Brocade Communications Systems FastIron Administration Manual

53-1003625-01 31 March 2015

FastIron Ethernet Switch

Administration Guide

Supporting FastIron Software Release 08.0.30

ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, The Effortless Network, VCS, VDX, Vplane, and Vyatta are registered trademarks, and Fabric Vision and vADX are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that accompany it.

The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.

Contents

Preface...................................................................................................................................11

Document conventions....................................................................................11

Text formatting conventions................................................................ 11

Command syntax conventions............................................................ 11

Notes, cautions, and warnings............................................................ 12

Brocade resources.......................................................................................... 13

Contacting Brocade Technical Support...........................................................13

Document feedback........................................................................................ 14

About This Document.............................................................................................................. 15

Supported hardware and software.................................................................. 15

What’s new in this document ......................................................................... 15

How command information is presented in this guide.....................................16

Management Applications...................................................................................................... 19

Management port overview.............................................................................19

How the management port works....................................................... 19

CLI Commands for use with the management port.............................20

Web Management Interface............................................................................21

Management VRFs......................................................................................... 21

Source interface and management VRF compatibility........................ 22

Supported management applications..................................................22

Configuring a global management VRF.............................................. 24

Displaying management VRF information...........................................25

Basic Software Features..........................................................................................................29

FastIron Ethernet Switch Administration Guide 53-1003625-01

Basic system parameter configuration............................................................ 29

Entering system administration information........................................ 29

SNMP parameter configuration...........................................................30

Displaying virtual routing interface statistics....................................... 33

User-login details in Syslog messages and traps............................... 33

Cancelling an outbound Telnet session.............................................. 34

Network Time Protocol Version 4 (NTPv4)..................................................... 35

Limitations........................................................................................... 37

Network Time Protocol (NTP) leap second ........................................37

How Brocade supports leap second handling for NTP....................... 37

NTP and SNTP................................................................................... 38

NTP server.......................................................................................... 38

NTP Client...........................................................................................39

NTP peer.............................................................................................39

NTP broadcast server......................................................................... 40

NTP broadcast client...........................................................................41

NTP associations................................................................................ 41

Synchronizing time..............................................................................42

Authentication..................................................................................... 42

VLAN and NTP....................................................................................43

Configuring NTP..................................................................................43

Basic port parameter configuration............................................................... 53

Specifying a port address..................................................................53

Assigning port names........................................................................56

Displaying the port name for an interface......................................... 56

Enabling auto-negotiation maximum port speed advertisement

and down-shift............................................................................. 59

Configuring port speed down-shift and auto-negotiation for a

range of ports.............................................................................. 61

Enabling port speed down-shift.........................................................62

Force mode configuration................................................................. 62

MDI and MDIX configuration.............................................................63

Disabling or re-enabling a port..........................................................64

Flow control configuration................................................................. 64

Symmetric flow control on FCX and ICX devices..............................67

PHY FIFO Rx and Tx depth configuration.........................................71

Interpacket Gap (IPG) on a FastIron X Series switch....................... 71

IPG on FastIron Stackable devices...................................................72

Enabling and disabling support for 100BaseTX................................73

Enabling and disabling support for 100BaseFX................................74

Changing the Gbps fiber negotiation mode...................................... 75

Port priority (QoS) modification.........................................................75

Dynamic configuration of Voice over IP (VoIP) phones.................... 75

Port flap dampening configuration.................................................... 77

Port loop detection............................................................................ 80

CLI banner configuration...............................................................................86

Setting a message of the day banner............................................... 86

Requiring users to press the Enter key after the message of the day

banner..................................................................................................... 87

Setting a privileged EXEC CLI level banner................................................. 88

Displaying a console message when an incoming Telnet session is

detected...................................................................................................88

Operations, Administration, and Maintenance.......................................................................89

OAM Overview..............................................................................................89

Software versions installed and running on a device....................................90

Determining the flash image version running on the device............. 90

Displaying the boot image version running on the device.................92

Displaying the image versions installed in flash memory..................92

Flash image verification ................................................................... 92

Software Image file types..............................................................................93

Flash timeout.................................................................................................94

Software upgrades........................................................................................94

Boot code synchronization feature................................................................95

Viewing the contents of flash files.................................................................95

Using SNMP to upgrade software.................................................................96

Software reboot.............................................................................................97

Software boot configuration notes.................................................... 98

Displaying the boot preference..................................................................... 98

Loading and saving configuration files..........................................................99

Replacing the startup configuration with the running

configuration................................................................................99

Replacing the running configuration with the startup

configuration..............................................................................100

Logging changes to the startup-config file...................................... 100

Copying a configuration file to or from a TFTP server.................... 100

Dynamic configuration loading........................................................101

Maximum file sizes for startup-config file and running-config......... 103

FastIron Ethernet Switch Administration Guide

53-1003625-01

Loading and saving configuration files with IPv6.......................................... 103

Using the IPv6 copy command......................................................... 104

Copying a file from an IPv6 TFTP server.......................................... 105

IPv6 copy command..........................................................................106

IPv6 TFTP server file upload.............................................................106

Using SNMP to save and load configuration information..................107

Erasing image and configuration files............................................... 108

System reload scheduling............................................................................. 109

Reloading at a specific time.............................................................. 109

Reloading after a specific amount of time......................................... 109

Displaying the amount of time remaining beforea scheduled

reload...........................................................................................109

Canceling a scheduled reload...........................................................110

Diagnostic error codes and remedies for TFTP transfers............................. 110

Network connectivity testing..........................................................................112

Pinging an IPv4 address................................................................... 112

Tracing an IPv4 route........................................................................113

IEEE 802.3ah EFM-OAM.............................................................................. 114

Network deployment use case.......................................................... 114

EFM-OAM protocol........................................................................... 115

Process overview.............................................................................. 115

Remote failure indication...................................................................116

Remote loopback.............................................................................. 117

EFM-OAM error disable recovery .................................................... 117

Configuring EFM-OAM......................................................................117

Displaying OAM information..............................................................118

Displaying OAM statistics..................................................................120

EFM-OAM syslog messages.............................................................122

Hitless management on the FSX 800 and FSX 1600................................... 122

Benefits of hitless management........................................................ 123

Supported protocols and services for hitless management events...123

Hitless management configuration notes and feature limitations......125

Hitless reload or switchover requirements and limitations................ 126

What happens during a Hitless switchover or failover...................... 126

Enabling hitless failover on the FSX 800 and FSX 1600.................. 128

Executing a hitless switchover on the FSX 800 and FSX 1600........ 129

Hitless OS upgrade on the FSX 800 and FSX 1600......................... 129

Syslog message for Hitless management events............................. 131

Displaying diagnostic information......................................................132

Displaying management redundancy information ........................................ 132

Layer 3 hitless route purge ...........................................................................133

Setting the IPv4 hitless purge timer on the defatult VRF.................. 133

Example for setting IPv4 hitless purge timer on the default VRF......133

Setting the IPv4 hitless purge timer on the non-default VRF............ 133

Example for setting the IPv4 hitless purge timer on the non-

default VRF..................................................................................134

Setting the IPv6 hitless purge timer on the defatult VRF.................. 134

Example for setting the IPv6 hitless purge timer on the defatult

VRF............................................................................................. 134

Setting the IPv4 hitless purge timer on the non-default VRF............ 134

Example for setting the IPv6 hitless purge timer on the non-

default VRF..................................................................................134

Energy Efficient Ethernet.............................................................................. 134

Enabling Energy Efficient Ethernet................................................... 135

Histogram information overview....................................................................135

Displaying CPU histogram information............................................. 136

External USB Hotplug................................................................................... 136

Using External USB Hotplug............................................................. 136

FastIron Ethernet Switch Administration Guide 53-1003625-01

Commands..................................................................................................137

ip hitless-route-purge-timer ............................................................ 137

ipv6 hitless-route-purge-timer ........................................................ 138

IPv6....................................................................................................................................139

Static IPv6 route configuration.................................................................... 139

Configuring a static IPv6 route........................................................139

Configuring a static route in a non-default VRF or User VRF......... 141

IPv6 over IPv4 tunnels................................................................................ 141

IPv6 over IPv4 tunnel configuration notes...................................... 142

Configuring a manual IPv6 tunnel...................................................142

Clearing IPv6 tunnel statistics.........................................................143

Displaying IPv6 tunnel information..................................................143

SNMP Access..................................................................................................................... 147

SNMP overview...........................................................................................147

SNMP community strings............................................................................147

Encryption of SNMP community strings .........................................148

Adding an SNMP community string................................................ 148

Displaying the SNMP community strings........................................ 150

User-based security model......................................................................... 150

Configuring your NMS.....................................................................151

Configuring SNMP version 3 on Brocade devices.......................... 151

Defining the engine id..................................................................... 151

Defining an SNMP group................................................................ 152

Defining an SNMP user account.....................................................153

Defining SNMP views..................................................................................154

SNMP version 3 traps................................................................................. 155

Defining an SNMP group and specifying which view is notified

of traps.......................................................................................156

Defining the UDP port for SNMP v3 traps.......................................156

Trap MIB changes...........................................................................157

Specifying an IPv6 host as an SNMP trap receiver........................ 157

SNMP v3 over IPv6.........................................................................157

Specifying an IPv6 host as an SNMP trap receiver ....................... 158

Viewing IPv6 SNMP server addresses........................................... 158

Displaying SNMP Information..................................................................... 159

Displaying the Engine ID.................................................................159

Displaying SNMP groups................................................................ 159

Displaying user information.............................................................159

Interpreting varbinds in report packets............................................160

SNMP v3 configuration examples...............................................................160

Example 1....................................................................................... 160

Example 2....................................................................................... 161

Foundry Discovery Protocol (FDP) and Cisco Discovery Protocol (CDP) Packets .................... 163

FDP Overview.............................................................................................163

FDP configuration........................................................................... 163

Displaying FDP information.............................................................165

Clearing FDP and CDP information................................................ 167

CDP packets............................................................................................... 168

Enabling interception of CDP packets globally............................... 168

Enabling interception of CDP packets on an interface....................168

Displaying CDP information............................................................ 169

Clearing CDP information............................................................... 170

FastIron Ethernet Switch Administration Guide

53-1003625-01

LLDP and LLDP-MED.............................................................................................................173

LLDP terms used in this chapter................................................................... 173

LLDP overview.............................................................................................. 174

Benefits of LLDP............................................................................... 174

LLDP-MED overview.....................................................................................175

Benefits of LLDP-MED...................................................................... 176

LLDP-MED class...............................................................................176

General LLDP operating principles............................................................... 177

LLDP operating modes..................................................................... 177

LLDP packets....................................................................................178

TLV support.......................................................................................178

MIB support...................................................................................................182

Syslog messages.......................................................................................... 182

LLDP configuration........................................................................................182

LLDP configuration notes and considerations...................................183

Enabling and disabling LLDP............................................................ 183

Enabling support for tagged LLDP packets.......................................184

Changing a port LLDP operating mode.............................................184

Configuring LLDP processing on 802.1x blocked port...................... 186

Maximum number of LLDP neighbors ..............................................186

Enabling LLDP SNMP notifications and Syslog messages...............187

Changing the minimum time between LLDP transmissions..............188

Changing the interval between regular LLDP transmissions............ 189

Changing the holdtime multiplier for transmit TTL............................ 189

Changing the minimum time between port reinitializations............... 189

LLDP TLVs advertised by the Brocade device..................................190

LLDP-MED configuration.............................................................................. 196

Enabling LLDP-MED......................................................................... 197

Enabling SNMP notifications and Syslog messagesfor LLDP-

MED topology changes............................................................... 197

Changing the fast start repeat count................................................. 197

Defining a location id.........................................................................198

Defining an LLDP-MED network policy............................................. 204

LLDP-MED attributes advertised by the Brocade device.............................. 206

LLDP-MED capabilities..................................................................... 206

Extended power-via-MDI information................................................207

Displaying LLDP statistics and configuration settings.......................209

LLDP configuration summary............................................................209

Displaying LLDP statistics.................................................................210

Displaying LLDP neighbors...............................................................211

Displaying LLDP neighbors detail..................................................... 212

Displaying LLDP configuration details...............................................213

Resetting LLDP statistics.............................................................................. 215

Clearing cached LLDP neighbor information................................................ 215

Hardware Component Monitoring..........................................................................................217

FastIron Ethernet Switch Administration Guide 53-1003625-01

Traffic Limitations in Mixed Environments.....................................................217

Virtual cable testing.......................................................................................217

Virtual Cable Testing configuration notes......................................... 218

Virtual Cable Test command syntax................................................. 218

Viewing the results of the cable analysis.......................................... 218

Digital optical monitoring............................................................................... 220

Digital optical monitoring configuration limitations............................ 220

Enabling digital optical monitoring.....................................................220

Setting the alarm interval.................................................................. 221

Displaying information about installed media..................................221

Viewing optical monitoring information............................................222

Syslog messages for optical transceivers.......................................225

FastIron Fiber-optic Transceivers............................................................... 225

Network Monitoring............................................................................................................ 229

Basic system management.........................................................................229

Viewing system information............................................................ 229

Viewing configuration information................................................... 230

Enabling the display of the elapsed timestamp for port statistics

reset...........................................................................................231

Viewing port statistics......................................................................231

Viewing STP statistics.....................................................................235

Clearing statistics............................................................................235

Traffic counters for outbound traffic ............................................... 236

Viewing egress queue counters on ICX 6610 and FCX devices.... 238

Viewing egress queue counters on ICX 7750 devices....................239

Clearing the egress queue counters............................................... 240

RMON support............................................................................................ 240

Maximum number of entries allowed in the RMON control table....241

Statistics (RMON group 1).............................................................. 241

History (RMON group 2)................................................................. 244

Alarm (RMON group 3)................................................................... 244

Event (RMON group 9)................................................................... 245

sFlow...........................................................................................................245

sFlow version 5............................................................................... 245

sFlow support for IPv6 packets.......................................................246

sFlow configuration considerations.................................................247

Configuring and enabling sFlow......................................................249

Enabling sFlow forwarding..............................................................254

sFlow version 5 feature configuration............................................. 256

Configuring sFlow with Multi-VRFs................................................. 258

Displaying sFlow information.......................................................... 260

Utilization list for an uplink port................................................................... 263

Utilization list for an uplink port command syntax........................... 263

Displaying utilization percentages for an uplink.............................. 263

System Monitoring..............................................................................................................265

Overview of system monitoring...................................................................265

Configuration notes and feature limitations.....................................265

Configure system monitoring...................................................................... 266

disable system-monitoring all .........................................................266

enable system-monitoring all ......................................................... 266

sysmon timer ..................................................................................267

sysmon log-backoff ........................................................................ 267

sysmon threshold ...........................................................................268

System monitoring on FCX and ICX devices..............................................268

sysmon ecc-error ........................................................................... 268

sysmon link-error ............................................................................269

System monitoring for Fabric Adapters.......................................................270

sysmon fa error-count .................................................................... 271

sysmon fa link ................................................................................ 272

System monitoring for Cross Bar................................................................ 273

sysmon xbar error-count ................................................................ 273

sysmon xbar link ............................................................................ 274

System monitoring for Packet Processors.................................................. 275

FastIron Ethernet Switch Administration Guide

53-1003625-01

sysmon pp error-count ..................................................................... 276

clear sysmon counters ..................................................................... 276

show sysmon logs ............................................................................278

show sysmon counters .....................................................................278

show sysmon config .........................................................................282

show sysmon system sfm ................................................................ 283

Syslog.................................................................................................................................. 285

About Syslog messages................................................................................285

Displaying Syslog messages........................................................................ 286

Enabling real-time display of Syslog messages................................286

Enabling real-time display for a Telnet or SSH session.................... 286

Displaying real-time Syslog messages ............................................ 287

Syslog service configuration......................................................................... 287

Displaying the Syslog configuration.................................................. 287

Disabling or re-enabling Syslog........................................................ 290

Specifying a Syslog server................................................................291

Specifying an additional Syslog server............................................. 291

Disabling logging of a message level................................................291

Changing the number of entries the local buffer can hold.................291

Changing the log facility.................................................................... 292

Displaying interface names in Syslog messages.............................. 293

Displaying TCP or UDP port numbers in Syslog messages............. 293

Retaining Syslog messages after a soft reboot.................................293

Clearing the Syslog messages from the local buffer.........................294

Syslog messages for hardware errors.............................................. 294

Syslog messages.................................................................................................................. 297

Brocade Syslog messages............................................................................297

Power over Ethernet ............................................................................................................. 339

Power over Ethernet overview...................................................................... 339

Power over Ethernet terms used in this chapter............................... 339

Methods for delivering Power over Ethernet..................................... 340

PoE autodiscovery............................................................................ 342

Power class.......................................................................................342

Dynamic upgrade of PoE power supplies......................................... 344

Power over Ethernet cabling requirements....................................... 345

Supported powered devices..............................................................346

Installing PoE firmware .................................................................... 346

PoE and CPU utilization....................................................................350

Enabling and disabling Power over Ethernet................................................ 351

Disabling support for PoE legacy power-consuming devices....................... 352

Enabling the detection of PoE power requirements advertised through

CDP......................................................................................................... 353

Command syntax for PoE power requirements................................ 353

Setting the maximum power level for a PoE power-consuming device........ 354

Considerations for setting power levels............................................ 354

Configuring power levels command syntax.......................................354

Setting the power class for a PoE power-consuming device........................ 355

Setting the power class command syntax.........................................356

Setting the power budget for a PoE interface module on an FSX device..... 356

Setting the inline power priority for a PoE port .............................................357

Command syntax for setting the inline power priority for a PoE

port.............................................................................................. 357

FastIron Ethernet Switch Administration Guide 53-1003625-01

Resetting PoE parameters..........................................................................358

Displaying Power over Ethernet information...............................................359

Displaying PoE operational status ................................................. 359

Displaying PoE data specific to PD ports .......................................362

Displaying detailed information about PoE power supplies............ 364

Inline power on PoE LAG ports...................................................................371

Configuring inline power on PoE ports in a LAG.............................372

Decouple PoE and datalink operations on PoE ports................................. 373

Decoupling of PoE and datalink operations on PoE LAG ports...... 373

Decoupling of PoE and datalink operations on regular PoE ports.. 374

40 Gbps Breakout Ports......................................................................................................377

Overview of 40 Gbps breakout ports.......................................................... 377

Configuring 40 Gbps breakout ports........................................................... 378

Configuring sub-ports..................................................................................379

Removing breakout configuration............................................................... 381

Displaying information for breakout ports................................................... 383

OpenSSL License................................................................................................................385

OpenSSL license........................................................................................ 385

Original SSLeay License.................................................................385

Joint Interoperability Test Command................................................................................... 387

JITC overview............................................................................................. 387

FastIron Ethernet Switch Administration Guide

53-1003625-01

Preface

● Document conventions....................................................................................................11

● Brocade resources.......................................................................................................... 13

● Contacting Brocade Technical Support...........................................................................13

● Document feedback........................................................................................................ 14

Document conventions

The document conventions describe text formatting conventions, command syntax conventions, and important notice formats used in Brocade technical documentation.

Text formatting conventions

Text formatting conventions such as boldface, italic, or Courier font may be used in the flow of the text to highlight specific words or phrases.

Format

bold text

italic text

Courier font

Description

Identifies command names

Identifies keywords and operands

Identifies the names of user-manipulated GUI elements

Identifies text to enter at the GUI

Identifies emphasis

Identifies variables

Identifies document titles

Identifies CLI output

Identifies command syntax examples

Command syntax conventions

Bold and italic text identify command syntax components. Delimiters and operators define groupings of parameters and their logical relationships.

Convention

bold text Identifies command names, keywords, and command options.

italic text Identifies a variable.

value In Fibre Channel products, a fixed value provided as input to a command

Description

option is printed in plain text, for example, --show WWN.

FastIron Ethernet Switch Administration Guide 11 53-1003625-01

Notes, cautions, and warnings

Convention Description

[ ] Syntax components displayed within square brackets are optional.

Default responses to system prompts are enclosed in square brackets.

{ x | y | z } A choice of required parameters is enclosed in curly brackets separated by

x | y A vertical bar separates mutually exclusive elements.

< > Nonprinting characters, for example, passwords, are enclosed in angle

...

vertical bars. You must select one of the options.

In Fibre Channel products, square brackets may be used instead for this purpose.

brackets.

Repeat the previous element, for example, member[member...].

Indicates a “soft” line break in command examples. If a backslash separates two lines of a command input, enter the entire command at the prompt without the backslash.

Notes, cautions, and warnings

Notes, cautions, and warning statements may be used in this document. They are listed in the order of increasing severity of potential hazards.

NOTE

A Note provides a tip, guidance, or advice, emphasizes important information, or provides a reference to related information.

ATTENTION

An Attention statement indicates a stronger note, for example, to alert you when traffic might be interrupted or the device might reboot.

CAUTION

A Caution statement alerts you to situations that can be potentially hazardous to you or cause damage to hardware, firmware, software, or data.

DANGER

A Danger statement indicates conditions or situations that can be potentially lethal or extremely hazardous to you. Safety labels are also attached directly to products to warn of these conditions or situations.

12 FastIron Ethernet Switch Administration Guide

53-1003625-01

Brocade resources

Visit the Brocade website to locate related documentation for your product and additional Brocade resources.

You can download additional publications supporting your product at www.brocade.com. Select the Brocade Products tab to locate your product, then click the Brocade product name or image to open the individual product page. The user manuals are available in the resources module at the bottom of the page under the Documentation category.

To get up-to-the-minute information on Brocade products and resources, go to MyBrocade. You can register at no cost to obtain a user ID and password.

Release notes are available on MyBrocade under Product Downloads.

White papers, online demonstrations, and data sheets are available through the Brocade website.

Contacting Brocade Technical Support

Brocade resources

As a Brocade customer, you can contact Brocade Technical Support 24x7 online, by telephone, or by email. Brocade OEM customers contact their OEM/Solutions provider.

Brocade customers

For product support information and the latest information on contacting the Technical Assistance Center, go to http://www.brocade.com/services-support/index.html.

If you have purchased Brocade product support directly from Brocade, use one of the following methods to contact the Brocade Technical Assistance Center 24x7.

Online Telephone E-mail

Preferred method of contact for nonurgent issues:

• My Cases through MyBrocade

• Software downloads and licensing tools

• Knowledge Base

Required for Sev 1-Critical and Sev 2-High issues:

• Continental US: 1-800-752-8061

• Europe, Middle East, Africa, and Asia Pacific: +800-AT FIBREE (+800 28 34 27 33)

• For areas unable to access toll free number: +1-408-333-6061

• Toll-free numbers are available in many countries.

support@brocade.com

Please include:

• Problem summary

• Serial number

• Installation details

• Environment description

Brocade OEM customers

If you have purchased Brocade product support from a Brocade OEM/Solution Provider, contact your OEM/Solution Provider for all of your product support needs.

• OEM/Solution Providers are trained and certified by Brocade to support Brocade® products.

• Brocade provides backline support for issues that cannot be resolved by the OEM/Solution Provider.

FastIron Ethernet Switch Administration Guide 13 53-1003625-01

Document feedback

• Brocade Supplemental Support augments your existing OEM support contract, providing direct access to Brocade expertise. For more information, contact Brocade or your OEM.

• For questions regarding service levels and response times, contact your OEM/Solution Provider.

Document feedback

To send feedback and report errors in the documentation you can use the feedback form posted with the document or you can e-mail the documentation team.

Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. You can provide feedback in two ways:

• Through the online feedback form in the HTML documents posted on www.brocade.com.

• By sending your feedback to documentation@brocade.com.

Provide the publication title, part number, and as much detail as possible, including the topic heading and page number if applicable, as well as your suggestions for improvement.

14 FastIron Ethernet Switch Administration Guide

53-1003625-01

About This Document

● Supported hardware and software.................................................................................. 15

● What’s new in this document ......................................................................................... 15

● How command information is presented in this guide.....................................................16

Supported hardware and software

This guide supports the following product families for the FastIron 08.0.30 release:

• FCX Series

• FastIron X Series ( FastIron SX 800, FastIron SX 1600)

• ICX 6610 Series

• ICX 6430 Series (ICX 6430, ICX 6430-C12)

• ICX 6450 Series (ICX 6450, ICX 6450-C12-PD)

• ICX 6650 Series

• ICX 7250 Series

• ICX 7450 Series

• ICX 7750 Series

NOTE

The Brocade ICX 6430-C switch supports the same feature set as the Brocade ICX 6430 switch unless otherwise noted.

NOTE

The Brocade ICX 6450-C12-PD switch supports the same feature set as the Brocade ICX 6450 switch unless otherwise noted.

For information about the specific models and modules supported in a product family, refer to the hardware installation guide for that product family.

What’s new in this document

The following tables include descriptions of new information added to this guide for the FastIron 08.0.30 release.

FastIron Ethernet Switch Administration Guide 53-1003625-01

How command information is presented in this guide

Summary of enhancements in FastIron release 08.0.30TABLE 1

Feature Description Described in

ICX 7750 40 Gbps breakout port configuration

Energy efficient ethernet

External USB hotplug Allows you to copy images, cores, logs and

Histogram The histogram framework feature monitors and

IEEE 802.3ah EFMOAM

Certain ICX 7750 40 Gbps ports can be configured with sub-ports when a breakout cable is installed.

Regulates and saves power consumed by the active hardware components in the switch and conserves power during idle time. This feature is supported on the ICX 7250 and ICX 7450 devices.

configurations between the external USB and the internal eUSB. This feature is supported on ICX 7250, ICX 7450 and ICX 7750 devices.

records system resource usage information. This feature is supported on ICX 6430, ICX 6450, ICX 7250, ICX 7450 and ICX 7750 devices.

EFM-OAM provides mechanisms to monitor link operation, health and improve fault isolation of Ethernet network to increase management capability.

Refer to the chapter 40 Gbps Breakout Ports for configuration information. Refer to the ICX 7750

Ethernet Switch Hardware Installation Guide for information on the breakout

cable.

Refer to the chapter Operations

Administration and Maintenance

Refer to the chapter Operations Administration and Maintenance

Refer to IEEE 802.3ah EFM-OAM on page 114

sFlow sample mode The sample mode can be changed to include

sFlow source IP address

Flash timeout The flash timeout can be configured to a value

Elapsed timestamp display for port statistics reset

the dropped packets for sFlow sampling.

The sFlow source interface can be configured from which the IP source address is selected for the sFlow datagram.

from 12 through 60 minutes.

The elapsed time between the most recent reset of the port statistics counters and the time when the show statistics command is executed, can be displayed in the output of the show statistics command.

Refer to Changing the sampling

mode on page 251

Refer to sFlow and source IP address on page 248

Refer to Flash timeout on page 94

Refer to Enabling the display of the

elapsed timestamp for port statistics reset on page 231

How command information is presented in this guide

For all new content supported in FastIron Release 08.0.20 and later, command information is documented in a standalone command reference guide.

In an effort to provide consistent command line interface (CLI) documentation for all products, Brocade is in the process of completing a standalone command reference for the FastIron platforms. This

16 FastIron Ethernet Switch Administration Guide

53-1003625-01

About This Document

process involves separating command syntax and parameter descriptions from configuration tasks. Until this process is completed, command information is presented in two ways:

• For all new content supported in FastIron Release 08.0.20 and later, the CLI is documented in separate command pages included in the FastIron Command Reference. Command pages are compiled in alphabetical order and follow a standard format to present syntax, parameters, usage guidelines, examples, and command history.

NOTE

Many commands from previous FastIron releases are also included in the command reference.

• Legacy content in configuration guides continues to include command syntax and parameter descriptions in the chapters where the features are documented.

If you do not find command syntax information embedded in a configuration task, refer to the FastIron

Command Reference.

FastIron Ethernet Switch Administration Guide 17 53-1003625-01

How command information is presented in this guide

18 FastIron Ethernet Switch Administration Guide

53-1003625-01

Management Applications

● Management port overview.............................................................................................19

● Web Management Interface............................................................................................21

● Management VRFs......................................................................................................... 21

Management port overview

NOTE

The management port applies to FCX, SX 800, SX 1600, ICX 6430, and ICX 6450 devices.

The management port is an out-of-band port that customers can use to manage their devices without interfering with the in-band ports. The management port is widely used to download images and configurations, for Telnet sessions and for Web management.

For FCX devices, the MAC address for the management port is derived from the base MAC address of the unit, plus the number of ports in the base module. For example, on a 48-port FCX standalone device, the base MAC address is 0000.0034.2200. The management port MAC address for this device would be 0000.0034.2200 plus 0x30, or 0000.0034.2230. The 0x30 in this case equals the 48 ports on the base module.

For SX 800 and SX 1600 devices, the MAC address for the management port is derived as if the management port is the last port on the management module where it is located. For example, on a 2 X 10G management module, the MAC address of the management port is that of the third port on that module.

How the management port works

The following rules apply to management ports:

• Only packets that are specifically addressed to the management port MAC address or the broadcast MAC address are processed by the Layer 2 switch or Layer 3 switch. All other packets are filtered out.

• No packet received on a management port is sent to any in-band ports, and no packets received on in-band ports are sent to a management port.

• A management port is not part of any VLAN

• Configuring a strict management VRF disables certain features on the management port.

• Protocols are not supported on the management port.

• Creating a management VLAN disables the management port on the device.

• For FCX and ICX devices, all features that can be configured from the global configuration mode can also be configured from the interface level of the management port. Features that are configured through the management port take effect globally, not on the management port itself.

For switches, any in-band port may be used for management purposes. A router sends Layer 3 packets using the MAC address of the port as the source MAC address.

For stacking devices, (for example, an FCX stack) each stack unit has one out-of band management port. Only the management port on the Active Controller will actively send and receive packets. If a new Active Controller is elected, the new Active Controller management port will become the active

FastIron Ethernet Switch Administration Guide 53-1003625-01

CLI Commands for use with the management port

management port. In this situation, the MAC address of the old Active Controller and the MAC address of the new controller will be different.

CLI Commands for use with the management port

The following CLI commands can be used with a management port.

To display the current configuration, use the show running-config interface management command.

Syntax: show running-config interface management num

device(config-if-mgmt)# ip addr 10.44.9.64/24 device(config)# show running-config interface management 1 interface management 1 ip address 10.44.9.64 255.255.255.0

To display the current configuration, use the show interfaces management command.

Syntax: show interfaces management num

device(config)# show interfaces management 1 GigEthernetmgmt1 is up, line protocol is up Hardware is GigEthernet, address is 0000.0076.544a (bia 0000.0076.544a) Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx Configured mdi mode AUTO, actual none BPRU guard is disabled, ROOT protect is disabled Link Error Dampening is Disabled STP configured to OFF, priority is level0, MAC-learning is enabled Flow Control is config disabled, oper enabled Mirror disabled, Monitor disabled Not member of any active trunks Not member of any configured trunks No port name IPG MII 0 bits-time, IPG GMII 0 bits-time IP MTU 1500 bytes 300 second input rate: 83728 bits/sec, 130 packets/sec, 0.01% utilization 300 second output rate: 24 bits/sec, 0 packets/sec, 0.00% utilization 39926 packets input, 3210077 bytes, 0 no buffer Received 4353 broadcasts, 32503 multicasts, 370 unicasts 0 input errors, 0 CRC, 0 frame, 0 ignored 0 runts, 0 giants 22 packets output, 1540 bytres, 0 underruns Transmitted 0 broadcasts, 6 multicasts, 16 unicasts 0 output errors, 0 collisions

To display the management interface information in brief form, enter the show interfaces brief management command.

Syntax: show interfaces brief management num

device# show interfaces brief management 1 Port Link State Dupl Speed Trunk Tag Pri MAC Name mgmt1 Up None Full 1G None No 0 0000.0076.544a

To display management port statistics, enter the show statistics management command.

Syntax: show statistics management num

device# show statistics management 1 Port Link State Dupl Speed Trunk Tag Pri MAC Name mgmt1 Up None Full 1G None No 0 0000.0076.544a Port mgmt1 Counters: InOctets 3210941 OutOctets 1540 InPkts 39939 OutPackets 22 InBroadcastPkts 4355 OutbroadcastPkts 0 InMultiastPkts 35214 OutMulticastPkts 6 InUnicastPkts 370 OutUnicastPkts 16 InBadPkts 0 InFragments 0

20 FastIron Ethernet Switch Administration Guide

53-1003625-01

InDiscards 0 OutErrors 0 CRC 0 Collisions 0 InErrors 0 LateCollisions 0 InGiantPkts 0 InShortPkts 0 InJabber 0 InFlowCtrlPkts 0 OutFlowCtrlPkts 0 InBitsPerSec 83728 OutBitsPerSec 24 InPktsPerSec 130 OutPktsPerSec 0 InUtilization 0.01% OutUtilization 0.00%

To display the management interface statistics in brief form, enter the show statistics brief management command.

Syntax: show statistics brief management num

device(config)# show statistics brief management 1 Port In Packets Out PacketsTrunk In Errors Out Errors mgmt1 39946 22 0 0 Total 39945 22 0 0

Web Management Interface

The Web Management Interface is a browser-based interface that allows administrators to manage and monitor a single Brocade device or a group of Brocade devices connected together.

For many of the features on a Brocade device, the Web Management Interface can be used as an alternate to the CLI for creating new configurations, modifying existing ones, and monitoring the traffic on a device.

For more information on how to log in and use the Web Management Interface, refer to the FastIron SX, FCX, and ICX Web Management Interface User Guide.

Management VRFs

Virtual routing and forwarding (VRF) allows routers to maintain multiple routing tables and forwarding tables on the same router. A management VRF can be configured to control the flow of management traffic as described in this section.

NOTE

For information on configuring Multi-VRF, sometimes called VRF-Lite or Multi-VRF CE, refer to the FastIron Ethernet Switch Layer 3 Routing Configuration Guide.

A management VRF is used to provide secure management access to the device by sending inbound and outbound management traffic through the VRF specified as a global management VRF and through the out-of-band management port, thereby isolating management traffic from the network data traffic.

By default, the inbound traffic is unaware of VRF and allows incoming packets from any VRF, including the default VRF. Outbound traffic is sent only through the default VRF. The default VRF consists of an out-of-band management port and all the LP ports that do not belong to any other VRFs.

Any VRF, except the default VRF, can be configured as a management VRF. When a management VRF is configured, the management traffic is allowed through the ports belonging to the specified VRF and the out-of-band management port. The management traffic through the ports belonging to the other VRFs and the default VRF are dropped, and the rejection statistics are incremented.

FastIron Ethernet Switch Administration Guide 21 53-1003625-01

Source interface and management VRF compatibility

If the management VRF is not configured, the management applications follows default behavior. The management VRF is configured the same way for IPv4 and IPv6 management traffic.

The management VRF is supported by the following management applications:

• SNMP server

• SNMP trap generator

• Telnet server

• SSH server

• Telnet client

• RADIUS client

• TACACS+ client

• TFTP

• SCP

• Syslog

NOTE

Any ping or traceroute commands use the VRF specified in the command or the default VRF if no VRF is specified.

Source interface and management VRF compatibility

A source interface must be configured for management applications. When a source interface is configured, management applications use the lowest configured IP address of the specified interface as the source IP address in all the outgoing packets. If the configured interface is not part of the management VRF, the response packet does not reach the destination. If the compatibility check fails while either the management VRF or the source interface is being configured, the following warning message is displayed. However, the configuration command is accepted.

The source-interface for Telnet, TFTP is not part of the management-vrf

Supported management applications

This section explains the management VRF support provided by the management applications.

SNMP server

When the management VRF is configured, the SNMP server receives SNMP requests and sends SNMP responses only through the ports belonging to the management VRF and through the out-ofband management port.

Any change in the management VRF configuration becomes immediately effective for the SNMP server.

SNMP trap generator

When the management VRF is configured, the SNMP trap generator sends traps to trap hosts through the ports belonging to the management VRF and through the out-of-band management port.

Any change in the management VRF configuration takes effect immediately for the SNMP trap generator.

22 FastIron Ethernet Switch Administration Guide

53-1003625-01

SSH server

NOTE

The SNMP source interface configuration command snmp-server trap-source must be compatible with the management VRF configuration.

SSH server

When the management VRF is configured, the incoming SSH connection requests are allowed only from the ports belonging to the management VRF and from the out-of-band management port. Management VRF enforcement occurs only while a connection is established.

To allow the incoming SSH connection requests only from the management VRF and not from the outof-band management port, enter the following command.

device(config)# ip ssh strict-management-vrf

The ip ssh strict-management-vrf command is applicable only when the management VRF is configured. If not, the command issues the following warning message.

Warning - Management-vrf is not configured.

For the SSH server, changing the management VRF configuration or configuring the ip ssh strictmanagement-vrf command does not affect the existing SSH connections. The changes are be applied

only to new incoming connection requests.

Telnet client

When the VRF name is specified in the telnet vrf command, the Telnet client initiates Telnet requests only from the ports belonging to the specified VRF.

To configure the VRF name in outbound Telnet sessions, enter the following command at the privileged EXEC level.

device(config)# telnet vrf red 10.157.22.39

Syntax: telnet vrf vrf-name IPv4address | ipv6 IPv6address

The vrf-name variable specifies the name of the pre-configured VRF.

RADIUS client

When the management VRF is configured, the RADIUS client sends RADIUS requests or receives responses only through the ports belonging to the management VRF and through the out-of-band management port.

Any change in the management VRF configuration takes effect immediately for the RADIUS client.

NOTE

The RADIUS source interface configuration command ip radius source-interface must be compatible with the management VRF configuration.

FastIron Ethernet Switch Administration Guide 23 53-1003625-01

TACACS+ client

When the management VRF is configured, the TACACS+ client establishes connections with TACACS + servers only through the ports belonging to the management VRF and the out-of-band management port.

For the TACACS+ client, a change in the management VRF configuration does not affect the existing TACACS+ connections. The changes are applied only to new TACACS+ connections.

NOTE

The TACACS+ source interface configuration command ip tacacs source-interface must be compatible with the management VRF configuration.

TFTP

When the management VRF is configured, TFTP sends or receives data and acknowledgments only through ports belonging to the management VRF and through the out-of-band management port.

Any change in the management VRF configuration takes effect immediately for TFTP. You cannot change in the management VRF configuration while TFTP is in progress.

NOTE

The TFTP source interface configuration command ip tftp source-interface must be compatible with the management VRF configuration.

SCP

SCP uses SSH as the underlying transport. The behavior of SCP is similar to the SSH server.

Syslog

When the management VRF is configured, the Syslog module sends log messages only through the ports belonging to the management VRF and the out-of-band management port.

Any change in the management VRF configuration takes effect immediately for Syslog.

NOTE

The Syslog source interface configuration command ip syslog source-interface must be compatible with the management VRF configuration.

Configuring a global management VRF

To configure a VRF as a global management VRF, enter the following command.

device(config)# management-vrf mvrf

Syntax: [no] management-vrf vrf-name

24 FastIron Ethernet Switch Administration Guide

53-1003625-01

Configuration notes

The vrf-name parameter must specify the name of a pre-configured VRF. If the VRF is not preconfigured, command execution fails, and the following error message is displayed.

Error - VRF <vrf-name> doesn't exist

When the management VRF is configured, the following Syslog message is displayed.

SYSLOG: VRF <vrf-name> has been configured as management-vrf

Enter the no form of the command to remove the management VRF. When the management VRF is deleted, the following Syslog message is displayed.

SYSLOG: VRF <vrf-name> has been un-configured as management-vrf

Configuration notes

Consider the following configuration notes:

• If a management VRF is already configured, you must remove the existing management VRF configuration before configuring a new one. If not, the system displays the following error message.

device(config)# management-vrf red Error - VRF mvrf already configured as management-vrf

• If you try to delete a management VRF that was not configured, the system displays the following error message.

device(config)# no management-vrf red Error - VRF red is not the current management-vrf

• If a VRF is currently configured as the management VRF, it cannot be deleted or modified. Attempting to do so causes the system to return the following error message.

device(config)# no vrf mvrf Error - Cannot modify/delete a VRF which is configured as management-vrf

Displaying management VRF information

To display IP Information for a specified VRF, enter the following command at any level of the CLI.

device(config)# show vrf mvrf VRF mvrf, default RD 1100:1100, Table ID 11 Configured as management-vrf IP Router-Id: 1.0.0.1 Interfaces: ve3300 ve3400 Address Family IPv4 Max Routes: 641 Number of Unicast Routes: 2 Address Family IPv6 Max Routes: 64 Number of Unicast Routes: 2

Syntax: show vrf vrf-name

The vrf-name parameter specifies the VRF for which you want to display IP information.

FastIron Ethernet Switch Administration Guide 25 53-1003625-01

Management Applications

This field Displays

VRF vrf-name The name of the VRF.

default RD The default route distinguisher for the VRF.

Table ID The table ID for the VRF.

Routes The total number of IPv4 and IPv6 Unicast routes configured on this VRF.

Configured as management-vrf Indicates that the specified VRF is configured as a management VRF.

IP Router-Id The 32-bit number that uniquely identifies the router.

Number of Unicast Routes The number of Unicast routes configured on this VRF.

The show who command displays information about the management VRF from which the Telnet or SSH connection has been established.

show vrf output descriptionsTABLE 2

device(config)# show who Console connections: established, monitor enabled, privilege super-user, in config mode 1 minutes 47 seconds in idle Telnet server status: Enabled Telnet connections (inbound): 1 established, client ip address 10.53.1.181, user is lab, privilege super-user using vrf default-vrf. 2 minutes 46 seconds in idle 2 established, client ip address 10.20.20.2, user is lab, privilege super-user using vrf mvrf. 16 seconds in idle 3 closed 4 closed 5 closed Telnet connections (outbound): 6 established, server ip address 10.20.20.2, from Telnet session 2, , privilege super-user using vrf mvrf. 12 seconds in idle 7 closed 8 closed 9 closed 10 closed SSH server status: Enabled SSH connections: 1 established, client ip address 10.53.1.181, privilege super-user using vrf default-vrf. you are connecting to this session 3 seconds in idle 2 established, client ip address 10.20.20.2, privilege super-user using vrf mvrf. 48 seconds in idle 3 closed 4 closed 5 closed 6 closed 7 closed 8 closed 9 closed 10 closed 11 closed 12 closed 13 closed 14 closed 15 closed 16 closed

26 FastIron Ethernet Switch Administration Guide

53-1003625-01

Management Applications

Syntax: show who

To display packet and session rejection statistics due to failure in management VRF validation, enter the following command.

device(config)# show management-vrf

Management VRF name : sflow Management Application Rx Drop Pkts Tx Drop Pkts SNMP Engine 0 11 RADIUS Client 0 0 TFTP Client 0 0 Traps - 0 SysLogs - 0

TCP Connection rejects: Telnet : 0 SSH (Strict): 685 TACACS+ Client : 0

Syntax: show management-vrf

show management-vrf output descriptionsTABLE 3

This field Displays

Management VRF name Displays the configured management VRF name.

Management Application Displays the management application names.

Rx Drop Pkts Displays the number of packets dropped in the inbound traffic.

Tx Drop Pkts Displays the number of packets dropped in the outbound traffic.

TCP Connection rejects Displays the number of TCP connections per application rejected due to management

VRF validation.

Make sure that the management VRF is configured before executing the show management-vrf command. If not, the system displays the following error message.

Error - Management VRF is not configured.

To clear the management VRF rejection statistics, enter the following command.

device(config)# clear management-vrf-stats

Syntax: clear management-vrf-stats

FastIron Ethernet Switch Administration Guide 27 53-1003625-01

Displaying management VRF information

28 FastIron Ethernet Switch Administration Guide

53-1003625-01

Basic Software Features

● Basic system parameter configuration............................................................................ 29

● Network Time Protocol Version 4 (NTPv4)..................................................................... 35

● Basic port parameter configuration................................................................................. 53

● CLI banner configuration.................................................................................................86

● Requiring users to press the Enter key after the message of the day banner................ 87

● Setting a privileged EXEC CLI level banner....................................................................88

● Displaying a console message when an incoming Telnet session is detected............... 88

Basic system parameter configuration

Brocade devices are configured at the factory with default parameters that allow you to begin using the basic features of the system immediately. However, many of the advanced features such as VLANs or routing protocols for the device must first be enabled at the system (global) level before they can be configured. If you use the Command Line Interface (CLI) to configure system parameters, you can find these system level parameters at the Global CONFIG level of the CLI.

NOTE

Before assigning or modifying any router parameters, you must assign the IP subnet (interface) addresses for each port.

NOTE

For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, refer to "IP Configuration" chapter in the FastIron Ethernet Switch Layer 3 Routing

Configuration Guide

NOTE

For information about the Syslog buffer and messages, refer to Basic system parameter configuration.

The procedures in this section describe how to configure the basic system parameters listed in Basic

Software Features on page 29.

Entering system administration information

You can configure a system name, contact, and location for a Brocade device and save the information locally in the configuration file for future reference. This information is not required for system operation but is suggested. When you configure a system name, the name replaces the default system name in the CLI command prompt.

The name, contact, and location each can be up to 255 alphanumeric characters.

FastIron Ethernet Switch Administration Guide 53-1003625-01

SNMP parameter configuration

Here is an example of how to configure a system name, system contact, and location.

device(config)# hostname zappa zappa(config)# snmp-server contact Support Services zappa(config)# snmp-server location Centerville zappa(config)# end zappa# write memory

Syntax:hostname string

Syntax: snmp-server contact string

Syntax: snmp-server location string

The text strings can contain blanks. The SNMP text strings do not require quotation marks when they contain blanks but the host name does.

NOTE

The chassis name command does not change the CLI prompt. Instead, the command assigns an administrative ID to the device.

SNMP parameter configuration

Use the procedures in this section to perform the following configuration tasks:

• Specify a Simple Network Management Protocol (SNMP) trap receiver.

• Specify a source address and community string for all traps sent by the device.

• Change the holddown time for SNMP traps

• Disable individual SNMP traps. (All traps are enabled by default.)

• Disable traps for CLI access that is authenticated by a local user account, a RADIUS server, or a TACACS/TACACS+ server.

NOTE

To add and modify "get" (read-only) and "set" (read-write) community strings, refer to "Security Access" chapter in the FastIron Ethernet Switch Security Configuration Guide .

Specifying an SNMP trap receiver

You can specify a trap receiver to ensure that all SNMP traps sent by the Brocade device go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network. When you specify the host, you also specify a community string. The Brocade device sends all the SNMP traps to the specified hosts and includes the specified community string. Administrators can therefore filter for traps from a Brocade device based on IP address or community string.

When you add a trap receiver, the software automatically encrypts the community string you associate with the receiver when the string is displayed by the CLI or Web Management Interface. If you want the software to show the community string in the clear, you must explicitly specify this when you add a trap receiver. In either case, the software does not encrypt the string in the SNMP traps sent to the receiver.

To specify the host to which the device sends all SNMP traps, use one of the following methods.

To add a trap receiver and encrypt the display of the community string, enter commands such as the following.

30 FastIron Ethernet Switch Administration Guide

53-1003625-01

+ 358 hidden pages

Brocade Communications Systems FastIron Administration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual