permanent (default), reset, or timeout. The
type selected determines the status of the MAC address in the event of a switch reboot or when the
MAC address age exceeds the aging timer. These types are defined as follows:
Status Definition
permanent MAC address remains in use even if MAC ages beyond the aging timer
value or the switch is rebooted.
reset MAC address is removed the next time the switch is rebooted.
timeout MAC address is removed when it ages beyond the aging timer value.
Note that static MAC addresses configured with a reset or timeout status are not captured when a
snapshot of the switch’s running configuration is taken.
page 2-4 OmniSwitch 6600 Family Network Configuration Guide April 2006
Managing Source Learning Using Static MAC Addresses
• There are two types of static MAC address behavior supported: bridging (default) or filtering. Enter
filtering to set up a denial of service to block potential hostile attacks. Traffic sent to or from a filtered
MAC address is dropped. Enter bridging for regular traffic flow to or from the MAC address. For
more information about Layer 2 filtering, see Chapter 24, “Configuring QoS.”
• If a packet received on a port associated with the same VLAN contains a source address that matches a
static MAC address, the packet is discarded. The same source address on different ports within the
same VLAN is not supported.
• If a static MAC address is configured on a port link that is down or disabled, an asterisk appears to the
right of the MAC address in the show mac-address-table command display. The asterisk indicates
that this is an invalid MAC address. When the port link comes up, however, the MAC address is then
considered valid and the asterisk no longer appears next to the address in the display.
Configuring Static MAC Addresses
To configure a permanent, bridging static MAC address, enter mac-address-table followed by a MAC
address, slot/port, and the VLAN ID to assign to the MAC address. For example, the following assigns a
MAC address to port 10 on slot 4 associated with VLAN 255:
-> mac-address-table 00:02:DA:00:59:0C 4/10 255
Since permanent and bridging options for a static MAC are default settings, it is not necessary to enter
them as part of the command.
The following configures a filtered static MAC address that source learning will remove from the MAC
address table the next time the switch reboots:
-> mac-address-table reset 00:02:DA:00:59:0C 3/1 500 filtering
Use the no form of this command to clear MAC address entries from the table. If the MAC address status
type (permanent, reset, or learned) is not specified, then only permanent addresses are removed from the
table. The following example removes a MAC address entry with a reset status that is assigned on port 2
of slot 3 for VLAN 855 from the MAC address table:
-> no mac-address-table reset 00:00:02:CE:10:37 3/2 855
If a slot/port and VLAN ID are not specified when removing MAC address table entries, then all MACs
defined with the specified status are removed. For example, the following command removes all learned
MAC addresses from the table, regardless of their slot/port or VLAN assignments:
-> no mac-address-table learned
To verify static MAC address configuration and other table entries, use the show mac-address-table
command. For more information about this command, see the OmniSwitch CLI Reference Guide.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-5
Using Static Multicast MAC Addresses Managing Source Learning
Static MAC Addresses on Link Aggregate Ports
Static MAC Addresses are not assigned to physical ports that belong to a link aggregate. Instead, they are
assigned to a link aggregate ID that represents a collection of physical ports. This ID is specified at the
time the link aggregate of ports is created and when using the mac-address-table command.
To configure a permanent, bridging static MAC address on a link aggregate ID, enter mac-address-table
followed by a MAC address, then linkagg followed by the link aggregate ID, and the VLAN ID to assign
to the MAC address. For example, the following assigns a MAC address to link aggregate ID 2 associated
with VLAN 455:
-> mac-address-table 00:95:2A:00:3E:4C linkagg 2 455
For more information about configuring a link aggregate of ports, see Chapter 12, “Configuring Static
Link Aggregation” and Chapter 13, “Configuring Dynamic Link Aggregation.”
Using Static Multicast MAC Addresses
Using static multicast MAC addresses allows you to send traffic intended for a single destination multicast MAC address to multiple switch ports within a given VLAN. A static multicast address is assigned to
one or more switch ports for a given VLAN. The ports associated with the multicast address are then identified as egress ports. When traffic received on ports within the same VLAN is destined for the multicast
address, the traffic is forwarded on the egress ports that are associated with the multicast address.
When defining a static multicast MAC address for a particular port and VLAN, consider the following:
• Configuring static multicast addresses is only supported on non-mobile ports.
• The specified port or link aggregate ID must already belong to the specified VLAN. Use the
vlan port default command to assign a port or link aggregate to a VLAN before you configure the
static multicast address.
• If a packet received on a port associated with the same VLAN contains a source address that matches a
static MAC address, the packet is discarded. The same source address on different ports within the
same VLAN is not supported.
Configuring Static Multicast MAC Addresses
The mac-address-table static-multicast command is used to define a destination multicast MAC address
and assign the address to one or more egress ports within a specified VLAN. For example, the following
command assigns the multicast address 01:25:9a:5c:2f:10 to port 1/24 in VLAN 20:
-> mac-address-table static-multicast 01:25:9a:5c:2f:10 1/24 20
Note that in the above example the specified MAC address begins with 01. This value is a prefix that identifies the address as a multicast MAC address. If this prefix is not present, then the address is treated as a
regular MAC address and not allowed when using the mac-address-table static-multicast command.
To assign a multicast address to more than one port, enter a range of ports and/or multiple port entries on
the same command line separated by a space. For example, the following command assigns the multicast
address 01:25:9a:5c:2f:10 to port 1/24 and ports 2/1 through 2/6 in VLAN 20:
-> mac-address-table static-multicast 01:25:9a:5c:2f:10 1/24 2/1-6 20
page 2-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Managing Source Learning Configuring MAC Address Table Aging Time
Use the no form of the mac-address-table static-multicast command to delete static multicast MAC
address entries. For example, the following command deletes a static multicast address that is assigned to
port 2 on slot 3 for VLAN 855:
-> no mac-address-table static-multicast 01:00:02:CE:10:37 3/2 855
If a a MAC address, slot/port and VLAN ID are not specified with this form of the command, then all
static multicast addresses are deleted. For example, the following command deletes all static MAC
addresses, regardless of their slot/port or VLAN assignments:
-> no mac-address-table static-multicast
To verify the static MAC address configuration and other table entries, use the show mac-address-table
and show mac-address-table static-multicast commands. For more information about these commands,
see the OmniSwitch CLI Reference Guide.
Static Multicast MAC Addresses on Link Aggregate Ports
Static multicast MAC addresses are not assigned to physical ports that belong to a link aggregate. Instead,
they are assigned to a link aggregate ID that represents a collection of physical ports. This ID is specified
at the time the link aggregate of ports is created and when using the mac-address-table static-multicast
command.
To configure a static multicast MAC address on a link aggregate ID, use the mac-address-table static-
multicast command with the linkagg keyword to specify the link aggregate ID. For example, the follow-
ing command assigns a static multicast MAC address to link aggregate ID 2 associated with VLAN 455:
-> mac-address-table static-multicast 01:95:2A:00:3E:4C linkagg 2 455
For more information about configuring a link aggregate of ports, see Chapter 12, “Configuring Static
Link Aggregation” and Chapter 13, “Configuring Dynamic Link Aggregation.”
Configuring MAC Address Table Aging Time
Source learning also tracks MAC address age and removes addresses from the MAC address table that
have aged beyond the aging timer value. When a device stops sending packets, source learning keeps track
of how much time has passed since the last packet was received on the device’s switch port. When this
amount of time exceeds the aging time value, the MAC is aged out of the MAC address table. Source
learning always starts tracking MAC address age from the time since the last packet was received.
By default, the aging time is set to 300 seconds (5 minutes) and is configured on a per VLAN basis using
the mac-address-table aging-time command. For example, the following sets the aging time for VLAN
255 to 1200 seconds (20 minutes):
-> mac-address-table aging-time 1200 vlan 255
A MAC address learned on a VLAN 255 port will age out if the time since a packet with that address was
last seen on the port exceeds 1200 seconds. If a VLAN ID is not specified, then the aging time value is
applied to all VLANs configured on the switch.
When using the mac-address-table aging-time command in a switch configuration file (e.g., boot.cfg),
include an instance of this command specifying the VLAN ID for each VLAN configured on the switch.
This is necessary even if all VLANs will have the same aging time value. If there is only one instance of
this command in the configuration file and it does not specify a VLAN ID, the aging time value is applied
only to VLAN 1.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-7
Configuring MAC Address Table Aging Time Managing Source Learning
Note. The MAC address table aging time is also used as the timeout value for the Address Resolution
Protocol (ARP) table. This timeout value determines how long the switch retains dynamically learned
ARP table entries. See Chapter 14, “Configuring IP,” for more information.
To set the aging time back to the default value, use the no form of the mac-address-table aging-time
command. For example, the following sets the aging time for VLAN 255 (for all VLANs if VLAN ID is
not specified) back to the default of 300 seconds:
-> no mac-address-table aging-time vlan 255
To display the aging time value for one or all VLANs, use the show mac-address-table aging-time
command. For more information about this command, see the OmniSwitch CLI Reference Guide.
page 2-8 OmniSwitch 6600 Family Network Configuration Guide April 2006
Managing Source Learning Displaying MAC Address Table Information
Displaying MAC Address Table Information
To display MAC Address Table entries, statistics, and aging time values, use the show commands listed
below:
show mac-address-table Displays a list of all MAC addresses known to the MAC address
table, including all static MAC addresses.
show mac-address-table staticmulticast
show mac-address-table count Displays a count of the different types of MAC addresses
show mac-address-table aging-time Displays the current MAC address aging timer value by switch or
For more information about the resulting displays from these commands, see the OmniSwitch CLI Reference Guide. An example of the output for the show mac-address-table and show mac-address-table
aging-time commands is also given in “Sample MAC Address Table Configuration” on page 2-2.
Displays a list of all static multicast MAC addresses known to the
MAC address table. Note that only static multicast addresses
assigned to ports that are up and enabled are displayed with this
command.
(learned, permanent, reset, timeout, and static multicast). Also
includes a total count of all addresses known to the MAC address
table.
VLAN.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 2-9
Displaying MAC Address Table Information Managing Source Learning
page 2-10 OmniSwitch 6600 Family Network Configuration Guide April 2006
3 Configuring Learned
Port Security
Learned Port Security (LPS) provides a mechanism for authorizing source learning of MAC addresses on
Ethernet and Gigabit Ethernet ports. The only types of Ethernet ports that LPS does not support are link
aggregate and tagged (trunked) link aggregate ports. Using LPS to control source MAC address learning
provides the following benefits:
• A configurable source learning time limit that applies to all LPS ports.
• A configurable limit on the number of MAC addresses allowed on an LPS port.
• Dynamic configuration of a list of authorized source MAC addresses.
• Static configuration of a list of authorized source MAC addresses.
• Two methods for handling unauthorized traffic: stopping all traffic on the port or only blocking traffic
that violates LPS criteria.
In This Chapter
This chapter describes how to configure LPS parameters through the Command Line Interface (CLI). CLI
commands are used in the configuration examples; for more details about the syntax of commands, see the
OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
• Enabling LPS for a port on page 3-7.
• Specifying a source learning time limit for all LPS ports on page 3-7.
• Configuring the maximum number of MAC addressees learned per port on page 3-8.
• Configuring a list of authorized MAC addresses for an LPS port on page 3-8.
• Configuring a range of authorized MAC addresses for an LPS port on page 3-9.
• Selecting the security violation mode for an LPS port on page 3-10.
• Displaying LPS configuration information on page 3-11.
For more information about source MAC address learning, see Chapter 2, “Managing Source Learning.”
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-1
Learned Port Security Specifications Configuring Learned Port Security
Learned Port Security Specifications
RFCs supported Not applicable at this time.
IEEE Standards supported Not applicable at this time.
Ports eligible for Learned Port Security Ethernet and Gigabit Ethernet ports (fixed, mobile,
802.1Q tagged, and authenticated ports).
Ports not eligible for Learned Port Security Link aggregate ports.
802.1Q (trunked) link aggregate ports.
Minimum number of learned MAC addresses
allowed per port
Maximum number of learned MAC addresses
allowed per port
Maximum number of configurable MAC address
ranges per LPS port.
Maximum number of learned MAC addresses per
OmniSwitch 6600 (applies to all ports on the
switch).
Maximum number of learned MAC addresses per
stack of OmniSwitch 6600 Family switches (applies
across all stack ports).
1
100
1
32K
64K
Learned Port Security Defaults
Parameter Description Command Default
LPS status for a port. port-security disabled
Number of learned MAC addresses
allowed on an LPS port.
port security maximum 1
Source learning time limit. port-security shutdown disabled
Configured MAC addresses per LPS
port.
MAC address range per LPS port. port-security mac-range 00:00:00:00:00:00–
LPS port violation mode. port-security violation restrict
page 3-2 OmniSwitch 6600 Family Network Configuration Guide April 2006
port-security mac none
ff:ff:ff:ff:ff:ff
Configuring Learned Port Security Sample Learned Port Security Configuration
Sample Learned Port Security Configuration
This section provides a quick tutorial that demonstrates the following tasks:
• Enabling LPS on a set of switch ports.
• Defining the maximum number of learned MAC addresses allowed on an LPS port.
• Defining the time limit in which source learning is allowed on all LPS ports.
• Selecting a method for handling unauthorized traffic received on an LPS port.
Note that LPS is supported on 10/100 and gigabit Ethernet fixed, mobile, tagged and authenticated ports.
Link aggregate and tagged (trunked) link aggregate ports are not eligible for LPS monitoring and control.
1 Enable LPS on ports 6 through 12 on slot 3, 4, and 5 using the following command:
-> port-security 3/6-12 4/6-12 5/6-12 enable
2 Set the total number of learned MAC addresses allowed on the same ports to 25 using the following
command:
-> port-security 3/6-12 4/6-12 5/6-12 maximum 25
3 Configure the amount of time in which source learning is allowed on all LPS ports to 30 minutes using
the following command:
-> port-security shutdown 30
4 Select shutdown for the LPS violation mode using the following command:
-> port-security 3/6-12 4/6-12 5/6-12 violation shutdown
Note. Optional. To verify LPS port configurations, use the show port-security command. For example:
-> show port-security
Port Security MaxMacs Violation IndividualMac MacType
-------+-----------+---------+-----------+------------------+----------1/12 enabled 100 restrict 00:01:96:1c:f1:c0 dynamic
00:06:5b:a3:19:3f dynamic
1/23 enabled 2 restrict 00:95:2a:0f:ce:19 configured
00:95:2a:5e:cf:2a configured
1/24 enabled 100 shutdown
-> show port-security config-mac-range
Port LowMac HighMac
---------+-------------------+-----------------
1/12 00:00:00:00:00:00 ff:ff:ff:ff:ff:ff
1/23 00:00:00:00:00:00 ff:ff:ff:ff:ff:ff
1/24 00:95:2a:00:00:5a 00:95:2a:00:00:6f
To verify the source learning time limit value, use the show port-security shutdown command. For
example:
-> show port-security shutdown
LPS Shutdown = 60 mins
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-3
Learned Port Security Overview Configuring Learned Port Security
Learned Port Security Overview
Learned Port Security (LPS) provides a mechanism for controlling network device access on one or more
switch ports. Configurable LPS parameters allow the user to restrict the source learning of host MAC
addresses to:
• A specific amount of time in which the switch allows source learning to occur on all LPS ports.
• A maximum number of learned MAC addresses allowed on the port.
• A list of configured authorized source MAC addresses allowed on the port.
Additional LPS functionality allows the user to specify how the LPS port handles unauthorized traffic. The
following two options are available for this purpose:
• Block only traffic that violates LPS port restrictions; authorized traffic is forwarded on the port.
• Disable the LPS port when unauthorized traffic is received; all traffic is stopped and a port reset is
required to return the port to normal operation.
LPS functionality is supported on the following 10/100 and Gigabit Ethernet port types:
• Fixed (non-mobile)
• Mobile
• 802.1Q tagged
• Authenticated
The following port types are not supported:
• Link aggregate
• Tagged (trunked) link aggregate
page 3-4 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Learned Port Security Learned Port Security Overview
How LPS Authorizes Source MAC Addresses
When a packet is received on a port that has LPS enabled, switch software checks the following criteria to
determine if the source MAC address contained in the packet is allowed on the port:
• Is the source learning time window open?
• Is the number of MAC addresses learned on the port below the maximum number allowed?
• Is there a configured authorized MAC address entry for the LPS port that matches the packet’s source
MAC address?
Using the above criteria, the following table shows the conditions under which a MAC address is learned
or blocked on an LPS port:
Time Limit Max Number Configured MAC Result
Open Below No entry No LPS violation; MAC learned
Closed Below No entry LPS violation; MAC blocked
Open Above No entry LPS violation; MAC blocked
Open Below Yes; entry matches No LPS violation; MAC learned
Closed Below Yes; entry matches No LPS violation; MAC learned
Open Above Yes; entry matches LPS violation; MAC blocked
Open Below Yes; entry doesn’t match No LPS violation; MAC learned
Closed Below Yes; entry doesn’t match LPS violation; MAC blocked
Open Above Yes; entry doesn’t match LPS violation; MAC blocked
When a source MAC address violates any of the LPS conditions, the address is considered unauthorized.
The LPS violation mode determines if the unauthorized MAC address is simply blocked on the port or if
the entire port is disabled (see “Selecting the Security Violation Mode” on page 3-10). Regardless of
which mode is selected, notice is sent to the Switch Logging task to indicate that a violation has occurred.
Dynamic Configuration of Authorized MAC Addresses
Once LPS authorizes the learning of a source MAC address, an entry containing the address and the port it
was learned on is made in an LPS database table. This entry is then used as criteria for authorizing future
traffic from this source MAC on that same port. In other words, learned authorized MAC addresses
become configured criteria for an LPS port.
For example, if the source MAC address 00:da:95:00:59:0c is received on port 2/10 and meets the LPS
restrictions defined for that port, then this address and its port are recorded in the LPS table. All traffic that
is received on port 2/10 is compared to the 00:da:95:00:59:0c entry. If any traffic received on this port
consists of packets that do not contain a matching source address, the packets are then subject to the LPS
source learning time limit window and the maximum number of addresses allowed criteria.
When a dynamically configured MAC address is added to the LPS table, it does not become a configured
MAC address entry in the LPS table until the switch configuration file is saved and the switch is rebooted.
If a reboot occurs before this is done, all dynamically learned MAC addresses in the LPS table are cleared.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-5
Learned Port Security Overview Configuring Learned Port Security
Static Configuration of Authorized MAC Addresses
It is also possible to statically configure authorized source MAC address entries into the LPS table. This
type of entry behaves the same way as dynamically configured entries in that it authorizes port access to
traffic that contains a matching source MAC address.
Static source MAC address entries, however, take precedence over dynamically learned entries. For example, if there are 2 static MAC address entries configured for port 2/1 and the maximum number allowed on
port 2/1 is 10, then only 8 dynamically learned MAC addresses are allowed on this port.
Note that source learning of configured authorized MAC addresses is still allowed after the LPS time limit
has expired. However, all learning is stopped if the number of MAC addresses learned meets or exceeds
the maximum number of addresses allowed, even if the LPS time limit has not expired.
There are two ways to define a static source MAC address entry in the LPS table; specify an individual
MAC address or a range of MAC addresses. See “Configuring Authorized MAC Addresses” on page 3-8
and “Configuring an Authorized MAC Address Range” on page 3-9 for more information.
Understanding the LPS Table
The LPS database table is separate from the source learning MAC address table. However, when a MAC is
authorized for learning on an LPS port, an entry is made in the MAC address table in the same manner as
if it was learned on a non-LPS port (see Chapter 2, “Managing Source Learning,” for more information).
In addition to dynamic and configured source MAC address entries, the LPS table also provides the
following information for each eligible LPS port:
• The LPS status for the port; enabled or disabled.
• The maximum number of MAC addresses allowed on the port.
• The violation mode selected for the port; restrict or shutdown.
• Statically configured MAC addresses and MAC address ranges.
• All MAC addresses learned on the port.
• The management status for the MAC address entry; configured or dynamic.
Note that dynamic MAC address entries become configured entries after the switch configuration is saved
and the switch is rebooted. However, any dynamic MAC address entries that are not saved to the switch
configuration are cleared if the switch reboots before the next save.
If the LPS port is shut down or the network device is disconnected from the port, the LPS table entries for
this port are retained, but the source learning MAC address table entries for the same port are automatically cleared. In addition, if an LPS table entry is intentionally cleared from the table, the MAC address for
this entry is automatically cleared from the source learning table at the same time.
To view the contents of the LPS table, use the show port-security command. Refer to the OmniSwitch
CLI Reference Guide for more information about this command.
page 3-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Learned Port Security Enabling/Disabling Learned Port Security
Enabling/Disabling Learned Port Security
By default, LPS is disabled on all switch ports. To enable LPS on a port, use the port-security command.
For example, the following command enables LPS on port 1 of slot 4:
-> port-security 4/1 enable
To enable LPS on multiple ports, specify a range of ports or multiple slots. For example:
-> port-security 4/1-5 enable
-> port-security 5/12-20 6/10-15 enable
Note that when LPS is enabled on an active port, all MAC addresses learned on that port prior to the time
LPS was enabled are cleared from the source learning MAC address table.
To disable LPS on a port, use the port-security command with the disable parameter. For example, the
following command disables LPS on a range of ports:
-> port-security 5/21-24 6/1-4 disable
When LPS is disabled on a port, MAC address entries for that port are retained in the LPS table. The next
time LPS is enabled on the port, the same LPS table entries are again active. If there is a switch reboot
before the switch configuration is saved, however, dynamic MAC address entries are discarded from the
table.
Use the no form of this command to disable LPS and clear all entries (configured and dynamic) in the
LPS table for the specified port. For example:
-> no port-security 5/10
Configuring a Source Learning Time Limit
By default, the source learning time limit is disabled. Use the port-security shutdown command to set the
number of minutes the source learning window is to remain open for LPS ports. While this window is
open, source MAC addresses that comply with LPS port restrictions are authorized for learning on the
related LPS port. The following actions trigger the start of the source learning timer:
• The port-security shutdown command. Each time this command is issued, the timer restarts even if a
current window is still open or a previous window has expired.
• Switch reboot with a port-security shutdown command entry saved in the boot.cfg file.
The LPS source learning time limit is a switch-wide parameter that applies to all LPS enabled ports, not
just one or a group of LPS ports. The following command example sets the time limit value to 30 minutes:
-> port-security shutdown time 30
Once the time limit value expires, source learning of any new dynamic MAC addresses is stopped on all
LPS ports even if the number of addresses learned does not exceed the maximum allowed.
Note. Source learning of configured authorized MAC addresses is still allowed after the LPS time limit
has expired; however, all learning is stopped if the number of MAC addresses learned meets or exceeds
the maximum number of addresses allowed, even if the LPS time limit has not expired.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-7
Configuring the Number of MAC Addresses Allowed Configuring Learned Port Security
Configuring the Number of MAC Addresses
Allowed
By default, one MAC address is allowed on an LPS port. To change this number, enter port-security
followed by the port’s slot/port designation then maximum followed by a number between 1 and 100. For
example, the following command sets the maximum number of MAC addresses learned on port 10 of slot
6 to 75:
-> port-security 6/10 maximum 75
To specify a maximum number of MAC addresses allowed for multiple ports, specify a range of ports or
multiple slots. For example:
-> port-security 1/10-15 maximum 10
-> port-security 2/1-5 4/2-8 5/10-14 maximum 25
Not that configured MAC addresses count towards the maximum number allowed. For example, if there
are 10 configured authorized MAC addresses for an LPS port and the maximum number of addresses
allowed is set to 15, then only 5 dynamically learned MAC address are allowed on this port.
If the maximum number of MAC addresses allowed is reached before the switch LPS time limit expires,
then all source learning of dynamic and configured MAC addresses is stopped on the LPS port.
Configuring Authorized MAC Addresses
To configure a single source MAC address entry in the LPS table, enter port-security followed by the
port’s slot/port designation, then mac followed by a valid MAC address. For example, the following
command configures a MAC address for port 4 on slot 6:
-> port-security 6/4 mac 00:20:da:9f:58:0c
To configure a single source MAC address entry for multiple ports, specify a range of ports or multiple
slots. For example:
-> port-security 4/1-5 mac 00:20:95:41:2e:3f
-> port-security 5/12-20 6/10-15 mac 00:20:da:cf:59:4a
Use the no form of this command to clear configured and/or dynamic MAC address entries from the LPS
table. For example, the following command removes a MAC address entry for port 12 of slot 4 from the
LPS table:
-> port-security 4/12 no mac 00:20:95:00:fa:5c
Note that when a MAC address is cleared from the LPS table, it is automatically cleared from the source
learning MAC address table at the same time.
page 3-8 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Learned Port Security Configuring an Authorized MAC Address Range
Configuring an Authorized MAC Address Range
By default, each LPS port is set to a range of 00:00:00:00:00:00–ff:ff:ff:ff:ff:ff, which includes all MAC
addresses. If this default is not changed, then addresses received on LPS ports are subject only to the
source learning time limit and maximum number of MAC addresses allowed restrictions for the port.
To configure a source MAC address range for an LPS port, enter port-security followed by the port’s
slot/port designation, then mac-range followed by low and a MAC address, then high and a MAC
address. For example, the following command configures a MAC address range for port 1 on slot 4:
-> port-security 4/1 mac low 00:20:da:00:00:10 high 00:20:da:00:00:50
To configure a source MAC address range for multiple ports, specify a range of ports or multiple slots. For
example:
-> port-security 4/1-5 mac-range low 00:20:da:00:00:10 high 00:20:da:00:00:50
-> port-security 2/1-4 4/5-8 mac-range low 00:20:d0:59:0c:9a high
00:20:d0:59:0c:9f
To set the range back to the default values, enter port-security followed by the port’s slot/port designation then mac-range. Leaving off the low and high MAC addresses will reset the range back to
00:00:00:00:00:00 and ff:ff:ff:ff:ff:ff. For example, the following command sets the authorized MAC
address range to the default values for port 12 of slot 4:
-> port-security 4/12 mac-range
In addition, specifying a low end MAC and a high end MAC is optional. If either one is not specified, the
default value is used. For example, the following commands set the authorized MAC address range on the
specified ports to 00:da:25:59:0c:10–ff:ff:ff:ff:ff:ff and 00:00:00:00:00:00–00:da:25:00:00:9a:
-> port-security 2/8 mac-range low pp:da:25:59:0c
-> port-security 2/10 mac-range high 00:da:25:00:00:9a
Refer to the OmniSwitch CLI Reference Guide for more information about this command.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-9
Selecting the Security Violation Mode Configuring Learned Port Security
Selecting the Security Violation Mode
By default, the security violation mode for an LPS port is set to restrict. In this mode, when an unauthorized source MAC address is received on an LPS port, the packet containing the address is blocked.
However, all other packets containing an authorized source MAC address are still allowed on the port.
Note that unauthorized source MAC addresses are not learned in the LPS table but are still recorded in the
source learning MAC address table with a filtered operational status. This allows the user to view MAC
addresses that were attempting unauthorized access to the LPS port.
The other violation mode option is shutdown. In this mode, the LPS port is disabled when an unauthorized MAC address is received; all traffic is prevented from forwarding on the port.
To configure the security violation mode for an LPS port, enter port-security followed by the port’s
slot/port designation, then violation followed by restrict or shutdown. For example, the following
command selects the shutdown mode for port 1 on slot 4:
-> port-security 4/1 violation shutdown
To configure the security violation mode for multiple LPS ports, specify a range of ports or multiple slots.
For example:
-> port-security 4/1-10 violation shutdown
-> port-security 1/10-15 2/1-10 violation restrict
Restoring the Operational State of an LPS Port
After a security violation occurs, the LPS port is either administratively disabled or is filtering traffic from
one or more source MAC address. To return the port to normal operation without having to manually reset
the port and/or module, use the port-security release command. For example:
-> port-security 4/1 release
-> port-security 1/10-15 2/1-10 release
When this command is used, all MAC addresses known to the specified port are flushed from the switch
MAC address table.
Note. Using the port-security release command restores the port to the same operational state it was in
prior to the security violation. This includes the activation of any existing LPS configuration for the port,
LPS monitoring of the port is automatically restored.
page 3-10 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring Learned Port Security Displaying Learned Port Security Information
Displaying Learned Port Security Information
To display LPS port and table information, use the show commands listed below:
show port-security Displays Learned Port Security configuration values as well as
MAC addresses learned on the port.
show port-security shutdown Displays the current time limit value set for source learning on all
LPS enabled ports.
For more information about the resulting display from these commands, see the OmniSwitch CLI Refer-
ence Guide. An example of the output for the show port-security and show port-security shutdown
commands is also given in “Sample Learned Port Security Configuration” on page 3-3.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 3-11
Displaying Learned Port Security Information Configuring Learned Port Security
page 3-12 OmniSwitch 6600 Family Network Configuration Guide April 2006
4 Configuring VLANs
In a flat bridged network, a broadcast domain is confined to a single LAN segment or even a specific
physical location, such as a department or building floor. In a switch-based network, such as one
comprised of Alcatel switching systems, a broadcast domain—or VLAN— can span multiple physical
switches and can include ports from a variety of media types. For example, a single VLAN could span
three different switches located in different buildings and include 10/100 Ethernet, Gigabit Ethernet,
802.1q tagged ports and/or a link aggregate of ports.
In This Chapter
This chapter describes how to define and manage VLAN configurations through the Command Line Interface (CLI). CLI commands are used in the configuration examples; for more details about the syntax of
commands, see the OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
• “Creating/Modifying VLANs” on page 4-6.
• “Defining VLAN Port Assignments” on page 4-7.
• “Enabling/Disabling VLAN Mobile Tag Classification” on page 4-10.
• “Enabling/Disabling Spanning Tree for a VLAN” on page 4-11.
• “Enabling/Disabling VLAN Authentication” on page 4-12.
• “Configuring VLAN Router Interfaces” on page 4-12.
• “Bridging VLANs Across Multiple Switches” on page 4-13.
• “Verifying the VLAN Configuration” on page 4-14.
For information about statically and dynamically assigning switch ports to VLANs, see Chapter 7,
“Assigning Ports to VLANs.”
For information about defining VLAN rules that allow dynamic assignment of mobile ports to a VLAN,
see Chapter 8, “Defining VLAN Rules.”
For information about Spanning Tree, see Chapter 5, “Configuring Spanning Tree Parameters.”
For information about routing, see Chapter 14, “Configuring IP.”
For information about Layer 2 VLAN authentication, see Chapter 21, “Configuring Authenticated
VLANs.”
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-1
VLAN Specifications Configuring VLANs
VLAN Specifications
RFCs Supported 2674 - Definitions of Managed Objects for Bridges
with Traffic Classes, Multicast Filtering and Virtual
LAN Extensions
IEEE Standards Supported 802.1Q - Virtual Bridged Local Area Networks
802.1D - Media Access Control Bridges
Maximum VLANs per stack 4094 (including default VLAN 1)
Maximum VLAN port associations per stack 32768
Maximum IP router VLANs per stack 4094
Maximum IP router interfaces per VLAN 8
Maximum IP router interfaces per stack 4096
Maximum IPX router VLANs per stack 0 (IPX routing not supported)
Maximum Spanning Tree VLANs per switch
or stack
Maximum authenticated VLANs per stack 128
MAC Router Mode Supported Single
CLI Command Prefix Recognition All VLAN management commands support prefix
253
recognition. See the “Using the CLI” chapter in the
OmniSwitch 6600 Family Switch Management Guide
for more information.
VLAN Defaults
Parameter Description Command Default
VLAN identifier (VLAN ID) vlan VLAN 1 predefined on each
switch.
VLAN administrative state vlan Enabled
VLAN description vlan name VLAN identifier (VLAN ID)
VLAN Spanning Tree state vlan stp Enabled
VLAN mobile tag status vlan mobile-tag Disabled
VLAN IP router interface ip interface VLAN 1 router interface.
VLAN authentication status vlan authentication Disabled
VLAN port associations vlan port default All ports initially associated
page 4-2 OmniSwitch 6600 Family Network Configuration Guide April 2006
with default VLAN 1.
Configuring VLANs Sample VLAN Configuration
Sample VLAN Configuration
The following steps provide a quick tutorial that will create VLAN 255 on a stack configuration that
includes four switches. Also included are steps to define a VLAN description, IP router interface, and
static switch port assignments.
Note. Optional. Creating a new VLAN involves specifying a VLAN ID that is not already assigned to an
existing VLAN. To determine if a VLAN already exists in the switch configuration, enter show vlan. If
VLAN 255 does not appear in the show vlan output, then it does not exist on the switch. For example,
-> show vlan
stree mble
vlan admin oper 1x1 flat auth ip ipx tag name
+------+--------+-------+----------+------+----+-----+-----+---------+
1 on off on on off off off off VLAN 1
2 on off on off off off off off VLAN 2
3 on off off off off off off off VLAN 3
4 on off off on off off off off VLAN 4
5 on off on on off off off off VLAN 5
1 Create VLAN 255 with a description of Finance IP Network using the vlan command. For example:
-> vlan 255 name “Finance IP Network”
2 Define a IP router interface, named Finance, using the ip interface command to assign an IP host
address to VLAN 255 that will enable routing of IP traffic to other IP router VLANs. For example:
-> ip interface Finance address 21.0.0.10 vlan 255
3 Assign switch ports 2 through 4 on switch 3 in the stack to VLAN 255 using the following command:
-> vlan 255 port default 3/2-4
Note. Optional. To verify the VLAN 255 configuration, use the show vlan command. For example:
-> show vlan 255
Name : Finance IP Network,
Administrative State: enabled
Operational State : enabled
1x1 Spanning Tree State : enabled,
Flat Spanning Tree State : enabled,
Authentication : disabled,
IP Router Port : on,
IPX Router Port : NA
Mobile Tag : off
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-3
Sample VLAN Configuration Configuring VLANs
To verify that ports 3/2-4 were assigned to VLAN 255, use the show vlan port command. For example:
-> show vlan 255 port
port type status
--------+---------+------------- 3/2 default inactive
3/3 default inactive
3/4 default inactive
3/5 default inactive
page 4-4 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring VLANs VLAN Management Overview
VLAN Management Overview
One of the main benefits of using VLANs to segment network traffic, is that VLAN configuration and port
assignment is handled through switch software. This eliminates the need to physically change a network
device connection or location when adding or removing devices from the VLAN broadcast domain. The
VLAN management software handles the following VLAN configuration tasks performed on an Alcatel
switch:
• Creating or modifying VLANs.
• Assigning or changing default VLAN port associations (VPAs).
• Enabling or disabling VLAN participation in the current Spanning Tree algorithm.
• Enabling or disabling classification of mobile port traffic by 802.1Q tagged VLAN ID.
• Enabling or disabling VLAN authentication.
• Displaying VLAN configuration information.
In addition to the above tasks, VLAN management software tracks and reports the following information
to other switch software features:
• VLAN configuration changes, such as adding or deleting VLANs, modifying the status of VLAN prop-
erties (e.g., administrative, Spanning Tree, and authentication status), changing the VLAN description,
or configuring VLAN router interfaces.
• VLAN port associations triggered by VLAN management and other switch software applications, such
as 802.1Q VLAN tagging and dynamic mobile port assignment.
• The VLAN operational state, which is inactive until at least one active switch port is associated with
the VLAN.
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-5
Creating/Modifying VLANs Configuring VLANs
Creating/Modifying VLANs
The initial configuration for all Alcatel switches consists of a default VLAN 1 and all switch ports are
initially assigned to this VLAN. When a switching module is added to the switch, the module’s physical
ports are also assigned to VLAN 1. If additional VLANs are not configured on the switch, then the entire
switch is treated as one large broadcast domain. All ports will receive all traffic from all other ports.
Alcatel switches support up to 4094 VLANs on one switch, including default VLAN 1. In compliance
with the IEEE 802.1Q standard, each VLAN is identified by a unique number, referred to as the VLAN ID.
The user specifies a VLAN ID to create, modify or remove a VLAN and to assign switch ports to a
VLAN. When a packet is received on a port, the port’s VLAN ID is inserted into the packet. The packet is
then bridged to other ports that are assigned to the same VLAN ID. In essence, the VLAN broadcast
domain is defined by a collection of ports and packets assigned to its VLAN ID.
A VLAN’s operational status remains inactive until at least one active switch port is assigned to the
VLAN. This means that VLAN properties, such as Spanning Tree or router interfaces, also remain inactive. Ports are considered active if they are connected to an active network device. Non-active port assignments are allowed, but do not change the VLAN’s operational state.
Ports are either statically or dynamically assigned to VLANs. When a port is assigned to a VLAN, a
VLAN port association (VPA) is created and tracked by VLAN management switch software. For more
information about VPAs, see “Defining VLAN Port Assignments” on page 4-7 and Chapter 7, “Assigning
Ports to VLANs.”
Adding/Removing a VLAN
To add a VLAN to the switch configuration, enter vlan followed by a unique VLAN ID number between 2
and 4094, an optional administrative status, and an optional description. For example, the following
command creates VLAN 755 with a description:
-> vlan 755 enable name “IP Finance Network”
By default, administrative status and Spanning Tree are enabled when the VLAN is created and the VLAN
ID is used for the description if one is not specified. Note that quotation marks are required if the description contains multiple words separated by spaces. If the description consists of only one word or multiple
words separated by another character, such as a hyphen, then quotes are not required.
To remove a VLAN from the switch configuration, use the no form of the vlan command.
-> no vlan 755
When a VLAN is deleted, any router interfaces defined for the VLAN are removed and all VLAN port
associations are dropped. For more information about router interfaces, see “Configuring VLAN Router
Interfaces” on page 4-12.
To view a list of VLANs already configured on the switch, use the show vlan command. See “Verifying
the VLAN Configuration” on page 4-14 for more information.
page 4-6 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring VLANs Defining VLAN Port Assignments
Enabling/Disabling the VLAN Administrative Status
To enable or disable the administrative status for an existing VLAN, enter vlan followed by an existing
VLAN ID and either enable or disable.
-> vlan 755 disable
-> vlan 255 enable
When the administrative status for a VLAN is disabled, VLAN port assignments are retained but traffic is
not forwarded on these ports. If any rules were defined for the VLAN, they are also retained and continue
to classify mobile port traffic. See Chapter 8, “Defining VLAN Rules,” for more information.
Modifying the VLAN Description
To change the description for a VLAN, enter vlan followed by an existing VLAN ID and the keyword
name followed by the new description (up to 32 characters). For example, the following command
changes the description for VLAN 455 to “Marketing IP Network”:
-> vlan 455 name “Marketing IP Network”
Note that quotation marks are required if the description consists of multiple words separated by spaces. If
the description consists of only one word or words are separated by another character, such as a hyphen,
then quotes are not required. For example,
-> vlan 455 name Marketing-IP-Network
Defining VLAN Port Assignments
Alcatel switches support static and dynamic assignment of physical switch ports to a VLAN. Regardless
of how a port is assigned to a VLAN, once the assignment occurs, a VLAN port association (VPA) is
created and tracked by VLAN management software on each switch. To view current VLAN port assignments in the switch configuration, use the show vlan port command.
Methods for statically assigning ports to VLANs include the following:
• Using the vlan port default command to define a new configured default VLAN for both non-mobile
(fixed) and mobile ports. (See “Changing the Default VLAN Assignment for a Port” on page 4-8.)
• Using the vlan 802.1q command to define tagged VLANs for non-mobile ports. This method allows
the switch to bridge traffic for multiple VLANs over one physical port connection. (See Chapter 11,
“Configuring 802.1Q.”)
• Configuring ports as members of a link aggregate that is assigned to a configured default VLAN. (See
Chapter 12, “Configuring Static Link Aggregation,” and Chapter 13, “Configuring Dynamic Link
Aggregation.” for more information.)
Dynamic assignment applies only to mobile ports. When traffic is received on a mobile port, the packets
are classified using one of the following methods to automatically determine VLAN assignment (see
Chapter 7, “Assigning Ports to VLANs,” for more information):
• Packet is tagged with a VLAN ID that matches the ID of another VLAN that has mobile tagging
enabled. (See “Enabling/Disabling VLAN Mobile Tag Classification” on page 4-10.)
• Packet contents matches criteria defined in a VLAN rule. (See “Configuring VLAN Rule Classifica-
tion” on page 4-9 and Chapter 8, “Defining VLAN Rules.”)
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-7
Defining VLAN Port Assignments Configuring VLANs
Changing the Default VLAN Assignment for a Port
To assign a switch port to a new default VLAN, enter vlan followed by an existing VLAN ID number,
port default, then the slot/port designation. For example, the following command assigns port 5 on slot 2
to VLAN 955:
-> vlan 955 port default 2/5
All ports initially belong to default VLAN 1. When the vlan port default command is used, the port’s
default VLAN assignment is changed to the specified VLAN. In the above example, VLAN 955 is now
the default VLAN for port 5 on slot 2 and this port is no longer associated with VLAN 1.
The vlan port default command is also used to change the default VLAN assignment for an aggregate of
ports. The link aggregate control number is specified instead of a slot and port. For example, the following command assigns link aggregate 10 to VLAN 755:
-> vlan 755 port default 10
For more information about configuring an aggregate of ports, see Chapter 12, “Configuring Static Link
Aggregation,” and Chapter 13, “Configuring Dynamic Link Aggregation.”
Use the no form of the vlan port default command to remove a default VPA. When this is done, VLAN 1
is restored as the port’s default VLAN.
-> vlan 955 no port default 2/5
Configuring Dynamic VLAN Port Assignment
Configuring the switch to allow dynamic VLAN port assignment requires the following steps:
1 Use the vlan port mobile command to enable mobility on switch ports that will participate in dynamic
VLAN assignment. See Chapter 7, “Assigning Ports to VLANs,”for detailed procedures.
2 Enable/disable mobile port properties that determine mobile port behavior. See Chapter 7, “Assigning
Ports to VLANs,” for detailed procedures.
3 Create VLANs that will receive and forward mobile port traffic. See “Adding/Removing a VLAN” on
page 4-6 for more information.
4 Configure the method of traffic classification (VLAN rules or tagged VLAN ID) that will trigger
dynamic assignment of mobile ports to the VLANs created in Step 3. See “Configuring VLAN Rule Clas-
sification” on page 4-9 and “Enabling/Disabling VLAN Mobile Tag Classification” on page 4-10.
Once the above configuration steps are completed, dynamic VLAN assignment occurs when a device
connected to a mobile port starts to send traffic. This traffic is examined by switch software to determine
which VLAN should carry the traffic based on the type of classification, if any, defined for a particular
VLAN.
Note that VLAN mobile tag classification takes precedence over VLAN rule classification. If a mobile
port receives traffic that matches a VLAN rule and also has an 802.1Q VLAN ID tag for a VLAN with
mobile tagging enabled, the port is dynamically assigned to the mobile tag VLAN and not the matching
rule VLAN.
See Chapter 7, “Assigning Ports to VLANs,” and Chapter 8, “Defining VLAN Rules,” for more information and examples of dynamic VLAN port assignment.
page 4-8 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring VLANs Defining VLAN Port Assignments
Configuring VLAN Rule Classification
VLAN rule classification triggers dynamic VLAN port assignment when traffic received on a mobile port
matches the criteria defined in a VLAN rule. Different rule types are available for classifying different
types of network device traffic. It is possible to define multiple rules for one VLAN and rules for multiple
VLANs. However, only IP and IPX protocol rules support the dynamic assignment of one mobile port to
multiple VLANs.
The following table provides a list of commands used to define the various types of VLAN rules. For
more detailed information about rule criteria and classification, see Chapter 8, “Defining VLAN Rules.”
Rule Types Command
DHCP vlan dhcp mac
vlan dhcp mac range
vlan dhcp port
vlan dhcp generic
Binding vlan binding mac-ip-port
vlan binding mac-port-protocol
vlan binding mac-port
vlan binding mac-ip
vlan binding ip-port
vlan binding port-protocol
MAC address vlan mac
vlan mac range
Network address vlan ip
vlan ipx
Protocol vlan protocol
Custom (user-defined) vlan user
Port vlan port
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-9
Defining VLAN Port Assignments Configuring VLANs
Enabling/Disabling VLAN Mobile Tag Classification
Use the vlan mobile-tag command to enable or disable the classification of mobile port packets based on
802.1Q VLAN ID tag. For example, the following commands enable the mobile tag attribute for VLAN
1525 and disable it for VLAN 224:
-> vlan 1525 mobile-tag enable
-> vlan 224 mobile-tag disable
If a mobile port that is statically assigned to VLAN 10 receives an 802.1Q tagged packet with a VLAN ID
of 1525, the port and packet are dynamically assigned to VLAN 1525. In this case, the mobile port now
has a VLAN port association defined for VLAN 10 and for VLAN 1525. If a mobile port, however,
receives a tagged packet containing a VLAN ID tag of 224, the packet is discarded because the VLAN
mobile tag classification attribute is disabled on VLAN 224.
In essence, the VLAN mobile tag attribute provides a dynamic 802.1Q tagging capability. Mobile ports
can now receive and process 802.1Q tagged packets destined for a VLAN that has this attribute enabled.
This feature also allows the dynamic assignment of mobile ports to more than one VLAN at the same time,
as discussed in the above example.
VLAN mobile tagging differs from 802.1Q tagging as follows:
VLAN Mobile Tag 802.1Q Tag
Allows mobile ports to receive 802.1Q
Not supported on mobile ports.
tagged packets.
Enabled on the VLAN that will receive
tagged mobile port traffic.
Triggers dynamic assignment of tagged
mobile port traffic to one or more
Enabled on fixed ports; tags port traffic
for destination VLAN.
Statically assigns (tags) fixed ports to one
or more VLANs.
VLANs.
If 802.1Q tagging is required on a fixed (non-mobile) port, then the vlan 802.1q command is still used to
statically tag VLANs for the port. See Chapter 11, “Configuring 802.1Q,” for more information.
page 4-10 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring VLANs Enabling/Disabling Spanning Tree for a VLAN
Enabling/Disabling Spanning Tree for a VLAN
When a VLAN is created, an 802.1D standard Spanning Tree Algorithm and Protocol (STP) instance is
enabled for the VLAN by default. The spanning tree operating mode set for the stack determines how
VLAN ports are evaluated to identify redundant data paths.
If the Spanning Tree switch operating mode is set to flat, then VLAN port connections are checked against
other VLAN port connections for redundant data paths. In this mode, if the Spanning Tree is disabled on
VLAN 1, then it is disabled for all configured VLANs. However, disabling Spanning Tree on a VLAN
other than VLAN 1 excludes only those ports associated with that VLAN from Spanning Tree control.
If the Spanning Tree switch operating mode is set to 1x1, there is a single Spanning Tree instance for each
VLAN broadcast domain. Disabling Spanning Tree on a VLAN in this mode excludes ports associated
with that VLAN from Spanning Tree control.
Note. When Spanning Tree is disabled for a VLAN, all active ports associated with that VLAN are transitioned to a forwarding state. Ensure that disabling Spanning Tree fora particular VLAN will not cause a
network loop to go undetected.
The vlan stp command is used to enable/disable a Spanning Tree instance for an existing VLAN. In the
following examples, Spanning Tree is disabled on VLAN 255 and enabled on VLAN 755:
-> vlan 255 stp disable
-> vlan 755 stp enable
The above commands configure the VLAN Spanning Tree status for both the 1x1 and flat Spanning Tree
modes. Using the 1x1 or flat parameter with this command, configures the STP status only for the mode
specified by the parameter. For example, the following command configures a disabled Spanning Tree
status for VLAN 755 that applies only when the switch is operating in the flat Spanning Tree mode:
-> vlan 755 flat stp disable
As a result of the above command, Spanning Tree is active on VLAN 755 when the switch is operating in
the 1x1 mode, but inactive on VLAN 755 when the switch is operating in the flat mode.
Note that up to 253 Spanning Tree instances per switch are supported. Therefore, when the switch is operating in the 1x1 mode, only 253 VLANs can have an active Spanning Tree instance at any given time.
STP does not become operationally active on a VLAN unless the VLAN is operationally active, which
occurs when at least one active port is assigned to the VLAN. Also, STP is enabled/disabled on individual
ports. So even if STP is enabled for the VLAN, a port assigned to that VLAN must also have STP
enabled. See Chapter 5, “Configuring Spanning Tree Parameters.”
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-11
Enabling/Disabling VLAN Authentication Configuring VLANs
Enabling/Disabling VLAN Authentication
Layer 2 authentication uses VLAN membership to grant access to network resources. Authenticated
VLANs control membership through a log-in process; this is sometimes called user authentication. A
VLAN must have authentication enabled before it can participate in the Layer 2 authentication process.
To enable/disable authentication on an existing VLAN, use the vlan authentication command. For example, the following commands enable authentication on VLAN 955 and disable it on VLAN 455:
-> vlan 955 authentication enable
-> vlan 455 authentication disable
Once authentication is enabled on a VLAN, then only authenticated mobile port devices can join the
VLAN after completing the appropriate log-in process. To enable authentication on a mobile port, use the
vlan port authenticate command. For more information about mobile port commands and Layer 2
authentication for Alcatel switches, see Chapter 7, “Assigning Ports to VLANs,” and Chapter 21, “Config-
uring Authenticated VLANs.”
Configuring VLAN Router Interfaces
Network device traffic is bridged (switched) at the Layer 2 level between ports that are assigned to the
same VLAN. However, if a device needs to communicate with another device that belongs to a different
VLAN, then Layer 3 routing is necessary to transmit traffic between the VLANs. Bridging makes the decision on where to forward packets based on the packet’s destination MAC address; routing makes the decision on where to forward packets based on the packet’s IP network address (e.g., IP - 21.0.0.10). For more
information about routing, see Chapter 14, “Configuring IP.”
A VLAN is available for routing IP traffic when an IP router interface is defined for that VLAN and at
least one active port has joined the VLAN. Each VLAN supports up to eight IP router interfaces. The
maximum number of IP interfaces allowed per stack of switches is 4096. If a VLAN does not have an IP
router interface, the ports associated with that VLAN are in essence firewalled from other VLANs.
Note that at this time, IPX routing is not supported on the OmniSwitch 6600 Family. For information
about how to configure an IP router interface, see Chapter 14, “Configuring IP.”
What is Single MAC Router Mode?
The OmniSwitch 6600 Family operates only in single MAC router mode. In this mode, each router VLAN
is assigned the same MAC address, which is the base chassis MAC address for the switch. As a result, up
to 4094 VLANs per single switch or per stack of switches can have IP router interfaces defined. This also
eliminates the need to allocate additional MAC addresses if more than 32 router VLANs are defined.
To determine the total number of VLANs configured on the switch, and the number of VLANs with IP
router interfaces configured, use the show vlan router mac status command. For more information about
this command, see the OmniSwitch CLI Reference Guide.
page 4-12 OmniSwitch 6600 Family Network Configuration Guide April 2006
Configuring VLANs Bridging VLANs Across Multiple Switches
Bridging VLANs Across Multiple Switches
To create a VLAN bridging domain that extends across multiple switches:
1 Create a VLAN on each switch with the same VLAN ID number (e.g., VLAN 10).
2 If using mobile ports for end user device connections, define VLAN rules that will classify mobile port
traffic into the VLAN created in Step 1.
3 On each switch, assign the ports that will provide connections to other switches to the VLAN created
in Step 1.
4 On each switch, assign the ports that will provide connections to end user devices (e.g., workstations)
to the VLAN created in Step 1. (If using mobile ports, this step will occur automatically when the device
connected to the mobile port starts to send traffic.)
5 Connect switches and end user devices to the assigned ports.
The following diagram shows the physical configuration of an example VLAN bridging domain:
138.0.0.3
2/2
VLAN 10
VLAN 10
3/8
Switch B Switch C
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
VLAN 10
2/3
2/10
VLAN 10
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
Switch A
VLAN 10
VLAN 10
2/1
2/9 3/1
3/7
VLAN 10
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
VLAN 10
3/9
3/2
VLAN 10
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
Switch A
138.0.0.4
3/10
VLAN 10
VLAN 10VLAN 10
3/3
138.0.0.5
138.0.0.2
VLAN Bridging Domain: Physical Configuration
In the above diagram, VLAN 10 exists on all four switches and the connection ports between these
switches are assigned to VLAN 10. The workstations can communicate with each other because the ports
to which they are connected are also assigned to VLAN 10. It is important to note that connection cables
do not have to connect to the same port on each switch. The key is that the port must belong to the same
VLAN on each switch. To carry multiple VLANs between switches across a single physical connection
cable, use the 802.1Q tagging feature (see Chapter 11, “Configuring 802.1Q”).
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 4-13
Verifying the VLAN Configuration Configuring VLANs
The connection between Stack C and D is shown with a broken line because the ports that provide this
connection are in a blocking state. Spanning Tree is active by default on all stacks, VLANs and ports. The
Spanning Tree algorithm determined that if all connections between stacks were active, a network loop
would exist that could cause unnecessary broadcast traffic on the network. The path between Stack C and
D was shut down to avoid such a loop. See Chapter 5, “Configuring Spanning Tree Parameters,” for information about how Spanning Tree configures network topologies that are loop free.
The following diagram shows the same bridging domain example as seen by the end user workstations.
Because traffic between these workstations is transparently bridged across physical stack connections
within the VLAN 10 domain, the workstations are basically unaware that the stacks even exist. Each
workstation believes that the others are all part of the same VLAN, even though they are physically
connected to different stacks.
VLAN 10
138.0.0.3
138.0.0.4
138.0.0.2
138.0.0.5
VLAN Bridging Domain: Logical View
Creating a VLAN bridging domain across multiple switches and/or stacks of switches allows VLAN
members to communicate with each other, even if they are not connected to the same physical switch. This
is how a logical grouping of users can traverse a physical network setup without routing and is one of the
main benefits of using VLANs.
Verifying the VLAN Configuration
To display information about the VLAN configuration for a single switch or a stack of switches, use the
show commands listed below:
show vlan Displays a list of all VLANs configured on the switch and the status of
related VLAN properties (e.g., admin, Spanning Tree, and router interface status).
show vlan port Displays a list of VLAN port assignments.
show ip interface Displays the IP router interface configuration.
show vlan router mac status Displays the current MAC router operating mode (single or multiple)
and router VLAN statistics.
For more information about the resulting displays from these commands, see the OmniSwitch CLI Refer-
ence Guide. An example of the output for the show vlan and show vlan port commands is also given in
“Sample VLAN Configuration” on page 4-3.
page 4-14 OmniSwitch 6600 Family Network Configuration Guide April 2006
5 Configuring Spanning Tree
Parameters
The Spanning Tree Algorithm and Protocol (STP) is a self-configuring algorithm that maintains a loopfree topology while providing data path redundancy and network scalability. Based on the IEEE 802.1D
standard, the Alcatel STP implementation distributes the Spanning Tree load between the Chassis
Management Module (CMM) and the Network Interface modules (NIs). This ensures a Spanning Tree that
continues to respond to STP Bridge Protocol Data Units (BPDU) received on switch ports and port link up
and down states in the event of a CMM fail over to a backup CMM. In addition, the Alcatel distributed
implementation incorporates the following Spanning Tree features:
• Configures a physical topology into a single Spanning Tree to ensure that there is only one data path
between any two switches.
• Supports fault tolerance within the network topology. The Spanning Tree is reconfigured in the event
of a data path or bridge failure or when a new switch is added to the topology.
• Supports two Spanning Tree operating modes; flat (single STP instance per switch) and 1x1 (single
STP instance per VLAN).
• Supports three Spanning Tree Algorithms; 802.1D (STP), 802.1w (RSTP), and 802.1s (MSTP).
• Allows 802.1Q tagged ports and link aggregate logical ports to participate in the calculation of the STP
topology.
The Distributed Spanning Tree software is active on all switches by default. As a result, a loop-free
network topology is automatically calculated based on default Spanning Tree switch, bridge, and port
parameter values. It is only necessary to configure Spanning Tree parameters to change how the topology
is calculated and maintained.
In This Chapter
This chapter provides an overview about how Spanning Tree works and how to configure Spanning Tree
parameters through the Command Line Interface (CLI). CLI commands are used in the configuration
examples; for more details about the syntax of commands, see the OmniSwitch CLI Reference Guide.
Configuration procedures described in this chapter include:
• Selecting the switch Spanning Tree operating mode (flat or 1x1) on page 5-9.
• Configuring Spanning Tree bridge parameters on page 5-12.
• Configuring Spanning Tree port parameters on page 5-19.
• Configuring an example Spanning Tree topology on page 5-29
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-1
Spanning Tree Specifications Configuring Spanning Tree Parameters
Spanning Tree Specifications
IEEE Standards supported 802.1D–Media Access Control (MAC) Bridges
802.1w–Rapid Reconfiguration (802.1D Amendment 2)
802.1Q–Virtual Bridged Local Area Networks
802.1s–Multiple Spanning Trees (802.1Q Amendment 3)
Spanning Tree Operating Modes supported Flat mode - one spanning tree instance per switch
1x1 mode - one spanning tree instance per VLAN
Spanning Tree Protocols supported 802.1D Standard Spanning Tree Algorithm and Protocol
(STP)
802.1w Rapid Spanning Tree Algorithm and Protocol (RSTP)
802.1s Multiple Spanning Tree Protocol (MSTP)
Spanning Tree port eligibility Fixed ports (non-mobile)
802.1Q tagged ports
Link aggregate of ports
Maximum 1x1 mode Spanning Tree
instances per switch
Maximum flat mode 802.1s Multiple
Spanning Tree Instances (MSTI) per
switch
CLI Command Prefix Recognition All Spanning Tree commands support prefix recognition. See
253
16 MSTI, in addition to the Common and Internal Spanning
Tree instance (also referred to as MSTI 0).
the “Using the CLI” chapter in the OmniSwitch 6600 Family
Switch Management Guide for more information.
Spanning Tree Bridge Parameter Defaults
Parameter Description Command Default
Spanning Tree operating mode bridge mode 1x1 (a separate Spanning Tree
instance for each VLAN)
Spanning Tree protocol bridge protocol STP (802.1D)
BPDU switching status. bridge bpdu-switching Disabled
Priority value for the Spanning Tree
instance.
Hello time interval between each BPDU
transmission.
bridge priority 32768
bridge hello time 2 seconds
Maximum aging time allowed for Spanning Tree information learned from the
network.
Spanning Tree port state transition time. bridge forward delay 15 seconds
page 5-2 OmniSwitch 6600 Family Network Configuration Guide April 2006
bridge max age 20 seconds
Configuring Spanning Tree Parameters Spanning Tree Port Parameter Defaults
Spanning Tree Port Parameter Defaults
Parameter Description Command Default
Spanning Tree port administrative state bridge slot/port Enabled
Spanning Tree port priority value bridge slot/port priority 7
Spanning Tree port path cost. bridge slot/port path cost 0 (cost is based on port speed)
Path cost mode bridge path cost mode Auto (16-bit in 1x1 mode and
802.1D or 802.1w flat mode,
32-bit in 802.1s flat mode)
Port state management mode bridge slot/port mode Dynamic (Spanning Tree Algo-
rithm determines port state)
Type of port connection bridge slot/port connection auto point to point
Multiple Spanning Tree (MST) Region Defaults
Although the following parameter values are specific to the MSTP (802.1s), they are configurable regardless of which mode (flat or 1x1) or protocol is active on the switch.
Parameter Description Command Default
The MST region name bridge mst region name blank
The revision level for the MST region bridge mst region revision
level
The maximum number of hops authorized for the region
The number of Multiple Spanning Tree
Instances (MSTI).
The VLAN to MSTI mapping. bridge msti vlan All VLANs are mapped to the
bridge mst region max
hops
bridge msti 1 (flat mode instance)
0
20
Common Internal Spanning
Tree (CIST) instance
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 5-3
Spanning Tree Overview Configuring Spanning Tree Parameters
Spanning Tree Overview
Alcatel switches support the use of the 802.1D Spanning Tree Algorithm and Protocol (STP), the 802.1w
Rapid Spanning Tree Algorithm and Protocol (RSTP), and the 802.1s Multiple Spanning Tree Protocol
(MSTP).
RSTP expedites topology changes by allowing blocked ports to transition directly into a forwarding state,
bypassing listening and learning states. This provides rapid reconfiguration of the Spanning Tree in the
event of a network path or device failure.
The 802.1w standard is an amendment to the 802.1D document, thus RSTP is based on STP. Regardless of
which one of these two protocols a switch or VLAN is running, it can successfully interoperate with other
switches or VLANs.
MSTP is an enhancement to the 802.1Q Common Spanning Tree (CST), which is provided when an Alcatel switch is running in the flat Spanning Tree operating mode. The flat mode applies a single spanning
tree instance across all VLAN port connections on a switch. MSTP allows the configuration of Multiple
Spanning Tree Instances (MSTIs) in addition to the CST instance. Each MSTI is mapped to a set of
VLANs. As a result, flat mode can now support the forwarding of VLAN traffic over separate data paths.
This section provides a Spanning Tree overview based on RSTP operation and terminology. Although
MSTP is based on RSTP, see Chapter 6, “Using 802.1s Multiple Spanning Tree,” for specific information
about configuring MSTP.
How the Spanning Tree Topology is Calculated
The tree consists of links and bridges that provide a single data path that spans the bridged network. At the
base of the tree is a root bridge. One bridge is elected by all the bridges participating in the network to
serve as the root of the tree. After the root bridge is identified, STP calculates the best path that leads from
each bridge back to the root and blocks any connections that would cause a network loop.
To determine the best path to the root, STP uses the path cost value, which is associated with every port on
each bridge in the network. This value is a configurable weighted measure that indicates the contribution
of the port connection to the entire path leading from the bridge to the root.
In addition, a root path cost value is associated with every bridge. This value is the sum of the path costs
for the port that receives frames on the best path to the root (this value is zero for the root bridge). The
bridge with the lowest root path cost becomes the designated bridge for the LAN, as it provides the shortest path to the root for all bridges connected to the LAN.
During the process of calculating the Spanning Tree topology, each port on every bridge is assigned a port
role based on how the port and/or its bridge will participate in the active Spanning Tree topology. The
following table provides a list of port role types and the port and/or bridge properties that the Spanning
Tree Algorithm examines to determine which role to assign to the port.
Role Port/Bridge Properties
Root Port Port connection that provides the shortest path (lowest path cost value) to the
root. The root bridge does not have a root port.
Designated Port The designated bridge provides the LAN with the shortest path to the root. The
designated port connects the LAN to this bridge.
Backup Port Any operational port on the designated bridge that is not a root or designated
port. Provides a backup connection for the designated port. A backup port can
only exist when there are redundant designated port connections to the LAN.
page 5-4 OmniSwitch 6600 Family Network Configuration Guide April 2006
Loading...