53-1003053-01 |
® |
30 September 2013 |
|
Brocade TurboIron 24X
Series
Configuration Guide
Supporting FastIron Software Release 08.0.01
Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved.
ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. shall have no liability or responsibility to any person or entity with respect to any loss, cost, liability, or damages arising from the information contained in this book or the computer programs that accompany it.
The product described by this document may contain “open source” software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Brocade Communications Systems, Incorporated
Corporate and Latin American Headquarters |
Asia-Pacific Headquarters |
|
|
Brocade Communications Systems, Inc. |
Brocade Communications Systems China HK, Ltd. |
||
130 Holger Way |
No. 1 Guanghua Road |
|
|
San Jose, CA 95134 |
Chao Yang District |
|
|
Tel: 1-408-333-8000 |
Units 2718 and 2818 |
|
|
Fax: 1-408-333-8101 |
Beijing 100020, China |
|
|
E-mail: info@brocade.com |
Tel: +8610 6588 8888 |
|
|
|
Fax: +8610 6588 9999 |
|
|
|
E-mail: china-info@brocade.com |
|
|
European Headquarters |
Asia-Pacific Headquarters |
|
|
Brocade Communications Switzerland Sàrl |
Brocade Communications Systems Co., Ltd. (Shenzhen WFOE) |
||
Centre Swissair |
Citic Plaza |
|
|
Tour B - 4ème étage |
No. 233 Tian He Road North |
|
|
29, Route de l'Aéroport |
Unit 1308 – 13th Floor |
|
|
Case Postale 105 |
Guangzhou, China |
|
|
CH-1215 Genève 15 |
Tel: +8620 3891 2000 |
|
|
Switzerland |
Fax: +8620 3891 2111 |
|
|
Tel: +41 22 799 5640 |
E-mail: china-info@brocade.com |
|
|
Fax: +41 22 799 5641 |
|
|
|
E-mail: emea-info@brocade.com |
|
|
|
Document History |
|
|
|
|
|
|
|
Title |
Publication number |
Summary of changes |
Date |
|
|
|
|
Brocade TurboIron 24X Series |
53-1003053-01 |
Release 08.0.00 has been |
September 2013 |
Configuration Guide |
|
updated for Release |
|
|
|
08.0.01 |
|
|
|
|
|
Contents
About This Document
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi Device nomenclature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxi What’s new in this document. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii
Document conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii Text formatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxxii Notes, cautions, and danger notices . . . . . . . . . . . . . . . . . . . .xxxii
Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiii Getting technical help or reporting errors . . . . . . . . . . . . . . . . . . . xxxiii Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxiv
Chapter 1 |
Feature Highlights |
|
|
Introduction to features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1 |
|
Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1 |
|
Supported management features . . . . . . . . . . . . . . . . . . . . . . . . |
1 |
|
Supported security features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
2 |
|
Supported system-level features . . . . . . . . . . . . . . . . . . . . . . . . . |
3 |
|
Supported Layer 2 features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
5 |
|
Supported Layer 3 features on TurboIron X Series devices . . . . |
7 |
Supported IPv6 management features . . . . . . . . . . . . . . . . . . . . . . . . 8 Unsupported features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2 |
Getting Familiar with Management Applications |
|
|
Using the management port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
11 |
|
How the management port works. . . . . . . . . . . . . . . . . . . . . . . . |
11 |
|
CLI Commands for use with the management port. . . . . . . . . . |
11 |
|
Logging on through the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
13 |
|
On-line help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
14 |
|
Command completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
14 |
|
Scroll control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
14 |
|
Line editing commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
14 |
Using and port number with CLI commands. . . . . . . . . . . . . . . . . . . 15 CLI nomenclature on TurboIron X Series devices . . . . . . . . . . . 15 Searching and filtering output from CLI commands . . . . . . . . . 15 Using special characters in regular expressions . . . . . . . . . . . . 18 Creating an alias for a CLI command . . . . . . . . . . . . . . . . . . . . . 19
Brocade TurboIron 24X Series Configuration Guide |
iii |
53-1003053-01 |
|
Logging on through Brocade Network Advisor . . . . . . . . . . . . . . . . . 20
Chapter 3 |
Configuring Basic Software Features |
|
|
Configuring basic system parameters . . . . . . . . . . . . . . . . . . . . . . . . |
21 |
|
Entering system administration information . . . . . . . . . . . . . . . |
22 |
|
Configuring Simple Network Management Protocol (SNMP) |
|
|
parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
22 |
|
Disabling Syslog messages and traps for CLI access . . . . . . . . |
26 |
|
Configuring an interface as the source for all Telnet packets . 27 |
|
|
Cancelling an outbound Telnet session . . . . . . . . . . . . . . . . . . . |
28 |
|
Specifying a Simple Network Time Protocol (NTPv4) server . . . |
28 |
|
Setting the system clock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
29 |
|
Limiting broadcast, multicast, and unknown unicast traffic. . . |
31 |
Configuring basic port parameters . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Assigning a port name. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Modifying port speed and duplex mode. . . . . . . . . . . . . . . . . . . 35 Auto speed detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36 Modifying port duplex mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Disabling or re-enabling a port . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Disabling or re-enabling flow control . . . . . . . . . . . . . . . . . . . . . 37 Auto-negotiation and advertisement of flow control . . . . . . . . . 37 TurboIron X SeriesConfiguring the Interpacket Gap (IPG) . . . . . 38 Changing the Gbps fiber negotiation mode . . . . . . . . . . . . . . . . 39 Modifying port priority (QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Configuring port flap dampening . . . . . . . . . . . . . . . . . . . . . . . . 39 Port loop detection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
Chapter 4 |
Operations, Administration, and Maintenance |
|
|
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
47 |
|
Determining the software versions installed and |
|
|
running on a device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
48 |
|
Determining the flash image version running on the device . . |
48 |
|
Determining the image versions installed in flash memory . . . |
48 |
|
Flash image verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
49 |
Image file types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Upgrading software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Upgrading the boot code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Upgrading the flash code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Boot code synchronization feature . . . . . . . . . . . . . . . . . . . . . . . 51
Using SNMP to upgrade software . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Changing the block size for TFTP file transfers . . . . . . . . . . . . . . . . . 52 Rebooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Displaying the boot preference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
iv |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Loading and saving configuration files . . . . . . . . . . . . . . . . . . . . . . . 54 Replacing the startup configuration with the
running configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Replacing the running configuration with the
startup configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Logging changes to the startup-config file . . . . . . . . . . . . . . . . . 55 Copying a configuration file to or from a TFTP server . . . . . . . . 55 Dynamic configuration loading . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Maximum file sizes for startup-config file and running-config . 58
Scheduling a system reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Reloading at a specific time . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Reloading after a specific amount of time. . . . . . . . . . . . . . . . . 59 Displaying the amount of time remaining
before a scheduled reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Canceling a scheduled reload. . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Diagnostic error codes and remedies for TFTP transfers. . . . . . . . . 60
Chapter 5 |
Securing Access to Management Functions |
|
|
Securing access methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
63 |
|
Restricting remote access to management functions . . . . . . . . . . . |
65 |
|
Using ACLs to restrict remote access . . . . . . . . . . . . . . . . . . . . . |
65 |
|
Defining the console idle time . . . . . . . . . . . . . . . . . . . . . . . . . . |
67 |
|
Restricting remote access to the device to specific IP addresses68 |
|
|
Restricting access to the device based on IP or |
|
|
MAC address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
69 |
|
Specifying the maximum number of login attempts |
|
|
for Telnet access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
70 |
|
Restricting remote access to the device to specific |
|
|
VLAN IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
70 |
|
Designated VLAN for Telnet management sessions to a Layer 2 |
|
|
Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
71 |
|
Device management security . . . . . . . . . . . . . . . . . . . . . . . . . . . |
72 |
|
Disabling specific access methods. . . . . . . . . . . . . . . . . . . . . . . |
72 |
Setting passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Setting a Telnet password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Setting passwords for management privilege levels . . . . . . . . . 74
Recovering from a lost password . . . . . . . . . . . . . . . . . . . . . . . . 77
Displaying the SNMP community string . . . . . . . . . . . . . . . . . . . 77
Specifying a minimum password length. . . . . . . . . . . . . . . . . . . 77
Setting up local user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Enhancements to username and password . . . . . . . . . . . . . . . 78
Configuring a local user account . . . . . . . . . . . . . . . . . . . . . . . . 82
Create password option. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Changing a local user password . . . . . . . . . . . . . . . . . . . . . . . . .84
Brocade TurboIron 24X Series Configuration Guide |
v |
53-1003053-01 |
|
Configuring TACACS/TACACS+ security . . . . . . . . . . . . . . . . . . . . . . .84 How TACACS+ differs from TACACS. . . . . . . . . . . . . . . . . . . . . . . 85 TACACS/TACACS+ authentication, authorization,
and accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 TACACS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 TACACS/TACACS+ configuration considerations . . . . . . . . . . . . 89 Enabling TACACS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Identifying the TACACS/TACACS+ servers. . . . . . . . . . . . . . . . . . 90 Specifying different servers for individual AAA functions . . . . .90 Setting optional TACACS/TACACS+ parameters . . . . . . . . . . . . . 91 Configuring authentication-method lists for TACACS/TACACS+ 92 Configuring TACACS+ authorization . . . . . . . . . . . . . . . . . . . . . . 94 Configuring TACACS+ accounting . . . . . . . . . . . . . . . . . . . . . . . . 97 Configuring an interface as the source for all
TACACS/TACACS+ packets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Displaying TACACS/TACACS+ statistics and
configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Configuring RADIUS security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100 RADIUS authentication, authorization, and accounting . . . . .100 RADIUS configuration considerations. . . . . . . . . . . . . . . . . . . .103 RADIUS configuration procedure . . . . . . . . . . . . . . . . . . . . . . .104 Configuring Brocade-specific attributes on the RADIUS server104 Enabling SNMP to configure RADIUS . . . . . . . . . . . . . . . . . . . .105 Identifying the RADIUS server to the device. . . . . . . . . . . . . . .106 Specifying different servers for individual AAA functions . . . .106 Configuring a RADIUS server per port . . . . . . . . . . . . . . . . . . .106 Mapping a RADIUS server to individual ports . . . . . . . . . . . . . 107 Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .108 Configuring authentication-method lists for RADIUS. . . . . . . .109 Configuring RADIUS authorization . . . . . . . . . . . . . . . . . . . . . .111 Configuring RADIUS accounting . . . . . . . . . . . . . . . . . . . . . . . .113 Configuring an interface as the source for all
RADIUS packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114 Displaying RADIUS configuration information . . . . . . . . . . . . .114
Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . .115 Configuration considerations for authenticationmethod lists116 Examples of authentication-method lists. . . . . . . . . . . . . . . . .117
Chapter 6 |
Configuring SSH2 and SCP |
|
|
SSH version 2 support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
119 |
|
Tested SSH2 clients. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
120 |
|
Supported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
120 |
|
Unsupported features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
120 |
|
AES encryption for SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
121 |
Configuring SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121 Recreating SSH keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Generating a host key pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .122 Configuring DSA challenge-response authentication . . . . . . .123
vi |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Setting optional parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125 Setting the number of SSH authentication retries . . . . . . . . .126 Deactivating user authentication . . . . . . . . . . . . . . . . . . . . . . .126 Enabling empty password logins. . . . . . . . . . . . . . . . . . . . . . . .126 Setting the SSH port number . . . . . . . . . . . . . . . . . . . . . . . . . .127 Setting the SSH login timeout value. . . . . . . . . . . . . . . . . . . . .127 Designating an interface as the source for all SSH
packets (Layer 3 code only). . . . . . . . . . . . . . . . . . . . . . . . . . . .127 Configuring the maximum idle time for SSH sessions . . . . . .128
Filtering SSH access using ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . .128 Terminating an active SSH connection . . . . . . . . . . . . . . . . . . . . . .128 Displaying SSH connection information . . . . . . . . . . . . . . . . . . . . .128
Using Secure copy with SSH2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Enabling and disabling SCP . . . . . . . . . . . . . . . . . . . . . . . . . . .130 Example file transfers using SCP . . . . . . . . . . . . . . . . . . . . . . .130
Chapter 7 |
Configuring IPv6 Connectivity |
|
|
IPv6 addressing overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
133 |
|
IPv6 address types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
134 |
|
IPv6 stateless autoconfiguration . . . . . . . . . . . . . . . . . . . . . . . |
136 |
|
IPv6 CLI command support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
136 |
Configuring an IPv6 host address on a Layer 2 switch. . . . . . . . . .137 Enabling IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138 Configuring a global or site-local IPv6 address with a
manually configured interface ID . . . . . . . . . . . . . . . . . . . . . . .138
Configuring the management port for an IPv6 automatic address configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Configuring basic IPv6 connectivity on a Layer 3 switch . . . . . . . .138 Configuring IPv6 on each router interface . . . . . . . . . . . . . . . .138
IPv6 management (IPv6 host support) . . . . . . . . . . . . . . . . . . . . . . 141 Restricting SNMP access to an IPv6 node . . . . . . . . . . . . . . . . 141 Specifying an IPv6 SNMP trap receiver . . . . . . . . . . . . . . . . . . 141 SNMP V3 over IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 SNTP over IPv6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Secure Shell, SCP, and IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . .142 IPv6 Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142 Configuring name-to-IPv6 address resolution using IPv6 DNS resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Defining an IPv6 DNS entry. . . . . . . . . . . . . . . . . . . . . . . . . . . .143 Using the IPv6 copy command . . . . . . . . . . . . . . . . . . . . . . . . .143 Using the IPv6 ncopy command . . . . . . . . . . . . . . . . . . . . . . . .145 IPv6 ping. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Configuring an IPv6 Syslog server . . . . . . . . . . . . . . . . . . . . . .148 Viewing IPv6 SNMP server addresses . . . . . . . . . . . . . . . . . . .149 Disabling IPv6 on a Layer 2 switch . . . . . . . . . . . . . . . . . . . . . .149
Brocade TurboIron 24X Series Configuration Guide |
vii |
53-1003053-01 |
|
Clearing global IPv6 information . . . . . . . . . . . . . . . . . . . . . . . . . . .150 Clearing the IPv6 cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150 Clearing IPv6 neighbor information . . . . . . . . . . . . . . . . . . . . .150 Clearing IPv6 traffic statistics . . . . . . . . . . . . . . . . . . . . . . . . . .151
Displaying global IPv6 information. . . . . . . . . . . . . . . . . . . . . . . . . .151 Displaying IPv6 cache information . . . . . . . . . . . . . . . . . . . . . .151 Displaying IPv6 interface information. . . . . . . . . . . . . . . . . . . .152 Displaying IPv6 neighbor information. . . . . . . . . . . . . . . . . . . .154 Displaying IPv6 TCP information . . . . . . . . . . . . . . . . . . . . . . . .155 Displaying IPv6 traffic statistics . . . . . . . . . . . . . . . . . . . . . . . .158
Chapter 8 |
Securing SNMP Access |
|
|
SNMP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
163 |
|
Establishing SNMP community strings . . . . . . . . . . . . . . . . . . . . . . |
164 |
|
Encryption of SNMP community strings . . . . . . . . . . . . . . . . . . |
164 |
|
Adding an SNMP community string . . . . . . . . . . . . . . . . . . . . . |
164 |
|
Displaying the SNMP community strings . . . . . . . . . . . . . . . . . |
166 |
|
Configuring your NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
166 |
|
Configuring SNMP version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . |
167 |
|
Defining the engine id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
167 |
|
Defining an SNMP group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
168 |
|
Defining an SNMP user account. . . . . . . . . . . . . . . . . . . . . . . . |
169 |
Defining SNMP views . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170
SNMP version 3 traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Defining an SNMP group and specifying which
view is notified of traps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Defining the UDP port for SNMP v3 traps . . . . . . . . . . . . . . . .172 Trap MIB changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173 Specifying an IPv6 host as an SNMP trap receiver . . . . . . . . .173
Displaying SNMP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Displaying the Engine ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Displaying SNMP groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Displaying user information. . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Interpreting varbinds in report packets . . . . . . . . . . . . . . . . . .175
SNMP v3 Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . .175 Simple SNMP v3 configuration . . . . . . . . . . . . . . . . . . . . . . . . .175 More detailed SNMP v3 configuration . . . . . . . . . . . . . . . . . . . 176
Chapter 9 |
Enabling the Foundry Discovery Protocol and Reading Cisco |
|
|
Discovery Protocol Packets |
|
|
Using FDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
177 |
|
Configuring FDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
177 |
|
Displaying FDP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
178 |
|
Clearing FDP and CDP information. . . . . . . . . . . . . . . . . . . . . . |
181 |
viii |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Reading CDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182 Enabling interception of CDP packets globally . . . . . . . . . . . .182 Enabling interception of CDP packets on an interface . . . . . .182 Displaying CDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .182 Clearing CDP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184
Chapter 10 |
Configuring LLDP |
|
|
Terms used in this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
187 |
LLDP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188 Benefits of LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
General operating principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 Operating modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189 LLDP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190 TLV support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
MIB support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
Configuring LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194 Configuration notes and considerations . . . . . . . . . . . . . . . . .194 Enabling and disabling LLDP. . . . . . . . . . . . . . . . . . . . . . . . . . .195 Changing a port LLDP operating mode . . . . . . . . . . . . . . . . . .195 Specifying the maximum number of LLDP neighbors . . . . . . .196 Enabling LLDP SNMP notifications and syslog messages . . .197 Changing the minimum time between LLDP transmissions . .198 Changing the interval between regular LLDP transmissions .199 Changing the holdtime multiplier for transmit TTL . . . . . . . . .199 Changing the minimum time between port reinitializations. .199 LLDP TLVs advertised by the device . . . . . . . . . . . . . . . . . . . . .200 Displaying LLDP statistics and configuration settings. . . . . . .205 LLDP configuration summary . . . . . . . . . . . . . . . . . . . . . . . . . .205 LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .206 LLDP neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 LLDP neighbors detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .208 LLDP configuration details . . . . . . . . . . . . . . . . . . . . . . . . . . . .210
Resetting LLDP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211 Clearing cached LLDP neighbor information. . . . . . . . . . . . . . . . . .211
Chapter 11 |
Monitoring Hardware Components |
|
|
Hardware support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
213 |
Brocade TurboIron 24X Series Configuration Guide |
ix |
53-1003053-01 |
|
Digital optical monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213 Supported media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .213 Media not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Supported media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Media not supported . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Configuration limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .214 Enabling digital optical monitoring . . . . . . . . . . . . . . . . . . . . . .214 Setting the alarm interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . .215 Displaying information about installed media . . . . . . . . . . . . .215 Viewing optical monitoring information . . . . . . . . . . . . . . . . . .216 Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218
Chapter 12 |
Using Syslog |
|
|
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
221 |
Displaying Syslog messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222 Enabling real-time display of Syslog messages . . . . . . . . . . . .222 Enabling real-time display for a Telnet or SSH session . . . . . .222 Show log on all terminals . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223
Configuring the Syslog service . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223 Displaying the Syslog configuration . . . . . . . . . . . . . . . . . . . . .223 Disabling or re-enabling Syslog. . . . . . . . . . . . . . . . . . . . . . . . .227 Specifying a Syslog server. . . . . . . . . . . . . . . . . . . . . . . . . . . . .227 Specifying an additional Syslog server. . . . . . . . . . . . . . . . . . .227 Disabling logging of a message level . . . . . . . . . . . . . . . . . . . .228 Changing the number of entries the local buffer can hold . . .228 Changing the log facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228 Displaying Interface names in Syslog messages. . . . . . . . . . .229 Displaying TCP or UDP port numbers in Syslog messages . . .230 Clearing the Syslog messages from the local buffer . . . . . . . .230
Appendix 13 |
Network Monitoring |
|
|
Basic management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
231 |
|
Viewing system information . . . . . . . . . . . . . . . . . . . . . . . . . . . |
231 |
|
Viewing configuration information . . . . . . . . . . . . . . . . . . . . . . |
232 |
|
Viewing port statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
232 |
|
Viewing STP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
234 |
|
Clearing statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
234 |
|
Traffic counters for outbound traffic. . . . . . . . . . . . . . . . . . . . . |
235 |
RMON support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238 Maximum number of entries allowed in the
RMON control table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238 Statistics (RMON group 1). . . . . . . . . . . . . . . . . . . . . . . . . . . . .238 History (RMON group 2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240 Alarm (RMON group 3). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Event (RMON group 9). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
x |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 sFlow support for IPv6 packets. . . . . . . . . . . . . . . . . . . . . . . . .242 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .243 Configuring and enabling sFlow . . . . . . . . . . . . . . . . . . . . . . . .244 Displaying sFlow information . . . . . . . . . . . . . . . . . . . . . . . . . .249
Configuring a utilization list for an uplink port . . . . . . . . . . . . . . . .251 Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .252 Displaying utilization percentages for an uplink . . . . . . . . . . .252
Chapter 14 |
Configuring Basic Layer 2 Features |
|
|
Enabling or disabling the Spanning Tree Protocol (STP). . . . . . . . . |
255 |
|
Modifying STP bridge and port parameters . . . . . . . . . . . . . . . |
256 |
|
Changing the MAC age time and disabling MAC address learning256 |
|
|
Disabling the automatic learning of MAC addresses . . . . . . . |
256 |
|
Displaying the MAC address table . . . . . . . . . . . . . . . . . . . . . . |
257 |
Configuring static MAC entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . .257 Multi-port static MAC address. . . . . . . . . . . . . . . . . . . . . . . . . .258
Configuring VLAN-based static MAC entries . . . . . . . . . . . . . . . . . .259
Enabling port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259 Assigning IEEE 802.1Q tagging to a port . . . . . . . . . . . . . . . . .260
Defining MAC address filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .260 Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .261 Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .261 Enabling logging of management traffic
permitted by MAC filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263
MAC address filter override for 802.1X-enabled ports . . . . . . . . . .264 MAC address filter override configuration notes . . . . . . . . . . .264 MAC address filter override configuration syntax . . . . . . . . . .264
Displaying and modifying system parameter default settings . . . .265 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .265 Displaying system parameter default values . . . . . . . . . . . . . .265 Modifying system parameter default values . . . . . . . . . . . . . .267
Egress buffer thresholds for QoS priorities . . . . . . . . . . . . . . . . . . .267 Cut-Through Switching Support. . . . . . . . . . . . . . . . . . . . . . . . .269 Default settings for egress buffer thresholds . . . . . . . . . . . . .269 Disabling and re-enabling the default settings
for egress buffer thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . .269 Setting the egress buffer threshold for all QoS
priorities on a port or group of ports . . . . . . . . . . . . . . . . . . . .270 Setting the egress buffer threshold for a specific
QoS priority on a port or group of ports . . . . . . . . . . . . . . . . . .270 Link Fault Signaling (LFS) for 10G . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Jumbo frame support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272
Brocade TurboIron 24X Series Configuration Guide |
xi |
53-1003053-01 |
|
Chapter 15 |
Configuring Metro Features |
|
|
Topology groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
273 |
|
Master VLAN and member VLANs . . . . . . . . . . . . . . . . . . . . . . |
273 |
|
Control ports and free ports . . . . . . . . . . . . . . . . . . . . . . . . . . . |
274 |
|
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . |
274 |
|
Configuring a topology group . . . . . . . . . . . . . . . . . . . . . . . . . . |
275 |
|
Displaying topology group information . . . . . . . . . . . . . . . . . . . |
276 |
Metro Ring Protocol (MRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279 MRP rings without shared interfaces (MRP Phase 1) . . . . . . .279 MRP rings with shared interfaces (MRP Phase 2). . . . . . . . . .280 Ring initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282 How ring breaks are detected and healed . . . . . . . . . . . . . . . .285 Alarm RHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .288 Master VLANs and customer VLANs . . . . . . . . . . . . . . . . . . . . .289 Configuring MRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291 Using MRP diagnostics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .293 Displaying MRP information . . . . . . . . . . . . . . . . . . . . . . . . . . .294 MRP CLI example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .296
Virtual Switch Redundancy Protocol (VSRP) . . . . . . . . . . . . . . . . . .298 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .300 Layer 2 and Layer 3 redundancy . . . . . . . . . . . . . . . . . . . . . . .300 Master election and failover . . . . . . . . . . . . . . . . . . . . . . . . . . .300 VSRP-Aware security features . . . . . . . . . . . . . . . . . . . . . . . . . .305 VSRP parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .305 Configuring basic VSRP parameters. . . . . . . . . . . . . . . . . . . . .308 Configuring optional VSRP parameters . . . . . . . . . . . . . . . . . .309 Displaying VSRP information. . . . . . . . . . . . . . . . . . . . . . . . . . .318 VSRP fast start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321 VSRP and MRP signaling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
Chapter 16 |
Configuring Uni-Directional Link Detection (UDLD) |
|
|
UDLD overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
325 |
|
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . |
325 |
|
Enabling UDLD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
326 |
|
Changing the Keepalive interval . . . . . . . . . . . . . . . . . . . . . . . . |
326 |
|
Changing the Keepalive retries. . . . . . . . . . . . . . . . . . . . . . . . . |
326 |
|
UDLD for tagged ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
327 |
|
Displaying UDLD information . . . . . . . . . . . . . . . . . . . . . . . . . . |
327 |
|
Clearing UDLD statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
329 |
Chapter 17 |
Configuring Trunk Groups and Dynamic Link Aggregation |
|
|
Trunk group overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
331 |
|
Trunk group connectivity to a server. . . . . . . . . . . . . . . . . . . . . |
332 |
|
Trunk group rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
333 |
|
Trunk group configuration examples . . . . . . . . . . . . . . . . . . . . |
334 |
|
Flexible trunk group membership . . . . . . . . . . . . . . . . . . . . . . . |
334 |
|
Trunk group load sharing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
335 |
xii |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Configuring a trunk group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336 CLI syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .336 Example 1: Configuring the trunk groups shown in Figure 75337 Example 2: Configuring a trunk group that spans
two Gbps Ethernet modules in a chassis device . . . . . . . . . . .338 Example 3: Configuring a multi-slot trunk group
with one port per module . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338 Example 4: Configuring a trunk group of 10 Gbps
Ethernet ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338 Additional trunking options . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
Displaying trunk group configuration information . . . . . . . . . . . . .343
Dynamic link aggregation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344 Examples of valid LACP trunk groups . . . . . . . . . . . . . . . . . . . .345 Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .345 Adaptation to trunk disappearance . . . . . . . . . . . . . . . . . . . . .347 Flexible trunk eligibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347 Enabling dynamic link aggregation. . . . . . . . . . . . . . . . . . . . . .348 How changing the VLAN membership of a port affects
trunk groups and dynamic keys . . . . . . . . . . . . . . . . . . . . . . . .350 Link aggregation parameters . . . . . . . . . . . . . . . . . . . . . . . . . .350
Displaying and determining the status of aggregate links . . . . . . .355 Events that affect the status of ports in an aggregate link. . .355 Displaying link aggregation and port status information . . . .356 Displaying LACP status information . . . . . . . . . . . . . . . . . . . . .358
Clearing the negotiated aggregate links table . . . . . . . . . . . . . . . .358
Configuring single link LACP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .358 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359 CLI syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .359
Chapter 18 |
Configuring Virtual LANs (VLANs) |
|
|
VLAN overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
361 |
|
Types of VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
361 |
|
Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
366 |
|
802.1Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
367 |
|
Spanning Tree Protocol (STP) . . . . . . . . . . . . . . . . . . . . . . . . . . |
369 |
|
Virtual routing interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
370 |
|
VLAN and virtual routing interface groups . . . . . . . . . . . . . . . . |
371 |
|
Dynamic, static, and excluded port membership . . . . . . . . . . |
372 |
|
Super aggregated VLANs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
374 |
|
Trunk group ports and VLAN membership . . . . . . . . . . . . . . . . |
374 |
Brocade TurboIron 24X Series Configuration Guide |
xiii |
53-1003053-01 |
|
Routing between VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374 Virtual routing interfaces (Layer 3 Switches only) . . . . . . . . . . 374 Routing between VLANs using virtual routing
interfaces (Layer 3 Switches only) . . . . . . . . . . . . . . . . . . . . . .375 Dynamic port assignment (Layer 2 Switches
and Layer 3 Switches) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Assigning a different VLAN ID to the default VLAN . . . . . . . . . 376 Assigning different VLAN IDs to reserved VLANs 4091 and 4092376 Assigning trunk group ports . . . . . . . . . . . . . . . . . . . . . . . . . . .377 Configuring port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . .378 Modifying a port-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . .381 Enable spanning tree on a VLAN . . . . . . . . . . . . . . . . . . . . . . .382
Configuring IP subnet, IPX network andprotocol-based VLANs . . .383 Configuration example. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .383
Routing between VLANs using virtual routing
interfaces (Layer 3 Switches only) . . . . . . . . . . . . . . . . . . . . . . . . . .385
Configuring uplink ports within a port-based VLAN . . . . . . . . . . . .391 Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . .391 Configuration syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .391
Configuring the same IP subnet address on multiple
port-based VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .392
Configuring VLAN groups and virtual routing interface groups . . .395 Configuring a VLAN group . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395 Configuring a virtual routing interface group . . . . . . . . . . . . . .397 Displaying the VLAN group and virtual routing
interface group information . . . . . . . . . . . . . . . . . . . . . . . . . . .398 Allocating memory for more VLANs or virtual routing interfaces398
Configuring super aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . .399 Configuration note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .403 Configuring aggregated VLANs . . . . . . . . . . . . . . . . . . . . . . . . .403 Verifying the configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . .404 Complete CLI examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .404
Configuring 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . . .407 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .408 Enabling 802.1Q-in-Q tagging . . . . . . . . . . . . . . . . . . . . . . . . . .408 Example configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .409
Configuring private VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .412 Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . .413 Command syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .413 CLI example for Figure 52 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415
Dual-mode VLAN ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415
Displaying VLAN information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .418 Displaying VLANs in alphanumeric order . . . . . . . . . . . . . . . . .418 Displaying system-wide VLAN information . . . . . . . . . . . . . . . .419 Displaying VLAN information for specific ports . . . . . . . . . . . .420
xiv |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Chapter 19 |
Configuring Port Mirroring and Monitoring |
|
|
Mirroring support by platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
423 |
|
Configuring port mirroring and monitoring . . . . . . . . . . . . . . . . . . . |
423 |
|
Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
424 |
|
Monitoring a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
425 |
|
Monitoring an individual trunk port . . . . . . . . . . . . . . . . . . . . . |
425 |
ACL-based inbound mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .426 Creating an ACL-based inbound mirror clause. . . . . . . . . . . . .426
MAC filter-based mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430 Configuring MAC filter-based mirroring. . . . . . . . . . . . . . . . . . .430
Chapter 20 |
Configuring IP |
|
|
Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
433 |
|
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
433 |
|
IP interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
434 |
|
IP packet flow through a Layer 3 Switch. . . . . . . . . . . . . . . . . . |
435 |
|
IP route exchange protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . |
439 |
|
IP multicast protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
440 |
|
IP interface redundancy protocols . . . . . . . . . . . . . . . . . . . . . . |
440 |
|
Access Control Lists and IP access policies. . . . . . . . . . . . . . . |
440 |
Basic IP parameters and defaults – Layer 3 Switches. . . . . . . . . .441 When parameter changes take effect . . . . . . . . . . . . . . . . . . .441 IP global parameters – Layer 3 Switches. . . . . . . . . . . . . . . . .442 IP interface parameters – Layer 3 Switches . . . . . . . . . . . . . .445
Basic IP parameters and defaults – Layer 2 Switches. . . . . . . . . .446 IP global parameters – Layer 2 Switches. . . . . . . . . . . . . . . . .446 Interface IP parameters – Layer 2 Switches . . . . . . . . . . . . . .447
Configuring IP parameters – Layer 3 Switches . . . . . . . . . . . . . . . .447 Configuring IP addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448 Configuring 31-bit subnet masks on point-to-point networks.450 Configuring packet parameters . . . . . . . . . . . . . . . . . . . . . . . .452 Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455 Specifying a single source interface for Telnet, TACACS/TACACS+, or RADIUS Packets . . . . . . . . . . . . . . . . . . .456 Configuring ARP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .458 Configuring forwarding parameters . . . . . . . . . . . . . . . . . . . . .462 Disabling ICMP messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463 Configuring static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465 Configuring a default network route . . . . . . . . . . . . . . . . . . . . .473 Configuring IP load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 Configuring IRDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Configuring RARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479 Configuring UDP broadcast and IP helper parameters . . . . . .481 Configuring BootP/DHCP relay parameters . . . . . . . . . . . . . . .483
Brocade TurboIron 24X Series Configuration Guide |
xv |
53-1003053-01 |
|
Configuring IP parameters – Layer 2 Switches . . . . . . . . . . . . . . . .484 Configuring the management IP address and specifying
the default gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485 Configuring Domain Name Server (DNS) resolver. . . . . . . . . .486 Changing the TTL threshold . . . . . . . . . . . . . . . . . . . . . . . . . . .487 Configuring DHCP Assist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .488
Displaying IP configuration information and statistics . . . . . . . . . .492 Changing the network mask display to prefix format . . . . . . .492 Displaying IP information – Layer 3 Switches . . . . . . . . . . . . .492 Displaying IP information – Layer 2 Switches . . . . . . . . . . . . .506
Chapter 21 |
Configuring Spanning Tree Protocol (STP) Related Features |
|
|
STP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
511 |
|
Configuring standard STP parameters. . . . . . . . . . . . . . . . . . . . . . . |
511 |
|
STP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . . |
512 |
|
Enabling or disabling the Spanning Tree Protocol (STP) . . . . . |
513 |
|
Changing STP bridge and port parameters . . . . . . . . . . . . . . . |
514 |
|
STP protection enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . |
516 |
|
Displaying STP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
517 |
Configuring STP related features . . . . . . . . . . . . . . . . . . . . . . . . . . .524 802.1W Rapid Spanning Tree (RSTP) . . . . . . . . . . . . . . . . . . . .525 802.1W Draft 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .562 Single Spanning Tree (SSTP) . . . . . . . . . . . . . . . . . . . . . . . . . . .566
PVST/PVST+ compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .568 Overview of PVST and PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . .569 VLAN tags and dual mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . .570 Configuring PVST+ support . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571 Displaying PVST+ support information . . . . . . . . . . . . . . . . . . . 571 Configuration examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .572
PVRST compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575
BPDU guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .575 Enabling BPDU protection by port. . . . . . . . . . . . . . . . . . . . . . .575 Re-enabling ports disabled by BPDU guard . . . . . . . . . . . . . . . 576 Displaying the BPDU guard status . . . . . . . . . . . . . . . . . . . . . . 576 Example console messages . . . . . . . . . . . . . . . . . . . . . . . . . . .577
Root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .577 Enabling STP root guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .578 Displaying the STP root guard . . . . . . . . . . . . . . . . . . . . . . . . . .578
802.1s Multiple Spanning Tree Protocol . . . . . . . . . . . . . . . . . . . . .578 Multiple spanning-tree regions . . . . . . . . . . . . . . . . . . . . . . . . .578 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .580 Configuring MSTP mode and scope . . . . . . . . . . . . . . . . . . . . .580 Configuring additional MSTP parameters . . . . . . . . . . . . . . . .581
Chapter 22 |
Configuring RIP |
|
|
RIP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
591 |
|
ICMP host unreachable message for undeliverable ARPs . . . |
591 |
xvi |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
RIP parameters and defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592 RIP global parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .592 RIP interface parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593
Configuring RIP parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593 Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .593 Configuring metric parameters . . . . . . . . . . . . . . . . . . . . . . . . .594 Changing the administrative distance. . . . . . . . . . . . . . . . . . .595 Configuring redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . .595 Configuring route learning and advertising parameters . . . . .598 Changing the route loop prevention method . . . . . . . . . . . . . .599 Suppressing RIP route advertisement on a VRRP
or VRRPE backup interface . . . . . . . . . . . . . . . . . . . . . . . . . . . .600 Configuring RIP route filters . . . . . . . . . . . . . . . . . . . . . . . . . . .600
Displaying RIP filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .601 Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . . . . . .602
Chapter 23 |
Configuring OSPF Version 2 (IPv4) |
|
|
Overview of OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
605 |
|
OSPF point-to-point Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
607 |
|
Designated routers in multi-access networks . . . . . . . . . . . . . |
608 |
|
Designated router election in multi-access networks . . . . . . . |
608 |
|
OSPF RFC 1583 and 2178 compliance . . . . . . . . . . . . . . . . . . |
609 |
|
Reduction of equivalent AS External LSAs . . . . . . . . . . . . . . . . |
610 |
|
Support for OSPF RFC 2328 Appendix E . . . . . . . . . . . . . . . . . |
612 |
|
Dynamic OSPF activation and configuration . . . . . . . . . . . . . . |
613 |
Brocade TurboIron 24X Series Configuration Guide |
xvii |
53-1003053-01 |
|
Configuring OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .613 Configuration rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614 OSPF parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .614 Enable OSPF on the router . . . . . . . . . . . . . . . . . . . . . . . . . . . .615 Assign OSPF areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .616 Assigning an area range (optional). . . . . . . . . . . . . . . . . . . . . .620 Assigning interfaces to an area . . . . . . . . . . . . . . . . . . . . . . . .620 Modify interface defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . .620 Change the timer for OSPF authentication changes . . . . . . . .623 Block flooding of outbound LSAs on specific OSPF interfaces624 Assign virtual links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .624 Modify virtual link parameters . . . . . . . . . . . . . . . . . . . . . . . . .626 Changing the reference bandwidth for the cost on
OSPF interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .627 Define redistribution filters . . . . . . . . . . . . . . . . . . . . . . . . . . . .629 Prevent specific OSPF routes from being installed in the
IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 Modify default metric for redistribution . . . . . . . . . . . . . . . . . .634 Enable route redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . .635 Disable or re-enable load sharing. . . . . . . . . . . . . . . . . . . . . . .636 Configure external route summarization . . . . . . . . . . . . . . . . .637 Configure default route origination. . . . . . . . . . . . . . . . . . . . . .639 Modify SPF timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .640 Modify redistribution metric type . . . . . . . . . . . . . . . . . . . . . . .640 Modify administrative distance. . . . . . . . . . . . . . . . . . . . . . . . .641 Configure OSPF group Link State Advertisement
(LSA) pacing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .642 Modify OSPF traps generated . . . . . . . . . . . . . . . . . . . . . . . . . .642 Modify OSPF standard compliance setting . . . . . . . . . . . . . . .643 Modify exit overflow interval . . . . . . . . . . . . . . . . . . . . . . . . . . .643 Specifying the types of OSPF Syslog messages to log . . . . . .644
Clearing OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644 Clearing OSPF neighbor information . . . . . . . . . . . . . . . . . . . .644 Clearing OSPF topology information . . . . . . . . . . . . . . . . . . . . .645 Clearing redistributed routes from the OSPF routing table. . .645 Clearing information for OSPF areas . . . . . . . . . . . . . . . . . . . .645
Displaying OSPF information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .646 Displaying general OSPF configuration information . . . . . . . .646 Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .647 Displaying OSPF area information . . . . . . . . . . . . . . . . . . . . . .649 Displaying OSPF neighbor information . . . . . . . . . . . . . . . . . . .649 Displaying OSPF interface information. . . . . . . . . . . . . . . . . . .651 Displaying OSPF route information . . . . . . . . . . . . . . . . . . . . . .653 Displaying OSPF external link state information . . . . . . . . . . .655 Displaying OSPF link state information . . . . . . . . . . . . . . . . . .656 Displaying the data in an LSA . . . . . . . . . . . . . . . . . . . . . . . . . .656 Displaying OSPF virtual neighbor information . . . . . . . . . . . . .657 Displaying OSPF virtual link information . . . . . . . . . . . . . . . . .657 Displaying OSPF ABR and ASBR information . . . . . . . . . . . . . .657 Displaying OSPF trap status . . . . . . . . . . . . . . . . . . . . . . . . . . .658
xviii |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Chapter 24 |
Configuring BGP4 |
|
|
Overview of BGP4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
660 |
|
Relationship between the BGP4 route table and the IP route table |
|
|
660 |
|
|
How BGP4 selects a path for a route . . . . . . . . . . . . . . . . . . . . |
661 |
|
BGP4 message types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
663 |
Basic configuration and activation for BGP4 . . . . . . . . . . . . . . . . .665 Note regarding disabling BGP4. . . . . . . . . . . . . . . . . . . . . . . . .665
BGP4 parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .666 When parameter changes take effect . . . . . . . . . . . . . . . . . . .667
Memory considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .668 Memory configuration options obsoleted by dynamic memory669
Basic configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669 Enabling BGP4 on the router . . . . . . . . . . . . . . . . . . . . . . . . . .669 Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669 Setting the local AS number . . . . . . . . . . . . . . . . . . . . . . . . . . .670 Adding a loopback interface . . . . . . . . . . . . . . . . . . . . . . . . . . .670 Adding BGP4 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671 Adding a BGP4 peer group . . . . . . . . . . . . . . . . . . . . . . . . . . . .677
Optional configuration tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .681 Changing the Keep Alive Time and Hold Time . . . . . . . . . . . . .681 Changing the BGP4 next-hop update timer . . . . . . . . . . . . . . .682 Enabling fast external fallover. . . . . . . . . . . . . . . . . . . . . . . . . .682 Changing the maximum number of paths for
BGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .683 Customizing BGP4 load sharing . . . . . . . . . . . . . . . . . . . . . . . .684 Specifying a list of networks to advertise. . . . . . . . . . . . . . . . .685 Changing the default local preference . . . . . . . . . . . . . . . . . . .686 Using the IP default route as a valid next hop for
a BGP4 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687 Advertising the default route. . . . . . . . . . . . . . . . . . . . . . . . . . .687 Changing the default MED (Metric) used for
route redistribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .687 Enabling next-hop recursion . . . . . . . . . . . . . . . . . . . . . . . . . . .688 Changing administrative distances . . . . . . . . . . . . . . . . . . . . .691 Requiring the first AS to be the neighbor AS . . . . . . . . . . . . . .692 Disabling or re-enabling comparison of the AS-Path length . .692 Enabling or disabling comparison of the router IDs . . . . . . . .693 Configuring the Layer 3 Switch to always compare
Multi-Exit Discriminators (MEDs) . . . . . . . . . . . . . . . . . . . . . . .693 Treating missing MEDs as the worst MEDs . . . . . . . . . . . . . . .694 Configuring route reflection parameters . . . . . . . . . . . . . . . . .694 Aggregating routes advertised to BGP4 neighbors . . . . . . . . .698
Brocade TurboIron 24X Series Configuration Guide |
xix |
53-1003053-01 |
|
Modifying redistribution parameters . . . . . . . . . . . . . . . . . . . . . . . .699 Redistributing connected routes. . . . . . . . . . . . . . . . . . . . . . . .699 Redistributing RIP routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .700 Redistributing OSPF external routes. . . . . . . . . . . . . . . . . . . . .700 Redistributing static routes . . . . . . . . . . . . . . . . . . . . . . . . . . . .701 Disabling or re-enabling re-advertisement of all learned
BGP4 routes to all BGP4 neighbors . . . . . . . . . . . . . . . . . . . . .701 Redistributing IBGP routes into RIP and OSPF. . . . . . . . . . . . .701
Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .702 Filtering specific IP addresses . . . . . . . . . . . . . . . . . . . . . . . . .702 Filtering AS-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .703 Filtering communities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .707 Defining IP prefix lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .709 Defining neighbor distribute lists . . . . . . . . . . . . . . . . . . . . . . . 710 Defining route maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 Using a table map to set the rag value. . . . . . . . . . . . . . . . . . . 719 Configuring cooperative BGP4 route filtering. . . . . . . . . . . . . . 719
Configuring route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . .722 Globally configuring route flap dampening . . . . . . . . . . . . . . .723 Using a route map to configure route flap dampening
for specific routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724 Using a route map to configure route flap dampening for
a specific neighbor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .725 Removing route dampening from a route. . . . . . . . . . . . . . . . .726 Removing route dampening from a neighbor routes
suppressed due to aggregation . . . . . . . . . . . . . . . . . . . . . . . .726 Displaying and clearing route flap dampening statistics . . . .727
Generating traps for BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729
Displaying BGP4 information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .729 Displaying summary BGP4 information . . . . . . . . . . . . . . . . . .729 Displaying the active BGP4 configuration . . . . . . . . . . . . . . . .731 Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .732 Displaying summary neighbor information . . . . . . . . . . . . . . .733 Displaying BGP4 neighbor information. . . . . . . . . . . . . . . . . . .735 Displaying peer group information . . . . . . . . . . . . . . . . . . . . . . 746 Displaying summary route information . . . . . . . . . . . . . . . . . . 747 Displaying the BGP4 route table . . . . . . . . . . . . . . . . . . . . . . . . 748 Displaying BGP4 route-attribute entries. . . . . . . . . . . . . . . . . .754 Displaying the routes BGP4 has placed in the
IP route table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .755 Displaying route flap dampening statistics . . . . . . . . . . . . . . .756 Displaying the active route map configuration . . . . . . . . . . . .757
Updating route information and resetting a neighbor session . . .758 Using soft reconfiguration . . . . . . . . . . . . . . . . . . . . . . . . . . . . .758 Dynamically requesting a route refresh from
a BGP4 neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 Closing or resetting a neighbor session . . . . . . . . . . . . . . . . . .764 Clearing and resetting BGP4 routes in the IP route table . . . .764
Clearing traffic counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .765
xx |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Clearing route flap dampening statistics. . . . . . . . . . . . . . . . . . . . .765 Removing route flap dampening . . . . . . . . . . . . . . . . . . . . . . . . . . .765 Clearing diagnostic buffers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .766
Chapter 25 |
Configuring IP Multicast Traffic Reduction |
|
|
IGMP snooping overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
767 |
|
IGMP V1, V2, and V3 snooping support . . . . . . . . . . . . . . . . . . |
768 |
|
Queriers and non-queriers . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
768 |
|
IGMP snooping enhancements. . . . . . . . . . . . . . . . . . . . . . . . . |
769 |
|
Configuration notes and feature limitations . . . . . . . . . . . . . . |
769 |
|
PIM SM traffic snooping overview . . . . . . . . . . . . . . . . . . . . . . . . . . |
771 |
|
PIM SM snooping support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
771 |
|
Application examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
771 |
|
Configuration notes and limitations . . . . . . . . . . . . . . . . . . . . . |
773 |
Configuring IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .773 Enabling IGMP snooping globally on the device . . . . . . . . . . .775 Configuring the IGMP mode . . . . . . . . . . . . . . . . . . . . . . . . . . .775 Configuring the IGMP version . . . . . . . . . . . . . . . . . . . . . . . . . . 776 Disabling IGMP snooping on a VLAN . . . . . . . . . . . . . . . . . . . . 776 Disabling transmission and receipt of IGMP packets
on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .777 Modifying the age interval for group membership entries . . .777 Modifying the query interval (active IGMP snooping
mode only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .777 Modifying the maximum response time . . . . . . . . . . . . . . . . . .778 Configuring report control . . . . . . . . . . . . . . . . . . . . . . . . . . . . .778 Modifying the wait time before stopping traffic when receiving a leave message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .778 Modifying the multicast cache age time . . . . . . . . . . . . . . . . .779 Enabling or disabling error and warning messages . . . . . . . .779 Configuring static router ports . . . . . . . . . . . . . . . . . . . . . . . . .779 Turning off static group proxy . . . . . . . . . . . . . . . . . . . . . . . . . .779 IGMP V3 membership tracking and fast leave . . . . . . . . . . . .780 Fast leave for IGMP V2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .780 Fast convergence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .781
Configuring PIM SM snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . .781 Enabling or disabling PIM SM snooping . . . . . . . . . . . . . . . . . .781 Enabling PIM SM snooping on a VLAN . . . . . . . . . . . . . . . . . . .782 Disabling PIM SM snooping on a VLAN . . . . . . . . . . . . . . . . . .782
IGMP snooping show commands. . . . . . . . . . . . . . . . . . . . . . . . . . .782 Displaying the IGMP snooping configuration . . . . . . . . . . . . . .782 Displaying IGMP snooping errors . . . . . . . . . . . . . . . . . . . . . . .783 Displaying IGMP group information . . . . . . . . . . . . . . . . . . . . .784 Displaying IGMP snooping mcache information . . . . . . . . . . .785 Displaying software resource usage for VLANs . . . . . . . . . . . .786 Displaying the status of IGMP snooping traffic . . . . . . . . . . . .787
Brocade TurboIron 24X Series Configuration Guide |
xxi |
53-1003053-01 |
|
PIM SM snooping show commands. . . . . . . . . . . . . . . . . . . . . . . . .788 Displaying PIM SM snooping information. . . . . . . . . . . . . . . . .788 Displaying PIM SM snooping information on a Layer 2 switch788 Displaying PIM SM snooping information for a specific
group or source group pair . . . . . . . . . . . . . . . . . . . . . . . . . . . .789
Clear commands for IGMP snooping . . . . . . . . . . . . . . . . . . . . . . . .790 Clearing the IGMP mcache . . . . . . . . . . . . . . . . . . . . . . . . . . . .790 Clearing the mcache on a specific VLAN . . . . . . . . . . . . . . . . .790 Clearing traffic on a specific VLAN . . . . . . . . . . . . . . . . . . . . . .791 Clearing IGMP counters on VLANs . . . . . . . . . . . . . . . . . . . . . .791
Chapter 26 |
Configuring IP Multicast Protocols |
|
|
Overview of IP multicasting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
793 |
|
IPv4 multicast group addresses . . . . . . . . . . . . . . . . . . . . . . . . |
794 |
|
Mapping of IPv4 Multicast group addresses to |
|
|
Ethernet MAC addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
794 |
|
Supported Layer 3 multicast routing protocols . . . . . . . . . . . . |
794 |
|
Multicast terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
794 |
|
Changing global IP multicast parameters . . . . . . . . . . . . . . . . . . . . |
795 |
|
Changing dynamic memory allocation for IP multicast groups795 |
|
|
Changing IGMP V1 and V2 parameters . . . . . . . . . . . . . . . . . . |
796 |
PIM Dense . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .798 Initiating PIM multicasts on a network . . . . . . . . . . . . . . . . . . .798 Pruning a multicast tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .799 Grafts to a multicast Tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . .801 PIM DM versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .802 Configuring PIM DM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .802 Failover time in a multi-path topology . . . . . . . . . . . . . . . . . . .806 Modifying the TTL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .806
PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .806 PIM Sparse switch types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .807 RP paths and SPT paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808 Configuring PIM Sparse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .808 Displaying PIM Sparse configuration information
and statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817 Passive multicast route insertion. . . . . . . . . . . . . . . . . . . . . . . . . . .830
Multicast Source Discovery Protocol (MSDP) . . . . . . . . . . . . . . . . .830 Peer Reverse Path Forwarding (RPF) flooding . . . . . . . . . . . . .832 Source active caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .832 Configuring MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .833 Designating an interface IP address as
the RP IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .834 Filtering MSDP source-group pairs . . . . . . . . . . . . . . . . . . . . . .835 MSDP mesh groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .838 Displaying MSDP information . . . . . . . . . . . . . . . . . . . . . . . . . .844 Clearing MSDP information. . . . . . . . . . . . . . . . . . . . . . . . . . . .848
xxii |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Using ACLs to control multicast features. . . . . . . . . . . . . . . . . . . . .849 Using ACLs to limit static RP groups . . . . . . . . . . . . . . . . . . . . .849 Using ACLs to limit PIM RP candidate advertisement . . . . . . .851
Tracing a multicast route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .852 Displaying the multicast configuration for another multicast router853
IGMP V3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .854 Default IGMP version. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .855 Compatibility with IGMP V1 and V2 . . . . . . . . . . . . . . . . . . . . .855 Globally enabling the IGMP version . . . . . . . . . . . . . . . . . . . . .856 Enabling the IGMP version per interface setting . . . . . . . . . . .856 Enabling the IGMP version on a physical port within
a virtual routing interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . .856 Enabling membership tracking and fast leave . . . . . . . . . . . .857 Setting the query interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . .857 Setting the group membership time. . . . . . . . . . . . . . . . . . . . .858 Setting the maximum response time . . . . . . . . . . . . . . . . . . . .858 Displaying IGMP V3 information on Layer 3 Switches. . . . . . .858 Clearing IGMP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .862
Chapter 27 |
Configuring VRRP and VRRPE |
|
|
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
863 |
|
Overview of VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
864 |
|
Overview of VRRPE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
868 |
|
Configuration note . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
871 |
Comparison of VRRP and VRRPE . . . . . . . . . . . . . . . . . . . . . . . . . . . 871 VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871 VRRPE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871 Architectural differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871
VRRP and VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . .872
Configuring basic VRRP parameters . . . . . . . . . . . . . . . . . . . . . . . . 874 Configuring the Owner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .875 Configuring a Backup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .875 Configuration rules for VRRP. . . . . . . . . . . . . . . . . . . . . . . . . . .875
Configuring basic VRRPE parameters . . . . . . . . . . . . . . . . . . . . . . .875 Configuration rules for VRRPE . . . . . . . . . . . . . . . . . . . . . . . . . 876
Note regarding disabling VRRP or VRRPE . . . . . . . . . . . . . . . . . . . . 876 Configuring additional VRRP and VRRPE parameters . . . . . . . . . . 876 Forcing a Master router to abdicate to a standby router . . . . . . . .883
Displaying VRRP and VRRPE information . . . . . . . . . . . . . . . . . . . .884 Displaying summary information . . . . . . . . . . . . . . . . . . . . . . .884 Displaying detailed information . . . . . . . . . . . . . . . . . . . . . . . .886 Displaying statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .891 Clearing VRRP or VRRPE statistics . . . . . . . . . . . . . . . . . . . . . .892 Displaying CPU utilization statistics . . . . . . . . . . . . . . . . . . . . .892
Brocade TurboIron 24X Series Configuration Guide |
xxiii |
53-1003053-01 |
|
Configuration examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894 VRRP example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .894 VRRPE example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .895
Chapter 28 |
Configuring Rule-Based IP Access Control Lists |
|
|
ACL overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
897 |
|
Types of IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
898 |
|
ACL IDs and entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
898 |
|
Numbered and named ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . |
899 |
|
Default ACL action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
899 |
How hardware-based ACLs work . . . . . . . . . . . . . . . . . . . . . . . . . . .899 How fragmented packets are processed . . . . . . . . . . . . . . . . .899 Hardware aging of Layer 4 CAM entries . . . . . . . . . . . . . . . . . .900
Configuration considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .900
Configuring standard numbered ACLs. . . . . . . . . . . . . . . . . . . . . . .901 Standard numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .901 Configuration example for standard numbered ACLs . . . . . . .902
Configuring standard named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .903 Standard named ACL syntax . . . . . . . . . . . . . . . . . . . . . . . . . . .903 Configuration example for standard named ACLs . . . . . . . . . .904
Configuring extended numbered ACLs . . . . . . . . . . . . . . . . . . . . . .905 Extended numbered ACL syntax . . . . . . . . . . . . . . . . . . . . . . . .906 Configuration examples for extended numbered ACLs . . . . . .909
Configuring extended named ACLs . . . . . . . . . . . . . . . . . . . . . . . . .911 Extended named ACL syntax. . . . . . . . . . . . . . . . . . . . . . . . . . .911 Configuration example for extended named ACLs. . . . . . . . . .915
Preserving user input for ACL TCP/UDP port numbers. . . . . . . . . .915
Managing ACL comment text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .916 Adding a comment to an entry in a numbered ACL. . . . . . . . .916
Applying an ACL to a virtual interface in a protocol-
or subnet-based VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917 Enabling ACL logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917 Enabling strict control of ACL filtering of fragmented packets. . . .919 Enabling ACL support for switched traffic in the router image . . .920
Enabling ACL filtering based on VLAN membership or VE port membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .920
Applying an IPv4 ACL to specific VLAN members on
a port (Layer 2 devices only) . . . . . . . . . . . . . . . . . . . . . . . . . . .921 Applying an IPv4 ACL to a subset of ports on a virtual
interface (Layer 3 devices only) . . . . . . . . . . . . . . . . . . . . . . . .922 Filtering on IP precedence and ToS values . . . . . . . . . . . . . . . . . . .922
QoS options for IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .923 DSCP matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .924
ACL-based rate limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .925
xxiv |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Using ACLs to control multicast features. . . . . . . . . . . . . . . . . . . . .925 Enabling and viewing hardware usage statistics for an ACL . . . . .925 Displaying ACL information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926 Troubleshooting ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .926
Chapter 29 |
Configuring Traffic Policies |
|
|
About traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
929 |
Configuration notes and feature limitations . . . . . . . . . . . . . . . . . .930
Maximum number of traffic policies supported on a device . . . . .931 Setting the maximum number of traffic policies supported
on a Layer 3 device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .931
ACL-based rate limiting using traffic policies. . . . . . . . . . . . . . . . . .931 Support for fixed rate limiting and adaptive rate limiting . . . .932 Configuring ACL-based fixed rate limiting. . . . . . . . . . . . . . . . .932 Configuring ACL-based adaptive rate limiting . . . . . . . . . . . . .933 Specifying the action to be taken for packets that are
over the limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .935
ACL and rate limit counting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .936 Enabling ACL statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .937 Enabling ACL statistics with rate limiting traffic policies. . . . .938 Viewing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . . .938 Clearing ACL and rate limit counters . . . . . . . . . . . . . . . . . . . .939
Viewing traffic policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .939
Chapter 30 |
Configuring 802.1X Port Security |
|
|
IETF RFC support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
941 |
How 802.1X port security works . . . . . . . . . . . . . . . . . . . . . . . . . . .941 Device roles in an 802.1X configuration . . . . . . . . . . . . . . . . .941 Communication between the devices . . . . . . . . . . . . . . . . . . .942 Controlled and uncontrolled ports . . . . . . . . . . . . . . . . . . . . . .944 Message exchange during authentication . . . . . . . . . . . . . . . .945 Authenticating multiple hosts connected to the same port . .947 802.1X port security and sFlow . . . . . . . . . . . . . . . . . . . . . . . .950
Brocade TurboIron 24X Series Configuration Guide |
xxv |
53-1003053-01 |
|
Configuring 802.1X port security . . . . . . . . . . . . . . . . . . . . . . . . . . .950 Configuring an authentication method list for 802.1X . . . . . .950 Setting RADIUS parameters . . . . . . . . . . . . . . . . . . . . . . . . . . .951 Configuring dynamic VLAN assignment for 802.1X ports . . . .954 Dynamically applying IP ACLs and MAC filters to
802.1X ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .958 Enabling 802.1X port security. . . . . . . . . . . . . . . . . . . . . . . . . .961 Setting the port control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .962 Configuring periodic re-authentication. . . . . . . . . . . . . . . . . . .963 Re-authenticating a port manually . . . . . . . . . . . . . . . . . . . . . .963 Setting the quiet period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .964 Specifying the wait interval and number of EAP-request/ identity frame retransmissions . . . . . . . . . . . . . . . . . . . . . . . . .964 Specifying the wait interval and number of EAP-request/ identity frame retransmissions from the RADIUS server . . . .965 Specifying a timeout for retransmission of messages to the authentication server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .966 Initializing 802.1X on a port . . . . . . . . . . . . . . . . . . . . . . . . . . .966 Allowing access to multiple hosts . . . . . . . . . . . . . . . . . . . . . . .966 Configuring VLAN access for non-EAP-capable clients . . . . . .968
Displaying 802.1X information. . . . . . . . . . . . . . . . . . . . . . . . . . . . .969 Displaying 802.1X configuration information . . . . . . . . . . . . .970 Displaying 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . .972 Clearing 802.1X statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .973 Displaying dynamically assigned VLAN information . . . . . . . .973 Displaying information about dynamically applied
MAC filters and IP ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 974 Displaying 802.1X multiple-host authentication
information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .975
Sample 802.1X configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . .979 Point-to-point configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . .979 Hub configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .981 802.1X Authentication with dynamic VLAN assignment . . . . .983
Using multi-device port authentication and 802.1X security
on the same port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .984 Configuring Brocade-specific attributes on the RADIUS server985 Example configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .986
Chapter 31 |
Using the MAC Port Security Feature |
|
|
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
991 |
|
Local and global resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
991 |
|
Configuration notes and feature limitations . . . . . . . . . . . . . . |
992 |
xxvi |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Configuring the MAC port security feature . . . . . . . . . . . . . . . . . . .992 Enabling the MAC port security feature . . . . . . . . . . . . . . . . . .992 Setting the maximum number of secure MAC addresses
for an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .993 Setting the port security age timer . . . . . . . . . . . . . . . . . . . . . .993 Specifying secure MAC addresses . . . . . . . . . . . . . . . . . . . . . .993 Autosaving secure MAC addresses to the
startup-config file. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .994 Specifying the action taken when a security
violation occurs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .995
Clearing port security statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .996 Clearing restricted MAC addresses. . . . . . . . . . . . . . . . . . . . . .996 Clearing violation statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . .996
Displaying port security information . . . . . . . . . . . . . . . . . . . . . . . .996 Displaying port security settings . . . . . . . . . . . . . . . . . . . . . . . .997 Displaying the secure MAC addresses . . . . . . . . . . . . . . . . . . .997 Displaying port security statistics . . . . . . . . . . . . . . . . . . . . . . .998 Displaying restricted MAC addresses on a port . . . . . . . . . . . .998
Chapter 32 |
Configuring Multi-Device Port Authentication |
|
|
How multi-device port authentication works. . . . . . . . . . . . . . . . |
. .999 |
|
RADIUS authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. .999 |
|
Authentication-failure actions . . . . . . . . . . . . . . . . . . . . . . . . |
1000 |
|
Supported RADIUS attributes . . . . . . . . . . . . . . . . . . . . . . . . |
1000 |
|
Support for dynamic VLAN assignment . . . . . . . . . . . . . . . . |
.1001 |
|
Support for dynamic ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1001 |
|
Support for authenticating multiple MAC addresses |
|
|
on an interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1001 |
|
Using multi-device port authentication and |
|
|
802.1X security on the same port . . . . . . . . . . . . . . . . . . . . . . . . . |
1001 |
|
Configuring Brocade-specific attributes on the RADIUS server1002 |
|
|
Configuring multi-device port authentication . . . . . . . . . . . . . . . |
1003 |
|
Enabling multi-device port authentication . . . . . . . . . . . . . . |
1003 |
|
Specifying the format of the MAC addresses sent |
|
|
to the RADIUS server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1004 |
|
Specifying the authentication-failure action . . . . . . . . . . . . |
1004 |
|
Generating traps for multi-device port authentication . . . . |
1005 |
|
Defining MAC address filters. . . . . . . . . . . . . . . . . . . . . . . . . |
1005 |
|
Configuring dynamic VLAN assignment . . . . . . . . . . . . . . . . |
1006 |
|
Dynamically applying IP ACLs to authenticated MAC |
|
|
addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1008 |
|
Enabling denial of service attack protection . . . . . . . . . . . . . |
1010 |
|
Clearing authenticated MAC addresses . . . . . . . . . . . . . . . . . |
1011 |
|
Disabling aging for authenticated MAC addresses . . . . . . . . |
1011 |
|
Changing the hardware aging period for blocked |
|
|
MAC addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1012 |
|
Specifying the aging time for blocked MAC addresses . . . . . |
1013 |
|
Specifying the RADIUS timeout action . . . . . . . . . . . . . . . . . . |
1013 |
|
Multi-device port authentication password override . . . . . . . |
1014 |
|
Limiting the number of authenticated MAC addresses. . . . . |
1015 |
Brocade TurboIron 24X Series Configuration Guide |
xxvii |
53-1003053-01 |
|
Displaying multi-device port authentication information . . . . . . .1015 Displaying authenticated MAC address information . . . . . . .1015 Displaying multi-device port authentication configuration information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1016 Displaying multi-device port authentication information
for a specific MAC address or port . . . . . . . . . . . . . . . . . . . . .1016 Displaying the authenticated MAC addresses . . . . . . . . . . . .1017 Displaying the non-authenticated MAC addresses . . . . . . . .1017 Displaying multi-device port authentication
information for a port. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1018 Displaying multi-device port authentication settings
and authenticated MAC addresses . . . . . . . . . . . . . . . . . . . .1018
Chapter 33 |
Protecting Against Denial of Service Attacks |
|
|
Protecting against Smurf attacks. . . . . . . . . . . . . . . . . . . . . . . . . |
1023 |
|
Avoiding being a victim in a Smurf attack . . . . . . . . . . . . . . |
.1024 |
|
Protection against ICMP attacks. . . . . . . . . . . . . . . . . . . . . . . |
1024 |
Protecting against TCP SYN attacks. . . . . . . . . . . . . . . . . . . . . . . 1025 Protection against TCP-SYN attacks . . . . . . . . . . . . . . . . . . . 1025 TCP security enhancement . . . . . . . . . . . . . . . . . . . . . . . . . . 1026 Displaying statistics about packets dropped
because of DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1027 Displaying statistics about packets dropped due to
DoS attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1028
Chapter 34 |
Configuring Rate Limiting and Rate Shaping |
|
|
Rate limiting overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1029 |
|
Rate limiting in hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1029 |
|
How Fixed Rate Limiting works . . . . . . . . . . . . . . . . . . . . . . . |
1030 |
|
Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1030 |
|
Configuring a port-based rate limiting policy . . . . . . . . . . . . |
.1031 |
|
Configuring an ACL-based rate limiting policy . . . . . . . . . . . |
.1031 |
|
Displaying the fixed rate limiting configuration . . . . . . . . . . . |
1031 |
Rate shaping overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032 Configuration notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1032 Configuring outbound rate shaping for a port . . . . . . . . . . . 1033 Configuring outbound rate shaping for a specific priority . . 1033 Configuring outbound rate shaping for a trunk port . . . . . . 1033 Displaying rate shaping configurations . . . . . . . . . . . . . . . . 1033
Chapter 35 |
Configuring Quality of Service |
|
|
Classification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1035 |
|
Processing of classified traffic . . . . . . . . . . . . . . . . . . . . . . . |
1035 |
QoS queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039 Assigning QoS priorities to traffic . . . . . . . . . . . . . . . . . . . . . 1039 Buffer allocation/threshold for QoS queues . . . . . . . . . . . . .1041
Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1041
xxviii |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |
Configuring DSCP-based QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . .1041 Application notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1042 Using ACLs to honor DSCP-based QoS . . . . . . . . . . . . . . . . . 1042
Configuring the QoS mappings. . . . . . . . . . . . . . . . . . . . . . . . . . . 1042 Default DSCP –> Internal forwarding priority mappings . . . 1042 Changing the DSCP –> internal forwarding priority mappings1043 Changing the internal forwarding priority –> hardware
forwarding queue mappings . . . . . . . . . . . . . . . . . . . . . . . . . 1044
Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045 QoS Queuing methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1045 Selecting the QoS queuing method . . . . . . . . . . . . . . . . . . . 1046 Configuring the QoS queues . . . . . . . . . . . . . . . . . . . . . . . . . 1046
Viewing QoS settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1049 Viewing DSCP-based QoS settings. . . . . . . . . . . . . . . . . . . . . . . . 1049
Appendix A |
Syslog messages |
|
Appendix B |
Software Specifications |
|
|
IEEE compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1075 |
RFC support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1075 Internet drafts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1080
Appendix C |
NIAP-CCEVS Certification |
|
|
NIAP-CCEVS certified TurboIron X Series equipment and |
|
|
Ironware releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
1081 |
Local user password changes . . . . . . . . . . . . . . . . . . . . . . . . . . . 1082
Brocade TurboIron 24X Series Configuration Guide |
xxix |
53-1003053-01 |
|
xxx |
Brocade TurboIron 24X Series Configuration Guide |
|
53-1003053-01 |