Loading...
53-1002484-04 |
® |
19 March 2013 |
|
BigIron RX Series
Configuration Guide
Supporting Multi-Service IronWare v02.9.00a
Copyright © 2011-2013 Brocade Communications Systems, Inc. All Rights Reserved
ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Corporate and Latin American Headquarters |
Asia-Pacific Headquarters |
|
|
Brocade Communications Systems, Inc. |
Brocade Communications Systems China HK, Ltd. |
||
130 Holger Way |
No. 1 Guanghua Road |
|
|
San Jose, CA 95134 |
Chao Yang District |
|
|
Tel: 1-408-333-8000 |
Units 2718 and 2818 |
|
|
Fax: 1-408-333-8101 |
Beijing 100020, China |
|
|
E-mail: info@brocade.com |
Tel: +8610 6588 8888 |
|
|
|
Fax: +8610 6588 9999 |
|
|
|
E-mail: china-info@brocade.com |
|
|
European Headquarters |
Asia-Pacific Headquarters |
|
|
Brocade Communications Switzerland Sàrl |
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE) |
||
Centre Swissair |
Citic Plaza |
|
|
Tour B - 4ème étage |
No. 233 Tian He Road North |
|
|
29, Route de l'Aéroport |
Unit 1308 – 13th Floor |
|
|
Case Postale 105 |
Guangzhou, China |
|
|
CH-1215 Genève 15 |
Tel: +8620 3891 2000 |
|
|
Switzerland |
Fax: +8620 3891 2111 |
|
|
Tel: +41 22 799 5640 |
E-mail: china-info@brocade.com |
|
|
Fax: +41 22 799 5641 |
|
|
|
E-mail: emea-info@brocade.com |
|
|
|
Document History |
|
|
|
|
|
|
|
Title |
Publication number |
Summary of changes |
Date |
|
|
|
|
BigIron RX Series Configuration Guide |
53-1002253-01 |
Release 02.8.00 features |
May 2011 |
|
|
|
|
BigIron RX Series Configuration Guide |
53-1002253-02 |
Incorporated the review |
June 2011 |
|
|
comments and fixed the |
|
|
|
documentation defects. |
|
|
|
|
|
BigIron RX Series Configuration Guide |
53-1002484-01 |
Release 02.9.00 features |
May 2012 |
|
|
and fixed the |
|
|
|
documentation defects |
|
|
|
|
|
BigIron RX Series Configuration Guide |
53-1002484-02 |
Updated the CLIs and mini- |
June 2012 |
|
|
TOCs. |
|
|
|
|
|
BigIron RX Series Configuration Guide |
53-1002484-03 |
Release 02.9.00 document |
November 2012 |
|
|
updated with |
|
|
|
enhancements in Release |
|
|
|
02.9.00a. |
|
|
|
|
|
BigIron RX Series Configuration Guide |
53-1002484-04 |
Release 02.9.00a |
March 2013 |
|
|
document updated for |
|
|
|
documentation defect fix. |
|
|
|
|
|
Contents
About This Document
Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . .xliii List of supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xliii Unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlvi
What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xlvii Enhancements in release 02.9.00a. . . . . . . . . . . . . . . . . . . . . xlvii Enhancements in release 02.9.00. . . . . . . . . . . . . . . . . . . . . xlviii Enhancements in release 02.8.00. . . . . . . . . . . . . . . . . . . . . xlviii Enhancements in release 02.7.03 . . . . . . . . . . . . . . . . . . . . . . . . .l Enhancements in release 02.7.02 . . . . . . . . . . . . . . . . . . . . . . . . li Enhancements in release 02.7.00 . . . . . . . . . . . . . . . . . . . . . . . .lii Enhancements in release 02.6.00. . . . . . . . . . . . . . . . . . . . . . . liv Enhancements in patch release 02.5.00c . . . . . . . . . . . . . . . . lvii Enhancements in patch release 02.5.00b . . . . . . . . . . . . . . . . lvii Enhancements in release 02.5.00. . . . . . . . . . . . . . . . . . . . . . lviii Enhancements in patch release 02.4.00c . . . . . . . . . . . . . . . . lix Enhancements in release 02.4.00. . . . . . . . . . . . . . . . . . . . . . . . lx Enhancements in patch release 02.3.00a . . . . . . . . . . . . . . . lxiv Enhancements in release 02.3.00. . . . . . . . . . . . . . . . . . . . . . . lxv Enhancements in release 02.2.01 . . . . . . . . . . . . . . . . . . . . . . lxxi Enhancements in release 02.2.00g. . . . . . . . . . . . . . . . . . . . . lxxv Enhancements in release 02.2.00. . . . . . . . . . . . . . . . . . . . . .lxxvi
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxvii Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxvii Command syntax conventions . . . . . . . . . . . . . . . . . . . . . . . . lxxvii Notes and cautions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxvii
Trademark references. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii Getting technical help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . lxxviii
Chapter 1 |
Getting Started with the Command Line Interface |
|
|
Logging on through the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1 |
|
On-line help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
2 |
|
Command completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
2 |
|
Scroll control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
2 |
|
Line editing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
3 |
|
EXEC commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
3 |
|
Global level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
4 |
CONFIG commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
BigIron RX Series Configuration Guide |
iii |
53-1002484-04 |
|
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Navigating among command levels . . . . . . . . . . . . . . . . . . . . . . . 8 CLI command structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Searching and filtering output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Allowable characters for LAG names . . . . . . . . . . . . . . . . . . . . . 13 Syntax shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Saving configuration changes. . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Chapter 2 |
Using a Redundant Management Module |
|
|
How management module redundancy works . . . . . . . . . . . . . . . . . |
17 |
|
Management module redundancy overview . . . . . . . . . . . . . . . |
17 |
|
Management module switchover . . . . . . . . . . . . . . . . . . . . . . . . |
18 |
|
Switchover implications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
19 |
|
Management module redundancy configuration . . . . . . . . . . . . . . . |
21 |
|
Changing the default active slot . . . . . . . . . . . . . . . . . . . . . . . . . |
21 |
Managing management module redundancy . . . . . . . . . . . . . . . . . . 21 File synchronization between the active and standby management modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22 Manually switching over to the standby management
module . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Rebooting the active and standby management
modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Monitoring management module redundancy . . . . . . . . . . . . . . . . .25 Determining management module status . . . . . . . . . . . . . . . . .25 Displaying temperature information . . . . . . . . . . . . . . . . . . . . . .26 Displaying switchover information . . . . . . . . . . . . . . . . . . . . . . .26
iv |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Flash memory and PCMCIA flash card file management
commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28 Management focus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29 Flash memory file system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30 PCMCIA flash card file system. . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Wildcards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Formatting a flash card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Determining the current management focus. . . . . . . . . . . . . . .33 Switching the management focus . . . . . . . . . . . . . . . . . . . . . . .33 Displaying a directory of the files . . . . . . . . . . . . . . . . . . . . . . . .34 Displaying the contents of a file . . . . . . . . . . . . . . . . . . . . . . . . .36 Displaying the hexadecimal output of a file . . . . . . . . . . . . . . . . 37 Creating a subdirectory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Removing a subdirectory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39 Renaming a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40 Changing the read-write attribute of a file . . . . . . . . . . . . . . . . .40 Deleting a file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Recovering (“undeleting”) a file . . . . . . . . . . . . . . . . . . . . . . . . .42 Appending a file to another file. . . . . . . . . . . . . . . . . . . . . . . . . .43 Copying files using the copy command . . . . . . . . . . . . . . . . . . .43 Copying files using the cp command . . . . . . . . . . . . . . . . . . . . .48 Loading the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49 Saving configuration changes. . . . . . . . . . . . . . . . . . . . . . . . . . .50 File management messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Chapter 3 |
Securing Access to Management Functions |
|
|
Securing access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
53 |
Restricting remote access to management functions . . . . . . . . . . .55 Using ACLs to restrict remote access . . . . . . . . . . . . . . . . . . . .56 Restricting remote access to the device to specific
IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59 Specifying the maximum number of login attempts for
Telnet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Restricting remote access to the device to
specific VLAN IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60 Disabling specific access methods. . . . . . . . . . . . . . . . . . . . . . .62
Setting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Setting passwords for management privilege levels . . . . . . . . .64 Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . . .66 Displaying the SNMP community string . . . . . . . . . . . . . . . . . . .67 Disabling password encryption . . . . . . . . . . . . . . . . . . . . . . . . . .67 Specifying a minimum password length. . . . . . . . . . . . . . . . . . .67
Setting up local user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Configuring a local user account . . . . . . . . . . . . . . . . . . . . . . . .68 Username, password and login rules . . . . . . . . . . . . . . . . . . . . .70 Configuring the strict password feature . . . . . . . . . . . . . . . . . . . 71
BigIron RX Series Configuration Guide |
v |
53-1002484-04 |
|
Configuring SSL security for the Web Management Interface. . . . .73 Enabling the SSL server on the device. . . . . . . . . . . . . . . . . . . . 74 Importing digital certificates and RSA private key files. . . . . . . 74 Generating an SSL certificate . . . . . . . . . . . . . . . . . . . . . . . . . . .75
Configuring TACACS and TACACS+ security . . . . . . . . . . . . . . . . . . . .75 How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . .75 TACACS and TACACS+ authentication, authorization,
and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 TACACS and TACACS+ configuration considerations . . . . . . . . .79 Enabling SNMP to configure TACACS and TACACS. . . . . . . . . . .80 Identifying the TACACS and TACACS+ servers . . . . . . . . . . . . . .80 Specifying different servers for individual AAA functions . . . . . 81 Setting optional TACACS and TACACS+ parameters . . . . . . . . . 81 Configuring authentication-method lists for TACACS
and TACACS+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83 Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . .85 Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . .88 Configuring an interface as the source for all TACACS
and TACACS+ packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Displaying TACACS and TACACS+ statistics and
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89
Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 RADIUS authentication, authorization, and accounting . . . . . . 91 RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . . .94 RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . . . 94 Configuring Brocade-specific attributes on the
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .95 Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . . .96 Identifying the RADIUS server to the BigIron RX . . . . . . . . . . . .96 Specifying different servers for individual AAA functions . . . . . 97 Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuring authentication-method lists for RADIUS. . . . . . . . .98 Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . . .99 Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . .101 Configuring an interface as the source for all RADIUS
packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .102 Displaying RADIUS configuration information . . . . . . . . . . . . .103
Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . .104 Configuration considerations for authentication-
method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105 Examples of authentication-method lists. . . . . . . . . . . . . . . . .106
Chapter 4 |
Getting Familiar With the BigIron RX Series Switch Management |
|
|
Applications |
|
|
How to manage BigIron RX Series switch . . . . . . . . . . . . . . . . . . . . |
109 |
vi |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Logging on through the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109 On-line help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 Command completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 Scroll control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 Line editing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111 Searching and filtering output from CLI commands . . . . . . . .111 Allowable characters for LAG names . . . . . . . . . . . . . . . . . . . .116
Logging on through the Web Management Interface . . . . . . . . . . .116 Web Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . .117
Chapter 5 |
Configuring Basic Parameters |
|
|
Configuring basic system parameters . . . . . . . . . . . . . . . . . . . . . . . |
119 |
|
Entering system administration information . . . . . . . . . . . . . . . . . . |
120 |
Configuring Simple Network Management Protocol traps . . . . . . .120 Specifying an SNMP trap receiver . . . . . . . . . . . . . . . . . . . . . .121 Specifying a Single trap source. . . . . . . . . . . . . . . . . . . . . . . . .121 Setting the SNMP Trap holddown time. . . . . . . . . . . . . . . . . . .122 Disabling SNMP traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Disabling Syslog messages and traps for CLI access . . . . . . .123
Configuring an interface as source for all Telnet packets . . . . . . .125 Cancelling an outbound Telnet session . . . . . . . . . . . . . . . . . .125
Configuring an interface as the source for all TFTP packets . . . . .126 Configuring an interface as the source for Syslog packets . . . . . .126 Specifying a Simple Network Time Protocol (SNTP) server . . . . . .127
Setting the system clock. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128 New Daylight Saving Time (DST) . . . . . . . . . . . . . . . . . . . . . . . .130
Configuring CLI banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Setting a message of the day banner. . . . . . . . . . . . . . . . . . . .130 Setting a privileged EXEC CLI level banner . . . . . . . . . . . . . . .131 Displaying a message on the console when an incoming
Telnet session is detected . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Configuring terminal display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132 Checking the length of terminal displays . . . . . . . . . . . . . . . . .132
Enabling or disabling routing protocols . . . . . . . . . . . . . . . . . . . . . .132 Displaying and modifying system parameter default settings . . . .133 Displaying the full port name for an interface . . . . . . . . . . . . . . . .135
Enabling or disabling Layer 2 switching . . . . . . . . . . . . . . . . . . . . |
137 |
CAM partitioning for the BigIron RX . . . . . . . . . . . . . . . . . . . . . . . . .137 Re-distributing CAM allocations . . . . . . . . . . . . . . . . . . . . . . . .138 Nexthop table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Changing the MAC age time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Configuring static ARP entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139 Pinging an IPv4 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .140
BigIron RX Series Configuration Guide |
vii |
53-1002484-04 |
|
Chapter 6 |
Configuring Interface Parameters |
|
|
Assigning a port name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
143 |
|
Assigning an IP address to a port . . . . . . . . . . . . . . . . . . . . . . . . . . |
144 |
Speed/Duplex negotiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144 Disabling or re-enabling a port . . . . . . . . . . . . . . . . . . . . . . . . . . . .145
Changing the default Gigabit negotiation mode . . . . . . . . . . . . . . .146 Changing the negotiation mode . . . . . . . . . . . . . . . . . . . . . . . .146
Disabling or re-enabling flow control . . . . . . . . . . . . . . . . . . . . . . . .146 Specifying threshold values for flow control . . . . . . . . . . . . . . 147
Changing the load interval time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Wait for all cards feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Port transition hold timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148 Port flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148
Modifying port priority (QoS). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Assigning a mirror port and monitor ports . . . . . . . . . . . . . . . . . . .150 Configuration guidelines for monitoring traffic . . . . . . . . . . . .150 Configuring port mirroring and monitoring. . . . . . . . . . . . . . . .150
Mirror ports for Policy-Based Routing (PBR) traffic. . . . . . . . . . . . .151 About hardware-based PBR . . . . . . . . . . . . . . . . . . . . . . . . . . .152 Configuring mirror ports for PBR traffic . . . . . . . . . . . . . . . . . .152
Displaying mirror and monitor port configuration. . . . . . . . . . . . . .153 Enabling WAN PHY mode support . . . . . . . . . . . . . . . . . . . . . . . . . .153
Chapter 7 |
Configuring IP |
|
|
Overview of configuring IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
155 |
|
The IP packet flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
155 |
|
ARP cache table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
157 |
|
Static ARP table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
157 |
|
IP Route table. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
158 |
|
IP forwarding cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
158 |
Basic IP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . .159 When parameter changes take effect . . . . . . . . . . . . . . . . . . .159 IP global parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159 IP interface parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Configuring IP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .163 Configuring IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .164 Changing the network mask display to prefix format . . . . . . .166 Configuring the default gateway . . . . . . . . . . . . . . . . . . . . . . . .167 GRE IP tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .167 IPv6 over IPv4 tunnels in hardware . . . . . . . . . . . . . . . . . . . . .172 Configuring Domain Name Server (DNS) resolver. . . . . . . . . . 176 Adding host names to the DNS cache table . . . . . . . . . . . . . .178
viii |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Configuring packet parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . .181 Changing the encapsulation type . . . . . . . . . . . . . . . . . . . . . . .181 Setting maximum frame size per PPCR . . . . . . . . . . . . . . . . . .182 Changing the MTU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Changing the router ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185
Specifying a single source interface for Telnet, TACACS,
TACACS+, or RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Configuring an interface as the source for Syslog packets . . . . . .187 IP fragmentation protection . . . . . . . . . . . . . . . . . . . . . . . . . . .188 IP option attack protection . . . . . . . . . . . . . . . . . . . . . . . . . . . .188 IP receive access list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Configuring ARP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 How ARP works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Rate limiting ARP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 Applying a rate limit to ARP packets on an interface. . . . . . . .191 Clearing the rate limit for ARP packets. . . . . . . . . . . . . . . . . . .192 Changing the ARP aging period. . . . . . . . . . . . . . . . . . . . . . . . .192 Creating a floating static ARP entry . . . . . . . . . . . . . . . . . . . . .194 Static route ARP validation check. . . . . . . . . . . . . . . . . . . . . . .195
Configuring forwarding parameters . . . . . . . . . . . . . . . . . . . . . . . . .196 Disabling ICMP messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199 Disabling ICMP redirect messages . . . . . . . . . . . . . . . . . . . . . .200 Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201 Static route tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206 Static route next hop resolution . . . . . . . . . . . . . . . . . . . . . . . .206 Configuring IP load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . .211 Default route ECMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 IP receive access list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215 Configuring IRDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216 Configuring UDP broadcast and IP helper parameters . . . . . .218 Configuring BootP/DHCP forwarding parameters . . . . . . . . . .220
Displaying IP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222 Displaying IP interface information. . . . . . . . . . . . . . . . . . . . . .224 Displaying interface name in Syslog. . . . . . . . . . . . . . . . . . . . .225 Displaying ARP entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226 Displaying the forwarding cache. . . . . . . . . . . . . . . . . . . . . . . .228 Displaying the IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . .229 Clearing IP routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232 Displaying IP traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . .232 Displaying TCP traffic statistics. . . . . . . . . . . . . . . . . . . . . . . . .235
Chapter 8 |
Link Aggregation |
|
|
Link aggregation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
237 |
LAG formation rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237 LAG load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240
Configuration of a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Creating a Link Aggregation Group (LAG) . . . . . . . . . . . . . . . . 241
BigIron RX Series Configuration Guide |
ix |
53-1002484-04 |
|
Deploying a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .244 Commands available under LAG once it is deployed . . . . . . .245 Configuring ACL-based mirroring. . . . . . . . . . . . . . . . . . . . . . . .245 Disabling ports within a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . .245 Enabling ports within a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . .246 Monitoring an individual LAG port . . . . . . . . . . . . . . . . . . . . . .246 Assigning a name to a port within a LAG . . . . . . . . . . . . . . . . .246 Enabling sFlow forwarding on a port within a LAG. . . . . . . . . . 247 Setting the sFlow sampling rate for a port within a LAG . . . . . 247 Displaying LAG information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 Displaying LAG statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .251
Chapter 9 |
Configuring LLDP |
|
|
Terms used in this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
253 |
LLDP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Benefits of LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
General operating principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 Operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 LLDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256 TLV support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .256
MIB support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259 Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260 Web Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260
Configuring LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260 Configuration notes and considerations . . . . . . . . . . . . . . . . .260 Enabling and disabling LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . .261 Changing a port’s LLDP operating mode . . . . . . . . . . . . . . . . .261 Specifying the maximum number of LLDP neighbors . . . . . . .263 Enabling LLDP SNMP notifications and Syslog messages . . .264 Specifying the minimum time between SNMP traps and
Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264 Changing the minimum time between LLDP
transmissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265 Changing the interval between regular LLDP
transmissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265 Changing the holdtime multiplier for transmit TTL . . . . . . . . .266 Changing the minimum time between port
reinitializations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266 LLDP TLVs advertised by the Brocade device . . . . . . . . . . . . .266 Displaying LLDP statistics and configuration settings. . . . . . . 274 LLDP configuration summary . . . . . . . . . . . . . . . . . . . . . . . . . . 274 LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275 LLDP neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277 LLDP neighbors detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278 LLDP configuration details . . . . . . . . . . . . . . . . . . . . . . . . . . . .279
Resetting LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280
x |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Chapter 10 |
Configuring Uni-Directional Link Detection |
|
|
Uni-Directional Link Detection overview . . . . . . . . . . . . . . . . . . . . . |
281 |
|
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
282 |
Configuring UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282 Changing the keepalive interval . . . . . . . . . . . . . . . . . . . . . . . .282 Changing the keepalive retries . . . . . . . . . . . . . . . . . . . . . . . . .283
Displaying UDLD information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283 Displaying information for all ports. . . . . . . . . . . . . . . . . . . . . .283 Displaying link-keepalive information . . . . . . . . . . . . . . . . . . . .283 Displaying information for a single port . . . . . . . . . . . . . . . . . .285
Clearing UDLD statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .286
Chapter 11 |
VLANs |
|
|
Overview of Virtual Local Area Networks (VLANs). . . . . . . . . . . . . . |
287 |
|
Tagged, untagged, and dual-mode ports . . . . . . . . . . . . . . . . . |
287 |
|
Protocol-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
289 |
|
VLAN configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
290 |
|
VLAN ID range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
290 |
|
Tagged VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
290 |
|
VLAN hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
290 |
|
Multiple VLAN membership rules . . . . . . . . . . . . . . . . . . . . . . . |
290 |
|
Layer 2 control protocols on VLANs . . . . . . . . . . . . . . . . . . . . . |
291 |
Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291 VLAN byte accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292 Strictly or explicitly tagging a port . . . . . . . . . . . . . . . . . . . . . . .294 Assigning or changing a VLAN priority . . . . . . . . . . . . . . . . . . .294 Assigning a different ID to the default VLAN . . . . . . . . . . . . . .295
Configuring protocol-based VLANs. . . . . . . . . . . . . . . . . . . . . . . . . .295 Configuring an MSTP instance . . . . . . . . . . . . . . . . . . . . . . . . .296
Configuring virtual routing interfaces . . . . . . . . . . . . . . . . . . . . . . .296 Bridging and routing the same protocol simultaneously
on the same device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297 Integrated Switch Routing (ISR) . . . . . . . . . . . . . . . . . . . . . . . .298
VLAN groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299 Configuring a VLAN group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .299
Configuring super aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . .301 Configuring aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . . . .303 Complete CLI examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305
Configuring 802.1q-in-q tagging. . . . . . . . . . . . . . . . . . . . . . . . . . . .308 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309 Enabling 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . .309 Example configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310
Configuring 802.1q tag-type translation . . . . . . . . . . . . . . . . . . . . .311 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312 Enabling 802.1q tag-type translation . . . . . . . . . . . . . . . . . . . .313
BigIron RX Series Configuration Guide |
xi |
53-1002484-04 |
|
Private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314 Implementation notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315 Configuring a private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . .316 Enabling broadcast, multicast or unknown unicast traffic
to the private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318
Other VLAN features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319 Allocating memory for more VLANs or virtual routing
interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319 Hardware flooding for Layer 2 multicast and broadcast
packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319 Unknown unicast flooding on VLAN ports . . . . . . . . . . . . . . . .320 Flow based MAC learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320 Configuring uplink ports within a port-based VLAN. . . . . . . . .321 Configuring control protocols in VLANs . . . . . . . . . . . . . . . . . .321 Other configuration options . . . . . . . . . . . . . . . . . . . . . . . . . . .321
Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322 Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . .322 Displaying VLAN information for specific ports . . . . . . . . . . . .322 Displaying VLAN status and port types. . . . . . . . . . . . . . . . . . .323 Displaying VLAN group information . . . . . . . . . . . . . . . . . . . . .324
Transparent firewall mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325 Enabling a transparent firewall . . . . . . . . . . . . . . . . . . . . . . . .325
Chapter 12 |
Configuring Spanning Tree Protocol |
|
|
IEEE 802.1D Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . |
327 |
|
Enabling or disabling STP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
327 |
|
Default STP bridge and port parameters . . . . . . . . . . . . . . . . . |
329 |
|
Changing STP bridge parameters . . . . . . . . . . . . . . . . . . . . . . . |
329 |
|
Changing STP port parameters . . . . . . . . . . . . . . . . . . . . . . . . . |
330 |
|
Root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
330 |
|
Spanning Tree Protocol (STP) BPDU guard. . . . . . . . . . . . . . . . |
332 |
|
Displaying STP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
333 |
|
Displaying STP information for the blocked interfaces . . . . . . |
341 |
IEEE Single Spanning Tree (SSTP) . . . . . . . . . . . . . . . . . . . . . . . . . .342 SSTP defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343 Enabling SSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .343 Displaying SSTP information . . . . . . . . . . . . . . . . . . . . . . . . . . .344
PVST/PVST+ compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345 Overview of PVST and PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . .345 VLAN tags and dual mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345 Enabling PVST+ support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346 Displaying PVST+ support information . . . . . . . . . . . . . . . . . . .346 Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
SuperSpan™ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .349 Customer ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350 BPDU forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .350 Configuring SuperSpan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .355
xii |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Chapter 13 |
Configuring Rapid Spanning Tree Protocol |
|
|
Overview of Rapid Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . |
359 |
|
Bridges and bridge port roles . . . . . . . . . . . . . . . . . . . . . . . . . . |
359 |
|
Assignment of port roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
360 |
|
Ports on Switch 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
361 |
|
Ports on Switch 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
361 |
|
Ports on Switch 3. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
361 |
|
Ports Switch 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
362 |
Edge ports and edge port roles . . . . . . . . . . . . . . . . . . . . . . . . . . . .362 Point-to-point ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363 Bridge port states . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .363 Edge port and non-edge port states . . . . . . . . . . . . . . . . . . . . . . . .364 Changes to port roles and states. . . . . . . . . . . . . . . . . . . . . . . . . . .364
State machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .364 Handshake mechanisms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .365
Convergence in a simple topology . . . . . . . . . . . . . . . . . . . . . . . . . .375 Convergence at start up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Convergence after a link failure . . . . . . . . . . . . . . . . . . . . . . . .378 Convergence at link restoration . . . . . . . . . . . . . . . . . . . . . . . .379
Convergence in a complex RSTP topology. . . . . . . . . . . . . . . . . . . .381 Propagation of topology change . . . . . . . . . . . . . . . . . . . . . . . .383
Compatibility of RSTP with 802.1D . . . . . . . . . . . . . . . . . . . . . . . . .386
Configuring RSTP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .387 Enabling or disabling RSTP in a port-based VLAN . . . . . . . . . .387 Enabling or disabling RSTP on a single spanning tree . . . . . .388 Disabling or enabling RSTP on a port. . . . . . . . . . . . . . . . . . . .388 Changing RSTP bridge parameters. . . . . . . . . . . . . . . . . . . . . .388 Changing port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . .389 Fast port span . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390 Fast uplink span. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
Displaying RSTP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .394 Displaying RSTP information for the blocked interfaces . . . . . . . .402
Chapter 14 |
Metro Ring Protocol (MRP) Phase 1 and 2 |
|
|
Metro Ring Protocol (MRP) phase 1. . . . . . . . . . . . . . . . . . . . . . . . . |
405 |
|
MRP rings without shared interfaces . . . . . . . . . . . . . . . . . . . . . . . |
407 |
Ring initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .407 How ring breaks are detected and healed . . . . . . . . . . . . . . . . . . . 410 Master VLANs and customer VLANs in a topology group . . . . . . . .412
Configuring MRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Adding an MRP ring to a VLAN . . . . . . . . . . . . . . . . . . . . . . . . .415 Changing the hello and preforwarding times. . . . . . . . . . . . . . 416
MRP phase 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
BigIron RX Series Configuration Guide |
xiii |
53-1002484-04 |
|
Ring initialization for shared interfaces. . . . . . . . . . . . . . . . . . . . . .418 How ring breaks are detected and healed between
shared interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419 Selection of master node . . . . . . . . . . . . . . . . . . . . . . . . . . . . .419 RHP processing in rings with shared interfaces . . . . . . . . . . .419 Normal flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .420 Flow when a link breaks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .421 Configuring MRP with shared interfaces . . . . . . . . . . . . . . . . .422
Using MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .422 Enabling MRP diagnostics. . . . . . . . . . . . . . . . . . . . . . . . . . . . .422 Displaying MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . .423
Displaying MRP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .423 Displaying topology group information . . . . . . . . . . . . . . . . . . .424 Displaying ring information . . . . . . . . . . . . . . . . . . . . . . . . . . . .424
MRP CLI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .425 Commands on switch A (master node). . . . . . . . . . . . . . . . . . .426 Commands on switch B. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426 Commands on switch C . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427 Commands on switch D. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .427
Chapter 15 |
Virtual Switch Redundancy Protocol (VSRP) |
|
|
Overview of Virtual Switch Redundancy Protocol (VSRP) . . . . . . . . |
429 |
|
Layer 2 and Layer 3 redundancy . . . . . . . . . . . . . . . . . . . . . . . |
431 |
|
Master election and failover . . . . . . . . . . . . . . . . . . . . . . . . . . . |
431 |
Configuring basic VSRP parameters . . . . . . . . . . . . . . . . . . . . . . . .435 Enabling Layer 3 VSRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436
Configuring optional VSRP parameters . . . . . . . . . . . . . . . . . . . . . .436 Disabling VSRP on a VRID . . . . . . . . . . . . . . . . . . . . . . . . . . . . .436 Configuring authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . .436 Configuring a VRID IP address . . . . . . . . . . . . . . . . . . . . . . . . .437 VSRP fast start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .438 Changing the backup priority . . . . . . . . . . . . . . . . . . . . . . . . . .439 Saving the timer values received from the master . . . . . . . . .439 VSRP slow start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .440 Changing the Time-To-Live (TTL) . . . . . . . . . . . . . . . . . . . . . . . .440 Changing the hello interval . . . . . . . . . . . . . . . . . . . . . . . . . . . .441 Changing the dead interval . . . . . . . . . . . . . . . . . . . . . . . . . . . .441 Changing the backup hello state and interval . . . . . . . . . . . . .441 Changing the hold-down interval . . . . . . . . . . . . . . . . . . . . . . .442 Changing the default track priority . . . . . . . . . . . . . . . . . . . . . .442 Specifying a track port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443 Disabling or re-enabling backup pre-emption . . . . . . . . . . . . .443 Port transition hold timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . .443
Clearing VSRP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444 VSRP and MRP signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444
xiv |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Displaying VSRP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .446 Displaying VRID information . . . . . . . . . . . . . . . . . . . . . . . . . . .446 Displaying a summary of VSRP information. . . . . . . . . . . . . . .448 Displaying VSRP packet statistics for VSRP . . . . . . . . . . . . . . .449 Displaying the active interfaces for a VRID . . . . . . . . . . . . . . .450
Chapter 16 |
Topology Groups |
|
|
Topology overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
451 |
Master VLAN and member VLANs . . . . . . . . . . . . . . . . . . . . . . . . . .451 Master VLANs and customer VLANs in MRP . . . . . . . . . . . . . . . . . .452 Control ports and free ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .452 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .452 Configuring a topology group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .453
Displaying topology group information . . . . . . . . . . . . . . . . . . . . . .454 Displaying topology group information . . . . . . . . . . . . . . . . . . .454
Chapter 17 |
Configuring VRRP and VRRPE |
|
|
Overview of VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
455 |
|
Standard VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
455 |
|
Brocade enhancements of VRRP . . . . . . . . . . . . . . . . . . . . . . . |
458 |
|
Overview of VRRPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
460 |
VRRP and VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .462
Configuring parameters specific to VRRP . . . . . . . . . . . . . . . . . . . .464 Configuring the owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .464 Configuring basic VRRP parameters. . . . . . . . . . . . . . . . . . . . .465 Configuring the owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465 Configuring a backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465 Configuration rules for VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . .465
Configuring parameters specific to VRRPE . . . . . . . . . . . . . . . . . . .466 Configuration rules for VRRPE . . . . . . . . . . . . . . . . . . . . . . . . .466
Configuring additional VRRP and VRRPE parameters . . . . . . . . . .467 Authentication type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467 Suppression of RIP advertisements on backup routers
for the backup up interface. . . . . . . . . . . . . . . . . . . . . . . . . . . .468 Hello interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468 Dead interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .469 Backup hello message state and interval . . . . . . . . . . . . . . . .469 Track port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .469 Track priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 Backup preempt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470 Master router abdication and reinstatement. . . . . . . . . . . . . . 471
BigIron RX Series Configuration Guide |
xv |
53-1002484-04 |
|
Displaying VRRP and VRRPE information . . . . . . . . . . . . . . . . . . . . 471 Displaying summary information . . . . . . . . . . . . . . . . . . . . . . .472 Displaying detailed information . . . . . . . . . . . . . . . . . . . . . . . .473 Displaying statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Clearing VRRP or VRRPE statistics . . . . . . . . . . . . . . . . . . . . . . 477
Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 VRRP example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 VRRPE example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479
Chapter 18 |
Configuring Quality of Service |
|
|
Overview of Quality of Service (QoS) . . . . . . . . . . . . . . . . . . . . . . . . |
481 |
|
Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
481 |
|
Processing of classified traffic . . . . . . . . . . . . . . . . . . . . . . . . . |
482 |
Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484 Configuring DSCP classification by interface . . . . . . . . . . . . . .484 Configuring port, MAC, and VLAN-based classification . . . . . .484
Configuring ToS-based QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486 Enabling ToS-based QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486 Specifying trust level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .486 Enabling marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .487
Configuring the QoS mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . . .487 Changing the CoS –> DSCP mappings. . . . . . . . . . . . . . . . . . .487 Changing the DSCP –> DSCP mappings . . . . . . . . . . . . . . . . .488 Changing the DSCP –> internal forwarding priority
mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488 Changing the CoS –> internal forwarding priority
mappings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .489 Displaying QoS configuration information . . . . . . . . . . . . . . . . . . . .490 Displaying QoS mapping information. . . . . . . . . . . . . . . . . . . . . . . .491 Displaying queueing statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .492
Determining packet drop priority using WRED . . . . . . . . . . . . . . . .494 How WRED Operates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .494 Calculating avg-q-size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .495 Calculating packets that are dropped . . . . . . . . . . . . . . . . . . .495 Using WRED with rate limiting. . . . . . . . . . . . . . . . . . . . . . . . . .496
Configuring packet drop priority using WRED . . . . . . . . . . . . . . . . .496 Enabling WRED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .496 Setting the averaging-weight (Wq) parameter . . . . . . . . . . . . .496 Displaying the WRED configuration . . . . . . . . . . . . . . . . . . . . .500
Scheduling traffic for forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . .500 Configuring traffic scheduling . . . . . . . . . . . . . . . . . . . . . . . . . .501
xvi |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Configuring multicast traffic engineering . . . . . . . . . . . . . . . . . . . .505 Displaying the multicast traffic engineering configuration . . .506 Qos profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .507 Calculating the values for WFQ storage mode traffic
scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508 Egress port shaping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .508 Mirroring ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509 Supported ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .509 Configuring QoS for the 16 x 10G module . . . . . . . . . . . . . . . .509
Chapter 19 |
Configuring Traffic Reduction |
|
|
Traffic policing on the BigIron RX Series . . . . . . . . . . . . . . . . . . . . . |
511 |
Traffic reduction parameters and algorithm . . . . . . . . . . . . . . . . . .512 Requested rate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512 Maximum burst . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512 Actual rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .512
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .513
Configuring rate limiting policies . . . . . . . . . . . . . . . . . . . . . . . . . . .514 Configuring a port-based rate limiting policy . . . . . . . . . . . . . .514 Configuring a port-and-priority-based rate limiting policy . . . .515 Configuring a port-and-VLAN-based rate limiting policy . . . . .515 Configuring a VLAN-group-based rate limiting policy. . . . . . . . 516 Configuring a port-and-IPv6 ACL-based traffic reduction . . . .518
NP based multicast, broadcast, and unknown-unicast
rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .519 Displaying traffic reduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .520
Chapter 20 |
Multi-Chassis Trunking |
|
|
Multi-Chassis Trunking overview . . . . . . . . . . . . . . . . . . . . . . . . . . . |
523 |
|
Benefits of MCT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
524 |
|
How MCT works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
524 |
|
MCT components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
525 |
|
Dynamic LAGs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
527 |
|
MCT peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
527 |
|
Syncing interface MAC addresses to peer MCT devices . . . . . |
527 |
|
ICL traffic handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
528 |
|
BUM traffic handling in MCT VLANs . . . . . . . . . . . . . . . . . . . . . |
528 |
|
Support for Layer 2 protocols in MCT . . . . . . . . . . . . . . . . . . . . |
529 |
|
MCT feature interaction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
530 |
Configuring MCT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .531 Configuring a single-level MCT topology . . . . . . . . . . . . . . . . . .532 Displaying the MCT cluster information . . . . . . . . . . . . . . . . . .547 Clearing the MCT cluster information . . . . . . . . . . . . . . . . . . . .549 MCT configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . .549
BigIron RX Series Configuration Guide |
xvii |
53-1002484-04 |
|
Port loop detection support in MCT . . . . . . . . . . . . . . . . . . . . . . . . .563 Configuring port loop detection . . . . . . . . . . . . . . . . . . . . . . . .563 Displaying port loop detection information . . . . . . . . . . . . . . .565 Clearing port loop detection information . . . . . . . . . . . . . . . . .566
MAC Database Update over cluster control protocol . . . . . . . . . . .566 Cluster MAC entry types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567 MAC entry aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567 Flushing MAC entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .567 MAC entry movement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568 Flooding support on VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . .568 Displaying MAC entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568 Clearing MAC entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .573
MCT failover scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
Syslogs and debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575 Sample configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576 MCT debug commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577
MCT for VRRP or VRRP-E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582 Two-node MCT scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582 Advanced MCT scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .584 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .584 Enabling VRRP-E short-path forwarding behavior . . . . . . . . . .585
Chapter 21 |
Layer 2 ACLs |
|
|
Layer 2 ACLs overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
587 |
|
Filtering based on ethertype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
587 |
Configuration rules and notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588
Configuring Layer 2 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .588 Creating a Layer 2 ACL table . . . . . . . . . . . . . . . . . . . . . . . . . . .588 Example Layer 2 ACL clauses . . . . . . . . . . . . . . . . . . . . . . . . . .589 Inserting and deleting Layer 2 ACL clauses . . . . . . . . . . . . . . .590 Binding a Layer 2 ACL table to an interface. . . . . . . . . . . . . . .590 Increasing the maximum number of clauses per
Layer 2 ACL table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .590
Viewing Layer 2 ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591 Example of Layer 2 ACL deny by MAC address . . . . . . . . . . . .591
Chapter 22 |
Access Control List |
|
|
Access Control List overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
593 |
How the BigIron RX processes ACLs . . . . . . . . . . . . . . . . . . . . . . . .594 Disabling or re-enabling Access Control Lists (ACLs) . . . . . . . . . . .595 Default ACL action. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595 Types of IP ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595 ACL IDs and entries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595 Enabling support for additional ACL statements . . . . . . . . . . . . . .596
xviii |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
ACL-based inbound mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .596 Considerations when configuring ACL-based inbound
mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .597 Configuring ACL-based inbound mirroring . . . . . . . . . . . . . . . .597 Creating an ACL with a mirroring clause . . . . . . . . . . . . . . . . .597 Applying the ACL to an interface . . . . . . . . . . . . . . . . . . . . . . . .598 Specifying the destination mirror port . . . . . . . . . . . . . . . . . . .598 Configuring ACL-based mirroring for ACLs bound to virtual interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .599
Configuring numbered and named ACLs. . . . . . . . . . . . . . . . . . . . .600 Configuring standard numbered ACLs . . . . . . . . . . . . . . . . . . .600 Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . .602 Configuring standard or extended named ACLs . . . . . . . . . . .611 Configuring super ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613
Displaying ACL definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .615 Displaying of TCP/UDP numbers in ACLs . . . . . . . . . . . . . . . . .616
ACL logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .626 Enabling the new logging method. . . . . . . . . . . . . . . . . . . . . . .627 Specifying the wait time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627
Modifying ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627 Adding or deleting a comment . . . . . . . . . . . . . . . . . . . . . . . . .629
Deleting ACL entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 From numbered ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 From named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .632
Applying ACLs to interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633 Reapplying modified ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633 ACL automatic rebind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .633 Manually setting the ACL rebind . . . . . . . . . . . . . . . . . . . . . . . .633 Applying ACLs to a virtual routing interface . . . . . . . . . . . . . . .633 Configuring the Layer 4 session log timer . . . . . . . . . . . . . . . .634 Displaying ACL log entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .635
QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .635 Enabling ACL duplication check . . . . . . . . . . . . . . . . . . . . . . . . . . . .636
ACL accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .636 Displaying accounting statistics for all ACLs . . . . . . . . . . . . . .636 Displaying statistics for an interface . . . . . . . . . . . . . . . . . . . .637 Clearing the ACL statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . .638
Enabling ACL filtering of fragmented or non-fragmented
packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .639
ACL filtering for traffic switched within a virtual routing
interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .640 ICMP filtering for extended ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .640 Disabling internal ACLs for BGP and BFD . . . . . . . . . . . . . . . . . . . .643 Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .643
BigIron RX Series Configuration Guide |
xix |
53-1002484-04 |
|
Chapter 23 |
Policy-Based Routing |
|
|
Policy-Based Routing (PBR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
645 |
|
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
645 |
Configuring a PBR policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646 Configure the ACLs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646 Configure the route map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .648 Enabling PBR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649
Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649 Basic example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .649 Setting the next hop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .650 Setting the output interface to the null interface . . . . . . . . . .651
Trunk formation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .652
Chapter 24 |
Configuring IP Multicast Protocols |
|
|
Overview of IP multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
653 |
|
Multicast terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
654 |
Changing global IP multicast parameters . . . . . . . . . . . . . . . . . . . .654 Defining the maximum number of DVMRP cache entries. . . .655 Defining the maximum number of PIM cache entries. . . . . . .655
IP multicast boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655 Configuring multicast boundaries. . . . . . . . . . . . . . . . . . . . . . .656 Displaying multicast boundaries. . . . . . . . . . . . . . . . . . . . . . . .656
Passive Multicast Route Insertion (PMRI) . . . . . . . . . . . . . . . . . . . .656 Configuring PMRI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657 Displaying hardware-drop . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657
Changing IGMP V1 and V2 parameters. . . . . . . . . . . . . . . . . . . . . .657 Modifying IGMP (V1 and V2) query interval period . . . . . . . . .658 Modifying IGMP (V1 and V2) membership time. . . . . . . . . . . .658 Modifying IGMP (V1 and V2) maximum response time. . . . . .658
Adding an interface to a multicast group . . . . . . . . . . . . . . . . . . . .659
IGMP v3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .659 Default IGMP version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .661 Compatibility with IGMP V1 and V2 . . . . . . . . . . . . . . . . . . . . .661 Enabling the IGMP version per interface setting . . . . . . . . . . .661 Enabling the IGMP version on a physical port within a
virtual routing interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .662 Setting the query interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . .663 Setting the group membership time. . . . . . . . . . . . . . . . . . . . .664 Setting the maximum response time . . . . . . . . . . . . . . . . . . . .664 Displaying IGMPv3 information. . . . . . . . . . . . . . . . . . . . . . . . .664 Clearing IGMP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .668 IGMP V3 and source specific multicast protocols . . . . . . . . . .668
Configuring a static multicast route. . . . . . . . . . . . . . . . . . . . . . . . .668 Next hop validation check . . . . . . . . . . . . . . . . . . . . . . . . . . . . .670
xx |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
PIM dense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .670 Initiating PIM multicasts on a network . . . . . . . . . . . . . . . . . . .671 Pruning a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671 Grafts to a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . .673 PIM DM versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .673 Configuring PIM DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674 Failover time in a multi-path topology . . . . . . . . . . . . . . . . . . .678 Modifying the TTL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678
PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .678 PIM Sparse router types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .679 RP paths and SPT paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .680 Configuring PIM Sparse. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .680
Route selection precedence for multicast. . . . . . . . . . . . . . . . . . . .685 Configuring the route precedence by specifying
the route types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .685 Displaying the route selection. . . . . . . . . . . . . . . . . . . . . . . . . .686
Changing the Shortest Path Tree (SPT) threshold . . . . . . . . . . . . .687 Changing the PIM join and prune message interval . . . . . . . .688 MLL optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .688
Displaying PIM Sparse configuration information and
statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .688 Displaying basic PIM Sparse configuration information . . . . .689 Displaying a list of multicast groups . . . . . . . . . . . . . . . . . . . . .690 Displaying BSR information. . . . . . . . . . . . . . . . . . . . . . . . . . . .691 Displaying candidate RP information . . . . . . . . . . . . . . . . . . . .692 Displaying RP-to-group mappings . . . . . . . . . . . . . . . . . . . . . . .693 Displaying RP information for a PIM Sparse group . . . . . . . . .693 Displaying the RP set list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .694 Displaying multicast neighbor information. . . . . . . . . . . . . . . .694 Displaying information about an upstream
neighbor device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .695 Displaying the PIM multicast cache . . . . . . . . . . . . . . . . . . . . .696 Displaying PIM traffic statistics. . . . . . . . . . . . . . . . . . . . . . . . .698
PIM-SSMv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .698 Enabling SSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .699
Configuring Multicast Source Discovery Protocol (MSDP) . . . . . . .699 Peer Reverse Path Forwarding (RPF) flooding . . . . . . . . . . . . .701 Source active caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .701 Configuring MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .701 Enabling MSDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .702 Configuring MSDP peers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .702 Designating an interface’s IP address as the RP’s
IP address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .703 Filtering MSDP source-group pairs . . . . . . . . . . . . . . . . . . . . . .703 Filtering incoming source-active messages . . . . . . . . . . . . . . .703 Filtering advertised source-active messages. . . . . . . . . . . . . .705 Displaying the differences before and after the source
active filters are applied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .706
BigIron RX Series Configuration Guide |
xxi |
53-1002484-04 |
|
Configuring MSDP mesh groups . . . . . . . . . . . . . . . . . . . . . . . . . . .708 Configuring MSDP mesh group. . . . . . . . . . . . . . . . . . . . . . . . .709 Displaying summary information . . . . . . . . . . . . . . . . . . . . . . . 715 Displaying peer information . . . . . . . . . . . . . . . . . . . . . . . . . . . 716 Displaying source active cache information. . . . . . . . . . . . . . . 719
Clearing MSDP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719 Clearing peer information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719 Clearing the source active cache . . . . . . . . . . . . . . . . . . . . . . .720 Clearing MSDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .720
DVMRP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .720 Initiating DVMRP multicasts on a network . . . . . . . . . . . . . . . .721 Pruning a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .721 Grafts to a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723
Configuring DVMRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724 Enabling DVMRP globally and on an interface. . . . . . . . . . . . .724 Modifying DVMRP global parameters . . . . . . . . . . . . . . . . . . . .724 Modifying DVMRP interface parameters . . . . . . . . . . . . . . . . .727 Displaying information about an upstream neighbor
device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .728 Configuring a static multicast route. . . . . . . . . . . . . . . . . . . . . . . . .728
Configuring IP multicast traffic reduction. . . . . . . . . . . . . . . . . . . .729 Enabling IP multicast traffic reduction . . . . . . . . . . . . . . . . . . .730 Layer 2 multicast filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .734 PIM SM traffic snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .735 Static IGMP membership. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .739
Chapter 25 |
Configuring RIP |
|
|
Overview of Routing Information Protocol (RIP) . . . . . . . . . . . . . . . |
743 |
|
Configuring RIP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
743 |
|
Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
744 |
|
Configuring metric parameters . . . . . . . . . . . . . . . . . . . . . . . . . |
744 |
|
Changing the administrative distance . . . . . . . . . . . . . . . . . . . |
745 |
|
Configuring redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
745 |
|
Configuring route learning and advertising parameters . . . . . |
746 |
|
Changing the route loop prevention method . . . . . . . . . . . . . . |
747 |
|
Suppressing RIP route advertisement on a VRRP or VRRPE |
|
|
backup interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
748 |
|
Using prefix lists and route maps as route filters . . . . . . . . . . |
749 |
|
Setting RIP timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
750 |
Displaying RIP filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .750 Clearing the RIP routes from the routing table . . . . . . . . . . . .751
xxii |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Chapter 26 |
Configuring OSPF Version 2 (IPv4) |
|
|
Overview of OSPF (Open Shortest Path First) . . . . . . . . . . . . . . . . . |
753 |
|
Designated routers in multi-access networks . . . . . . . . . . . . . |
754 |
|
Designated router election in multi-access networks . . . . . . . |
755 |
|
OSPF RFC 1583 and 2328 compliance . . . . . . . . . . . . . . . . . . |
756 |
|
Reduction of equivalent AS external LSAs . . . . . . . . . . . . . . . . |
756 |
|
Support for OSPF RFC 2328 appendix E . . . . . . . . . . . . . . . . . |
758 |
|
Dynamic OSPF activation and configuration . . . . . . . . . . . . . . |
759 |
Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .759 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .760 OSPF parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .760 Enable OSPF on the router . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 Assign OSPF areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 Assigning an area range (optional) . . . . . . . . . . . . . . . . . . . . .765 Assigning interfaces to an area . . . . . . . . . . . . . . . . . . . . . . . .765 Modify interface defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . .765 Change the timer for OSPF authentication changes . . . . . . . .768 Block flooding of outbound LSAs on specific OSPF
interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .769 Assign virtual links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .769 Modify virtual link parameters . . . . . . . . . . . . . . . . . . . . . . . . . 771 Configuring an OSPF non-broadcast interface. . . . . . . . . . . . .772 OSPF point-to-point links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774 Changing the reference bandwidth for the cost on OSPF interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 776 Define redistribution filters . . . . . . . . . . . . . . . . . . . . . . . . . . . .777 Modify default metric for redistribution . . . . . . . . . . . . . . . . . .779 Enable route redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . .779 Disable or re-enable load sharing. . . . . . . . . . . . . . . . . . . . . . .781 Configure external route summarization . . . . . . . . . . . . . . . . .782 Configure default route origination. . . . . . . . . . . . . . . . . . . . . .783 Configuring a default network route . . . . . . . . . . . . . . . . . . . . .784 Modify SPF timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .785 Modify redistribution metric type . . . . . . . . . . . . . . . . . . . . . . .786 Modify administrative distance. . . . . . . . . . . . . . . . . . . . . . . . .786 Configure OSPF group Link State Advertisement pacing . . . .787 OSPF ABR type 3 LSA filtering. . . . . . . . . . . . . . . . . . . . . . . . . .788 Displaying the configured OSPF area prefix list. . . . . . . . . . . .790 Modifying OSPF traps generated . . . . . . . . . . . . . . . . . . . . . . .791 Modify OSPF standard compliance setting . . . . . . . . . . . . . . .793 Modify exit overflow interval . . . . . . . . . . . . . . . . . . . . . . . . . . .793 Specify types of OSPF Syslog messages to log . . . . . . . . . . . .794
BigIron RX Series Configuration Guide |
xxiii |
53-1002484-04 |
|
Displaying OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .794 Displaying general OSPF configuration information . . . . . . . .795 Displaying CPU utilization and other OSPF tasks. . . . . . . . . . .796 Displaying OSPF area information . . . . . . . . . . . . . . . . . . . . . .797 Displaying OSPF neighbor information . . . . . . . . . . . . . . . . . . .798 Displaying OSPF interface information. . . . . . . . . . . . . . . . . . .799 Displaying OSPF route information . . . . . . . . . . . . . . . . . . . . . .801 Displaying OSPF external link state Information . . . . . . . . . . .803 Displaying OSPF database link state information . . . . . . . . . .804 Displaying OSPF ABR and ASBR information . . . . . . . . . . . . . .805 Displaying OSPF trap status . . . . . . . . . . . . . . . . . . . . . . . . . . .806 Displaying OSPF virtual neighbor and link information . . . . . .806 OSPF graceful restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808
Chapter 27 |
Configuring BGP4 (IPv4 and IPv6) |
|
|
Overview of BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
814 |
|
Relationship between the BGP4 route table and the IP route table |
|
|
815 |
|
|
How BGP4 selects a path for a route . . . . . . . . . . . . . . . . . . . . |
816 |
|
BGP4 message types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
817 |
Brocade implementation of BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . .819 Memory considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .820
Configuring BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .820 When parameter changes take effect . . . . . . . . . . . . . . . . . . .824
Activating and disabling BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .825 Note regarding disabling BGP4. . . . . . . . . . . . . . . . . . . . . . . . .826
Entering and exiting the address family configuration level . . . . .826 Filtering specific IP addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . .827 Defining an AS-path filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .828 Defining a community filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .829 Configuring a switch to allow routes with its own AS number . . . .830 BGP Null0 routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .830 Aggregating routes advertised to BGP4 neighbors. . . . . . . . . . . . .834
Configuring the device to always compare MEDs . . . . . . . . . . . . . .835 Disabling or re-enabling comparison of the
AS-path length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .836 Redistributing IBGP routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .836 Disabling or re-enabling client-to-client route reflection. . . . . . . . .836 Configuring a route reflector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .837 Enabling or disabling comparison of the router IDs . . . . . . . . . . . .837 Configuring confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .837 Configuring route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . .840 Originating the default route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .841
xxiv |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Changing the default local preference . . . . . . . . . . . . . . . . . . . . . .841 Changing the default metric used for redistribution. . . . . . . . . . . .842 Changing administrative distances . . . . . . . . . . . . . . . . . . . . . . . . .842
Requiring the first AS to be the neighbor’s AS . . . . . . . . . . . . . . . .843 Neighbor local-AS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844
Enabling fast external fallover . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844 Setting the local AS number. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .845 Changing the maximum number of shared BGP4 paths . . . . . . . .845 Treating missing MEDs as the worst MEDs. . . . . . . . . . . . . . . . . . .845 Customizing BGP4 load sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . .846
Configuring BGP4 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .846 Removing route dampening from suppressed
neighbor routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .851 Encryption of BGP4 MD5 authentication keys. . . . . . . . . . . . .852
Configuring a BGP4 peer group . . . . . . . . . . . . . . . . . . . . . . . . . . . .854 Peer group parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .854
Specifying a list of networks to advertise . . . . . . . . . . . . . . . . . . . .857
Using the IP default route as a valid next hop for a
BGP4 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .858 Enabling next-hop recursion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .858 Modifying redistribution parameters . . . . . . . . . . . . . . . . . . . . . . . .861 Using a table map to set the tag value . . . . . . . . . . . . . . . . . . . . . .864 Changing the keep alive time and hold time. . . . . . . . . . . . . . . . . .865 Changing the BGP4 next-hop update timer. . . . . . . . . . . . . . . . . . .865 Changing the router ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .865 Adding a loopback interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .866
Changing the maximum number of paths for
BGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .867 Configuring route reflection parameters . . . . . . . . . . . . . . . . . . . . .867
BigIron RX Series Configuration Guide |
xxv |
53-1002484-04 |
|
Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .870 Filtering AS-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .870 Filtering communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .873 Defining and applying IP prefix lists . . . . . . . . . . . . . . . . . . . . .875 Defining neighbor distribute lists . . . . . . . . . . . . . . . . . . . . . . . 876 Defining route maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 876 Configuring cooperative BGP4 route filtering. . . . . . . . . . . . . .884 Configuring route flap dampening . . . . . . . . . . . . . . . . . . . . . .887 Generating traps for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . .892 Updating route information and resetting a neighbor
session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .892 Clearing traffic counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .898 Clearing route flap dampening statistics . . . . . . . . . . . . . . . . .899 Removing route flap dampening. . . . . . . . . . . . . . . . . . . . . . . .899 Clearing diagnostic buffers . . . . . . . . . . . . . . . . . . . . . . . . . . . .900
Displaying BGP4 information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .900 Displaying summary BGP4 information . . . . . . . . . . . . . . . . . .901 Displaying the active BGP4 configuration . . . . . . . . . . . . . . . .903 Displaying summary neighbor information . . . . . . . . . . . . . . .903 Displaying BGP4 neighbor information. . . . . . . . . . . . . . . . . . .905 Displaying peer group information . . . . . . . . . . . . . . . . . . . . . .916 Displaying summary route information . . . . . . . . . . . . . . . . . .916 Displaying the BGP4 route table . . . . . . . . . . . . . . . . . . . . . . . . 917 Displaying BGP4 route-attribute entries. . . . . . . . . . . . . . . . . .924 Displaying the routes BGP4 has placed in the IP route
table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926 Displaying route flap dampening statistics . . . . . . . . . . . . . . .926 Displaying the active route map configuration . . . . . . . . . . . .927
Generalized TTL security mechanism support. . . . . . . . . . . . . . . .931
Chapter 28 |
Configuring MBGP |
|
|
Overview of MBGP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
933 |
|
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
934 |
Configuring MBGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .934 Setting the maximum number of multicast routes
supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .934 Enabling MBGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .935 Adding MBGP neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .935 Optional configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . .936
Displaying MBGP information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .940 Displaying summary MBGP information. . . . . . . . . . . . . . . . . .940 Displaying the active MBGP configuration . . . . . . . . . . . . . . . .941 Displaying MBGP neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . .941 Displaying MBGP routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .942 Displaying the IP multicast route table. . . . . . . . . . . . . . . . . . .943
xxvi |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Chapter 29 |
Configuring IS-IS (IPv4) |
|
|
IS-IS overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
945 |
|
Relationship to IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . |
946 |
|
Intermediate systems and end systems. . . . . . . . . . . . . . . . . . |
946 |
|
Domain and areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
947 |
|
Level-1 routing and Level-2 routing . . . . . . . . . . . . . . . . . . . . . |
947 |
|
Neighbors and adjacencies. . . . . . . . . . . . . . . . . . . . . . . . . . . . |
948 |
|
Designated IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
948 |
IS-IS CLI levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .950 Global configuration level . . . . . . . . . . . . . . . . . . . . . . . . . . . . .950 Address family configuration level . . . . . . . . . . . . . . . . . . . . . .950 Interface level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951
Configuring IPv4 IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951 Enabling IS-IS globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .951
Globally configuring IS-IS on a device . . . . . . . . . . . . . . . . . . . . . . .952 Setting the overload bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .952 Configuring authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . .953 Changing the IS-IS Level globally . . . . . . . . . . . . . . . . . . . . . . .954 Disabling or re-enabling display of hostname . . . . . . . . . . . . .955 Changing the sequence numbers PDU interval . . . . . . . . . . . .955 Changing the maximum LSP lifetime . . . . . . . . . . . . . . . . . . . .956 Changing the LSP refresh interval . . . . . . . . . . . . . . . . . . . . . .956 Changing the LSP generation interval . . . . . . . . . . . . . . . . . . .956 Changing the LSP interval and retransmit interval . . . . . . . . .956 Changing the SPF timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .957 Globally disabling or re-enabling hello padding. . . . . . . . . . . .957 Logging adjacency changes . . . . . . . . . . . . . . . . . . . . . . . . . . .958
Configuring IPv4 address family route parameters . . . . . . . . . . . .958 Changing the metric style . . . . . . . . . . . . . . . . . . . . . . . . . . . . .958 Changing the maximum number of load sharing paths . . . . .959 Enabling advertisement of a default route . . . . . . . . . . . . . . .959 Changing the administrative distance for IPv4 IS-IS . . . . . . . .960 Configuring summary addresses . . . . . . . . . . . . . . . . . . . . . . .961 Redistributing routes into IPv4 IS-IS . . . . . . . . . . . . . . . . . . . . .961 Changing the default redistribution metric . . . . . . . . . . . . . . .962 Redistributing static IPv4 routes into IPv4 IS-IS. . . . . . . . . . . .962 Redistributing directly connected routes into IPv4 IS-IS . . . . .963 Redistributing RIP routes into IPv4 IS-IS . . . . . . . . . . . . . . . . .963 Redistributing OSPF routes into IPv4 IS-IS . . . . . . . . . . . . . . . .963 Redistributing BGP4+ routes into IPv4 IS-IS . . . . . . . . . . . . . .964 Redistributing IPv4 IS-IS routes within IPv4 IS-IS . . . . . . . . . .964
BigIron RX Series Configuration Guide |
xxvii |
53-1002484-04 |
|
Configuring ISIS properties on an interface . . . . . . . . . . . . . . . . . .964 Disabling and enabling IS-IS on an interface. . . . . . . . . . . . . .965 Disabling or re-enabling formation of adjacencies . . . . . . . . .965 Setting the priority for designated IS election . . . . . . . . . . . . .965 Limiting access to adjacencies with a neighbor . . . . . . . . . . .966 Changing the IS-IS level on an interface . . . . . . . . . . . . . . . . .966 Disabling and enabling hello padding on an interface . . . . . .967 Changing the hello interval . . . . . . . . . . . . . . . . . . . . . . . . . . . .967 Changing the hello multiplier . . . . . . . . . . . . . . . . . . . . . . . . . .967 Changing the metric added to advertised routes . . . . . . . . . .968
Displaying IPv4 IS-IS information . . . . . . . . . . . . . . . . . . . . . . . . . . .968 Displaying the IS-IS configuration in the running-config . . . . .969 Displaying the name mappings. . . . . . . . . . . . . . . . . . . . . . . . .969 Displaying neighbor information . . . . . . . . . . . . . . . . . . . . . . . .969 Displaying IS-IS Syslog messages. . . . . . . . . . . . . . . . . . . . . . .970 Displaying interface information. . . . . . . . . . . . . . . . . . . . . . . .972 Displaying route information . . . . . . . . . . . . . . . . . . . . . . . . . . . 974 Displaying LSP database entries . . . . . . . . . . . . . . . . . . . . . . .975 Displaying traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .978 Displaying error statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .979
Clearing IS-IS information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .980
Chapter 30 |
BiDirectional Forwarding Detection (BFD) |
|
|
BFD overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
983 |
|
Configuring BFD parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
984 |
|
Number of BFD sessions supported. . . . . . . . . . . . . . . . . . . . . |
984 |
|
Disabling BFD Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . |
984 |
Displaying Bidirectional Forwarding Detection information . . . . . .985 Displaying BFD information on a router . . . . . . . . . . . . . . . . . .985 Clearing BFD neighbor sessions . . . . . . . . . . . . . . . . . . . . . . . .989
Configuring BFD for the specified protocol . . . . . . . . . . . . . . . . . . .989 Configuring BFD for OSPFv2 . . . . . . . . . . . . . . . . . . . . . . . . . . .989 Configuring BFD for OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . .990 Configuring BFD for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .990
Chapter 31 |
Configuring Secure Shell |
|
|
Overview of Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
993 |
|
SSH version 2 support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
993 |
|
Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
994 |
Configuring SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994 Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .995 Configuring DSA challenge-response authentication . . . . . . .996 Disabling 3-DES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1001
Displaying SSH connection information . . . . . . . . . . . . . . . . . . . .1001 Using secure copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1002
xxviii |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Chapter 32 |
Configuring Multi-Device Port Authentication |
|
|
How multi-device port authentication works. . . . . . . . . . . . . . . . |
1005 |
|
RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1005 |
|
Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . |
1006 |
|
Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . |
1006 |
|
Dynamic VLAN and ACL assignments. . . . . . . . . . . . . . . . . . |
1006 |
|
Support for authenticating multiple MAC addresses |
|
|
on an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1007 |
|
Support for multi-device port authentication and 802.1x |
|
|
on the same interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1007 |
|
Configuring multi-device port authentication . . . . . . . . . . . . . . . . |
1007 |
|
Enabling multi-device port authentication . . . . . . . . . . . . . . |
1008 |
|
Configuring an authentication method list for 802.1x . . . . |
1008 |
|
Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . |
1008 |
|
Specifying the format of the MAC addresses sent to the |
|
|
RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1009 |
|
Specifying the authentication-failure action . . . . . . . . . . . . |
1009 |
|
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . . |
1010 |
|
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . . |
1011 |
|
Specifying to which VLAN a port is moved after its |
|
|
RADIUS-specified VLAN assignment expires . . . . . . . . . . . . . |
1014 |
|
Saving dynamic VLAN assignments to the running |
|
|
configuration file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1014 |
|
Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . |
1015 |
|
Disabling aging for authenticated MAC addresses . . . . . . . . |
1015 |
|
Specifying the aging time for blocked MAC addresses . . . . . |
1016 |
|
Displaying multi-device port authentication information . . . . . . . |
1016 |
|
Displaying authenticated MAC address information . . . . . . . |
1017 |
|
Displaying multi-device port authentication configuration |
|
|
information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1017 |
|
Displaying multi-device port authentication information for |
|
|
a specific MAC address or port . . . . . . . . . . . . . . . . . . . . . . . |
1020 |
|
Displaying the authenticated MAC addresses . . . . . . . . . . . . |
1021 |
|
Displaying the non-authenticated MAC addresses . . . . . . . . |
1021 |
|
Example configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1021 |
|
Multi-device port authentication with dynamic |
|
|
VLAN assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1022 |
|
Examples of multi-device port authentication and 802.1X |
|
|
authentication configuration on the same port. . . . . . . . . . . |
1024 |
Chapter 33 |
Using the MAC Port Security Feature and Transparent Port Flooding |
|
|
Overview of MAC port security . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1029 |
|
Violation actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1029 |
|
Local and global resources . . . . . . . . . . . . . . . . . . . . . . . . . . |
1030 |
BigIron RX Series Configuration Guide |
xxix |
53-1002484-04 |
|
Configuring the MAC Port Security feature . . . . . . . . . . . . . . . . . 1030 Enabling the MAC Port Security feature . . . . . . . . . . . . . . . . 1030 Setting the maximum number of secure MAC addresses for
an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1031 Specifying static secure MAC addresses . . . . . . . . . . . . . . . 1032 Enabling dynamic MAC address learning. . . . . . . . . . . . . . . 1032 Denying specific MAC addresses . . . . . . . . . . . . . . . . . . . . . 1032 Autosaving secure MAC addresses to the startup-config . . 1033 Setting the MAC Port Security age timer . . . . . . . . . . . . . . . 1033
Defining security violation actions . . . . . . . . . . . . . . . . . . . . . . . . 1034 Shutdown the interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1034 Restricting interface access . . . . . . . . . . . . . . . . . . . . . . . . . 1034 Denying a MAC address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1036
Understanding the rules for violation action configuration . . . . .1037 Interaction between global and interface level violation
actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1037 Changing the global violation action . . . . . . . . . . . . . . . . . . .1037 Changing the violation action for an interface. . . . . . . . . . . 1038
Re-enabling an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038 Interface shutdown time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038 Manually re-enabling a interface . . . . . . . . . . . . . . . . . . . . . 1038
Displaying MAC Port Security information . . . . . . . . . . . . . . . . . . 1039 Displaying MAC Port Security settings . . . . . . . . . . . . . . . . . 1039 Displaying the secure MAC addresses list on the device . . 1040 Displaying MAC Port Security statistics . . . . . . . . . . . . . . . . 1040 Displaying a list of MAC addresses. . . . . . . . . . . . . . . . . . . . .1041 Displaying a list of secure and denied MAC addresses. . . . .1041 Displaying information when violation action is restrict . . . 1042 Displaying information when violation action is deny . . . . . 1043
Transparent port flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043
Chapter 34 |
Configuring 802.1x Port Security |
|
|
Overview of 802.1x port security . . . . . . . . . . . . . . . . . . . . . . . . . |
1045 |
|
IETF RFC support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1045 |
|
How 802.1x port security works. . . . . . . . . . . . . . . . . . . . . . . . . . |
1045 |
|
Device roles in an 802.1x configuration . . . . . . . . . . . . . . . |
1046 |
|
Communication between the devices . . . . . . . . . . . . . . . . . |
.1047 |
|
Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . |
1048 |
|
Message exchange during authentication . . . . . . . . . . . . . . |
1049 |
|
Authenticating multiple clients connected to the same |
|
|
port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1050 |
802.1x port security and sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . 1052
xxx |
BigIron RX Series Configuration Guide |
|
53-1002484-04 |
Loading...