Cabletron Systems Switch User Manual

SmartSwitch Router

User Reference Manual

9032578-04

Notice

Cabletron Systems reserves the right to make changes in specifications and other information contained in this document without prior notice. The reader should in all cases consult Cabletron Systems to determine whether any such changes have been made.

The hardware, firmware, or software described in this manual is subject to change without notice.

IN NO EVENT SHALL CABLETRON SYSTEMS BE LIABLE FOR ANY INCIDENTAL, INDIRECT, SPECIAL, OR CONSEQUENTIAL DAMAGES WHATSOEVER (INCLUDING BUT NOT LIMITED TO LOST PROFITS) ARISING OUT OF OR RELATED TO THIS MANUAL OR THE INFORMATION CONTAINED IN IT, EVEN IF CABLETRON SYSTEMS HAS BEEN ADVISED OF, KNOWN, OR SHOULD HAVE KNOWN, THE POSSIBILITY OF SUCH DAMAGES.

Cabletron Systems, Inc. 35 Industrial Way Rochester, NH 03867-5005

Order Number: 9032578-04

LANVIEW is a registered trademark, and SmartSwitch is a trademark of Cabletron Systems, Inc.

CompuServe is a registered trademark of CompuServe, Inc.

i960 microprocessor is a registered trademark of Intel Corp.

Ethernet is a trademark of Xerox CorporationFCC Notice

This device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.

NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment uses, generates, and can radiate radio frequency energy and if not installed in accordance with the operator’s manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause interference in which case the user will be required to correct the interference at his own expense.

WARN IN G: Changes or modifications made to this device which are not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

2 SmartSwitch Router User Reference Manual

Notice

Industry Canada Notice

This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications.

Le présent appareil numérique n’émet pas de bruits radioélectriques dépassant les limites applicables aux appareils numériques de la class A prescrites dans le Règlement sur le brouillage radioélectrique édicté par le ministère des Communications du Canada.

NOTICE: The Industry Canada label identifies certified equipment. This certification means that the equipment meets telecommunications network protective, operational and safety requirements as prescribed in the appropriate Terminal Equipment Technical Requirements documents (s). The department does not guarantee the equipment will operate to the user’s satisfaction.

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to certified equipment should be coordinated by a representative designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas. Caution: Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.

NOTICE: The Ringer Equivalence Number (REN) assigned to each terminal device provides an indication of the maximum number of terminals allowed to be connected to a telephone interface. The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the ringer equivalence Numbers of all the devices does not exceed 5.

VCCI Notice

This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions.

SmartSwitch Router User Reference Manual 3

Notice

CABLETRON SYSTEMS, INC.

PROGRAM LICENSE AGREEMENT

IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE FOLLOWING

GEOGRAPHICAL REGIONS:

CANADA MEXICO CENTRAL AMERICA SOUTH AMERICA

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS (603) 332-9400. Attn: Legal Department.

1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron.

2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

3. APPLICABLE LAW. This License Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire. You accept the personal jurisdiction and venue of the New Hampshire courts.

4. EXPORT REQUIREMENTS. You understand that Cabletron and its Affiliates are subject to regulation by agencies of the U.S. Government, including the U.S. Department of Commerce, which prohibit export or diversion of certain technical products to certain countries, unless a license to export the product is obtained from the U.S. Government or an exception from obtaining such license may be relied upon by the exporting party.

If the Program is exported from the United States pursuant to the License Exception CIV under the U.S. Export Administration Regulations, You agree that You are a civil end user of the Program and agree that You will use the Program for civil end uses only and not for military purposes.

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in

4 SmartSwitch Router User Reference Manual

Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was

developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Cabletron and/or its suppliers. For Department of Defense units, the Product is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein.

Notice

6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing,

Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

CABLETRON DISCLAIMS ALL WARRANTIES, OTHER THAN THOSE SUPPLIED TO YOU BY CABLETRON IN WRITING, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PROGRAM, THE ACCOMPANYING WRITTEN MATERIALS, AND ANY ACCOMPANYING HARDWARE.

7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR

ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.

SmartSwitch Router User Reference Manual 5

Notice

CABLETRON SYSTEMS SALES AND SERVICE, INC.

PROGRAM LICENSE AGREEMENT

IMPORTANT: THIS LICENSE APPLIES FOR USE OF PRODUCT IN THE UNITED STATES OF

AMERICA AND BY UNITED STATES OF AMERICA GOVERNMENT END USERS.

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Sales and Service, Inc. (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS (603) 332-9400. Attn: Legal Department.

1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron.

2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

6 SmartSwitch Router User Reference Manual

Notice

Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was

6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing,

Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON

OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS, PROFITS, BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR RELIANCE DAMAGES, OR OTHER LOSS) ARISING OUT OF THE USE OR INABILITY TO USE THIS CABLETRON PRODUCT, EVEN IF CABLETRON HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR IN THE DURATION OR LIMITATION OF IMPLIED WARRANTIES IN SOME INSTANCES, THE ABOVE LIMITATION AND EXCLUSIONS MAY NOT APPLY TO YOU.

SmartSwitch Router User Reference Manual 7

Notice

CABLETRON SYSTEMS LIMITED

PROGRAM LICENSE AGREEMENT

IMPORTANT: THIS LICENSE APPLIES FOR THE USE OF THE PRODUCT IN THE

FOLLOWING GEOGRAPHICAL REGIONS:

EUROPE MIDDLE EAST AFRICA ASIA AUSTRALIA PACIFIC RIM

BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT.

This document is an agreement (“Agreement”) between You, the end user, and Cabletron Systems Limited (“Cabletron”) that sets forth your rights and obligations with respect to the Cabletron software program (“Program”) in the package. The Program may be contained in firmware, chips or other media. UTILIZING THE ENCLOSED PRODUCT, YOU ARE AGREEING TO BECOME BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, RETURN THE UNOPENED PRODUCT TO CABLETRON OR YOUR DEALER, IF ANY, WITHIN TEN (10) DAYS FOLLOWING THE DATE OF RECEIPT FOR A FULL REFUND.

IF YOU HAVE ANY QUESTIONS ABOUT THIS AGREEMENT, CONTACT CABLETRON SYSTEMS (603) 332-9400. Attn: Legal Department.

1. LICENSE. You have the right to use only the one (1) copy of the Program provided in this package subject to the terms and conditions of this License Agreement.

You may not copy, reproduce or transmit any part of the Program except as permitted by the Copyright Act of the United States or as authorized in writing by Cabletron.

2. OTHER RESTRICTIONS. You may not reverse engineer, decompile, or disassemble the Program.

3. APPLICABLE LAW. This License Agreement shall be governed in accordance with English law. The English courts shall have exclusive jurisdiction in the event of any disputes.

8 SmartSwitch Router User Reference Manual

If the Program is exported from the United States pursuant to the License Exception TSR under the U.S. Export Administration Regulations, in addition to the restriction on transfer set forth in Sections 1 or 2 of this Agreement, You agree not to (i) reexport or release the Program, the source code for the Program or technology to a national of a country in Country Groups D:1 or E:2 (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Iraq, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Moldova, North Korea, the People’s Republic of China, Romania, Russia, Rwanda, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, Vietnam, or such other countries as may be designated by the United States Government), (ii) export to Country Groups D:1 or E:2 (as defined herein) the direct product of the Program or the technology, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List, or (iii) if the direct product of the technology is a complete plant o r any major component of a plant, export to Country Groups D:1 or E:2 the direct product of the plant or a major component thereof, if such foreign produced direct product is subject to national security controls as identified on the U.S. Commerce Control List or is subject to State Department controls under the U.S. Munitions List.

5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was

Notice

6. EXCLUSION OF WARRANTY. Except as may be specifically provided by Cabletron in writing,

Cabletron makes no warranty, expressed or implied, concerning the Program (including its documentation and media).

7. NO LIABILITY FOR CONSEQUENTIAL DAMAGES. IN NO EVENT SHALL CABLETRON OR

SmartSwitch Router User Reference Manual 9

Notice

SAFETY INFORMATION

CLASS 1 LASER TRANSCEIVERS

The SSR-HFX11-08 100Base-FX Module, SSR-GSX11-02 1000Base-LX Module, SSR-GLX19-02 1000Base-LX Module, SSR-HFX29-08 100Base-FX SMF Module, SSR-GLX70-01 1000Base-LLX module, SSR-2-SX 1000Base-SX Module, SSR-2-LX 1000Base-LX Module, SSR-2-LX70 1000Base-LX Module, and SSR-2-GSX system use Class 1 Laser transceivers. Read the following safety information before installing or operating these modules.

The Class 1 laser transceivers use an optical feedback loop to maintain Class 1 operation limits. This control loop eliminates the need for maintenance checks or adjustments. The output is factory set, and does not allow any user adjustment. Class 1 Laser transceivers comply with the following safety standards:

• 21 CFR 1040.10 and 1040.11 U.S. Department of Health and Human Services (FDA).

• IEC Publication 825 (International Electrotechnical Commission).

• CENELEC EN 60825 (European Committee for Electrotechnical Standardization).

When operating within their performance limitations, laser transceiver output meets the Class 1 accessible emission limit of all three standards. Class 1 levels of laser radiation are not considered hazardous.

SAFETY INFORMATION

CLASS 1 LASER TRANSCEIVERS

Laser Radiation and Connectors

When the connector is in place, all laser radiation remains within the fiber. The maximum amount of radiant power exiting the fiber (under normal conditions) is -12.6 dBm or 55 x 10

Removing the optical connector from the transceiver allows laser radiation to emit directly from the optical port. The maximum radiance from the optical port (under worst case conditions) is

0.8 W cm

Do not use optical instruments to view the laser output. The use of optical instruments to view laser output increases eye hazard. When viewing the output optical port, power must be removed from the network adapter.

-2

or 8 x 103 W m2 sr-1.

-6

watts.

10 SmartSwitch Router User Reference Manual

DECLARATION OF CONFORMITY

ADDENDUM

Application of Council Directive(s): 89/336/EEC

Manufacturer’s Name: Cabletron Systems, Inc.

Manufacturer’s Address: 35 Industrial Way

European Representative Name: Mr. J. Solari

European Representative Address: Cabletron Systems Limited

Conformance to Directive(s)/Product Standards:

Equipment Type/Environment: Networking Equipment, for

Notice

73/23/EEC

PO Box 5005 Rochester, NH 03867

Nexus House, Newbury Business Park London Road, Newbury Berkshire RG13 2PZ, England

EC Directive 89/336/EEC EC Directive 73/23/EEC EN 55022 EN 50082-1 EN 60950

use in a Commercial or Light Industrial Environment.

We the undersigned, hereby declare, under our sole responsibility, that the equipment packaged with this notice conforms _to the above directives.

Manufacturer Legal Representative in Europe Mr. Ronald Fotino Mr. J. Solari

Full Name Full Name

Principal Compliance Engineer Managing Director - E.M.E.A. Title Title

Rochester, NH, USA Newbury, Berkshire, England Location Location

SmartSwitch Router User Reference Manual 11

Notice

12 SmartSwitch Router User Reference Manual

Preface..................................................................................................... 25

About This Manual ................................................................................................................25

Who Should Read This Manual? .........................................................................................25

How to Use This Manual ......................................................................................................25

Related Documentation.........................................................................................................27

Chapter 1: SSR Product Overview ......................................................... 29

Supported Media (Encapsulation Type).............................................................................31

Supported Routing Protocols ...............................................................................................31

Configuring the SmartSwitch Router..................................................................................32

Understanding the Command Line Interface.............................................................32

Basic Line Editing Commands......................................................................................33

Access Modes ..................................................................................................................33

User Mode........................................................................................................................34

Enable Mode ....................................................................................................................35

Configure Mode ..............................................................................................................37

Boot PROM Mode ...........................................................................................................38

Disabling a Function or Feature....................................................................................39

Loading System Images and Configuration Files .............................................................39

Boot and System Image..................................................................................................39

Configuration Files .........................................................................................................39

Loading System Image Software ..................................................................................40

Loading Boot PROM Software......................................................................................41

Activating the Configuration Commands in the Scratchpad ...................................41

Copying the Configuration to the Startup Configuration File.................................42

Displaying Configuration Changes..............................................................................43

Managing the SSR ..................................................................................................................43

Setting the SSR Name.....................................................................................................44

Setting SSR Date and Time ............................................................................................44

Configuring NTP ............................................................................................................44

Configuring the SSR CLI................................................................................................45

Configuring SNMP Services..........................................................................................45

Configuring DNS ............................................................................................................45

Connecting Between the SSR and Other Systems ......................................................46

Configuring Logging......................................................................................................46

Monitoring Configuration ....................................................................................................47

SmartSwitch Router User Reference Manual 13

Contents

Chapter 2: Hot Swapping Line Cards and Control Modules ................ 49

Hot Swapping Overview...................................................................................................... 49

Hot Swapping Line Cards.................................................................................................... 49

Deactivating the Line Card........................................................................................... 50

Removing the Line Card ............................................................................................... 50

Installing a New Line Card ................................................................................... 51

Hot Swapping One Type of Line Card With Another.............................................. 51

Hot Swapping a Secondary Control Module .................................................................... 51

Deactivating the Control Module ................................................................................ 52

Removing the Control Module .................................................................................... 52

Installing the Control Module...................................................................................... 53

Hot Swapping a Switching Fabric Module (SSR 8600 only)........................................... 53

Chapter 3: Bridging Configuration Guide .............................................55

Bridging Overview................................................................................................................ 55

Spanning Tree (IEEE 802.1d) ........................................................................................ 55

Bridging Modes (Flow-Based and Address-Based) .................................................. 56

VLAN Overview.................................................................................................................... 56

Port-based VLANs .................................................................................................. 57

MAC-address-based VLANs................................................................................. 57

Protocol-based VLANs........................................................................................... 57

Subnet-based VLANs ............................................................................................. 57

Multicast-based VLANs......................................................................................... 58

Policy-based VLANs .............................................................................................. 58

SSR VLAN Support........................................................................................................ 58

VLANs and the SSR................................................................................................ 58

Ports, VLANs, and L3 Interfaces .......................................................................... 59

Access Ports and Trunk Ports (802.1Q support)................................................. 59

Explicit and Implicit VLANs ................................................................................. 60

Configuring SSR Bridging Functions ................................................................................. 60

Configuring Address-based or Flow-based Bridging............................................... 60

Configuring Spanning Tree .......................................................................................... 61

Adjusting Spanning-Tree Parameters ......................................................................... 62

Setting the Bridge Priority ..................................................................................... 62

Setting a Port Priority ............................................................................................. 63

Assigning Port Costs .............................................................................................. 63

Adjusting Bridge Protocol Data Unit (BPDU) Intervals.................................... 63

Adjusting the Interval between Hello Times............................................... 64

Defining the Forward Delay Interval............................................................ 64

Defining the Maximum Age .......................................................................... 64

Configuring a Port or Protocol based VLAN............................................................. 65

Creating a Port or Protocol Based VLAN ............................................................ 65

Adding Ports to a VLAN ....................................................................................... 65

Configuring VLAN Trunk Ports.................................................................................. 65

Configuring VLANs for Bridging................................................................................ 65

Configuring Layer-2 Filters .......................................................................................... 66

Monitoring Bridging .............................................................................................................66

Configuration Examples....................................................................................................... 67

Creating an IP or IPX VLAN ........................................................................................ 67

14 SmartSwitch Router User Reference Manual

Contents

Creating a non-IP/non-IPX VLAN ..............................................................................67

Chapter 4: SmartTRUNK Configuration Guide...................................... 69

Overview .................................................................................................................................69

Configuring SmartTRUNKs .................................................................................................70

Creating a SmartTRUNK ...............................................................................................70

Add Physical Ports to the SmartTRUNK ....................................................................70

Specify Traffic Distribution Policy (Optional) ............................................................71

Monitoring SmartTRUNKs...................................................................................................71

Example Configurations .......................................................................................................72

Chapter 5: DHCP Configuration Guide.................................................. 75

DHCP Overview ....................................................................................................................75

Configuring DHCP ................................................................................................................76

Configuring an IP Address Pool...................................................................................76

Configuring Client Parameters .....................................................................................76

Configuring a Static IP Address ...................................................................................77

Grouping Scopes with a Common Interface...............................................................77

Configuring DHCP Server Parameters........................................................................78

Updating the Lease Database ...............................................................................................78

Monitoring the DHCP Server...............................................................................................78

DHCP Configuration Examples...........................................................................................79

Configuring Secondary Subnets ...................................................................................80

Secondary Subnets and Directly-Connected Clients .................................................81

Interacting with Relay Agents.......................................................................................82

Chapter 6: IP Routing Configuration Guide.......................................... 85

IP Routing Overview .............................................................................................................85

IP Routing Protocols .......................................................................................................86

Unicast Routing Protocols ......................................................................................86

Multicast Routing Protocols ...................................................................................86

Configuring IP Interfaces and Parameters .........................................................................87

Configuring IP Addresses to Ports...............................................................................87

Configuring IP Interfaces for a VLAN.........................................................................87

Specifying Ethernet Encapsulation Method................................................................87

Configuring Address Resolution Protocol (ARP) ......................................................88

Configuring ARP Cache Entries ............................................................................88

Configuring Proxy ARP..........................................................................................88

Configuring Reverse Address Resolution Protocol (RARP) ....................................89

Specifying IP Interfaces for RARP.........................................................................89

Defining MAC-to-IP Address Mappings .............................................................89

Monitoring RARP ....................................................................................................90

Configuring DNS Parameters .......................................................................................90

Configuring IP Services (ICMP) ...................................................................................90

Configuring IP Helper....................................................................................................91

Configuring Direct Broadcast .......................................................................................91

Configuring Denial of Service (DOS)...........................................................................91

SmartSwitch Router User Reference Manual 15

Contents

Monitoring IP Parameters............................................................................................. 92

Configuring Router Discovery ............................................................................................ 92

Configuration Examples....................................................................................................... 93

Assigning IP/IPX Interfaces ......................................................................................... 93

Chapter 7: VRRP Configuration Guide................................................... 95

VRRP Overview..................................................................................................................... 95

Configuring VRRP ................................................................................................................95

Basic VRRP Configuration............................................................................................ 96

Configuration of Router R1 ................................................................................... 96

Configuration for Router R2.................................................................................. 97

Symmetrical Configuration .......................................................................................... 97

Configuration of Router R1 ................................................................................... 98

Configuration of Router R2 ................................................................................... 99

Multi-Backup Configuration ........................................................................................ 99

Configuration of Router R1 ................................................................................. 101

Configuration of Router R2 ................................................................................. 102

Configuration of Router R3 ................................................................................. 103

Additional Configuration ........................................................................................... 103

Setting the Backup Priority.................................................................................. 104

Setting the Advertisement Interval .................................................................... 104

Setting Pre-empt Mode ........................................................................................ 104

Setting an Authentication Key ............................................................................ 105

Monitoring VRRP ................................................................................................................ 105

ip-redundancy trace..................................................................................................... 105

ip-redundancy show .................................................................................................... 106

VRRP Configuration Notes................................................................................................ 106

Chapter 8: RIP Configuration Guide.....................................................109

RIP Overview....................................................................................................................... 109

Configuring RIP................................................................................................................... 109

Enabling and Disabling RIP........................................................................................ 110

Configuring RIP Interfaces ......................................................................................... 110

Configuring RIP Parameters....................................................................................... 110

Configuring RIP Route Preference ............................................................................ 112

Configuring RIP Route Default-Metric ..................................................................... 112

Monitoring RIP .................................................................................................................... 112

Configuration Example ...................................................................................................... 113

Chapter 9: OSPF Configuration Guide ................................................. 115

OSPF Overview ................................................................................................................... 115

OSPF Multipath ............................................................................................................ 116

Configuring OSPF ............................................................................................................... 116

Enabling OSPF.............................................................................................................. 116

Configuring OSPF Interface Parameters................................................................... 117

Configuring an OSPF Area ......................................................................................... 118

Configuring OSPF Area Parameters ......................................................................... 119

Creating Virtual Links ................................................................................................. 119

Configuring Autonomous System External (ASE) Link Advertisements ........... 120

16 SmartSwitch Router User Reference Manual

Contents

Configuring OSPF over Non-Broadcast Multiple Access .......................................120

Monitoring OSPF..................................................................................................................121

OSPF Configuration Examples...........................................................................................122

Exporting All Interface & Static Routes to OSPF .......................................123

Exporting All RIP, Interface & Static Routes to OSPF...............................123

Chapter 10: BGP Configuration Guide................................................. 127

BGP Overview ......................................................................................................................127

The SSR BGP Implementation.....................................................................................128

Basic BGP Tasks....................................................................................................................128

Setting the Autonomous System Number ................................................................129

Setting the Router ID ....................................................................................................129

Configuring a BGP Peer Group ..................................................................................129

Adding and Removing a BGP Peer............................................................................131

Starting BGP...................................................................................................................131

Using AS-Path Regular Expressions ..........................................................................131

AS-Path Regular Expression Examples ..............................................................133

Using the AS Path Prepend Feature...........................................................................133

Notes on Using the AS Path Prepend Feature...................................................134

BGP Configuration Examples ............................................................................................134

BGP Peering Session Example ....................................................................................135

IBGP Configuration Example......................................................................................137

IBGP Routing Group Example.............................................................................138

IBGP Internal Group Example.............................................................................141

EBGP Multihop Configuration Example...................................................................144

Community Attribute Example ..................................................................................147

Notes on Using Communities..............................................................................154

Local_Pref Attribute Example.....................................................................................154

Notes on Using the Local_Pref Attribute ...........................................................156

Multi-Exit Discriminator Attribute Example ............................................................156

EBGP Aggregation Example .......................................................................................158

Route Reflection Example............................................................................................159

Notes on Using Route Reflection.........................................................................162

Chapter 11: Routing Policy Configuration Guide ............................... 163

Route Import and Export Policy Overview......................................................................163

Preference.......................................................................................................................164

Import Policies...............................................................................................................165

Import-Source.........................................................................................................165

Route-Filter .............................................................................................................166

Export Policies ...............................................................................................................166

Export-Destination ................................................................................................166

Export-Source .........................................................................................................166

Route-Filter .............................................................................................................167

Specifying a Route Filter ..............................................................................................167

Aggregates and Generates...........................................................................................168

Aggregate-Destination ..........................................................................................169

Aggregate-Source ..................................................................................................169

Route-Filter .............................................................................................................170

SmartSwitch Router User Reference Manual 17

Contents

Authentication .............................................................................................................. 170

Authentication Methods ...................................................................................... 170

Authentication Keys and Key Management..................................................... 171

Configuring Simple Routing Policies ............................................................................... 171

Redistributing Static Routes ....................................................................................... 172

Redistributing Directly Attached Networks ............................................................ 172

Redistributing RIP into RIP ........................................................................................ 173

Redistributing RIP into OSPF..................................................................................... 173

Redistributing OSPF to RIP ........................................................................................ 173

Redistributing Aggregate Routes .............................................................................. 173

Simple Route Redistribution Examples .................................................................... 174

Example 1: Redistribution into RIP.................................................................... 174

Exporting a Given Static Route to All RIP Interfaces ............................... 175

Exporting All Static Routes to All RIP Interfaces...................................... 175

Exporting All Static Routes Except the Default Route to All RIP Interfaces

175

Example 2: Redistribution into OSPF................................................................. 175

Exporting All Interface & Static Routes to OSPF ...................................... 176

Exporting All RIP, Interface & Static Routes to OSPF .............................. 176

Configuring Advanced Routing Policies ......................................................................... 177

Export Policies .............................................................................................................. 177

Creating an Export Destination.................................................................................. 179

Creating an Export Source .......................................................................................... 179

Import Policies.............................................................................................................. 179

Creating an Import Source.......................................................................................... 180

Creating a Route Filter ................................................................................................ 180

Creating an Aggregate Route..................................................................................... 180

Creating an Aggregate Destination........................................................................... 182

Creating an Aggregate Source.................................................................................... 182

Examples of Import Policies ....................................................................................... 182

Example 1: Importing from RIP.......................................................................... 182

Importing a Selected Subset of Routes from One RIP Trusted Gateway ....

184

Importing a Selected Subset of Routes from All RIP Peers Accessible Over

a Certain Interface .................................................................................. 185

Example 2: Importing from OSPF ...................................................................... 185

Importing a Selected Subset of OSPF-ASE Routes ................................... 188

Examples of Export Policies ....................................................................................... 189

Example 1: Exporting to RIP ............................................................................... 189

Exporting a Given Static Route to All RIP Interfaces ............................... 190

Exporting a Given Static Route to a Specific RIP Interface...................... 191

Exporting All Static Routes Reachable Over a Given Interface to a Specific

RIP-Interface............................................................................................ 192

Exporting Aggregate-Routes into RIP ........................................................ 192

Example 2: Exporting to OSPF............................................................................ 194

Exporting All Interface & Static Routes to OSPF ...................................... 195

Exporting All RIP, Interface & Static Routes to OSPF .............................. 196

Chapter 12: Multicast Routing Configuration Guide.......................... 199

IP Multicast Overview ........................................................................................................ 199

18 SmartSwitch Router User Reference Manual

Contents

IGMP Overview ............................................................................................................199

DVMRP Overview ........................................................................................................200

Configuring IGMP ...............................................................................................................201

Configuring IGMP on an IP Interface ........................................................................201

Configuring IGMP Query Interval .............................................................................201

Configuring IGMP Response Wait Time...................................................................201

Configuring Per-Interface Control of IGMP Membership......................................202

Configuring DVMRP ...........................................................................................................202

Starting and Stopping DVMRP...................................................................................202

Configuring DVMRP on an Interface ........................................................................203

Configuring DVMRP Parameters...............................................................................203

Configuring the DVMRP Routing Metric .................................................................203

Configuring DVMRP TTL & Scope ............................................................................204

Configuring a DVMRP Tunnel ...................................................................................204

Monitoring IGMP & DVMRP.............................................................................................205

Configuration Examples .....................................................................................................206

Chapter 13: IP Policy-Based Forwarding Configuration Guide.......... 209

Overview ...............................................................................................................................209

Configuring IP Policies........................................................................................................210

Defining an ACL Profile ..............................................................................................210

Associating the Profile with an IP Policy ..................................................................210

Creating Multi-statement IP Policies ..................................................................211

Setting Load Distribution for Next-hop Gateways...........................................212

Setting the IP Policy Action..................................................................................212

Checking the Availability of Next-hop Gateways ............................................213

Applying an IP Policy to an Interface ........................................................................213

Applying an IP Policy to Locally Generated Packets .......................................214

IP Policy Configuration Examples.....................................................................................214

Routing Traffic to Different ISPs.................................................................................214

Prioritizing Service to Customers...............................................................................216

Authenticating Users through a Firewall..................................................................217

Firewall Load Balancing ..............................................................................................218

Monitoring IP Policies .........................................................................................................219

Chapter 14: Network Address Translation Configuration Guide...... 223

Overview ...............................................................................................................................223

Configuring NAT .................................................................................................................224

Setting Inside and Outside Interfaces ........................................................................224

Setting NAT Rules ........................................................................................................225

Static.........................................................................................................................225

Dynamic ..................................................................................................................225

Managing Dynamic Bindings.............................................................................................225

NAT and FTP........................................................................................................................226

Monitoring NAT...................................................................................................................226

Configuration Examples .....................................................................................................226

Static Configuration......................................................................................................226

Using Static NAT ...................................................................................................227

Dynamic Configuration ...............................................................................................228

SmartSwitch Router User Reference Manual 19

Contents

Using Dynamic NAT............................................................................................ 228

Dynamic NAT with IP Overload (PAT) Configuration ......................................... 229

Using Dynamic NAT with IP Overload ............................................................ 230

Dynamic NAT with Outside Interface Redundancy .............................................. 230

Using Dynamic NAT with Matching Interface Redundancy......................... 231

Chapter 15: Web Hosting Configuration Guide..................................233

Overview .............................................................................................................................. 233

Load Balancing .................................................................................................................... 234

Configuring Load Balancing ...................................................................................... 234

Creating the Server Group................................................................................... 234

Specifying Load Balancing Policy (Optional) ................................................... 234

Adding Servers to the Load Balancing Group.................................................. 235

Setting Server Status .................................................................................................... 235

Load Balancing and FTP ............................................................................................. 236

Allowing Access to Load Balancing Servers............................................................ 236

Setting Timeouts for Load Balancing Mappings ..................................................... 236

Displaying Load Balancing Information .................................................................. 237

Configuration Examples ............................................................................................. 237

Web Hosting with One Virtual Group and Multiple Destination Servers... 237 Web Hosting with Multiple Virtual Groups and Multiple Destination Servers

238

Virtual IP Address Ranges .................................................................................. 239

Web Caching ........................................................................................................................ 240

Configuring Web Caching .......................................................................................... 240

Creating the Cache Group ................................................................................... 241

Specifying the Client(s) for the Cache Group (Optional)................................ 241

Redirecting HTTP Traffic on an Interface ......................................................... 241

Configuration Example ............................................................................................... 242

Other Configurations................................................................................................... 242

Bypassing Cache Servers ..................................................................................... 242

Proxy Server Redundancy ................................................................................... 243

Distributing Frequently-Accessed Sites Across Cache Servers...................... 243

Monitoring Web-Caching ........................................................................................... 243

Chapter 16: IPX Routing Configuration Guide .................................... 245

IPX Routing Overview........................................................................................................ 245

RIP (Routing Information Protocol) .......................................................................... 245

SAP (Service Advertising Protocol)........................................................................... 246

Configuring IPX RIP & SAP .............................................................................................. 247

IPX RIP........................................................................................................................... 247

IPX SAP.......................................................................................................................... 247

Creating IPX Interfaces................................................................................................ 247

IPX Addresses............................................................................................................... 247

Configuring IPX Interfaces and Parameters.................................................................... 248

Configuring IPX Addresses to Ports ......................................................................... 248

Configuring IPX Interfaces for a VLAN ................................................................... 248

Specifying IPX Encapsulation Method ..................................................................... 248

Configuring IPX Routing ................................................................................................... 249

20 SmartSwitch Router User Reference Manual

Contents

Enabling IPX RIP...........................................................................................................249

Enabling SAP.................................................................................................................249

Configuring Static Routes............................................................................................249

Configuring Static SAP Table Entries ........................................................................250

Controlling Access to IPX Networks..........................................................................250

Creating an IPX Access Control List ...................................................................250

Creating an IPX Type 20 Access Control List ....................................................251

Creating an IPX SAP Access Control List ..........................................................251

Creating an IPX GNS Access Control List..........................................................251

Creating an IPX RIP Access Control List............................................................252

Monitoring an IPX Network...............................................................................................252

Configuration Examples .....................................................................................................252

Chapter 17: Access Control List Configuration Guide ........................ 255

ACL Basics ............................................................................................................................256

Defining Selection Criteria in ACL Rules..................................................................256

How ACL Rules are Evaluated...................................................................................257

Implicit Deny Rule........................................................................................................258

Allowing External Responses to Established TCP Connections............................259

Creating and Modifying ACLs...........................................................................................260

Editing ACLs Offline ....................................................................................................260

Maintaining ACLs Using the ACL Editor.................................................................261

Using ACLs ...........................................................................................................................262

Applying ACLs to Interfaces.......................................................................................262

Applying ACLs to Services .........................................................................................263

Using ACLs as Profiles.................................................................................................263

Using Profile ACLs with the IP Policy Facility .................................................264

Using Profile ACLs with the Traffic Rate Limiting Facility ............................265

Using Profile ACLs with Dynamic NAT............................................................266

Using Profile ACLs with the Port Mirroring Facility .......................................266

Using Profile ACLs with the Web Caching Facility .........................................267

Redirecting HTTP Traffic to Cache Servers................................................267

Preventing Web Objects From Being Cached.............................................268

Enabling ACL Logging........................................................................................................268

Monitoring ACLs .................................................................................................................269

Chapter 18: Security Configuration Guide.......................................... 271

Security Overview................................................................................................................271

Configuring SSR Access Security.......................................................................................272

Configuring RADIUS ...................................................................................................272

Monitoring RADIUS..............................................................................................273

Configuring TACACS ..................................................................................................273

Monitoring TACACS.............................................................................................273

Configuring TACACS Plus..........................................................................................274

Monitoring TACACS Plus....................................................................................274

Configuring Passwords................................................................................................275

Layer-2 Security Filters........................................................................................................275

Configuring Layer-2 Address Filters .........................................................................276

Configuring Layer-2 Port-to-Address Lock Filters ..................................................276

SmartSwitch Router User Reference Manual 21

Contents

Configuring Layer-2 Static Entry Filters ................................................................... 277

Configuring Layer-2 Secure Port Filters ................................................................... 277

Monitoring Layer-2 Security Filters .......................................................................... 278

Layer-2 Filter Examples............................................................................................... 279

Example 1: Address Filters .................................................................................. 279

Static Entries Example................................................................................... 279

Port-to-Address Lock Examples.................................................................. 280

Example 2 : Secure Ports ...................................................................................... 280

Layer-3 Access Control Lists (ACLs)................................................................................ 281

................................................................................................................................................ 281

Chapter 19: QoS Configuration Guide................................................. 283

QoS & Layer-2/Layer-3/Layer-4 Flow Overview.......................................................... 283

Layer-2 and Layer-3 & Layer-4 Flow Specification................................................. 284

Precedence for Layer-3 Flows .................................................................................... 284

SSR Queuing Policies................................................................................................... 285

Traffic Prioritization for Layer-2 Flows............................................................................ 285

Configuring Layer-2 QoS ............................................................................................ 285

Traffic Prioritization for Layer-3 & Layer-4 Flows......................................................... 286

Configuring IP QoS Policies ....................................................................................... 286

Setting an IP QoS Policy....................................................................................... 287

Specifying Precedence for an IP QoS Policy ..................................................... 287

Configuring IPX QoS Policies..................................................................................... 287

Setting an IPX QoS Policy .................................................................................... 287

Specifying Precedence for an IPX QoS Policy................................................... 288

Configuring SSR Queueing Policy.................................................................................... 288

Allocating Bandwidth for a Weighted-Fair Queuing Policy ................................. 288

ToS Rewrite .......................................................................................................................... 288

Configuring ToS Rewrite for IP Packets................................................................... 289

Monitoring QoS ................................................................................................................... 291

Limiting Traffic Rate ........................................................................................................... 291

Example Configuration ............................................................................................... 292

Displaying Rate Limit Information ........................................................................... 293

Chapter 20: Performance Monitoring Guide.......................................295

Performance Monitoring Overview ................................................................................. 295

Configuring the SSR for Port Mirroring........................................................................... 297

Monitoring Broadcast Traffic............................................................................................. 297

Chapter 21: RMON Configuration Guide.............................................299

RMON Overview ................................................................................................................ 299

Configuring and Enabling RMON.................................................................................... 299

Example of RMON Configuration Commands ....................................................... 300

RMON Groups ............................................................................................................. 301

Lite RMON Groups .............................................................................................. 301

Standard RMON Groups ..................................................................................... 302

Professional RMON Groups................................................................................ 302

22 SmartSwitch Router User Reference Manual

Contents

Control Tables ...............................................................................................................303

Using RMON ........................................................................................................................304

Configuring RMON Groups...............................................................................................305

Configuration Examples ..............................................................................................307

Displaying RMON Information .........................................................................................308

RMON CLI Filters.........................................................................................................309

Creating RMON CLI Filters .................................................................................311

Using RMON CLI Filters ......................................................................................311

Troubleshooting RMON .....................................................................................................311

Allocating Memory to RMON............................................................................................313

Chapter 22: WAN Configuration Guide............................................... 315

WAN Overview....................................................................................................................315

High-Speed Serial Interface (HSSI) and Standard Serial Interfaces......................315

Configuring WAN Interfaces ......................................................................................316

Primary and Secondary Addresses ............................................................................316

Static, Mapped, and Dynamic Peer IP/IPX Addresses...........................................316

Static Addresses .....................................................................................................316

Mapped Addresses................................................................................................317

Dynamic Addresses...............................................................................................317

Forcing Bridged Encapsulation...................................................................................318

Packet Compression .....................................................................................................318

Average Packet Size ..............................................................................................319

Nature of the Data .................................................................................................319

Link Integrity..........................................................................................................319

Latency Requirements...........................................................................................319

Example Configurations .......................................................................................319

Packet Encryption .........................................................................................................320

WAN Quality of Service ..............................................................................................320

Source Filtering and ACLs ...................................................................................321

Weighted-Fair Queueing ......................................................................................321

Congestion Management ......................................................................................321

Random Early Discard (RED) .......................................................................321

Adaptive Shaping ...........................................................................................322

Frame Relay Overview ........................................................................................................322

Virtual Circuits ..............................................................................................................322

Permanent Virtual Circuits (PVCs).....................................................................323

Configuring Frame Relay Interfaces for the SSR .............................................................323

Defining the Type and Location of a Frame Relay and VC Interface ...................323

Setting up a Frame Relay Service Profile...................................................................324

Applying a Service Profile to an Active Frame Relay WAN Port .........................324

Monitoring Frame Relay WAN Ports................................................................................325

Frame Relay Port Configuration ........................................................................................325

Point-to-Point Protocol (PPP) Overview ..........................................................................327

Use of LCP Magic Numbers ........................................................................................327

Configuring PPP Interfaces ................................................................................................327

Defining the Type and Location of a PPP Interface .................................................328

Setting up a PPP Service Profile..................................................................................328

Applying a Service Profile to an Active PPP Port....................................................329

Configuring Multilink PPP Bundles ..........................................................................329

SmartSwitch Router User Reference Manual 23

Contents

Compression on MLP Bundles or Links............................................................ 329

Monitoring PPP WAN Ports.............................................................................................. 330

PPP Port Configuration ...................................................................................................... 330

WAN Configuration Examples ......................................................................................... 332

Simple Configuration File ........................................................................................... 332

Multi-Router WAN Configuration............................................................................ 333

Router R1 Configuration File .............................................................................. 334

Router R2 Configuration File .............................................................................. 334

Router R3 Configuration File .............................................................................. 335

Router R4 Configuration File .............................................................................. 335

Router R5 Configuration File .............................................................................. 336

Router R6 Configuration File .............................................................................. 336

24 SmartSwitch Router User Reference Manual

About This Manual

This manual provides detailed information and procedures for configuring the SmartSwitch Router (SSR) software. If you have not yet installed the SSR, use the instructions in the SmartSwitch Router Getting Started Guide to install the chassis and perform basic setup tasks, then return to this manual for more detailed configuration information.

Who Should Read This Manual?

Read this manual if you are a network administrator responsible for configuring and monitoring the SSR.

How to Use This Manual

Preface

If You Want To See

Read overview information Chapter 1, “SSR Product Overview” on

page 29

Hot swap line cards and Control Modules Chapter 2, “Hot Swapping Line Cards

and Control Modules” on page 49

Configure bridging Chapter 3, “Bridging Configuration

Guide” on page 55

Configure SmartTRUNKs Chapter 4, “SmartTRUNK Configuration

Guide” on page 69

Configure Dynamic Host Configuration Protocol server

Configure IP interfaces and global routing parameters

SmartSwitch Router User Reference Manual 25

Chapter 5, “DHCP Configuration Guide” on page 75

Chapter 6, “IP Routing Configuration Guide” on page 85

Preface

If You Want To See

Configure VRRP Chapter 7, “VRRP Configuration Guide”

on page 95

Configure RIP routing Chapter 8, “RIP Configuration Guide” on

page 109

Configure OSPF routing Chapter 9, “OSPF Configuration Guide”

on page 115

Configure BGP routing Chapter 10, “BGP Configuration Guide”

on page 127

Configure routing policies Chapter 11, “Routing Policy

Configuration Guide” on page 163

Configure IP multicast routing Chapter 12, “Multicast Routing

Configuration Guide” on page 199

Configure IP policy-based forwarding Chapter 13, “IP Policy-Based Forwarding

Configuration Guide” on page 209

Configure Network Address Translation Chapter 14, “Network Address

Translation Configuration Guide” on page 223

Configure web hosting Chapter 15, “Web Hosting Configuration

Guide” on page 233

Configure IPX routing Chapter 16, “IPX Routing Configuration

Guide” on page 245

Configure Access Control Lists Chapter 17, “Access Control List

Configuration Guide” on page 255

Configure security Chapter 18, “Security Configuration

Guide” on page 271

Configure QoS (Quality of Service) parameters

Chapter 19, “QoS Configuration Guide” on page 283

Monitor performance Chapter 20, “Performance Monitoring

Guide” on page 295

Configure RMON Chapter 21, “RMON Configuration

Guide” on page 299

Configure WAN Chapter 22, “WAN Configuration Guide”

on page 315

26 SmartSwitch Router User Reference Manual

Supported Media (Encapsulation Type)

The SSR supports the following industry-standard networking media:

• IP: IEEE 802.3 SNAP and Ethernet Type II

• IPX: IEEE 802.3 SNAP, Ethernet Type II, IPX 802.3, 802.2

• 802.1Q VLAN Encapsulation

Supported Routing Protocols

The SSR supports many routing protocols based on open standards. The SSR can receive and forward packets concurrently from any combination of the following:

• Interior gateway protocols:

– Open Shortest Path First (OSPF) Version 2

SmartSwitch Router User Reference Manual 31

Chapter 1: SSR Product Overview

– Routing Information Protocol (RIP) Version 1, 2

Chapter 6, “IP Routing Configuration Guide” on page 85 describes these protocols in

detail.

• Exterior gateway protocol:

– Border Gateway Protocol (BGP) Version 2,3,4

Chapter 10, “BGP Configuration Guide” on page 127 describes this protocol in detail.

• Novell IPX routing protocols:

– Routing Information Protocol (RIP)

– Service Advertising Protocol (SAP)

Chapter 16, “IPX Routing Configuration Guide” on page 245 describes these protocols

in detail.

Configuring the SmartSwitch Router

The SSR provides a command line interface (CLI) that allows you to configure and manage the SSR. The CLI has several command modes, each of which provides a group of related commands that you can use to configure the SSR and display its status. Some commands are available to all users; others can be executed only after the user enters an “Enable” password.

You use the CLI to configure ports, IP/IPX interfaces, routing, switching, security filters and Quality of Service (QoS) policies.

Understanding the Command Line Interface

The SSR Command Line Interface (CLI) provides access to several different command modes. Each command mode provides a group of related commands. This chapter describes how to access and list the commands available in each command mode and explains the primary uses for each command mode. This chapter also describes the other features of the user interface.

SSR commands can be entered at a terminal connected to the access server or router using the command line interface (CLI). The SSR can also be configured using the CoreWatch Java-based management application. Using CoreWatch is described in the CoreWatch User’s Manual.

32 SmartSwitch Router User Reference Manual

Basic Line Editing Commands

The CLI supports EMACs-like line editing commands. The following table lists some commonly used commands.

Table 2. Common CLI key commands

Key Sequence Command

Ctrl+A Move cursor to beginning of line

Ctrl+B Move cursor back one character

Ctrl+D Delete character

Ctrl+E Move cursor to end of line

Ctrl+F Move cursor forward one character

Ctrl+N Scroll to next command in command history (use the cli show

history command to display the history)

Chapter 1: SSR Product Overview

Ctrl+P Scroll to previous command in command history

Ctrl+U Erase entire line

Ctrl+X Erase from cursor to end of line

Ctrl+Z Exit current access mode to previous access mode

Access Modes

The SSR CLI has four access modes.

• User – Allows you to display basic information and use basic utilities such as ping but does not allow you to display SNMP, filter, and access control list information or make other configuration changes. You are in User mode when the command prompt ends with the

• Enable – Allows you to display SNMP, filter, and access control information as well as all the information you can display in User mode. To enter Enable mode, enter the enable command, then supply the password when prompted. When you are in Enable mode, the command prompt ends with the

• Configure – Allows you to make configuration changes. To enter Configure mode, first enter Enable mode (enable command), then enter the configure command from the Enable command prompt. When you are in Configure mode, the command prompt ends with

> character:

# character:

(config).

• Boot – This mode appears when the SSR the external flash card or the system image is not found during bootup. You should enter the reboot command to reset the SSR. If the SSR still fails to bootup, please call Cabletron Technical Support.

SmartSwitch Router User Reference Manual 33

Chapter 1: SSR Product Overview

Note: The command prompt will show the name of the SmartSwitch Router in front of

the mode character(s). The default name is “ssr”.

When you are in Configure or Enable mode, enter the exit command or press Ctrl+Z to exit to the previous access mode.

Note: When you exit Configure mode, the CLI will ask you whether you want to

activate the configuration commands you have issued. If you enter Y (Yes), the configuration commands you issued are placed into effect and the SmartSwitch Router’s configuration is changed accordingly. However, the changes are not written to the Startup configuration file in the Control Module’s boot flash and, therefore, are not reinstated after a reboot.

User Mode

After you log in to the SSR, you are automatically in User mode. The User commands available are a subset of those available in Enable mode. In general, the User commands allow you to display basic information and use basic utilities such as ping information.

To list the User commands, enter:

List the User commands. ?

The User mode command prompt consists of the SSR name followed by the angle bracket (>):

ssr>

The default name is SSR unless it has been changed during initial configuration using the system set name command. Refer to the SmartSwitch Router Command Line Interface Reference Manual for information on the system facility.

To list the commands available in User mode, enter a question mark (?) as shown in the following example:

ssr> ? aging - Show L2 and L3 Aging information cli - Modify the command line interface behavior dvmrp - Show DVMRP related parameters enable - Enable privileged user mode exit - Exit current mode file - File manipulation commands help - Describe online help facility igmp - Show IGMP related parameters ip-redundancy - Show IP Redundancy information (VRRP) ipx - Show IPX related parameters l2-tables - Show L2 Tables information logout - Log off the system

34 SmartSwitch Router User Reference Manual

multicast - Configure Multicast related parameters ping - Ping utility pvst - Show Per Vlan Spanning Tree Protocol (PVST) parameters sfs - Show SecureFast Switching (SFS) parameters statistics - Show or clear SSR statistics stp - Show STP status telnet - Telnet utility traceroute - Traceroute utility vlan - Show VLAN-related parameters

Enable Mode

Enable mode provides more facilities than User mode. You can display critical features within Enable mode including router configuration, access control lists, and SNMP statistics. To enter Enable mode, enter the enable command, then supply the password when prompted.

To list the Enable commands, enter:

Chapter 1: SSR Product Overview

List the Enable commands. ?

The Enable mode command prompt consists of the SSR name followed by the pound sign(#):

ssr#

To list the commands available in Enable mode, enter a question mark (?) as shown in the following example:

ssr# ? acl - Show L3 Access Control List aging - Show L2 and L3 Aging information arp - Show or modify ARP entries bgp - Show Border Gateway Protocol (BGP) parameters cli - Modify the command line interface behavior configure - Enter Configuration Mode copy - Copy configuration database dhcp - Configure DHCP server dvmrp - Show DVMRP related parameters enable - Enable privileged user mode exit - Exit current mode file - File manipulation commands filters - Show L2 security filters frame-relay - Display Frame Relay statistics help - Describe online help facility http - Show http parameters igmp - Show IGMP related parameters interface - Show interface related parameters

SmartSwitch Router User Reference Manual 35

Chapter 1: SSR Product Overview

ip - Show IP related parameters ip-policy - Show IP policy information ip-redundancy - Show IP Redundancy information (VRRP) ip-router - Show unicast IP Routing related parameters ipx - Show IPX related parameters l2-tables - Show L2 Tables information lfap - Show LFAP parameters load-balance - Show Load Balancing related parameters and hosts logout - Log off the system mtrace - Multicast Traceroute utility multicast - Configure Multicast related parameters nat - Show Network Address Translation related parameters ntp - Network Time Protocol (NTP) ospf - Show/Monitor Open Shortest Path First Protocol (OSPF). ping - Ping utility port - Show or change Port parameters ppp - Display Point to Point Protocol (PPP) statistics pvst - Show Per Vlan Spanning Tree Protocol (PVST) parameters qos - Show Quality of Service parameters radius - Show RADIUS related parameters rate-limit - Show rate-limit policy information rdisc - Show Router Discovery Protocol (RIP) parameters reboot - Reboot the system rip - Show/Query Routing Information Protocol(RIP) tables rmon - Show RMON related parameters sfs - Show SecureFast Switching (SFS) parameters smarttrunk - Show SmartTRUNK information snmp - Show SNMP related parameters. statistics - Show or clear SSR statistics stp - Show STP status system - Show system-wide parameters tacacs - Show TACACS related parameters tacacs-plus - Show TACACS+ related parameters telnet - Telnet utility traceroute - Traceroute utility vlan - Show VLAN-related parameters web-cache - Configure web caching parameters

To exit Enable mode and return to User mode, use one of the following commands:

Exit Enable mode.

exit

Ctrl+Z

36 SmartSwitch Router User Reference Manual

Configure Mode

Configure mode provides the capabilities to configure all features and functions on the SSR. You can configure features and functions within Configure mode including router configuration, access control lists and spanning tree.

To list the Configure commands, enter:

List the Configure commands. ?

The Configure mode command prompt consists of the SSR name followed by the pound sign (#):

ssr(config)#

To list the commands available in Configure mode, enter a question mark (?) as shown in the following example:

ssr(config)# ? acl - Configure L3 Access Control List acl-edit - Edit an ACL in the ACL Editor acl-policy - Configure ACL policy aging - Configure L2 and L3 Aging arp - Configure ARP entries bgp - Configure Border Gateway Protocol (BGP) cli - Modify the command line interface behavior dhcp - Configure DHCP server dvmrp - Configure DVMRP related parameters exit - Exit current mode filters - Configure L2 security filters frame-relay - Configure wan interface parameters help - Describe online help facility igmp - Configure IGMP related parameters interface - Configure interface related parameters ip - Configure IP related parameters ip-policy - Configure IP policy for packet forwarding ip-redundancy - Configure IP redundancy protocols ip-router - Configure Unicast Routing Protocol related

ipx - Configure IPX related parameters lfap - Configure Lightweight Flow Accounting Protocol client load-balance - Configure Load Balancing related parameters nat - configure network address translation parameters ntp - Configure Network Time Protocol (NTP) parameters ospf - Configure Open Shortest Path Protocol (OSPF) port - Configure Port parameters ppp - Configure wan interface parameters

Chapter 1: SSR Product Overview

parameters

SmartSwitch Router User Reference Manual 37

Chapter 1: SSR Product Overview

pvst - Configure Per Vlan Spanning Tree Protocol (PVST) qos - Configure Quality of Service parameters radius - Configure RADIUS related parameters rate-limit - Configure rate limits for flows rdisc - Configure Router Discovery Protocol rip - Configure Routing Information Protocol (RIP) rmon - Configure RMON related parameters sfs - Configure SecureFast Switching (SFS) parameters smarttrunk - Configure SmartTRUNK snmp - Configure SNMP related parameters. stp - Configure STP parameters system - Configure system-wide parameters tacacs - Configure TACACS related parameters tacacs-plus - Configure TACACS+ related parameters vlan - Configure VLAN-related parameters web-cache - Configure web caching parameters

Special configuration mode commands: clear - Show configuration commands diff - Compare active configuration against another configuration erase - Erase configuration information negate - Negate a command or a group of commands

no - Negate matching commands save - Save configuration information search - Look up a command in configuration show - Show configuration commands

using line numbers

To exit Configure mode and return to Enable mode, use one of the following commands:

Exit Configure mode.

exit

Ctrl+Z

Boot PROM Mode

If your SSR does not find a valid system image on the external PCMCIA flash, the system might enter programmable read-only memory (PROM) mode. You should then reboot the SSR at the boot PROM to restart the system. If the system fails to reboot successfully, please call Cabletron Systems Technical Support to resolve the problem.

To reboot the SSR from the ROM monitor mode, enter the following command.

Reboot in Boot PROM mode.

38 SmartSwitch Router User Reference Manual

reboot

Chapter 1: SSR Product Overview

Disabling a Function or Feature

The CLI provides for an implicit negate. This allows for the “disabling” of a feature or function which has been “enabled”. Use the negate command on a specific line of the active configuration to “disable” a feature or function which has been enabled. For example, Spanning Tree Protocol is disabled by default. If after enabling Spanning Tree Protocol on the SmartSwitch Router, you want to disable STP, you must specify the negate command on the line of the active configuration containing the

stp enable command.

Loading System Images and Configuration Files

The SSR contains an internal flash on the Control Module and an external PC flash. The internal flash contains the SSR boot image and user defined configuration files. An external PC flash contains the system image executed by the Control Module. When an SSR boots, the boot image is executed first, followed by the system image and finishing with a configuration file.

Boot and System Image

Only one boot image exists on the internal flash of the SSR Control Module. Multiple system images can be stored on the external PC flash.

Configuration Files

The SSR uses three special configuration files:

• Active – The commands from the Startup configuration file and any configuration commands that you have made active from the scratchpad (see below).

Caution:

you power down or reboot the SSR without saving the active configuration changes to the Startup configuration file, the changes are lost.

• Startup – The configuration file that the SSR uses to configure itself when the system

• Scratchpad – The configuration commands you have entered during a management

The active configuration remains in effect only during the current power cycle. If

is powered on.

session. These commands do not become active until you explicitly activate them. Because some commands depend on other commands for successful execution, the SSR scratchpad simplifies system configuration by allowing you to enter configuration commands in any order, even when dependencies exist. When you activate the commands in the scratchpad, the SSR sorts out the dependencies and executes the command in the proper sequence.

SmartSwitch Router User Reference Manual 39

Chapter 1: SSR Product Overview

Loading System Image Software

By default, the SSR boots using the system image software installed on the Control Module’s PCMCIA flash card. To upgrade the system software and boot using the upgraded image, use the following procedure.

1. Display the current boot settings by entering the system show version command:

Here is an example:

ssr# system show version Software Information Software Version : 2.1 Copyright : Copyright (c) 1996-1998 Cabletron Systems, Inc. Image Information : Version 2.1.0.0 built on Wed Jan 20 19:28:49 1999 Image Boot Location: file:/pc-flash/boot/img8/

Note:

In this example, the location “pc-flash” indicates that the SSR is set to use the factory-installed software on the flash card.

2. Copy the software upgrade you want to install onto a TFTP server that the SSR can access. (Use the ping command to verify that the SSR can reach the TFTP server.)

3. Use the system image add command to copy the software upgrade onto the PCMCIA flash card in the Control Module.

Here is an example:

ssr# system image add 10.50.11.12 img2100 Downloading image 'img2100' from host '10.50.11.12' to local image img2100 (takes about 3 minutes) kernel: 100% Image checksum validated. Image added.

4. Enter the system image list command to list the images on the PCMCIA flash card and verify that the new image is on the card:

Here is an example:

ssr# system image list Images currently available: img2100

5. Use the system image choose command to select the image file the SSR will use the next time you reboot the switch.

Here is an example:

ssr# system image choose img2100 Making image img2100 the active image for next reboot

40 SmartSwitch Router User Reference Manual

6. Enter the system image list command to verify the change.

Note: You do not need to activate this change.

Loading Boot PROM Software

The SSR boots using the boot PROM software installed on the Control Module’s internal memory. To upgrade the boot PROM software and boot using the upgraded image, use the following procedure.

1. Display the current boot settings by entering the system show version command:

Here is an example:

ssr# system show version Software Information Software Version : 2.1 Copyright : Copyright (c) 1996-1999 Cabletron Systems, Inc. Image Information : Version 2.1.0.0, built on Wed Jan 2022:49:07 1999 Image Boot Location: file:/pc-flash/boot/img2100/ Boot Prom Version : prom-1.0

Chapter 1: SSR Product Overview

In this example, the location “pc-flash” indicates that the SSR is set to use the factoryinstalled software on the flash card.

2. Copy the software upgrade you want to install onto a TFTP server that the SSR can

access. (Use the ping command to verify that the SSR can reach the TFTP server.)

3. Use the system promimage upgrade command to copy the boot PROM upgrade onto

the internal memory in the Control Module.

Here is an example:

ssr# system promimage upgrade 10.50.11.12 prom2 Downloading image 'prom2' from host '10.50.11.12' to local image prom2 (takes about 3 minutes) kernel: 100% Image checksum validated. Image added.

4. Enter the system show version command to verify that the new boot PROM software

is on the internal memory of the Control Module:

Activating the Configuration Commands in the Scratchpad

The configuration commands you have entered using procedures in this chapter are in the scratchpad but have not yet been activated. Use the following procedure to activate the configuration commands in the scratchpad.

SmartSwitch Router User Reference Manual 41

Chapter 1: SSR Product Overview

1. If you have not already done so, enter the enable command to enter Enable mode in the CLI.

2. If you have not already done so, enter the configure command to enter Configure mode in the CLI.

3. Enter the following command:

save active

4. The CLI displays the following message:

Do you want to make the changes Active? [y]

5. Enter yes or y to activate the changes.

Note: If you exit Configure mode (by entering the exit command or pressing Ctrl+Z),

the CLI will ask you whether you want to make the changes in the scratchpad active.

Copying the Configuration to the Startup Configuration File

After you save the configuration commands in the scratchpad, the Control Module executes the commands and makes the corresponding configuration changes to the SSR. However, if you power down or reboot the SSR, the new changes are lost. Use the following procedure to save the changes into the Startup configuration file so that the SSR reinstates the changes when you reboot the software.

1. Ensure that you are in the Enable mode by entering the enable command.

2. Enter the following command to copy the configuration changes in the Active configuration to the Startup configuration:

copy active to startup

3. When the CLI displays the following message, enter yes or y to save the changes.

Are you sure you want to overwrite the Startup configuration? [n]

Note: You also can save active changes to the Startup configuration file from within

Configure mode by entering the save startup command:

The new configuration changes are added to the Startup configuration file stored in the Control Module’s boot flash.

42 SmartSwitch Router User Reference Manual

Displaying Configuration Changes

While in Configure mode, you can display the configuration of the running system as well as non-activated changes that are in the Scratchpad by entering the following command:

Chapter 1: SSR Product Overview

Display running system configuration and non-activated changes in scratchpad.

While in Enable mode, you can display the active configuration of the system by entering the following command:

Display active configuration of the system.

The show and system show active-config commands normally display configuration commands in the order that they are executed. To display the configuration commands in a different order, enter the following command in Configure mode:

Display configuration commands in alphabetical order.

Whenever you have activated commands in the scratchpad, you can compare the activated changes with a previously-saved configuration file. To compare the activated commands with the Startup (or another) configuration file, enter the following command in Configure mode:

system show active-config

system set show-config alphabetical

show

Compare activated commands with Startup configuration file.

diff <filename>|startup

Managing the SSR

The SSR contains numerous system facilities for system management. You can perform configuration management tasks on the SSR including:

• Setting the SSR name

• Setting the SSR date and time

•Configuring NTP

•Configuring the CLI

• Configuring SNMP services

SmartSwitch Router User Reference Manual 43

Chapter 1: SSR Product Overview

•Configuring DNS

• Connecting between the SSR and other systems

Setting the SSR Name

The SSR name is set to ssr by default. You may customize the name for the SSR by entering the following command in Configure mode:

Set the SSR name.

Setting SSR Date and Time

The SSR system time can keep track of time as entered by the user or via NTP. To configure the SSR date and time manually, enter the following command in Enable mode:

Set SSR date and time. system set date year <year> month <month>

Configuring NTP

You can use the ntp set server command to instruct the SSR’s NTP client to periodically synchronize its clock. By default, the SSR specifies an NTPv3 client that sends a synchronization packet to the server every 60 minutes. This means the SSR will attempt to set its own clock against the server once every hour. The synchronization interval as well as the NTP version number can be changed.

Note:

To ensure that NTP has the correct time, you need to specify the time zone, as well. You can set the time zone by using the system set timezone command. When specifying daylight saving time, you’ll need to use the system set daylight- saving command.

system set name <system-name>

<day> hour <hour> min <min> second <sec>

day

To configure the SSR’s NTP client to synchronize its clock, enter the following command in Configure mode:

Instruct SSR’s NTP server to periodically synchronize clock

44 SmartSwitch Router User Reference Manual

ntp set server <host> [interval <minutes>]

[source

<ipaddr>] [version <num>]

Configuring the SSR CLI

You can customize the CLI display format to a desired line length or row count. To configure the CLI terminal display, enter the following command in Enable mode:

Chapter 1: SSR Product Overview

Configure the CLI terminal display.

Configuring SNMP Services

The SSR accepts SNMP sets and gets from an SNMP manager. You can configure SSR SNMP parameters including community strings and trap server target addresses.

To configure the SSR SNMP community string, enter the following command in Configure mode:

Configure the SNMP community string. snmp set community <community-name>

To configure the SNMP trap server target address, enter the following command in Configure mode:

Configure the SNMP trap server target address.

cli set terminal rows <num> columns

<num>

privilege read|read-write

snmp set target <IP-addr> community

<community-name> [status

enable|disable]

Configuring DNS

The SSR allows you to configure up to three Domain Name Service (DNS) servers.

To configure the DNS, enter the following command in Configure mode:

Configure DNS. system set dns server <IPaddr>[, <IPaddr>[, <IPaddr>]]

domain

SmartSwitch Router User Reference Manual 45

<name>

Chapter 1: SSR Product Overview

Connecting Between the SSR and Other Systems

To test a connection between the SSR and an IP host, enter the following command in User or Enable mode:

Test connection between the SSR

ping <hostname-or-IPaddr> packets <num> size <num> wait

<num> [flood] [dontroute]

and an IP host.

To open a Telnet session from the SSR to an IP host, enter the following command in User or Enable mode:

Telnet to a specified

telnet <hostname-or-IPaddr> [socket <socket-number>]

IP host.

The SSR accepts up to four Telnet sessions. You can immediately end a particular Telnet session (for example, an unauthorized user is logged in to the SSR).

To end a user’s Telnet session, first determine the session ID by entering the following command in Enable mode:

Show current

system show users

Telnet sessions.

To end the Telnet session, enter the following command in Enable mode:

Kill the Telnet

system kill telnet-session <session-id>

session.

Configuring Logging

During operation, the SSR system software sends messages to the management console. These messages include informational, warning, error, and fatal messages. Console messages can also be sent to a Syslog server.

To configure a Syslog server, enter the following command in Configure mode:

Configure a Syslog server.

system set syslog [server <

>][level <

IPaddr

>][source <

type

level-type

source-IPaddr

>][facility <

If a Syslog server is identified and ACL logging is enabled, then messages about whether packets are forwarded or dropped because of ACL are sent to the Syslog server. Chapter

18, “Security Configuration Guide” on page 271 describes ACL logging.

46 SmartSwitch Router User Reference Manual

hostname-or-

facility-

>][buffer-size <

size

Monitoring Configuration

The SSR provides many commands for displaying configuration information. After you add configuration items and commit them to the active configuration, you can display them using the following commands.

Task Command

Chapter 1: SSR Product Overview

Display history buffer.

Show terminal settings.

Show all accesses to the SNMP agent.

Show all SNMP information.

Show chassis ID.

Show the SNMP community strings.

Show SNMP related statistics.

Show trap target related configuration.

Show the active configuration of the system.

Show the contents of the boot log file, which contains all the system messages generated during bootup.

Show boot PROM parameters for TFTP downloading of the system image.

Show the most recent Syslog messages kept in the local syslog message buffer.

Show usage information about various system resources.

cli show history

cli show terminal

snmp show access

snmp show all

snmp show chassis-id

snmp show community

snmp show statistics

snmp show trap

system show active-config

system show bootlog

system show bootprom

system show syslog buffer

system show capacity all|chassis|task|cpu|memory

Show the contact information (administrator

system show contact

name, phone number, and so on).

Shows the percentage of the CPU that is

system show cpu-utilization

currently being used.

Show the SSR date and time.

Show the IP addresses and domain names for

system show date

system show dns

DNS servers.

Show environmental information, such as

system show environmental

temperature and power supply status.

Show SSR hardware information.

SmartSwitch Router User Reference Manual 47

system show hardware

Chapter 1: SSR Product Overview

Task Command

Show SSR location.

Show the SSR login banner.

Show SSR name.

Show the type of Power-On Self Test (POST) that should be performed.

Show the configuration changes in the scratchpad. These changes have not yet been activated.

Show the startup configuration for the next reboot.

Show the status of the switching fabric module.

Show the IP address of the SYSLOG server and the level of messages the SSR sends to the server.

Lists the last five Telnet connections to the SSR.

Show the default terminal settings (number of rows, number of columns, and baud rate.

system show location

system show login-banner

system show name

system show poweron-selftestmode

system show scratchpad

system show startup-config

system show switching-fabric

system show syslog

system show telnet-access

system show terminal

Show the time zone offset from UCT in minutes.

Show SSR uptime.

Show the current Telnet connections to the SSR.

Show the software version running on the SSR.

system show timezone

system show uptime

system show users

system show version

48 SmartSwitch Router User Reference Manual

Control Modules

Hot Swapping Overview

This chapter describes the hot swapping functionality of the SSR. Hot swapping is the ability to replace a line card or Control Module while the SSR is operating. Hot swapping allows you to remove or install line cards without switching off or rebooting the SSR. Swapped-in line cards are recognized by the SSR and begin functioning immediately after they are installed.

Chapter 2

Hot Swapping

Line Cards and

On the SSR 8000 and SSR 8600, you can hot swap line cards and secondary control modules. On the SSR 8600, you can also hot swap the secondary switching fabric module.

This chapter provides instructions for the following tasks:

• Hot swapping line cards

• Hot swapping secondary Control Modules

• Hot swapping the secondary Switching Fabric Module (SSR 8600 only)

Hot Swapping Line Cards

The procedure for hot swapping a line card consists of deactivating the line card, removing it from its slot in the SSR chassis, and installing a new line card in the slot.

SmartSwitch Router User Reference Manual 49

Chapter 2: Hot Swapping Line Cards and Control Modules

Deactivating the Line Card

To deactivate the line card, do one of the following:

• Press the Hot Swap button on the line card. The Hot Swap button is recessed in the line card's front panel. Use a pen or similar object to reach it.

When you press the Hot Swap button, the Offline LED lights. Figure 1 shows the location of the Offline LED and Hot Swap button on a 1000Base-SX line card.

Offline

Offline LED

Online

Figure 1. Location of Offline LED and Hot Swap button on a 1000Base-SX line card

Tx Link

1000BASE-SXSSR-GSX11-02

Hot

Swap

Hot Swap Button

• Use the system hotswap out command in the CLI. For example, to deactivate the line card in slot 7, enter the following command in Enable mode:

ssr# system hotswap out slot 7

After you enter this command, the Offline LED on the line card lights, and messages appear on the console indicating the ports on the line card are inoperative.

Note:

If you have deactivated a line card and want to activate it again, simply pull it from its slot and push it back in again. (Make sure the Offline LED is lit before you pull out the line card.) The line card is activated automatically.

Alternately, if you have not removed a line card you deactivated with the system hotswap out command, you can reactivate it with the system hotswap in command. For example, to reactivate a line card in slot 7, enter the following command in Enable mode:

ssr# system hotswap in slot 7

Removing the Line Card

To remove a line card from the SSR:

1. Make sure the Offline LED on the line card is lit.

50 SmartSwitch Router User Reference Manual

Chapter 2: Hot Swapping Line Cards and Control Modules

Warning

SSR to crash.

2. Loosen the captive screws on each side of the line card.

3. Carefully remove the line card from its slot in the SSR chassis.

Installing a New Line Card

To install a new line card:

1. Slide the line card all the way into the slot, firmly but gently pressing the line card

2. Tighten the captive screws on each side of the line card to secure it to the chassis.

: Do not remove the line card unless the Offline LED is lit. Doing so can cause the

fully in place to ensure that the pins on the back of the line card are completely seated in the backplane.

Note: Make sure the circuit card (and not the metal plate) is between the card

guides. Check both the upper and lower tracks.

Once the line card is installed, the SSR recognizes and activates it. The Online LED button lights.

Hot Swapping One Type of Line Card With Another

You can hot swap one type of line card with another type. For example, you can replace a 10/100Base-TX line card with a 1000Base-SX line card. The SSR can be configured to accommodate whichever line card is installed in the slot. When one line card is installed, configuration statements for that line card are used; when you remove the line card from the slot and replace it with a different type, configuration statements for the new line card take effect.

To set this up, you include configuration statements for both line cards in the SSR configuration file. The SSR determines which line card is installed in the slot and uses the appropriate configuration statements.

For example, you may have an SSR with a 10/100Base-TX line card in slot 7 and want to hot swap it with a 1000Base-SX line card. If you include statements for both line cards in the SSR configuration file, the statements for the 1000Base-SX take effect immediately after you install it in slot 7.

Hot Swapping a Secondary Control Module

If you have a secondary control module installed on the SSR, you can hot swap it with another Control Module or line card.

SmartSwitch Router User Reference Manual 51

Chapter 2: Hot Swapping Line Cards and Control Modules

Warning

: You can only hot swap an inactive Control Module. You should never remove

the active Control Module from the SSR. Doing so will crash the system.

The procedure for hot swapping a control module is similar to the procedure for hot swapping a line card. You must deactivate the Control Module, remove it from the SSR, and insert another Control Module or line card in the slot.

Deactivating the Control Module

To deactivate the Control Module:

1. Determine which is the secondary Control Module.

Control Modules can reside in slot CM or slot CM/1 on the SSR. Usually slot CM contains the primary Control Module, and slot CM/1 contains the secondary Control Module. On the primary Control Module, the Online LED is lit, and on the secondary Control Module, the Offline LED is lit.

Note: The Offline LED on the Control Module has a different function from the

Offline LED on a line card. On a line card, it means that the line card has been deactivated. On a Control Module, a lit Offline LED means that it is standing by to take over as the primary Control Module if necessary; it does not mean that the Control Module has been deactivated.

2. Press the Hot Swap button on the secondary Control Module.

When you press the Hot Swap button, all the LEDs on the Control Module (including the Offline LED) are deactivated. Figure 2 shows the location of the Offline LED and Hot Swap button on a Control Module.

SSR-CM2 CONTROL MODULE

Console

10/100 Mgmt

RST

SYS

ERR DIAG

HBT

Figure 2. Location of Offline LED and Hot Swap button on a Control Module

Removing the Control Module

To remove a Control Module from the SSR:

1. Make sure that none of the LEDs on the Control Module are lit.

2. Loosen the captive screws on each side of the Control Module.

3. Carefully remove the Control Module from its slot in the SSR chassis.

Offline LED

Online Offline

Hot

Swap

Hot Swap Button

52 SmartSwitch Router User Reference Manual

Installing the Control Module

To install a new Control Module or line card into the slot:

Chapter 2: Hot Swapping Line Cards and Control Modules

Note:

1. Slide the Control Module or line card all the way into the slot, firmly but gently

2. Tighten the captive screws on each side of the Control Module or line card to secure it

You can install either a line card or a Control Module in slot CM/1, but you can install only a Control Module in slot CM.

pressing it fully in place to ensure that the pins on the back of the card are completely seated in the backplane.

Note:

to the chassis.

On a line card, the Online LED lights, indicating it is now active.

On a secondary Control Module, the Offline LED lights, indicating it is standing by to take over as the primary Control Module if necessary.

Make sure the circuit card (and not the metal plate) is between the card guides. Check both the upper and lower tracks.

Hot Swapping a Switching Fabric Module (SSR 8600 only)

The SSR 8600 has slots for two Switching Fabric Modules. While the SSR 8600 is operating, you can install a second Switching Fabric Module. If two Switching Fabric Modules are installed, you can hot swap one of them.

When you remove one of the Switching Fabric Modules, the other goes online and stays online until it is removed or the SSR 8600 is powered off. When the SSR 8600 is powered on again, the Switching Fabric Module in slot “Fabric 1”, if one is installed there, becomes the active Switching Fabric Module.

Warning

8600. If only one Switching Fabric Module is installed, and you remove it, the SSR 8600 will crash.

The procedure for hot swapping a Switching Fabric Module is similar to the procedure for hot swapping a line card or Control Module. You deactivate the Switching Fabric Module, remove it from the SSR, and insert another Switching Fabric Module in the slot.

Note:

To deactivate the Switching Fabric Module:

1. Press the Hot Swap button on the Switching Fabric Module you want to deactivate.

SmartSwitch Router User Reference Manual 53

You can only hot swap a Switching Fabric Module if two are installed on the SSR

You cannot deactivate the Switching Fabric Module with the system hotswap command.

Chapter 2: Hot Swapping Line Cards and Control Modules

The Online LED goes out and the Offline LED lights. Figure 3 shows the location of the Offline LED and Hot Swap button on a Switching Fabric Module.

Offline LED

SSR-SF-16

Offline Online

Active

Hot

Swap

Switching Fabric

Hot Swap Button

Figure 3. Location of Offline LED and Hot Swap button on a Switching Fabric

Module

To remove the Switching Fabric Module:

1. Loosen the captive screws on each side of the Switching Fabric Module.

2. Pull the metal tabs on the Switching Fabric Module to free it from the connectors holding it in place in the chassis.

3. Carefully remove the Switching Fabric Module from its slot.

To install a Switching Fabric Module:

1. Slide the Switching Fabric Module all the way into the slot, firmly but gently pressing to ensure that the pins on the back of the module are completely seated in the backplane.

Note: Make sure the circuit card (and not the metal plate) is between the card

guides. Check both the upper and lower tracks.

2. Tighten the captive screws on each side of the Switching Fabric Module to secure it to the chassis.

54 SmartSwitch Router User Reference Manual

Bridging Overview

The SmartSwitch Router provides the following bridging functions:

• Compliance with the IEEE 802.1d standard

Chapter 3

Bridging

Configuration

Guide

• Compliance with the IGMP multicast bridging standard

• Wire-speed address-based bridging or flow-based bridging

• Ability to logically segment a transparently bridged network into virtual local-area

networks (VLANs), based on physical ports or protocol (IP or IPX or bridged protocols like Appletalk)

• Frame filtering based on MAC address for bridged and multicast traffic

• Integrated routing and bridging, which supports bridging of intra-VLAN traffic and

routing of inter-VLAN traffic

Spanning Tree (IEEE 802.1d)

Spanning tree (IEEE 802.1d) allows bridges to dynamically discover a subset of the topology that is loop-free. In addition, the loop-free tree that is discovered contains paths to every LAN segment.

SmartSwitch Router User Reference Manual 55

Chapter 3: Bridging Configuration Guide

Bridging Modes (Flow-Based and Address-Based)

The SSR provides the following types of wire-speed bridging:

Address-based bridging - The SSR performs this type of bridging by looking up the destination address in an L2 lookup table on the line card that receives the bridge packet from the network. The L2 lookup table indicates the exit port(s) for the bridged packet. If the packet is addressed to the SSR's own MAC address, the packet is routed rather than bridged.

Flow-based bridging - The SSR performs this type of bridging by looking up an entry in the L2 lookup table containing both the source and destination addresses of the received packet in order to determine how the packet is to be handled.

The SSR ports perform address-based bridging by default but can be configured to perform flow-based bridging instead, on a per-port basis. A port cannot be configured to perform both types of bridging at the same time.

The SSR performance is equivalent when performing flow-based bridging or addressbased bridging. However, address-based bridging is more efficient because it requires fewer table entries while flow-based bridging provides tighter management and control over bridged traffic.

VLAN Overview

Virtual LANs (VLANs) are a means of dividing a physical network into several logical (virtual) LANs. The division can be done on the basis of various criteria, giving rise to different types of VLANs. For example, the simplest type of VLAN is the port-based VLAN. Port-based VLANs divide a network into a number of VLANs by assigning a VLAN to each port of a switching device. Then, any traffic received on a given port of a switch belongs to the VLAN associated with that port.

VLANs are primarily used for broadcast containment. A layer-2 (L2) broadcast frame is normally transmitted all over a bridged network. By dividing the network into VLANs, the range of a broadcast is limited, i.e., the broadcast frame is transmitted only to the VLAN to which it belongs. This reduces the broadcast traffic on a network by an appreciable factor.

The type of VLAN depends upon one criterion: how a received frame is classified as belonging to a particular VLAN. VLANs can be categorized into the following types:

• Port based

•MAC address based

• Protocol based

•Subnet based

56 SmartSwitch Router User Reference Manual

• Multicast based

• Policy based

Detailed information about these types of VLANs is beyond the scope of this manual. Each type of VLAN is briefly explained in the following subsections.

Port-based VLANs

Ports of L2 devices (switches, bridges) are assigned to VLANs. Any traffic received by a port is classified as belonging to the VLAN to which the port belongs. For example, if ports 1, 2, and 3 belong to the VLAN named “Marketing”, then a broadcast frame received by port 1 is transmitted on ports 2 and 3. It is not transmitted on any other port.

MAC-address-based VLANs

In this type of VLAN, each switch (or a central VLAN information server) keeps track of all MAC addresses in a network and maps them to VLANs based on information configured by the network administrator. When a frame is received at a port, its destination MAC address is looked up in the VLAN database. The VLAN database returns the name of the VLAN to which this frame belongs.

Chapter 3: Bridging Configuration Guide

This type of VLAN is powerful in the sense that network devices such as printers and workstations can be moved anywhere in the network without the need for network reconfiguration. However, the administration is intensive because all MAC addresses on the network need to be known and configured.

Protocol-based VLANs

Protocol-based VLANs divide the physical network into logical VLANs based on protocol. When a frame is received at a port, its VLAN is determined by the protocol of the packet. For example, there could be separate VLANs for IP, IPX and Appletalk. An IP broadcast frame will only be sent to all ports in the IP VLAN.

Subnet-based VLANs

Subnet-based VLANs are a subset of protocol based VLANs and determine the VLAN of a frame based on the subnet to which the frame belongs. To do this, the switch must look into the network layer header of the incoming frame. This type of VLAN behaves similar to a router by segregating different subnets into different broadcast domains.

SmartSwitch Router User Reference Manual 57

Chapter 3: Bridging Configuration Guide

Multicast-based VLANs

Multicast-based VLANs are created dynamically for multicast groups. Typically, each multicast group corresponds to a different VLAN. This ensures that multicast frames are received only by those ports that are connected to members of the appropriate multicast group.

Policy-based VLANs

Policy-based VLANs are the most general definition of VLANs. Each incoming (untagged) frame is looked up in a policy database, which determines the VLAN to which the frame belongs. For example, you could set up a policy which creates a special VLAN for all email traffic between the management officers of a company, so that this traffic will not be seen anywhere else.

SSR VLAN Support

The SSR supports:

• Port-based VLANs

• Protocol-based VLANs

• Subnet-based VLANs

When using the SSR as an L2 bridge/switch, use the port-based and protocol-based VLAN types. When using the SSR as a combined switch and router, use the subnet-based VLANs in addition to port-based and protocol-based VLANs. It is not necessary to remember the types of VLANs in order to configure the SSR, as seen in the section on configuring the SSR.

VLANs and the SSR

VLANs are an integral part of the SSR family of switching routers. The SSR switching routers can function as layer-2 (L2) switches as well as fully-functonal layer-3 (L3) routers. Hence they can be viewed as a switch and a router in one box. To provide maximum performance and functionality, the L2 and L3 aspects of the SSR switching routers are tightly coupled.

The SSR can be used purely as an L2 switch. Frames arriving at any port are bridged and not routed. In this case, setting up VLANs and associating ports with VLANs is all that is required. You can set up the SSR switching router to use port-based VLANs, protocolbased VLANs, or a mixture of the two types.

The SSR can also be used purely as a router, i.e., each physical port of the SSR is a separate routing interface. Packets received at any interface are routed and not bridged. In this case, no VLAN configuration is required. Note that VLANs are still created implicitly by

58 SmartSwitch Router User Reference Manual

Chapter 3: Bridging Configuration Guide

the SSR as a result of creating L3 interfaces for IP and/or IPX. However, these implicit VLANs do not need to be created or configured manually. The implicit VLANs created by the SSR are subnet-based VLANs.

Most commonly, an SSR is used as a combined switch and router. For example, it may be connected to two subnets S1 and S2. Ports 1-8 belong to S1 and ports 9-16 belong to S2. The required behavior of the SSR is that intra-subnet frames be bridged and inter-subnet packets be routed. In other words, traffic between two workstations that belong to the same subnet should be bridged, and traffic between two workstations that belong to different subnets should be routed.

The SSR switching routers use VLANs to achieve this behavior. This means that a L3 subnet (i.e., an IP or IPX subnet) is mapped to a VLAN. A given subnet maps to exactly one and only one VLAN. With this definition, the terms VLAN and subnet are almost interchangeable.

To configure an SSR as a combined switch and router, the administrator must create VLANs whenever multiple ports of the SSR are to belong to a particular VLAN/subnet. Then the VLAN must be bound to an L3 (IP/IPX) interface so that the SSR knows which VLAN maps to which IP/IPX subnet.

Ports, VLANs, and L3 Interfaces

The term port refers to a physical connector on the SSR, such as an ethernet port. Each port must belong to at least one VLAN. When the SSR is unconfigured, each port belongs to a VLAN called the “default VLAN”. By creating VLANs and adding ports to the created VLANs, the ports are moved from the default VLAN to the newly created VLANs.

Unlike traditional routers, the SSR has the concept of logical interfaces rather than physical interfaces. An L3 interface is a logical entity created by the administrator. It can contain more than one physical port. When an L3 interface contains exactly one physical port, it is equivalent to an interface on a traditional router. When an L3 interface contains several ports, it is equivalent to an interface of a traditional router which is connected to a layer-2 device such as a switch or bridge.

Access Ports and Trunk Ports (802.1Q support)

The ports of an SSR can be classified into two types, based on VLAN functionality: access ports and trunk ports. By default, a port is an access port. An access port can belong to at

most one VLAN of the following types: IP, IPX or bridged protocols. The SSR can automatically determine whether a received frame is an IP frame, an IPX frame or neither. Based on this, it selects a VLAN for the frame. Frames transmitted out of an access port are untagged, meaning that they contain no special information about the VLAN to which they belong. Untagged frames are classified as belonging to a particular VLAN based on the protocol of the frame and the VLAN configured on the receiving port for that protocol.

SmartSwitch Router User Reference Manual 59

Chapter 3: Bridging Configuration Guide

For example, if port 1 belongs to VLAN IPX_VLAN for IPX, VLAN IP_VLAN for IP and VLAN OTHER_VLAN for any other protocol, then an IP frame received by port 1 is classified as belonging to VLAN IP_VLAN.

Trunk ports (802.1Q) are usually used to connect one VLAN-aware switch to another. They carry traffic belonging to several VLANs. For example, suppose that SSR A and B are both configured with VLANs V1 and V2.

Then a frame arriving at a port on SSR A must be sent to SSR B, if the frame belongs to VLAN V1 or to VLAN V2. Thus the ports on SSR A and B which connect the two SSRs together must belong to both VLAN V1 and VLAN V2. Also, when these ports receive a frame, they must be able to determine whether the frame belongs to V1 or to V2. This is accomplished by “tagging” the frames, i.e., by prepending information to the frame in order to identify the VLAN to which the frame belongs. In the SSR switching routers, trunk ports always transmit and receive tagged frames only. The format of the tag is specified by the IEEE 802.1Q standard. The only exception to this is Spanning Tree Protocol frames, which are transmitted as untagged frames.

Explicit and Implicit VLANs

As mentioned earlier, VLANs can either be created explicitly by the administrator (explicit VLANs) or are created implicitly by the SSR when L3 interfaces are created (implicit VLANs).

Configuring SSR Bridging Functions

Configuring Address-based or Flow-based Bridging

The SSR ports perform address-based bridging by default but can be configured to perform flow-based bridging instead of address-based bridging, on a per-port basis. A port cannot be configured to perform both types of bridging at the same time.

For example, the following illustration shows an SSR with traffic being sent from port A to port B, port B to port A, port B to port C, and port A to port C.

60 SmartSwitch Router User Reference Manual

Chapter 3: Bridging Configuration Guide

SSR

ABC

The corresponding bridge tables for address-based and flow-based bridging are shown below. As shown, the bridge table contains more information on the traffic patterns when flow-based bridging is enabled compared to address-based bridging.

Address-Based Bridge Table Flow-Based Bridge Table

A (source) A

B (source) B

C (destination) B

With the SSR configured in flow-based bridging mode, the network manager has “per flow” control of layer-2 traffic. The network manager can then apply Quality of Service (QoS) policies or security filters based on layer-2 traffic flows.

To enable flow-based bridging on a port, enter the following command in Configure mode.

Configure a port for flow-based bridging.

To change a port from flow-based bridging to address-based bridging, enter the following command in Configure mode:

Change a port from flowbased bridging to addressbased bridging.

negate <line-number of active config containing command>:

port flow-bridging <port-list>|all-ports

port flow-bridging

→ B → A → C

→ C

<port-list>|all-ports

Configuring Spanning Tree

Note:

SmartSwitch Router User Reference Manual 61

Some commands in this facility require updated SSR hardware. Please refer to the Release Notes for details.

Chapter 3: Bridging Configuration Guide

The SSR supports per VLAN spanning tree. By default, all the VLANs defined belong to the default spanning tree. You can create a separate instance of spanning tree using the following command:

Create spanning tree for a VLAN.

pvst create spanningtree vlan-name

By default, spanning tree is disabled on the SSR. To enable spanning tree on the SSR, you perform the following tasks on the ports where you want spanning tree enabled..

Enable spanning tree on one or

stp enable port <port-list>

more ports for default spanning tree.

Enable spanning tree on one or more ports for a particular VLAN.

pvst enable port <port-list> spanning-tree

Adjusting Spanning-Tree Parameters

You may need to adjust certain spanning-tree parameters if the default values are not suitable for your bridge configuration. Parameters affecting the entire spanning tree are configured with variations of the bridge global configuration command. Interface-specific parameters are configured with variations of the bridge-group interface configuration command.

You can adjust spanning-tree parameters by performing any of the tasks in the following sections:

• Set the Bridge Priority

• Set an Interface Priority

Note:

Only network administrators with a good understanding of how bridges and the Spanning-Tree Protocol work should make adjustments to spanning-tree parameters. Poorly chosen adjustments to these parameters can have a negative impact on performance. A good source on bridging is the IEEE 802.1d specification.

Setting the Bridge Priority

You can globally configure the priority of an individual bridge when two bridges tie for position as the root bridge, or you can configure the likelihood that a bridge will be selected as the root bridge. The lower the bridge's priority, the more likely the bridge will be selected as the root bridge. This priority is determined by default; however, you can change it.

62 SmartSwitch Router User Reference Manual

Chapter 3: Bridging Configuration Guide

To set the bridge priority, enter the following command in Configure mode:

Set the bridge priority for default spanning tree.

Set the bridge priority for a particular instance of spanning tree.

Setting a Port Priority

You can set a priority for an interface. When two bridges tie for position as the root bridge, you configure an interface priority to break the tie. The bridge with the lowest interface value is elected.

To set an interface priority, enter the following command in Configure mode:

Establish a priority for a specified interface for default spanning tree.

Establish a priority for a specified interface for a particular instance of spanning tree.

Assigning Port Costs

stp set bridging priority <num>

pvst set bridging spanning-tree <string> priority <num>

stp set port <port-list> priority <num>

pvst set port <port-list> spanning-tree

<string> priority <num>

Each interface has a port cost associated with it. By convention, the port cost is 1000/data rate of the attached LAN, in Mbps. You can set different port costs.

To assign port costs, enter the following command in Configure mode:

Set a different port cost other than

stp set port <port-list> port-cost <num>

the defaults for default spanning tree.

Set a different port cost other than the defaults for a particular instance

pvst set port <port-list> spanning-tree

of spanning tree.

Adjusting Bridge Protocol Data Unit (BPDU) Intervals

You can adjust BPDU intervals as described in the following sections:

• Adjust the Interval between Hello BPDUs

• Define the Forward Delay Interval

SmartSwitch Router User Reference Manual 63

Chapter 3: Bridging Configuration Guide

• Define the Maximum Idle Interval

Adjusting the Interval between Hello Times

You can specify the interval between hello time.

To adjust this interval, enter the following command in Configure mode:

Specify the interval between hello

stp set bridging hello-time <num>

time for default spanning tree.

Specify the interval between hello time for a particular instance of

pvst set bridging spanning-tree <string> hello-time <num>

spanning tree.

Defining the Forward Delay Interval

The forward delay interval is the amount of time spent listening for topology change information after an interface has been activated for bridging and before forwarding actually begins.

To change the default interval setting, enter the following command in Configure mode:

Set the default of the forward delay

stp set bridging forward-delay <num>

interval for default spanning tree.

Set the default of the forward delay interval for a particular instance of

pvst set bridging spanning-tree <string> forward-delay <num>

spanning tree.

Defining the Maximum Age

If a bridge does not hear BPDUs from the root bridge within a specified interval, it assumes that the network has changed and recomputes the spanning-tree topology.

To change the default interval setting, enter the following command in Configure mode:

Change the amount of time a bridge will

stp set bridging max-age <num>

wait to hear BPDUs from the root bridge for default spanning tree.

Change the amount of time a bridge will wait to hear BPDUs from the root bridge

pvst set bridging spanning-tree

for a particular instance of spanning tree.

64 SmartSwitch Router User Reference Manual

Configuring a Port or Protocol based VLAN

To create a port or protocol based VLAN, perform the following steps in the Configure mode.

1. Create a port or protocol based VLAN.

2. Add physical ports to a VLAN.

Creating a Port or Protocol Based VLAN

To create a VLAN, enter the following command in Configure mode.

Chapter 3: Bridging Configuration Guide

Create a VLAN.

Adding Ports to a VLAN

To add ports to a VLAN, enter the following command in Configure mode.

Add ports to a VLAN. vlan add ports <port-list> to <vlan-name>

Configuring VLAN Trunk Ports

The SSR supports standards-based VLAN trunking between multiple SSRs as defined by IEEE 802.1Q. 802.1Q adds a header to a standard Ethernet frame which includes a unique VLAN id per trunk between two SSRs. These VLAN IDs extend the VLAN broadcast domain to more than one SSR.

To configure a VLAN trunk, enter the following command in the Configure mode.

Configure 802.1Q VLAN trunks. vlan make <port-type> <port-list>

vlan create <vlan-name> <type> id <num>

Configuring VLANs for Bridging

The SSR allows you to create VLANs for AppleTalk, DECnet, SNA, and IPv6 traffic as well as for IP and IPX traffic. You can create a VLAN for handling traffic for a single protocol, such as a DECnet VLAN. Or, you can create a VLAN that supports several specific protocols, such as SNA and IP traffic.

Note:

SmartSwitch Router User Reference Manual 65

Some commands in this facility require updated SSR hardware. Please refer to the Release Notes for details.

Chapter 3: Bridging Configuration Guide

Configuring Layer-2 Filters

Layer-2 security filters on the SSR allow you to configure ports to filter specific MAC addresses. When defining a Layer-2 security filter, you specify to which ports you want the filter to apply. Refer to the “Security Configuration Chapter” for details on configuring Layer-2 filters. You can specify the following security filters:

• Address filters

These filters block traffic based on the frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Address filters are always configured and applied to the input port.

• Port-to-address lock filters

These filters prohibit a user connected to a locked port or set of ports from using another port.

• Static entry filters

These filters allow or force traffic to go to a set of destination ports based on a frame's source MAC address, destination MAC address, or both source and destination MAC addresses in flow bridging mode. Static entries are always configured and applied at the input port.

• Secure port filters

A secure filter shuts down access to the SSR based on MAC addresses. All packets received by a port are dropped. When combined with static entries, however, these filters can be used to drop all received traffic but allow some frames to go through.

Monitoring Bridging

The SSR provides display of bridging statistics and configurations contained in the SSR.

To display bridging information, enter the following commands in Enable mode.

Show IP routing table.

Show all MAC addresses currently in the l2 tables.

Show l2 table information on a specific port.

Show information the master MAC table.

Show information on a specific MAC address.

ip show routes

l2-tables show all-macs

l2-tables show port-macs

l2-tables show mac-table-stats

l2-tables show mac

66 SmartSwitch Router User Reference Manual

Chapter 3: Bridging Configuration Guide

Show information on MACs registered.

Show all VLANs.

Configuration Examples

VLANs are used to associate physical ports on the SSR with connected hosts that may be physically separated but need to participate in the same broadcast domain. To associate ports to a VLAN, you must first create a VLAN and then assign ports to the VLAN. This section shows examples of creating an IP or IPX VLAN and a DECnet, SNA, and AppleTalk VLAN.

Creating an IP or IPX VLAN

In this example, servers connected to port gi.1.(1-2) on the SSR need to communicate with clients connected to et.4.(1-8). You can associate all the ports containing the clients and servers to an IP VLAN called ‘BLUE’.

First, create an IP VLAN named ‘BLUE’

l2-table show bridge-management

vlan show

ssr(config)# vlan create BLUE ip

Next, assign ports to the ‘BLUE’ VLAN.

ssr(config)# vlan add ports et.4.(1-8), gi.1.(1-2) to BLUE

Creating a non-IP/non-IPX VLAN

In this example, SNA, DECnet, and AppleTalk hosts are connected to et.1.1 and et.2.(1-4). You can associate all the ports containing these hosts to a VLAN called ‘RED’ with the VLAN ID 5.

First, create a VLAN named ‘RED’

ssr(config)# vlan create RED sna dec appletalk id 5

Next, assign ports to the ‘RED’ VLAN.

ssr(config)# vlan add ports et.1.1, et.2.(1-4) to RED

SmartSwitch Router User Reference Manual 67

Chapter 3: Bridging Configuration Guide

68 SmartSwitch Router User Reference Manual

Overview

This chapter explains how to configure and monitor SmartTRUNKs on the SSR. A SmartTRUNK is Cabletron Systems’ technology for load balancing and load sharing. For a description of the SmartTRUNK commands, see the “smarttrunk commands” section of the SSR Command Line Interface Manual.

Chapter 4

SmartTRUNK

Configuration

Guide

On the SSR, a SmartTRUNK is a group of two or more ports that have been logically combined into a single port. Multiple physical connections between devices are aggregated into a single logical, high-speed path that acts as a single link. Traffic is balanced across all interfaces in the combined link, increasing overall available system bandwidth.

SmartTRUNKs allow administrators the ability to increase bandwidth at congestion points in the network, thus eliminating potential traffic bottlenecks. SmartTRUNKs also provide improved data link resiliency. If one port in a SmartTRUNK should fail, its load is distributed evenly among the remaining ports and the entire SmartTRUNK link remains operational.

SmartTRUNK is Cabletron’s standard for building high-performance links between Cabletron’s switching platforms. SmartTRUNKs can interoperate with switches, routers, and servers from other vendors as well as Cabletron platforms.

SmartTrunks are compatible with all SSR features, including VLANs, STP, VRRP, etc. SmartTRUNK operation is supported over different media types and a variety of technologies including 10/100/1000 Mbps Ethernet.

SmartSwitch Router User Reference Manual 69

Chapter 4: SmartTRUNK Configuration Guide

Configuring SmartTRUNKs

To create a SmartTRUNK:

1. Create a SmartTRUNK and specify a control protocol for it.

2. Add physical ports to the SmartTRUNK.

3. Specify the policy for distributing traffic across SmartTRUNK ports. This step is optional; by default, the SSR distributes traffic to ports in a round-robin (sequential) manner.

Creating a SmartTRUNK

When you create a SmartTRUNK, you specify if the DEC Hunt Group control protocol is to be used or no control protocol is to be used:

• If you are connecting the SmartTRUNK to another SSR, other Cabletron devices (such as the SmartSwitch 6000 or SmartSwitch 9000), or Digital GIGAswitch/Router, specify the DEC Hunt Group control protocol. The Hunt Group protocol is useful in detecting errors like transmit/receive failures, misconfiguration, etc.

• If you are connecting the SmartTRUNK to a device that does not support the DEC Hunt Group control protocol, such as those devices that support Cisco’s EtherChannel technology, specify no control protocol. Only link failures are detected in this mode.

To create a SmartTRUNK, enter the following command in Configure mode:

Create a SmartTRUNK that will be connected to a device that supports the DEC Hunt Group control protocol.

Create a SmartTRUNK that will be connected to a device that does not support the DEC Hunt Group control protocol.

Add Physical Ports to the SmartTRUNK

You can add any number of ports to a SmartTRUNK. The limit is the number of ports on the SSR. Any port on any module can be part of a SmartTRUNK. If one module should go down, the remaining ports on other modules will remain operational.

Ports added to a SmartTRUNK must:

• Be set to full duplex.

• Be in the same VLAN.

smarttrunk create <smartrunk>

protocol huntgroup

smarttrunk create <smartrunk>

protocol no-protocol

• Have the same properties (L2 aging, STP state, and so on).

70 SmartSwitch Router User Reference Manual

Chapter 4: SmartTRUNK Configuration Guide

To add ports to a SmartTRUNK, enter the following command in Configure mode::

Create a SmartTRUNK that will be connected

smarttrunk add ports <port list>

to a device that supports the DEC Hunt Group control protocol.

Specify Traffic Distribution Policy (Optional)

The default policy for distributing traffic across the ports in a SmartTRUNK is “roundrobin,” where the SSR selects the port on a rotating basis. The other policy that can be chosen is “link-utilization,” where packets are sent to the least-used port in a SmartTRUNK. You can choose to specify the link-utilization policy for a particular SmartTRUNK, a list of SmartTRUNKs, or for all SmartTRUNKs on the SSR.

Specify traffic distribution policy.

smarttrunk set load-policy on <smartrunk

|all-smarttrunks round-robin|link-

list>

utilization

Monitoring SmartTRUNKs

Statistics are gathered for data flowing through a SmartTRUNK and each port in the SmartTRUNK.

to <smartrunk>

To display SmartTRUNK statistics, enter one of the following commands in Enable mode:.

Display information about all

smarttrunk show trunks

SmartTRUNKS and the control protocol used.

Display statistics on traffic distribution on SmartTRUNK

Display information about the control protocol on a

smarttrunk show distribution <smartrunk

|all-smarttrunks

list>

smarttrunk show protocol-state <smartrunk

|all-smarttrunks

list>

SmartTRUNK.

Display information about the SmartTRUNK connection (DEC

smarttrunk show connections <smartrunk

|all-smarttrunks

list>

Hunt Group control protocol connections only).

To clear statistics for SmartTRUNK ports, enter the following command in Enable mode:.

Clear load distribution statistics for SmartTRUNK ports.

smarttrunk clear load-distribution

<smartrunk list>|all-smarttrunks

SmartSwitch Router User Reference Manual 71

Chapter 4: SmartTRUNK Configuration Guide

Example Configurations

The following shows a network design based on SmartTRUNKs. R1 is an SSR operating as a router, while S1 and S2 are SSRs operating as switches.

Cisco 7500 Router

10.1.1.1/24

st.1 st.2 st.4

Router

10.1.1.2/24 to-cisco

12.1.1.2/24 to-s2

11.1.1.2/24 to-s1

st.3

Switch

st.5

Cisco Catalyst 5K Switch

The following is the configuration for the Cisco 7500 router:

interface port-channel 1 ip address 10.1.1.1 255.255.255.0 ip route-cache distributed interface fasteth 0/0 no ip address channel-group 1

Switch

Server

The following is the configuration for the Cisco Catalyst 5K switch:

set port channel 3/1-2 on

72 SmartSwitch Router User Reference Manual

Chapter 4: SmartTRUNK Configuration Guide

The following is the SmartTRUNK configuration for the SSR labeled ‘R1’ in the diagram:

smarttrunk create st.1 protocol no-protocol smarttrunk create st.2 protocol huntgroup smarttrunk create st.3 protocol huntgroup smarttrunk add ports et.1(1-2) to st.1 smarttrunk add ports et.2(1-2) to st.2 smarttrunk add ports et.3(1-2) to st.3 interface create ip to-cisco address-netmask 10.1.1.2/24 port st.1 interface create ip to-s1 address-netmask 11.1.1.2/24 port st.2 interface create ip to-s2 address-netmask 12.1.1.2/24 port st.3

The following is the SmartTRUNK configuration for the SSR labeled ‘S1’ in the diagram:

smarttrunk create st.2 protocol huntgroup smarttrunk create st.4 protocol no-protocol smarttrunk add ports et.1(1-2) to st.2 smarttrunk add ports et.2(1-2) to st.4

The following is the SmartTRUNK configuration for the SSR labeled ‘S2’ in the diagram:

smarttrunk create st.3 protocol huntgroup smarttrunk create st.5 protocol no-protocol smarttrunk add ports et.1(1-2) to st.3 smarttrunk add ports et.2(1-2) to st.5

SmartSwitch Router User Reference Manual 73

Chapter 4: SmartTRUNK Configuration Guide

74 SmartSwitch Router User Reference Manual

DHCP Overview

The Dynamic Host Configuration Protocol (DHCP) server on the SSR provides dynamic address assignment and configuration to DHCP capable end-user systems, such as Windows 95/98/NT and Apple Macintosh systems. You can configure the server to provide a dynamic IP address from a pre-allocated pool of IP addresses or a static IP address. You can also configure parameters for use by the clients, such as default gateway and network masks, and system-specific parameters, such as NetBIOS Name Server and NetBIOS node type of the client.

Chapter 5

DHCP

Configuration

Guide

The amount of time that a particular IP address is valid for a system is called a lease. The SSR maintains a lease database which contains information about each assigned IP address, the MAC address to which it is assigned, the lease expiration, and whether the address assignment is dynamic or static. The DHCP lease database is stored in flash memory and can be backed up on a remote TFTP or RCP server. You can configure the intervals at which updates to the lease database (and backup) are done. Upon system reboot, the lease database will be loaded either from flash memory or from the TFTP or RCP server.

Note:

SmartSwitch Router User Reference Manual 75

The SSR DHCP server is not designed to work as the primary DHCP server in an enterprise environment with hundreds or thousands of clients that are constantly seeking IP address assignment or reassignment. A standalone DHCP server with a redundant backup server may be more suitable for this enterprise environment.

Chapter 5: DHCP Configuration Guide

Configuring DHCP

By default, the DHCP server is not enabled on the SSR. You can selectively enable DHCP service on particular interfaces and not others. To enable DHCP service on an interface, you must first define a DHCP scope. A scope consists of a pool of IP addresses and a set of parameters for a DHCP client. The parameters are used by the client to configure its network environment, for example, the default gateway and DNS domain name.

To configure DHCP on the SSR, you must configure an IP address pool, client parameters, and optional static IP address for a specified scope. Where several subnets are accessed through a single port, you can also define multiple scopes on the same interface and group the scopes together into a “superscope.”

Configuring an IP Address Pool

To define a pool of IP addresses that the DHCP server can assign to a client, enter the following command in Configure mode:

Define pool of IP addresses to be used by clients.

Configuring Client Parameters

You can configure the client parameters shown in the table below.

Table 3. Client Parameters

Parameter Value

address-mask Address/netmask of the scope’s subnet (This parameter is

required and must be defined before any other client parameters are specified.)

broadcast Broadcast address

bootfile Client boot file name

dns-domain DNS domain name

dns-server IP address of DNS server

gateway IP address of default gateway

dhcp <scope> define pool <ip-range>

lease-time Amount of time the assigned IP address is valid for the

system

76 SmartSwitch Router User Reference Manual

Chapter 5: DHCP Configuration Guide

Table 3. Client Parameters

Parameter Value

netbios-name-server IP address of NetBIOS Name Server (WINS server)

netbios-node-type NetBIOS node type of the client

netbios-scope NetBIOS scope of the client

To define the parameters that the DHCP server gives the clients, enter the following command in Configure mode:

Define client parameters.

dhcp <scope> define parameters <parameter>

<value>...

Configuring a Static IP Address

To define a static IP address that the DHCP server can assign to a client with a specific MAC address, enter the following command in Configure mode:

Define static IP address for a particular MAC address.

dhcp <scope> define static-ip <ipaddr> mac-address <macaddr> [<parameter>

<value>...]

Grouping Scopes with a Common Interface

You can apply several scopes to the same physical interface. For example, scopes can define address pools on different subnets that all are accessed through the same SSR port. In this case, scopes that use the same interface must be grouped together into a “superscope.”

To attach a scope to a superscope, enter the following command in Configure mode:

Attach a scope to a superscope.

SmartSwitch Router User Reference Manual 77

dhcp <scope> attach superscope <name>

Chapter 5: DHCP Configuration Guide

Configuring DHCP Server Parameters

You can configure several “global” parameters that affect the behavior of the DHCP server itself.

To configure global DHCP server parameters, enter the following commands in Configure mode:

Specify a remote location to back up the lease database.

Specify the intervals at which the lease database is updated.

dhcp global set lease-database <url>

dhcp global set commit-interval <hours>

Updating the Lease Database

After each client transaction, the DHCP server does not immediately update the information in the lease database. Lease update information is stored in flash memory and flushed to the database at certain intervals. You can use the dhcp global set commit- interval command to specify this interval; the default is one hour.

To force the DHCP server to immediately update its lease database, enter the following command in Enable mode:

Force the server to update its lease database.

dhcp flush

Monitoring the DHCP Server

To display information from the lease database:

Show lease database information.

To display the number of allocated bindings for the DHCP server and the maximum number allowed::

Show the number of allocated bindings for the DHCP server.

78 SmartSwitch Router User Reference Manual

dhcp show binding [active|expired|static]

dhcp show num-clients

DHCP Configuration Examples

The following configuration describes DHCP configuration for a simple network with just one interface on which DHCP service is enabled to provide both dynamic and static IP addresses.

1. Create an IP VLAN called ‘client_vlan’.

vlan create client_vlan ip

2. Add all Fast Ethernet ports in the SSR to the VLAN ‘client_vlan’.

vlan add port et.*.* to client_vlan

3. Create an IP interface called ‘clients’ with the address 10.1.1.1 for the VLAN

‘client_vlan’.

interface create ip clients address-netmask 10.1.1.1./16 vlan

client_vlan

Chapter 5: DHCP Configuration Guide

4. Define DHCP network parameters for the scope ‘scope1’.

dhcp scope1 define parameters address-netmask 10.1.0.0/16 gateway

10.1.1.1 lease-time 720 dns-domain acme.com dns-server

10.2.45.67 netbios-name-server 10.1.55.60

5. Define an IP address pool for addresses 10.1.1.10 through 10.1.1.20.

dhcp scope1 define pool 10.1.1.10-10.1.1.20

6. Define another IP address pool for addresses 10.1.1.40 through 10.1.1.50.

dhcp scope1 define pool 10.1.1.40-10.1.1.50

7. Define a static IP address for 10.1.7.5.

dhcp scope1 define static-ip 10.1.7.5 mac-address 08:00:20:11:22:33

8. Define another static IP address for 10.1.7.7. and give it a specific gateway address of

10.1.1.2.

dhcp scope1 define static-ip 10.1.7.7 mac-address

08:00:20:aa:bb:cc:dd gateway 10.1.1.2

SmartSwitch Router User Reference Manual 79

Chapter 5: DHCP Configuration Guide

9. Specify a remote lease database on the TFTP server 10.1.89.88.

dhcp global set lease-database tftp://10.1.89.88/lease.db

10. Specify a database update interval of every 15 minutes.

dhcp global set commit-interval 15

Configuring Secondary Subnets

In some network environments, multiple logical subnets can be imposed on a single physical segment. These logical subnets are sometimes referred to as “secondary subnets” or “secondary networks.” For these environments, the DHCP server may need to give out addresses on different subnets. The DNS server, DNS domain, and WINS server may be the same for clients on different secondary subnets, however, the default gateway will most likely be different since it must be a router on the client’s local subnet.

The following example shows a simple configuration to support secondary subnets

10.1.x.x and 10.2.x.x.

1. Define the network parameters for ‘scope1’ with the default gateway 10.1.1.1.

dhcp scope1 define parameters address-netmask 10.1.0.0/16 gateway

10.1.1.1 dns-domain acme.com dns-server 10.1.44.55

2. Define the address pool for ‘scope1’.

dhcp scope1 define pool 10.1.1.10-10.1.1.20

3. Define the network parameters for ‘scope2’ with the default gateway 10.2.1.1.

dhcp scope2 define parameters address-netmask 10.2.0.0/16 gateway

10.2.1.1 dns-domain acme.com dns-server 10.1.77.88

4. Define the address pool for ‘scope2’.

dhcp scope2 define pool 10.2.1.40-10.2.1.50

5. Create a superscope ‘super1’ that includes ‘scope1’.

dhcp scope1 attach superscope super1

80 SmartSwitch Router User Reference Manual

Chapter 5: DHCP Configuration Guide

6. Include ‘scope2’ in the superscope ‘super1’.

dhcp scope2 attach superscope super1

Since there are multiple pools of IP addresses, the pool associated with ‘scope1’ is used first since ‘scope1’ is applied to the interface before ‘scope2’. Clients that are given an address from ‘scope1’ will also be given parameters from ‘scope1,’ which includes the default gateway 10.1.1.1 that resides on the 10.1.x.x subnet. When all the addresses for ‘scope1’ are assigned, the server will start giving out addresses from ‘scope2’ which will include the default gateway parameter 10.2.1.1 on subnet 10.2.x.x.

Secondary Subnets and Directly-Connected Clients

A directly-connected client is a system that resides on the same physical network as the DHCP server and does not have to go through a router or relay agent to communicate with the server. If you configure the DHCP server on the SSR to service directly-connected clients on a secondary subnet, you must configure the secondary subnet using the interface add ip command. The interface add ip command configures a secondary address for an interface that was previously created with the interface create ip command.

The following example shows a simple configuration to support directly-connected clients on a secondary subnet.

1. Create an interface ‘clients’ with the primary address 10.1.1.1.

interface create ip clients address-mask 10.1.1.1/16 port et.1.1

2. Assign a secondary address 10.2.1.1 to the interface ‘clients’.

interface add ip clients address-mask 10.2.1.1/16

3. Define the network parameters for ‘scope1’ with the default gateway 10.1.1.1.

dhcp scope1 define parameters address-netmask 10.1.0.0/16 gateway

10.1.1.1 dns-domain acme.com dns-server 10.1.44.55

4. Define the address pool for ‘scope1’.

dhcp scope1 define pool 10.1.1.10-10.1.1.20

5. Define the network parameters for ‘scope2’ with the default gateway 10.2.1.1.

dhcp scope2 define parameters address-netmask 10.2.0.0/16 gateway

10.2.1.1 dns-domain acme.com dns-server 10.1.77.88

SmartSwitch Router User Reference Manual 81

Chapter 5: DHCP Configuration Guide

6. Define the address pool for ‘scope2’.

dhcp scope2 define pool 10.2.1.40-10.2.1.50

7. Create a superscope ‘super1’ that includes ‘scope1’.

dhcp scope1 attach superscope super1

8. Include ‘scope2’ in the superscope ‘super1’.

dhcp scope2 attach superscope super1

For clients on the secondary subnet, the default gateway is 10.2.1.1, which is also the secondary address for the interface ‘clients’.

Interacting with Relay Agents

For clients that are not directly connected to the DHCP server, a relay agent (typically a router) is needed to communicate between the client and the server. The relay agent is usually only needed during the initial leasing of an IP address. Once the client obtains an IP address and can connect to the network, the renewal of the lease is performed between the client and server without the help of the relay agent.

The default gateway for the client must be capable of reaching the SSR’s DHCP server. The SSR must also be capable of reaching the client’s network. The route must be configured (with static routes, for example) or learned (with RIP or OSPF, for example) so that the DHCP server can reach the client.

The following example shows a simple configuration to support clients across a relay agent.

1. Create an interface ‘clients’ with the primary address 10.1.1.1.

interface create ip clients address-mask 10.1.1.1/16 port et.3.3

2. Define a static route to the 10.5.x.x. subnet using the gateway 10.1.7.10 which tells the DHCP server how to send packets to the client on the 10.5.x.x subnet.

ip add route 10.5.0.0/16 gateway 10.1.7.10

3. Define the network parameters for ‘scope1’ with the default gateway 10.5.1.1 (the relay agent for the client).

dhcp scope1 define parameters address-netmask 10.5.0.0/16 gateway

10.5.1.1 dns-domain acme.com

82 SmartSwitch Router User Reference Manual

4. Define the address pool for ‘scope1’.

dhcp scope1 define pool 10.5.1.10-10.5.1.20

Chapter 5: DHCP Configuration Guide

SmartSwitch Router User Reference Manual 83

Chapter 5: DHCP Configuration Guide

84 SmartSwitch Router User Reference Manual

This chapter describes how to configure IP interfaces and general non-protocol-specific routing parameters.

IP Routing Overview

Chapter 6

IP Routing

Configuration

Guide

Internet Protocol (IP) is a packet-based protocol used to exchange data over computer networks. IP handles addressing, routing, fragmentation, reassembly, and protocol demultiplexing. In addition, IP specifies how hosts and routers should process packets, handle errors and discard packets. IP forms the foundation upon which transport layer protocols, such as TCP or UDP, interoperate over a routed network.

The Transmission Control Protocol (TCP) is built upon the IP layer. TCP is a connectionoriented protocol that specifies the data format, buffering and acknowledgments used in the transfer of data. TCP is a full-duplex connection which also specifies the procedures that the computers use to ensure that the data arrives correctly.

The User Datagram Protocol (UDP) provides the primary mechanism that applications use to send datagrams to other application programs. UDP is a connectionless protocol that does not guarantee delivery of datagrams between applications. Applications which use UDP are responsible for ensuring successful data transfer by employing error handling, retransmission and sequencing techniques.

TCP and UDP also specify “ports,” which identify the application which is using TCP/UDP. For example, a web server would typically use TCP/UDP port 80, which specifies HTTP-type traffic.

SmartSwitch Router User Reference Manual 85

Chapter 6: IP Routing Configuration Guide

The SSR supports standards-based TCP, UDP, and IP.

IP Routing Protocols

The SSR supports standards-based unicast and multicast routing. Unicast routing protocol support includes Interior Gateway Protocols and Exterior Gateway Protocols. Multicast routing protocols are used to determine how multicast data is transferred in a routed environment.

Unicast Routing Protocols

Interior Gateway Protocols are used for routing networks that are within an “autonomous system,” a network of relatively limited size. All IP interior gateway protocols must be specified with a list of associated networks before routing activities can begin. A routing process listens to updates from other routers on these networks and broadcasts its own routing information on those same networks. The SSR supports the following Interior Gateway Protocols:

• Routing Information Protocol (RIP) Version 1, 2 (RFC 1058, 1723)

• Open Shortest Path First (OSPF) Version 2 (RFC 1583)

Exterior Gateway Protocols are used to transfer information between different “autonomous systems”. The SSR supports the following Exterior Gateway Protocol:

• Border Gateway Protocol (BGP) Version 3, 4 (RFC 1267, 1771)

Multicast Routing Protocols

IP multicasting allows a host to send traffic to a subset of all hosts. These hosts subscribe to group membership, thus notifying the SSR of participation in a multicast transmission.

Multicast routing protocols are used to determine which routers have directly attached hosts, as specified by IGMP, that have membership to a multicast session. Once host memberships are determined, routers use multicast routing protocols, such as DVMRP, to forward multicast traffic between routers.

The SSR supports the following multicast routing protocols:

• Distance Vector Multicast Routing Protocol (DVMRP) RFC 1075

• Internet Group Management Protocol (IGMP) as described in RFC 2236

The SSR also supports the latest DVMRP Version 3.0 draft specification, which includes mtrace, Generation ID and Pruning/Grafting.

86 SmartSwitch Router User Reference Manual

Chapter 6: IP Routing Configuration Guide

Configuring IP Interfaces and Parameters

This section provides an overview of configuring various IP parameters and setting up IP interfaces.

Configuring IP Addresses to Ports

You can configure one IP interface directly to physical ports. Each port can be assigned multiple IP addresses representing multiple subnets connected to the physical port.

To configure an IP interface to a port, enter one of the following commands in Configure mode.

Configure an IP interface to a physical port.

Configure a secondary address to an existing IP interface.

interface create ip <InterfaceName>

interface add ip <InterfaceName>

Configuring IP Interfaces for a VLAN

You can configure one IP interface per VLAN. Once an IP interface has been assigned to a VLAN, you can add a secondary IP addresses to the VLAN.

To configure a VLAN with an IP interface, enter the following command in Configure mode:

Create an IP interface for a VLAN. interface create ip <InterfaceName>

Configure a secondary address to an existing VLAN.

interface add ip <InterfaceName>

address-mask <ipAddr-mask> port <port>

address-netmask <ipAddr-mask> [broadcast <ipaddr>]

address-mask <ipAddr-mask> vlan <name>

address-netmask <ipAddr-mask> vlan <name>

Specifying Ethernet Encapsulation Method

The SmartSwitch Router supports two encapsulation types for IP. You can configure encapsulation type on a per-interface basis.

• Ethernet II: The standard ARPA Ethernet Version 2.0 encapsulation, which uses a 16-

bit protocol type code (the default encapsulation method)

SmartSwitch Router User Reference Manual 87

Chapter 6: IP Routing Configuration Guide

• 802.3 SNAP: SNAP IEEE 802.3 encapsulation, in which the type code becomes the frame length for the IEEE 802.2 LLC encapsulation (destination and source Service Access Points, and a control byte)

To configure IP encapsulation, enter one of the following commands in Configure mode.

Configure Ethernet II encapsulation.

Configure 802.3 SNAP encapsulation.

interface create ip <InterfaceName> output-mac-

encapsulation ethernet_II

interface create ip <InterfaceName> output-mac-

encapsulation ethernet_snap

Configuring Address Resolution Protocol (ARP)

The SSR allows you to configure Address Resolution Protocol (ARP) table entries and parameters. ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated MAC address. Once a media or MAC address is determined, the IP address/media address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network.

Configuring ARP Cache Entries

You can add and delete entries in the ARP cache. To add or delete static ARP entries, enter one of the the following commands in Configure mode:

Add a static ARP entry. arp add <host> mac-addr <MAC-addr>

exit-port

<port>

Clear a static ARP entry.

arp clear <host>

Configuring Proxy ARP

The SSR can be configured for proxy ARP. The SSR uses proxy ARP (as defined in RFC 1027) to help hosts with no knowledge of routing determine the MAC address of hosts on other networks or subnets. Through Proxy ARP, the SSR will respond to ARP requests from a host with a ARP reply packet containing the SSR MAC address. Proxy ARP is enabled by default on the SSR.

To disable proxy ARP, enter the following command in Configure mode:

Disable Proxy ARP on

ip disable-proxy-arp interface <InterfaceName>|all

an interface.

88 SmartSwitch Router User Reference Manual

Chapter 6: IP Routing Configuration Guide

Configuring Reverse Address Resolution Protocol (RARP)

Reverse Address Resolution Protocol (RARP) works exactly the opposite of ARP. Taking a MAC address as input, RARP determines the associated IP address. RARP is useful for Xterminals and diskless workstations that may not have an IP address when they boot. They can submit their MAC address to a RARP server on the SSR, which returns an IP address.

Configuring RARP on the SSR consists of two steps:

• Letting the SSR know which IP interfaces to respond to

• Defining the mappings of MAC addresses to IP addresses

Specifying IP Interfaces for RARP

To specify the interfaces that the RARP server on the SSR should respond to, enter the following command in Configure mode:

Specify interfaces for RARP.

Defining MAC-to-IP Address Mappings

To map a MAC address to an IP address, enter the following command in Configure mode:

Map a MAC address to an IP address.

There is no limit to the number of address mappings you can configure.

Optionally, you can create a list of mappings with a text editor and then use TFTP to upload the text file to the SSR. The format of the text file must be as follows:

MAC-address1 IP-address1 MAC-address2 IP-address2 ... MAC-addressn IP-addressn

Then place the text file on a TFTP server that the SSR can access and enter the following command in Enable mode:

rarpd set interface <InterfaceName>|all

rarpd add hardware-address <MAC-addr>

ip-address

ssr# copy tftp-server to ethers TFTP server? Source filename? <filename>

SmartSwitch Router User Reference Manual 89

<IPaddr-of-TFTP-server>

Chapter 6: IP Routing Configuration Guide

Monitoring RARP

You can use the following commands to obtain information about the SSR’s RARP configuration:

Display the interfaces to which the RARP server responds.

Display the existing MAC-to-IP address mappings

Display RARP statistics.

Configuring DNS Parameters

The SSR can be configured to specify DNS servers, which supply name services for DNS requests. You can specify up to three DNS servers.

To configure DNS servers, enter the following command in Configure mode:

Configure a DNS server. system set dns server <IPaddr>

You can also specify a domain name for the SSR. The domain name is used by the SSR to respond to DNS requests.

To configure a domain name, enter the following command in Configure mode:

rarpd show interface

rarpd show mappings

statistics show rarp <InterfaceName>|all

[, <IPaddr>[, <IPaddr>]]

Configure a domain name. system set dns domain <name>

Configuring IP Services (ICMP)

The SSR provides ICMP message capabilities including ping and traceroute. Ping allows you to determine the reachability of a certain IP host. Traceroute allows you to trace the IP gateways to an IP host.

To access ping or traceroute on the SSR, enter the following commands in Enable mode:

Specify ping. ping <hostname-or-IPaddr> packets <num> size <num>

wait <num> [flood] [dontroute]

Specify traceroute. traceroute <host> [max-ttl <num>] [probes <num>]

[size

<num>] [source <secs>] [tos <num>]

[wait-time

90 SmartSwitch Router User Reference Manual

<secs>] [verbose] [noroute]

Configuring IP Helper

You can configure the SSR to forward UDP broadcast packets received on a given interface to all other interfaces or to a specified IP address. You can specify a UDP port number for which UDP broadcast packets with that destination port number will be forwarded. By default, if no UDP port number is specified, the SSR will forward UDP broadcast packets for the following six services:

• BOOTP/DHCP (port 67 and 68)

• DNS (port 37)

• NetBIOS Name Server (port 137)

• NetBIOS Datagram Server (port 138)

• TACACS Server (port 49)

• Time Service (port 37)

To configure a destination to which UDP packets will be forwarded, enter the following command in Configure mode:

Chapter 6: IP Routing Configuration Guide

Specify local subnet interface, destination “helper” IP address, and UDP port number to forward.

ip helper-address interface <interface-name>

Configuring Direct Broadcast

You can configure the SSR to forward all directed broadcast traffic from the local subnet to a specified IP address or all associated IP addresses. This is a more efficient method than defining only one local interface and remote IP address destination at a time with the ip- helper command when you are forwarding traffic from more than one interface in the local subnet to a remote destination IP address.

To forward all directed broadcast traffic to a specified IP address, enter the following command in Configure mode:

Forward directed broadcast traffic.

ip enable directed-broadcast interface

Configuring Denial of Service (DOS)

<helper-address>|all-interfaces [<udp-port#>]

<interface name>|all

By default, the SSR installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware, if directed broadcast is not enabled on the interface where the packet is received. You can disable this feature, causing directed broadcast

SmartSwitch Router User Reference Manual 91

Chapter 6: IP Routing Configuration Guide

packets to be processed on the SSR even if directed broadcast is not enabled on the interface receiving the packet.

Similarly, the SSR installs flows to drop packets destined for the SSR for which service is not provided by the SSR. This prevents packets for unknown services from slowing the CPU. You can disable this behavior, causing these packets to be processed by the CPU.:

Disables the directedbroadcast-protection feature of the SSR.

Disables the port-attackprotection feature of the SSR.

Monitoring IP Parameters

The SSR provides display of IP statistics and configurations contained in the routing table. Information displayed provides routing and performance information.

To display IP information, enter the following command in Enable mode:

Show ARP table entries.

Show IP interface configuration.

Show all TCP/UDP connections and services.

Show configuration of IP interfaces.

Show IP routing table information.

ip dos disable directed-broadcast-protection

ip dos disable port-attack-protection

arp show all

interface show ip

ip show connections [no-lookup]

ip show interfaces [<interface-name>]

ip show routes

Show ARP entries in routing table.

Show DNS parameters.

ip show routes show-arps

system show dns

Configuring Router Discovery

The router discovery server on the SSR periodically sends out router advertisements to announce the existence of the SSR to other hosts. The router advertisements are multicast or broadcast to each interface on the SSR on which it is enabled and contain a list of the addresses on the interface and the preference of each address for use as a default route for the interface. A host can also send a router solicitation, to which the router discovery server on the SSR will respond with a unicast router advertisement.

On systems that support IP multicasting, router advertisements are sent to the ‘all-hosts’ multicast address 224.0.0.1 by default. You can specify that broadcast be used, even if IP multicasting is available. When router advertisements are sent to the all-hosts multicast

92 SmartSwitch Router User Reference Manual

Chapter 6: IP Routing Configuration Guide

address or an interface is configured for the limited broadcast address 255.255.255.255, the router advertisement includes all IP addresses configured on the physical interface. When router advertisements are sent to a net or subnet broadcast, then only the address associated with the net or subnet is included.

To start and stop router discovery on the SSR, enter the following commands in Configure mode:

Start router discovery.

rdisc start

Stop router discovery. rdisc stop

To configure router advertisement, enter the following commands in Configure mode:

Define IP address to be

rdisc add address <hostname-or-ipaddr>

included in router advertisements.

Enable router advertisement on

rdisc add interface <interface name>|all

an interface.

Configure router advertisement for a specific address.

Configure router advertisement for an interface or all interfaces.

rdisc set address <ipaddr> type multicast|broadcast advertise enable|disable preference

rdisc set interface <name>|all min-advinterval lifetime <number>

<number>|ineligible

<number> max-adv-interval <number>

To show the state of router discovery on the SSR, enter the following command in Enable mode:

Show router discovery state.

rdisc show all

Configuration Examples

Assigning IP/IPX Interfaces

To enable routing on the SSR, you must assign an IP or IPX interface to a VLAN. To assign an IP or IPX interface named ‘RED’ to the ‘BLUE’ VLAN, enter the following command:

ssr(config)# interface create ip RED address-netmask

10.50.0.1/255.255.0.0 vlan BLUE

SmartSwitch Router User Reference Manual 93

Chapter 6: IP Routing Configuration Guide

You can also assign an IP or IPX interface directly to a physical port. For example, to assign an IP interface ‘RED’ to physical port et.3.4, perform the following:

ssr(config)# interface create ip RED address-netmask

10.50.0.0/255.255.0.0 port et.3.4

94 SmartSwitch Router User Reference Manual

VRRP Overview

This chapter explains how to set up and monitor the Virtual Router Redundancy Protocol (VRRP) on the SSR. VRRP is defined in RFC 2338.

End host systems on a LAN are often configured to send packets to a statically configured default router. If this default router becomes unavailable, all the hosts that use it as their first hop router become isolated on the network. VRRP provides a way to ensure the availabilty of an end host’s default router.

Chapter 7

VRRP

Configuration

Guide

This is done by assigning IP addresses that end hosts use as their default route to a “virtual router.” A Master router is assigned to forward traffic designated for the virtual router. If the Master router should become unavailable, a backup router takes over and begins forwarding traffic for the virtual router. As long as one of the routers in a VRRP configuration is up, the IP addresses assigned to the virtual router are always available, and the end hosts can send packets to these IP addresses without interruption.

Configuring VRRP

This section presents three sample VRRP configurations:

• A basic VRRP configuration with one virtual router

• A symmetrical VRRP configuration with two virtual routers

• A multi-backup VRRP configuration with three virtual routers

SmartSwitch Router User Reference Manual 95

Chapter 7: VRRP Configuration Guide

Basic VRRP Configuration

Figure 4 shows a basic VRRP configuration with a single virtual router. Routers R1 and R2

are both configured with one virtual router ( Router R2 serves as the Backup. The four end hosts are configured to use 10.0.0.1/16 as the default route. IP address 10.0.0.1/16 is associated with virtual router

Master Backup

VRID=1). Router R1 serves as the Master and

VRID=1.

R1 R2

Interface Addr. =

;

VRID=1

Addr. =

If Router R1 should become unavailable, Router R2 would take over virtual router and its associated IP addresses. Packets sent to 10.0.0.1/16 would go to Router R2. When Router R1 comes up again, it would take over as Master, and Router R2 would revert to Backup.

Configuration of Router R1

10.0.0.1/16

H1 H2 H3 H4

Default Route = 10.0.0.1/16

VRID=1

10.0.0.1/16

Interface Addr. =

;

VRID=1

Figure 4. Basic VRRP Configuration

Addr. =

10.0.0.2/1

10.0.0.1/1

VRID=1

The following is the configuration file for Router R1 in Figure 4.

1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 4: ip-redundancy start vrrp 1 interface test

Line 1 adds IP address 10.0.0.1/16 to interface test, making Router R1 the owner of this IP address. Line 2 creates virtual router

10.0.0.1/16 with virtual router

96 SmartSwitch Router User Reference Manual

VRID=1 on interface test. Line 3 associates IP address

VRID=1. Line 4 starts VRRP on interface test.

In VRRP, the router that owns the IP address associated with the virtual router is the Master. Any other routers that participate in this virtual router are Backups. In this configuration, Router R1 is the Master for virtual router

10.0.0.1/16, the IP address associated with virtual router

Configuration for Router R2

The following is the configuration file for Router R2 in Figure 4.

1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 4: ip-redundancy start vrrp 1 interface test

The configuration for Router R2 is nearly identical to Router R1. The difference is that Router R2 does not own IP address 10.0.0.1/16. Since Router R2 does not own this IP address, it is the Backup. It will take over from the Master if it should become unavailable.

Chapter 7: VRRP Configuration Guide

VRID=1 because it owns

VRID=1.

Symmetrical Configuration

Figure 5 shows a VRRP configuration with two routers and two virtual routers. Routers

R1 and R2 are both configured with two virtual routers (

Router R1 serves as:

•Master for

•Backup for VRID=2

Router R2 serves as:

•Master for

•Backup for VRID=1

This configuration allows you to load-balance traffic coming from the hosts on the

10.0.0.0/16 subnet and provides a redundant path to either virtual router.

Note: This is the recommended configuration on a network using VRRP.

VRID=1

VRID=2

VRID=1 and VRID=2).

SmartSwitch Router User Reference Manual 97

Chapter 7: VRRP Configuration Guide

Master for VRID=1 Backup for VRID=2

Master for VRID=2 Backup for VRID=1

R1 R2

Interface Addr. =

Addr. =

;

VRID=1

Addr. =

;

VRID=2

10.0.0.1/16

10.0.0.2/16

10.0.0.1/16

VRID=1

H1 H2 H3 H4

Default Route = 10.0.0.1/16

VRID=2

10.0.0.2/16

Interface Addr. =

;

VRID=1

;

VRID=2

Default Route = 10.0.0.2/16

Addr. = Addr. =

10.0.0.2/16

10.0.0.1/16

10.0.0.2/16

Figure 5. Symmetrical VRRP Configuration

In this configuration, half the hosts use 10.0.0.1/16 as their default route, and half use

10.0.0.2/16. IP address 10.0.0.1/16 is associated with virtual router

10.0.0.2/16 is associated with virtual router

VRID=2.

VRID=1, and IP address

If Router R1, the Master for virtual router the IP address 10.0.0.1/16. Similarly, if Router R2, the Master for virtual router goes down, Router R1 would take over the IP address 10.0.0.2/16.

Configuration of Router R1

The following is the configuration file for Router R1 in Figure 5.

1: interface create ip test address-netmask 10.0.0.1/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test ! 4: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 5: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 ! 6: ip-redundancy start vrrp 1 interface test 7: ip-redundancy start vrrp 2 interface test

Router R1 is the owner of IP address 10.0.0.1/16. Line 4 associates this IP address with virtual router

VRID=1, so Router R1 is the Master for virtual router VRID=1.

VRID=1, goes down, Router R2 would take over

VRID=2,

98 SmartSwitch Router User Reference Manual

On line 5, Router R1 associates IP address 10.0.0.2/16 with virtual router VRID=2. However, since Router R1 does not own IP address 10.0.0.2/16, it is not the default Master for virtual router

Configuration of Router R2

The following is the configuration file for Router R2 in Figure 5.

1: interface create ip test address-netmask 10.0.0.2/16 port et.1.1 ! 2: ip-redundancy create vrrp 1 interface test 3: ip-redundancy create vrrp 2 interface test ! 4: ip-redundancy associate vrrp 1 interface test address 10.0.0.1/16 5: ip-redundancy associate vrrp 2 interface test address 10.0.0.2/16 ! 6: ip-redundancy start vrrp 1 interface test 7: ip-redundancy start vrrp 2 interface test

On line 1, Router R2 is made owner of IP address 10.0.0.2/16. Line 5 associates this IP address with virtual router Line 4 associates IP address 10.0.0.1/16 with virtual router Backup for virtual router

Chapter 7: VRRP Configuration Guide

VRID=2.

VRID=2, so Router R2 is the Master for virtual router VRID=2.

VRID=1, making Router R2 the

VRID=1.

Multi-Backup Configuration

Figure 6 shows a VRRP configuration with three routers and three virtual routers. Each

router serves as a Master for one virtual router and as a Backup for each of the others. When a Master router goes down, one of the Backups takes over the IP addresses of its virtual router.

In a VRRP configuration where more than one router is backing up a Master, you can specify which Backup router takes over when the Master goes down by setting the priority for the Backup routers.

SmartSwitch Router User Reference Manual 99

Chapter 7: VRRP Configuration Guide

Master for VRID=1 1st Backup for VRID=2 1st Backup for VRID=3

Master for VRID=2

1st Backup for VRID=1

2nd Backup for VRID=3

R1 R2

VRID=1

10.0.0.1/16

H1 H2 H3 H4

Default Route = 10.0.0.1/16

Default Route = 10.0.0.2/16

Figure 6. Multi-Backup VRRP Configuration

In this configuration, Router R1 is the Master for virtual router Backup for virtual routers

VRID=2 and VRID=3. If Router R2 or R3 were to go down,

Router R1 would assume the IP addresses associated with virtual routers

VRID=3.

VRID=2

10.0.0.2/16

Master for VRID=3 2nd Backup for VRID=1 2nd Backup for VRID=2

VRID=3

10.0.0.3/16

H5 H6

Default Route = 10.0.0.3/16

VRID=1 and the primary

VRID=2 and

Router R2 is the Master for virtual router

VRID=1, and the secondary Backup for virtual router VRID=3. If Router R1 should fail,

Router R2 would become the Master for virtual router

VRID=2, the primary backup for virtual router

VRID=1. If both Routers R1 and R3

should fail, Router R2 would become the Master for all three virtual routers. Packets sent to IP addresses 10.0.0.1/16, 10.0.0.2/16, and 10.0.0.3/16 would all go to Router R2.

Router R3 is the secondary Backup for virtual routers

VRID=1 and VRID=2. It would

become a Master router only if both Routers R1 and R2 should fail. In such a case, Router R3 would become the Master for all three virtual routers.

100 SmartSwitch Router User Reference Manual

Cabletron Systems Switch User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Notice

Contents

About This Manual

Who Should Read This Manual?

How to Use This Manual

Preface

Related Documentation

Supported Media (Encapsulation Type)

Supported Routing Protocols

Configuring the SmartSwitch Router

Understanding the Command Line Interface

Basic Line Editing Commands

Access Modes

User Mode

Enable Mode

Configure Mode

Boot PROM Mode

Disabling a Function or Feature

Loading System Images and Configuration Files

Boot and System Image

Configuration Files

Loading System Image Software

Loading Boot PROM Software

Activating the Configuration Commands in the Scratchpad

Copying the Configuration to the Startup Configuration File

Displaying Configuration Changes

Managing the SSR

Setting the SSR Name

Setting SSR Date and Time

Configuring NTP

Configuring the SSR CLI

Configuring SNMP Services

Configuring DNS

Connecting Between the SSR and Other Systems

Configuring Logging

Monitoring Configuration

Hot Swapping Overview

Hot Swapping Line Cards

Deactivating the Line Card

Removing the Line Card

Installing a New Line Card

Hot Swapping One Type of Line Card With Another

Hot Swapping a Secondary Control Module

Deactivating the Control Module

Removing the Control Module

Installing the Control Module

Hot Swapping a Switching Fabric Module (SSR 8600 only)

Bridging Overview

Spanning Tree (IEEE 802.1d)

Bridging Modes (Flow-Based and Address-Based)

VLAN Overview

Port-based VLANs

MAC-address-based VLANs

Protocol-based VLANs

Subnet-based VLANs

Multicast-based VLANs

Policy-based VLANs

SSR VLAN Support

VLANs and the SSR

Ports, VLANs, and L3 Interfaces

Access Ports and Trunk Ports (802.1Q support)

Explicit and Implicit VLANs

Configuring SSR Bridging Functions

Configuring Address-based or Flow-based Bridging

Configuring Spanning Tree

Adjusting Spanning-Tree Parameters

Setting the Bridge Priority

Setting a Port Priority

Assigning Port Costs

Adjusting Bridge Protocol Data Unit (BPDU) Intervals

Configuring a Port or Protocol based VLAN

Creating a Port or Protocol Based VLAN

Adding Ports to a VLAN

Configuring VLAN Trunk Ports

Configuring VLANs for Bridging

Configuring Layer-2 Filters