Foundry Networks FESX, FWSX, FSX, FastIron Workgroup Switch X424, FastIron Workgroup Switch X448 User Manual

Download

Page 1

Foundry FastIron X-Series

Configuration Guide

FastIron Edge Switch X-Series

FastIron Workgroup Switch X-Series

FastIron SuperX Switch

™

2100 Gold Street

P.O. Box 649100

San Jose, CA 95164-9100

Tel 408.586.1700

Fax 408.586.1900

December 2005

Page 2

No part of this work may be reproduced in any form or by any means – graphic, electronic or mechanical, including photocopying, recording, taping or storage in an information retrieval system – without prior written permission of the copyright owner.

The trademarks, logos and service marks ("Marks") displayed herein are the property of Foundry or other third parties. You are not permitted to use these Marks without the prior written consent of Foundry or such appropriate third party.

Foundry Networks, BigIron, FastIron, IronView, JetCore, NetIron, ServerIron, TurboIron, IronWare, EdgeIron, IronPoint, the Iron family of marks and the Foundry Logo are trademarks or registered trademarks of Foundry Networks, Inc. in the United States and other countries.

F-Secure is a trademark of F-Secure Corporation. All other trademarks mentioned in this document are the property of their respective owners.

Page 3

Contents

CHAPTER 1

BOUT THIS GUIDE..................................................................................... 1-1

INTRODUCTION ...........................................................................................................................................1-1

HAT’S INCLUDED IN THIS EDITION? ...........................................................................................................1-2

UDIENCE ..................................................................................................................................................1-3

OMENCLATURE .........................................................................................................................................1-3

ELATED PUBLICATIONS .............................................................................................................................1-3

OW TO GET HELP .....................................................................................................................................1-4

EB ACCESS .......................................................................................................................................1-4

MAIL ACCESS .....................................................................................................................................1-4

ELEPHONE ACCESS ............................................................................................................................1-4

ARRANTY COVERAGE ...............................................................................................................................1-4

CHAPTER 2

ETTING FAMILIAR WITH MANAGEMENT APPLICATIONS................................ 2-1

LOGGING ON THROUGH THE CLI .................................................................................................................2-1

N-LINE HELP .....................................................................................................................................2-2

OMMAND COMPLETION .......................................................................................................................2-2

CROLL CONTROL ................................................................................................................................2-2

INE EDITING COMMANDS .....................................................................................................................2-3

SING SLOT AND PORT NUMBERS WITH CLI COMMANDS ......................................................................2-3

EARCHING AND FILTERING OUTPUT FROM CLI COMMANDS ..................................................................2-4

SING SPECIAL CHARACTERS IN REGULAR EXPRESSIONS .....................................................................2-6

OGGING ON THROUGH THE WEB MANAGEMENT INTERFACE .......................................................................2-8

AVIGATING THE WEB MANAGEMENT INTERFACE ..................................................................................2-9

OGGING ON THROUGH IRONVIEW NETWORK MANAGER ............................................................................2-11

CHAPTER 3

ONFIGURING BASIC SOFTWARE FEATURES................................................ 3-1

CONFIGURING BASIC SYSTEM PARAMETERS ................................................................................................3-2

December 2005 © Foundry Networks, Inc. iii

Page 4

Foundry Configuration Guide for the FESX, FSX, and FWSX

ENTERING SYSTEM ADMINISTRATION INFORMATION ...............................................................................3-2

ONFIGURING SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) PARAMETERS ...............................3-3

ONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TELNET PACKETS .............................................3-7

ANCELLING AN OUTBOUND TELNET SESSION ......................................................................................3-7

ONFIGURING AN INTERFACE AS THE SOURCE FOR ALL TFTP PACKETS ................................................3-7

PECIFYING A SIMPLE NETWORK TIME PROTOCOL (SNTP) SERVER ......................................................3-8

ETTING THE SYSTEM CLOCK .............................................................................................................3-10

IMITING BROADCAST, MULTICAST, AND UNKNOWN UNICAST TRAFFIC .................................................3-11

ONFIGURING CLI BANNERS ..............................................................................................................3-11

ONFIGURING BASIC PORT PARAMETERS ..................................................................................................3-13

SSIGNING A PORT NAME ..................................................................................................................3-13

ODIFYING PORT SPEED ...................................................................................................................3-13

NABLING AUTO-NEGOTIATION MAXIMUM PORT SPEED ADVERTISEMENT AND

ORT SPEED DOWN-SHIFT ...........................................................................................................3-14

ODIFYING PORT DUPLEX MODE .......................................................................................................3-15

ONFIGURING MDI/MDIX ...................................................................................................................3-16

ISABLING OR RE-ENABLING A PORT ..................................................................................................3-16

ISABLING OR RE-ENABLING FLOW CONTROL .....................................................................................3-17

HANGING THE GIGABIT FIBER NEGOTIATION MODE ............................................................................3-17

ODIFYING PORT PRIORITY (QOS) .....................................................................................................3-17

NABLING DYNAMIC CONFIGURATION OF VOICE OVER IP (VOIP) PHONES ............................................3-17

CHAPTER 4

ONFIGURING BASIC LAYER 2 FEATURES ................................................... 4-1

ABOUT PORT REGIONS ...............................................................................................................................4-2

NABLING OR DISABLING THE SPANNING TREE PROTOCOL (STP) ................................................................4-2

ODIFYING STP BRIDGE AND PORT PARAMETERS ................................................................................4-3

HANGING THE MAC AGE TIME ..................................................................................................................4-3

ONFIGURING STATIC MAC ENTRIES ..........................................................................................................4-3

NABLING PORT-BASED VLANS .................................................................................................................4-4

SSIGNING IEEE 802.1Q TAGGING TO A PORT .....................................................................................4-5

EFINING MAC ADDRESS FILTERS ..............................................................................................................4-5

ONFIGURATION NOTES .......................................................................................................................4-5

OMMAND SYNTAX ..............................................................................................................................4-6

NABLING LOGGING OF PACKETS DENIED BY MAC FILTERS ..................................................................4-7

OCKING A PORT TO RESTRICT ADDRESSES ...............................................................................................4-7

ONFIGURATION NOTES .......................................................................................................................4-7

OMMAND SYNTAX ..............................................................................................................................4-8

ISPLAYING AND MODIFYING SYSTEM PARAMETER DEFAULT SETTINGS ........................................................4-8

ONFIGURING PORT MIRRORING AND MONITORING ...................................................................................4-12

ONFIGURATION CONSIDERATIONS .....................................................................................................4-12

OMMAND SYNTAX ............................................................................................................................4-12

iv © Foundry Networks, Inc. December 2005

Page 5

Contents

CHAPTER 5

ONFIGURING BASE LAYER 3

AND ENABLING ROUTING PROTOCOLS......................................................... 5-1

ADDING A STATIC IP ROUTE .......................................................................................................................5-2

DDING A STATIC ARP ENTRY ....................................................................................................................5-2

ODIFYING AND DISPLAYING LAYER 3 SYSTEM PARAMETER LIMITS ..............................................................5-3

ONFIGURATION NOTE .........................................................................................................................5-3

ODIFYING LAYER 3 SYSTEM PARAMETER LIMITS .................................................................................5-3

ISPLAYING LAYER 3 SYSTEM PARAMETER LIMITS ................................................................................5-4

ONFIGURING RIP ......................................................................................................................................5-4

NABLING RIP .....................................................................................................................................5-4

NABLING REDISTRIBUTION OF IP STATIC ROUTES INTO RIP .................................................................5-5

NABLING REDISTRIBUTION ..................................................................................................................5-6

NABLING LEARNING OF DEFAULT ROUTES ...........................................................................................5-6

HANGING THE ROUTE LOOP PREVENTION METHOD .............................................................................5-6

THER LAYER 3 PROTOCOLS ......................................................................................................................5-7

NABLING OR DISABLING ROUTING PROTOCOLS ..........................................................................................5-7

NABLING OR DISABLING LAYER 2 SWITCHING .............................................................................................5-7

ONFIGURATION NOTES .......................................................................................................................5-7

OMMAND SYNTAX ..............................................................................................................................5-8

CHAPTER 6

ONFIGURING POWER OVER ETHERNET ...................................................... 6-1

POWER OVER ETHERNET OVERVIEW ...........................................................................................................6-1

ERMS USED IN THIS SECTION .............................................................................................................6-2

ETHODS FOR DELIVERING POE .........................................................................................................6-2

UTODISCOVERY ..................................................................................................................................6-4

OWER CLASS .....................................................................................................................................6-4

OWER SPECIFICATIONS ......................................................................................................................6-4

ABLING REQUIREMENTS .....................................................................................................................6-5

UPPORTED POWERED DEVICES ..........................................................................................................6-5

NABLING OR DISABLING POWER OVER ETHERNET ......................................................................................6-5

NABLING THE DETECTION OF POE POWER REQUIREMENTS

DVERTISED VIA CDP ..........................................................................................................................6-6

ONFIGURATION CONSIDERATIONS .......................................................................................................6-6

OMMAND SYNTAX ..............................................................................................................................6-6

ETTING THE MAXIMUM POWER LEVEL FOR A POE POWER CONSUMING DEVICE .........................................6-6

ONFIGURATION NOTES .......................................................................................................................6-6

OMMAND SYNTAX ..............................................................................................................................6-7

ETTING THE POWER CLASS FOR A POE POWER CONSUMING DEVICE ........................................................6-7

ONFIGURATION NOTES .......................................................................................................................6-7

OMMAND SYNTAX ..............................................................................................................................6-8

ETTING THE IN-LINE POWER PRIORITY FOR A POE PORT ...........................................................................6-8

OMMAND SYNTAX ..............................................................................................................................6-9

ESETTING POE PARAMETERS ...................................................................................................................6-9

December 2005 © Foundry Networks, Inc. v

Page 6

Foundry Configuration Guide for the FESX, FSX, and FWSX

DISPLAYING POWER OVER ETHERNET INFORMATION ..................................................................................6-10

ISPLAYING POE OPERATIONAL STATUS ............................................................................................6-10

ISPLAYING DETAILED INFORMATION ABOUT POE POWER SUPPLIES ..................................................6-13

CHAPTER 7

ONFIGURING SPANNING TREE PROTOCOL (STP)

AND IRONSPAN FEATURES ......................................................................... 7-1

CHAPTER CONTENTS ..................................................................................................................................7-1

STP O

VERVIEW ..........................................................................................................................................7-2

ONFIGURING STANDARD STP PARAMETERS ..............................................................................................7-2

STP P

ARAMETERS AND DEFAULTS .......................................................................................................7-2

NABLING OR DISABLING THE SPANNING TREE PROTOCOL (STP) .........................................................7-4

HANGING STP BRIDGE AND PORT PARAMETERS .................................................................................7-5

STP P

ROTECTION ENHANCEMENT ........................................................................................................7-6

ISPLAYING STP INFORMATION ............................................................................................................7-8

ONFIGURING IRONSPAN FEATURES .........................................................................................................7-16

AST PORT SPAN ...............................................................................................................................7-16

802.1W R

802.1W D S

INGLE SPANNING TREE (SSTP) ........................................................................................................7-56

STP

PVST/PVST+ C

VERVIEW OF PVST AND PVST+ ......................................................................................................7-62

VLAN T C

ONFIGURING PVST+ SUPPORT ........................................................................................................7-63

ISPLAYING PVST+ SUPPORT INFORMATION ......................................................................................7-64

ONFIGURATION EXAMPLES ...............................................................................................................7-64

APID SPANNING TREE (RSTP) ............................................................................................7-18

RAFT 3 ...............................................................................................................................7-53

PER VLAN GROUP .....................................................................................................................7-58

OMPATIBILITY ..................................................................................................................7-61

AGS AND DUAL MODE ............................................................................................................7-62

CHAPTER 8

ONFIGURING METRO FEATURES ................................................................ 8-1

TOPOLOGY GROUPS ...................................................................................................................................8-1

ASTER VLAN AND MEMBER VLANS ...................................................................................................8-2

ONTROL PORTS AND FREE PORTS ......................................................................................................8-2

ONFIGURATION CONSIDERATIONS .......................................................................................................8-2

ONFIGURING A TOPOLOGY GROUP ......................................................................................................8-3

ISPLAYING TOPOLOGY GROUP INFORMATION ......................................................................................8-3

ETRO RING PROTOCOL (MRP) .................................................................................................................8-5

ONFIGURATION NOTES .......................................................................................................................8-6

MRP R R H M C U D

vi © Foundry Networks, Inc. December 2005

INGS WITHOUT SHARED INTERFACES (MRP PHASE 1) ...............................................................8-6

ING INITIALIZATION ............................................................................................................................8-7

OW RING BREAKS ARE DETECTED AND HEALED .................................................................................8-8

ASTER VLANS AND CUSTOMER VLANS .............................................................................................8-9

ONFIGURING MRP ...........................................................................................................................8-11

SING MRP DIAGNOSTICS .................................................................................................................8-12

ISPLAYING MRP INFORMATION .........................................................................................................8-13

Page 7

Contents

MRP CLI EXAMPLE ...........................................................................................................................8-16

IRTUAL SWITCH REDUNDANCY PROTOCOL (VSRP) .................................................................................8-18

AYER 2 AND LAYER 3 REDUNDANCY ..................................................................................................8-19

ASTER ELECTION AND FAILOVER ......................................................................................................8-20

VSRP-A VSRP P C

ONFIGURING BASIC VSRP PARAMETERS ..........................................................................................8-27

ONFIGURING OPTIONAL VSRP PARAMETERS ....................................................................................8-28

ISPLAYING VSRP INFORMATION .......................................................................................................8-34

WARE SECURITY FEATURES ..................................................................................................8-24

ARAMETERS ..........................................................................................................................8-24

CHAPTER 9

ONFIGURING UNI-DIRECTIONAL LINK DETECTION (UDLD) ......................... 9-1

UDLD OVERVIEW .......................................................................................................................................9-1

ONFIGURATION CONSIDERATIONS ..............................................................................................................9-2

NABLING UDLD ........................................................................................................................................9-2

HANGING THE KEEPALIVE INTERVAL ..........................................................................................................9-3

HANGING THE KEEPALIVE RETRIES ...........................................................................................................9-3

UDLD

FOR TAGGED PORTS ........................................................................................................................9-3

ISPLAYING UDLD INFORMATION ................................................................................................................9-4

ISPLAYING INFORMATION FOR ALL PORTS ...........................................................................................9-4

ISPLAYING INFORMATION FOR A SINGLE PORT ....................................................................................9-5

LEARING UDLD STATISTICS .....................................................................................................................9-6

CHAPTER 10

ONFIGURING TRUNK GROUPS

AND DYNAMIC LINK AGGREGATION .......................................................... 10-1

TRUNK GROUP OVERVIEW ........................................................................................................................10-1

RUNK GROUP CONNECTIVITY TO A SERVER ......................................................................................10-2

RUNK GROUP RULES ........................................................................................................................10-3

RUNK GROUP CONFIGURATION EXAMPLES ........................................................................................10-4

RUNK GROUP LOAD SHARING ...........................................................................................................10-6

ONFIGURING A TRUNK GROUP ................................................................................................................10-7

XAMPLE 1: CONFIGURING THE TRUNK GROUPS SHOWN IN FIGURE 10.1 ...........................................10-8

XAMPLE 2: CONFIGURING A TRUNK GROUP THAT SPANS MULTIPLE

IGABIT ETHERNET MODULES IN A CHASSIS DEVICE ....................................................................10-8

CLI S

YNTAX .......................................................................................................................................10-9

DDITIONAL TRUNKING OPTIONS ........................................................................................................10-9

ISPLAYING TRUNK GROUP CONFIGURATION INFORMATION .....................................................................10-11

YNAMIC LINK AGGREGATION .................................................................................................................10-13

ONFIGURATION EXAMPLE ...............................................................................................................10-13

ONFIGURATION NOTES ...................................................................................................................10-15

DAPTATION TO TRUNK DISAPPEARANCE ..........................................................................................10-15

LEXIBLE TRUNK ELIGIBILITY ............................................................................................................10-16

OMMAND SYNTAX ..........................................................................................................................10-17

INK AGGREGATION PARAMETERS ....................................................................................................10-18

December 2005 © Foundry Networks, Inc. vii

Page 8

Foundry Configuration Guide for the FESX, FSX, and FWSX

DISPLAYING AND DETERMINING THE STATUS OF AGGREGATE LINKS .........................................................10-22

BOUT BLOCKED PORTS ..................................................................................................................10-23

ISPLAYING LINK AGGREGATION AND PORT STATUS INFORMATION ....................................................10-23

ISPLAYING TRUNK GROUP AND LACP STATUS INFORMATION ..........................................................10-26

LEARING THE NEGOTIATED AGGREGATE LINKS TABLE ...........................................................................10-26

CHAPTER 11

ONFIGURING VIRTUAL LANS (VLANS).................................................... 11-1

VLAN OVERVIEW ....................................................................................................................................11-2

YPES OF VLANS ..............................................................................................................................11-2

EFAULT VLAN .................................................................................................................................11-6

802.1Q T S

PANNING TREE PROTOCOL (STP) ....................................................................................................11-8

IRTUAL ROUTING INTERFACES ..........................................................................................................11-9

VLAN D

YNAMIC, STATIC, AND EXCLUDED PORT MEMBERSHIP .....................................................................11-10

UPER AGGREGATED VLANS ...........................................................................................................11-13

RUNK GROUP PORTS AND VLAN MEMBERSHIP ...............................................................................11-13

UMMARY OF VLAN CONFIGURATION RULES ....................................................................................11-13

OUTING BETWEEN VLANS ....................................................................................................................11-14

IRTUAL ROUTING INTERFACES (LAYER 3 SWITCHES ONLY) ..............................................................11-14

RIDGING AND ROUTING THE SAME PROTOCOL SIMULTANEOUSLY

OUTING BETWEEN VLANS USING VIRTUAL ROUTING INTERFACES (LAYER 3 SWITCHES ONLY) .........11-14

YNAMIC PORT ASSIGNMENT (LAYER 2 SWITCHES AND LAYER 3 SWITCHES) .....................................11-15

SSIGNING A DIFFERENT VLAN ID TO THE DEFAULT VLAN ..............................................................11-15

SSIGNING TRUNK GROUP PORTS ....................................................................................................11-15

ONFIGURING PORT-BASED VLANS .................................................................................................11-15

ODIFYING A PORT-BASED VLAN ....................................................................................................11-18

ONFIGURING IP SUB-NET, IPX NETWORK AND PROTOCOL-BASED VLANS .............................................11-21

ONFIGURATION EXAMPLE ...............................................................................................................11-21

ONFIGURING IP SUB-NET, IPX NETWORK, AND

ROTOCOL-BASED VLANS WITHIN PORT-BASED VLANS ..................................................................11-23

ONFIGURING AN IPV6 PROTOCOL VLAN ...............................................................................................11-26

OUTING BETWEEN VLANS USING VIRTUAL ROUTING INTERFACES (LAYER 3 SWITCHES ONLY) ...............11-27

ONFIGURING PROTOCOL VLANS WITH DYNAMIC PORTS .......................................................................11-33

GING OF DYNAMIC PORTS ..............................................................................................................11-33

ONFIGURATION GUIDELINES ...........................................................................................................11-33

ONFIGURING AN IP, IPX, OR APPLETALK PROTOCOL VLAN WITH DYNAMIC PORTS ..........................11-33

ONFIGURING AN IP SUB-NET VLAN WITH DYNAMIC PORTS .............................................................11-34

ONFIGURING AN IPX NETWORK VLAN WITH DYNAMIC PORTS .........................................................11-34

ONFIGURING UPLINK PORTS WITHIN A PORT-BASED VLAN ...................................................................11-35

ONFIGURING THE SAME IP SUB-NET ADDRESS ON MULTIPLE PORT-BASED VLANS ...............................11-35

SING SEPARATE ACLS ON IP FOLLOWER VIRTUAL ROUTING INTERFACES ........................................11-39

ONFIGURING VLAN GROUPS AND VIRTUAL ROUTING INTERFACE GROUPS .............................................11-40

ONFIGURING A VLAN GROUP .........................................................................................................11-40

AGGING ...............................................................................................................................11-7

AND VIRTUAL ROUTING INTERFACE GROUPS ...........................................................................11-10

ON THE SAME DEVICE (LAYER 3 SWITCHES ONLY) .....................................................................11-14

viii © Foundry Networks, Inc. December 2005

Page 9

Contents

CONFIGURING A VIRTUAL ROUTING INTERFACE GROUP .....................................................................11-41

ISPLAYING THE VLAN GROUP AND VIRTUAL ROUTING INTERFACE GROUP INFORMATION ..................11-42

LLOCATING MEMORY FOR MORE VLANS OR VIRTUAL ROUTING INTERFACES ...................................11-42

ONFIGURING SUPER AGGREGATED VLANS ...........................................................................................11-43

ONFIGURING AGGREGATED VLANS ................................................................................................11-45

ERIFYING THE CONFIGURATION .......................................................................................................11-47

OMPLETE CLI EXAMPLES ...............................................................................................................11-47

ONFIGURING 802.1Q-IN-Q TAGGING .....................................................................................................11-49

ONFIGURATION RULES ...................................................................................................................11-51

NABLING 802.1Q-IN-Q TAGGING ....................................................................................................11-51

XAMPLE CONFIGURATION ...............................................................................................................11-52

ONFIGURING PRIVATE VLANS ..............................................................................................................11-52

MPLEMENTATION NOTES ..................................................................................................................11-54

OMMAND SYNTAX ..........................................................................................................................11-54

NABLING BROADCAST OR UNKNOWN UNICAST TRAFFIC TO THE PRIVATE VLAN ...............................11-55

CLI E

XAMPLE FOR FIGURE 11.21 .....................................................................................................11-56

UAL-MODE VLAN PORTS .....................................................................................................................11-56

ISPLAYING VLAN INFORMATION ............................................................................................................11-59

ISPLAYING SYSTEM-WIDE VLAN INFORMATION ...............................................................................11-59

ISPLAYING VLAN INFORMATION FOR SPECIFIC PORTS ....................................................................11-60

CHAPTER 12

ULE-BASED IP ACCESS CONTROL LISTS (ACLS).................................... 12-1

ACL OVERVIEW ........................................................................................................................................12-2

YPES OF IP ACLS ............................................................................................................................12-2

ACL ID N D

OW HARDWARE-BASED ACLS WORK ......................................................................................................12-3

H H

ONFIGURATION CONSIDERATIONS ............................................................................................................12-4

ONFIGURING STANDARD NUMBERED ACLS .............................................................................................12-4

S C

ONFIGURING STANDARD NAMED ACLS ...................................................................................................12-6

S C

ONFIGURING EXTENDED NUMBERED ACLS ..............................................................................................12-8

E C

ONFIGURING EXTENDED NAMED ACLS ..................................................................................................12-13

E C

DDING A COMMENT TO AN ACL ENTRY .................................................................................................12-18

NABLING STRICT CONTROL OF ACL FILTERING OF FRAGMENTED PACKETS ............................................12-20

S AND ENTRIES .......................................................................................................................12-2

UMBERED AND NAMED ACLS ...........................................................................................................12-3

EFAULT ACL ACTION .......................................................................................................................12-3

OW FRAGMENTED PACKETS ARE PROCESSED ...................................................................................12-3

ARDWARE AGING OF LAYER 4 CAM ENTRIES ...................................................................................12-4

TANDARD NUMBERED ACL SYNTAX ..................................................................................................12-5

ONFIGURATION EXAMPLE FOR STANDARD NUMBERED ACLS .............................................................12-6

TANDARD NAMED ACL SYNTAX ........................................................................................................12-6

ONFIGURATION EXAMPLE FOR STANDARD NAMED ACLS ...................................................................12-8

XTENDED NUMBERED ACL SYNTAX ..................................................................................................12-8

ONFIGURATION EXAMPLES FOR EXTENDED NUMBERED ACLS .........................................................12-12

XTENDED NAMED ACL SYNTAX ......................................................................................................12-15

ONFIGURATION EXAMPLE FOR EXTENDED NAMED ACLS .................................................................12-18

December 2005 © Foundry Networks, Inc. ix

Page 10

Foundry Configuration Guide for the FESX, FSX, and FWSX

ENABLING ACL FILTERING BASED ON VLAN MEMBERSHIP OR

VE P

ORT MEMBERSHIP ....................................................................................................................12-20

PPLYING AN ACL TO SPECIFIC VLAN MEMBERS ON A PORT (LAYER 2 DEVICES ONLY) ...................12-21

PPLYING AN ACL TO A SUBSET OF PORTS ON A VIRTUAL INTERFACE (LAYER 3 DEVICES ONLY) .......12-21

ILTERING ON IP PRECEDENCE AND TOS VALUES ...................................................................................12-22

OS OPTIONS FOR IP ACLS ..................................................................................................................12-23

SING AN ACL TO MAP THE DSCP VALUE (DSCP COS MAPPING) ..................................................12-23

SING AN IP ACL TO MARK DSCP VALUES (DSCP MARKING) .........................................................12-23

DSCP M ACL-B ACL C U

SING ACLS TO CONTROL MULTICAST FEATURES ...................................................................................12-25

ISPLAYING ACL INFORMATION ..............................................................................................................12-25

ROUBLESHOOTING ACLS ......................................................................................................................12-25

ATCHING ............................................................................................................................12-24

ASED RATE LIMITING ....................................................................................................................12-24

OUNTING ......................................................................................................................................12-25

CHAPTER 13

ONFIGURING QUALITY OF SERVICE.......................................................... 13-1

CLASSIFICATION .......................................................................................................................................13-1

ROCESSING OF CLASSIFIED TRAFFIC .................................................................................................13-2

OS QUEUES ..........................................................................................................................................13-6

SSIGNING QOS PRIORITIES TO TRAFFIC ............................................................................................13-7

ARKING ..................................................................................................................................................13-8

ONFIGURING DSCP-BASED QOS ............................................................................................................13-8

PPLICATION NOTES ..........................................................................................................................13-8

SING ACLS TO HONOR DSCP-BASED QOS ......................................................................................13-8

ONFIGURING THE QOS MAPPINGS ...........................................................................................................13-8

EFAULT DSCP –> INTERNAL FORWARDING PRIORITY MAPPINGS .......................................................13-9

HANGING THE DSCP –> INTERNAL FORWARDING PRIORITY MAPPINGS ............................................13-10

HANGING THE INTERNAL FORWARDING PRIORITY –> HARDWARE FORWARDING QUEUE MAPPINGS ...13-10

CHEDULING ..........................................................................................................................................13-11

OS QUEUING METHODS .................................................................................................................13-11

ELECTING THE QOS QUEUING METHOD ..........................................................................................13-12

ONFIGURING THE QOS QUEUES .....................................................................................................13-12

IEWING QOS SETTINGS ........................................................................................................................13-15

IEWING DSCP-BASED QOS SETTINGS ..................................................................................................13-16

CHAPTER 14

ONFIGURING RATE LIMITING.................................................................... 14-1

OVERVIEW ................................................................................................................................................14-1

ATE LIMITING IN HARDWARE .............................................................................................................14-1

OW FIXED RATE LIMITING WORKS ....................................................................................................14-2

ONFIGURATION NOTES .....................................................................................................................14-2

ONFIGURING A PORT-BASED RATE LIMITING POLICY ................................................................................14-3

ONFIGURING AN ACL-BASED RATE LIMITING POLICY ...............................................................................14-3

PTIMIZING RATE LIMITING .......................................................................................................................14-3

ISPLAYING THE FIXED RATE LIMITING CONFIGURATION ............................................................................14-4

x © Foundry Networks, Inc. December 2005

Page 11

Contents

CHAPTER 15

RAFFIC POLICIES .................................................................................... 15-1

ABOUT TRAFFIC POLICIES .........................................................................................................................15-1

ONFIGURATION NOTES AND FEATURE LIMITATIONS ..................................................................................15-2

AXIMUM NUMBER OF TRAFFIC POLICIES SUPPORTED ON A DEVICE ..........................................................15-3

ETTING THE MAXIMUM NUMBER OF TRAFFIC POLICIES SUPPORTED ON A LAYER 3 DEVICE .................15-3

ACL-B

ASED RATE LIMITING VIA TRAFFIC POLICIES ....................................................................................15-3

UPPORT FOR FIXED RATE LIMITING AND ADAPTIVE RATE LIMITING .....................................................15-4

ONFIGURING ACL-BASED FIXED RATE LIMITING ................................................................................15-4

ONFIGURING ACL-BASED ADAPTIVE RATE LIMITING ..........................................................................15-5

PECIFYING THE ACTION TO BE TAKEN FOR PACKETS THAT ARE OVER THE LIMIT .................................15-6

ACL

AND RATE LIMIT COUNTING ...............................................................................................................15-7

NABLING ACL COUNTING .................................................................................................................15-8

NABLING ACL COUNTING WITH RATE LIMITING TRAFFIC POLICIES .....................................................15-8

IEWING ACL AND RATE LIMIT COUNTERS .........................................................................................15-9

LEARING ACL AND RATE LIMIT COUNTERS .....................................................................................15-10

IEWING TRAFFIC POLICIES ....................................................................................................................15-10

CHAPTER 16

ONFIGURING IP....................................................................................... 16-1

BASIC CONFIGURATION .............................................................................................................................16-1

VERVIEW ................................................................................................................................................16-2

IP I

NTERFACES ..................................................................................................................................16-2

IP P

ACKET FLOW THROUGH A LAYER 3 SWITCH .................................................................................16-3

IP R

OUTE EXCHANGE PROTOCOLS .....................................................................................................16-7

IP M

ULTICAST PROTOCOLS ................................................................................................................16-7

IP I

NTERFACE REDUNDANCY PROTOCOLS ...........................................................................................16-8

CCESS CONTROL LISTS AND IP ACCESS POLICIES ............................................................................16-8

ASIC IP PARAMETERS AND DEFAULTS – LAYER 3 SWITCHES ....................................................................16-8

HEN PARAMETER CHANGES TAKE EFFECT .......................................................................................16-9

IP G

LOBAL PARAMETERS – LAYER 3 SWITCHES ..................................................................................16-9

IP I

NTERFACE PARAMETERS – LAYER 3 SWITCHES ...........................................................................16-13

ASIC IP PARAMETERS AND DEFAULTS – LAYER 2 SWITCHES ..................................................................16-15

IP G

LOBAL PARAMETERS – LAYER 2 SWITCHES ................................................................................16-15

NTERFACE IP PARAMETERS – LAYER 2 SWITCHES ...........................................................................16-17

ONFIGURING IP PARAMETERS – LAYER 3 SWITCHES .............................................................................16-17

ONFIGURING IP ADDRESSES ..........................................................................................................16-17

ONFIGURING DOMAIN NAME SERVER (DNS) RESOLVER ..................................................................16-19

ONFIGURING PACKET PARAMETERS ................................................................................................16-20

HANGING THE ROUTER ID ..............................................................................................................16-23

PECIFYING A SINGLE SOURCE INTERFACE FOR TELNET, TACACS/TACACS+,

OR RADIUS PACKETS ...............................................................................................................16-24

ONFIGURING ARP PARAMETERS ....................................................................................................16-25

ONFIGURING FORWARDING PARAMETERS .......................................................................................16-29

ISABLING ICMP MESSAGES ...........................................................................................................16-31

December 2005 © Foundry Networks, Inc. xi

Page 12

Foundry Configuration Guide for the FESX, FSX, and FWSX

CONFIGURING STATIC ROUTES .........................................................................................................16-32

ONFIGURING A DEFAULT NETWORK ROUTE .....................................................................................16-39

ONFIGURING IP LOAD SHARING ......................................................................................................16-41

ONFIGURING IRDP .........................................................................................................................16-44

ONFIGURING RARP .......................................................................................................................16-45

ONFIGURING UDP BROADCAST AND IP HELPER PARAMETERS ........................................................16-47

ONFIGURING BOOTP/DHCP FORWARDING PARAMETERS ................................................................16-49

ONFIGURING IP PARAMETERS – LAYER 2 SWITCHES .............................................................................16-51

ONFIGURING THE MANAGEMENT IP ADDRESS AND SPECIFYING THE DEFAULT GATEWAY ..................16-51

ONFIGURING DOMAIN NAME SERVER (DNS) RESOLVER ..................................................................16-51

HANGING THE TTL THRESHOLD ......................................................................................................16-53

ONFIGURING DHCP ASSIST ...........................................................................................................16-53

ISPLAYING IP CONFIGURATION INFORMATION AND STATISTICS ...............................................................16-57

HANGING THE NETWORK MASK DISPLAY TO PREFIX FORMAT ..........................................................16-57

ISPLAYING IP INFORMATION – LAYER 3 SWITCHES ..........................................................................16-57

ISPLAYING IP INFORMATION – LAYER 2 SWITCHES ..........................................................................16-74

CHAPTER 17

ONFIGURING RIP.................................................................................... 17-1

RIP OVERVIEW .........................................................................................................................................17-1

ICMP H

RIP P

RIP G RIP I

ONFIGURING RIP PARAMETERS ..............................................................................................................17-4

E C C C C C S C

ISPLAYING RIP FILTERS ........................................................................................................................17-10

ISPLAYING CPU UTILIZATION STATISTICS ..............................................................................................17-11

OST UNREACHABLE MESSAGE FOR UNDELIVERABLE ARPS .....................................................17-2

ARAMETERS AND DEFAULTS .............................................................................................................17-2

LOBAL PARAMETERS .................................................................................................................17-2

NTERFACE PARAMETERS ............................................................................................................17-3

NABLING RIP ...................................................................................................................................17-4

ONFIGURING METRIC PARAMETERS ..................................................................................................17-4

HANGING THE ADMINISTRATIVE DISTANCE ........................................................................................17-5

ONFIGURING REDISTRIBUTION ..........................................................................................................17-6

ONFIGURING ROUTE LEARNING AND ADVERTISING PARAMETERS .......................................................17-7

HANGING THE ROUTE LOOP PREVENTION METHOD ...........................................................................17-8

UPPRESSING RIP ROUTE ADVERTISEMENT ON A VRRP OR VRRPE BACKUP INTERFACE ...................17-9

ONFIGURING RIP ROUTE FILTERS ....................................................................................................17-9

CHAPTER 18

ONFIGURING IP MULTICAST TRAFFIC REDUCTION .................................... 18-1

OVERVIEW ................................................................................................................................................18-1

UPPORT FOR IGMP V2 SNOOPING IN LAYER 3 SOFTWARE IMAGES ..........................................................18-2

ONFIGURING IP MULTICAST TRAFFIC REDUCTION ....................................................................................18-2

NABLING IP MULTICAST TRAFFIC REDUCTION ....................................................................................18-2

HANGING THE IGMP MODE ..............................................................................................................18-3

ISABLING IGMP ON INDIVIDUAL PORTS .............................................................................................18-3

ODIFYING THE QUERY INTERVAL ......................................................................................................18-4

ODIFYING THE AGE INTERVAL ...........................................................................................................18-4

xii © Foundry Networks, Inc. December 2005

Page 13

Contents

FILTERING MULTICAST GROUPS ..........................................................................................................18-4

PIM SM T

ISPLAYING IP MULTICAST INFORMATION ..................................................................................................18-8

RAFFIC SNOOPING ....................................................................................................................18-5

ONFIGURATION NOTES .....................................................................................................................18-5

PPLICATION EXAMPLES .....................................................................................................................18-5

ONFIGURATION REQUIREMENTS ........................................................................................................18-7

NABLING PIM SM TRAFFIC SNOOPING ..............................................................................................18-8

ISPLAYING MULTICAST INFORMATION ON LAYER 2 SWITCHES ............................................................18-8

ISPLAYING IP MULTICAST STATISTICS .............................................................................................18-16

LEARING IP MULTICAST STATISTICS ...............................................................................................18-16

LEARING IGMP GROUP FLOWS ......................................................................................................18-16

CHAPTER 19

ONFIGURING IP MULTICAST PROTOCOLS................................................. 19-1

OVERVIEW OF IP MULTICASTING ...............................................................................................................19-2

ULTICAST TERMS .............................................................................................................................19-2

HANGING GLOBAL IP MULTICAST PARAMETERS .......................................................................................19-3

HANGING DYNAMIC MEMORY ALLOCATION FOR IP MULTICAST GROUPS .............................................19-3

HANGING IGMP V1 AND V2 PARAMETERS ........................................................................................19-5

DDING AN INTERFACE TO A MULTICAST GROUP .......................................................................................19-6

PIM D

ENSE .............................................................................................................................................19-6

NITIATING PIM MULTICASTS ON A NETWORK ......................................................................................19-6

RUNING A MULTICAST TREE .............................................................................................................19-7

RAFTS TO A MULTICAST TREE ..........................................................................................................19-8

PIM DM V C

ONFIGURING PIM DM .....................................................................................................................19-9

AILOVER TIME IN A MULTI-PATH TOPOLOGY ....................................................................................19-13

ODIFYING THE TTL ........................................................................................................................19-13

PIM S

PARSE .........................................................................................................................................19-13

PIM S RP P C

ONFIGURING PIM SPARSE ..............................................................................................................19-15

ISPLAYING PIM SPARSE CONFIGURATION INFORMATION AND STATISTICS .........................................19-20

ROPPING PIM TRAFFIC IN HARDWARE ...................................................................................................19-31

ELEASE 02.2.00 ............................................................................................................................19-31

NHANCEMENT IN RELEASE 02.3.01 .................................................................................................19-31

ONFIGURATION SYNTAX .................................................................................................................19-32

ONFIGURING MULTICAST SOURCE DISCOVERY PROTOCOL (MSDP) .......................................................19-32

EER REVERSE PATH FORWARDING (RPF) FLOODING ......................................................................19-34

OURCE ACTIVE CACHING ................................................................................................................19-34

ONFIGURING MSDP .......................................................................................................................19-34

ESIGNATING AN INTERFACE’S IP ADDRESS AS THE RP’S IP ADDRESS ..............................................19-35

ILTERING MSDP SOURCE-GROUP PAIRS ........................................................................................19-36

ONFIGURING MSDP MESH GROUPS ...............................................................................................19-38

ISPLAYING MSDP INFORMATION .....................................................................................................19-46

LEARING MSDP INFORMATION .......................................................................................................19-52

ERSIONS ............................................................................................................................19-8

PARSE ROUTER TYPES ...........................................................................................................19-14

ATHS AND SPT PATHS .............................................................................................................19-15

December 2005 © Foundry Networks, Inc. xiii

Page 14

Foundry Configuration Guide for the FESX, FSX, and FWSX

DVMRP OVERVIEW ................................................................................................................................19-52

NITIATING DVMRP MULTICASTS ON A NETWORK .............................................................................19-53

RUNING A MULTICAST TREE ...........................................................................................................19-53

RAFTS TO A MULTICAST TREE ........................................................................................................19-55

ONFIGURING DVMRP ...........................................................................................................................19-55

NABLING DVMRP ON THE LAYER 3 SWITCH AND INTERFACE ...........................................................19-55

ODIFYING DVMRP GLOBAL PARAMETERS ......................................................................................19-56

ODIFYING DVMRP INTERFACE PARAMETERS .................................................................................19-58

ISPLAYING INFORMATION ABOUT AN UPSTREAM NEIGHBOR DEVICE .................................................19-59

ONFIGURING AN IP TUNNEL ..................................................................................................................19-59

SING ACLS TO CONTROL MULTICAST FEATURES ...................................................................................19-60

SING ACLS TO LIMIT STATIC RP GROUPS ......................................................................................19-60

SING ACLS TO LIMIT PIM RP CANDIDATE ADVERTISEMENT ............................................................19-61

SING ACLS TO CONTROL MULTICAST TRAFFIC BOUNDARIES ...........................................................19-62

ONFIGURING A STATIC MULTICAST ROUTE ............................................................................................19-63

RACING A MULTICAST ROUTE ................................................................................................................19-64

ISPLAYING ANOTHER MULTICAST ROUTER’S MULTICAST CONFIGURATION ..............................................19-66

CHAPTER 20

ONFIGURING OSPF ................................................................................ 20-1

OVERVIEW OF OSPF ................................................................................................................................20-1

OSPF P D

ESIGNATED ROUTERS IN MULTI-ACCESS NETWORKS .........................................................................20-4

ESIGNATED ROUTER ELECTION IN MULTI-ACCESS NETWORKS ...........................................................20-4

OSPF RFC 1583 R

EDUCTION OF EQUIVALENT AS EXTERNAL LSAS ...............................................................................20-5

UPPORT FOR OSPF RFC 2328 APPENDIX E ....................................................................................20-7

YNAMIC OSPF ACTIVATION AND CONFIGURATION .............................................................................20-8

YNAMIC OSPF MEMORY ..................................................................................................................20-8

ONFIGURING OSPF ................................................................................................................................20-8

ONFIGURATION RULES .....................................................................................................................20-9

OSPF P E

NABLE OSPF ON THE ROUTER .......................................................................................................20-10

SSIGN OSPF AREAS ......................................................................................................................20-10

SSIGNING AN AREA RANGE (OPTIONAL) ..........................................................................................20-13

SSIGNING INTERFACES TO AN AREA ................................................................................................20-14

M C

HANGE THE TIMER FOR OSPF AUTHENTICATION CHANGES .............................................................20-16

LOCK FLOODING OF OUTBOUND LSAS ON SPECIFIC OSPF INTERFACES .........................................20-16

ONFIGURING AN OSPF NON-BROADCAST INTERFACE .....................................................................20-17

SSIGN VIRTUAL LINKS ....................................................................................................................20-18

M C

HANGING THE REFERENCE BANDWIDTH FOR THE COST ON OSPF INTERFACES ...............................20-21

EFINE REDISTRIBUTION FILTERS .....................................................................................................20-22

REVENT SPECIFIC OSPF ROUTES FROM BEING INSTALLED IN THE IP ROUTE TABLE ........................20-24

OINT-TO-POINT LINKS ............................................................................................................20-3

AND 2178 COMPLIANCE .........................................................................................20-5

ARAMETERS ..........................................................................................................................20-9

ODIFY INTERFACE DEFAULTS .........................................................................................................20-14

ODIFY VIRTUAL LINK PARAMETERS .................................................................................................20-20

ODIFY DEFAULT METRIC FOR REDISTRIBUTION ...............................................................................20-27

xiv © Foundry Networks, Inc. December 2005

Page 15

Contents

ENABLE ROUTE REDISTRIBUTION ......................................................................................................20-27

ISABLE OR RE-ENABLE LOAD SHARING ...........................................................................................20-29

ONFIGURE EXTERNAL ROUTE SUMMARIZATION ...............................................................................20-30

ONFIGURE DEFAULT ROUTE ORIGINATION .......................................................................................20-31

ODIFY SPF TIMERS .......................................................................................................................20-32

ODIFY REDISTRIBUTION METRIC TYPE ............................................................................................20-32

ODIFY ADMINISTRATIVE DISTANCE ..................................................................................................20-32

ONFIGURE OSPF GROUP LINK STATE ADVERTISEMENT (LSA) PACING ...........................................20-33

ODIFY OSPF TRAPS GENERATED ..................................................................................................20-34

ODIFY OSPF STANDARD COMPLIANCE SETTING .............................................................................20-35

ODIFY EXIT OVERFLOW INTERVAL ..................................................................................................20-35

ONFIGURING AN OSPF POINT-TO-POINT LINK .................................................................................20-35

PECIFY TYPES OF OSPF SYSLOG MESSAGES TO LOG ....................................................................20-36

ISPLAYING OSPF INFORMATION ............................................................................................................20-36

ISPLAYING GENERAL OSPF CONFIGURATION INFORMATION ............................................................20-37

ISPLAYING CPU UTILIZATION STATISTICS ........................................................................................20-37

ISPLAYING OSPF AREA INFORMATION ............................................................................................20-39

ISPLAYING OSPF NEIGHBOR INFORMATION ....................................................................................20-39

ISPLAYING OSPF INTERFACE INFORMATION ....................................................................................20-42

ISPLAYING OSPF ROUTE INFORMATION ..........................................................................................20-43

ISPLAYING OSPF EXTERNAL LINK STATE INFORMATION ..................................................................20-45

ISPLAYING OSPF LINK STATE INFORMATION ...................................................................................20-46

ISPLAYING THE DATA IN AN LSA .....................................................................................................20-47

ISPLAYING OSPF VIRTUAL NEIGHBOR INFORMATION .......................................................................20-47

ISPLAYING OSPF VIRTUAL LINK INFORMATION ................................................................................20-48

ISPLAYING OSPF ABR AND ASBR INFORMATION ...........................................................................20-48

ISPLAYING OSPF TRAP STATUS .....................................................................................................20-48

CHAPTER 21

ONFIGURING BGP4 ................................................................................ 21-1

OVERVIEW OF BGP4 ................................................................................................................................21-2

ELATIONSHIP BETWEEN THE BGP4 ROUTE TABLE AND THE IP ROUTE TABLE ....................................21-3

OW BGP4 SELECTS A PATH FOR A ROUTE .......................................................................................21-4

BGP4 M

ASIC CONFIGURATION AND ACTIVATION FOR BGP4 .................................................................................21-6

OTE REGARDING DISABLING BGP4 ..................................................................................................21-7

BGP4 P

EMORY CONSIDERATIONS .......................................................................................................................21-9

ASIC CONFIGURATION TASKS ................................................................................................................21-10

NABLING BGP4 ON THE ROUTER ....................................................................................................21-10

HANGING THE ROUTER ID ..............................................................................................................21-11

ETTING THE LOCAL AS NUMBER .....................................................................................................21-11

DDING A LOOPBACK INTERFACE ......................................................................................................21-11

DDING BGP4 NEIGHBORS ..............................................................................................................21-12

December 2005 © Foundry Networks, Inc. xv

ESSAGE TYPES .....................................................................................................................21-5

ARAMETERS .................................................................................................................................21-7

HEN PARAMETER CHANGES TAKE EFFECT .......................................................................................21-8

EMORY CONFIGURATION OPTIONS OBSOLETED BY DYNAMIC MEMORY ............................................21-10

Page 16

Foundry Configuration Guide for the FESX, FSX, and FWSX

ADDING A BGP4 PEER GROUP ........................................................................................................21-17

PTIONAL CONFIGURATION TASKS ..........................................................................................................21-21

HANGING THE KEEP ALIVE TIME AND HOLD TIME ............................................................................21-21

HANGING THE BGP4 NEXT-HOP UPDATE TIMER .............................................................................21-21

NABLING FAST EXTERNAL FALLOVER ..............................................................................................21-22

HANGING THE MAXIMUM NUMBER OF PATHS FOR BGP4 LOAD SHARING .........................................21-22

USTOMIZING BGP4 LOAD SHARING ................................................................................................21-23

PECIFYING A LIST OF NETWORKS TO ADVERTISE .............................................................................21-24

HANGING THE DEFAULT LOCAL PREFERENCE ..................................................................................21-25

SING THE IP DEFAULT ROUTE AS A VALID NEXT HOP FOR A BGP4 ROUTE .....................................21-25

DVERTISING THE DEFAULT ROUTE ..................................................................................................21-26

HANGING THE DEFAULT MED (METRIC) USED FOR ROUTE REDISTRIBUTION ....................................21-26

NABLING NEXT-HOP RECURSION ....................................................................................................21-26

HANGING ADMINISTRATIVE DISTANCES ...........................................................................................21-29

EQUIRING THE FIRST AS TO BE THE NEIGHBOR’S AS ......................................................................21-30

ISABLING OR RE-ENABLING COMPARISON OF THE AS-PATH LENGTH ...............................................21-30

NABLING OR DISABLING COMPARISON OF THE ROUTER IDS .............................................................21-30

ONFIGURING THE LAYER 3 SWITCH TO ALWAYS COMPARE MULTI-EXIT DISCRIMINATORS (MEDS) ....21-31

REATING MISSING MEDS AS THE WORST MEDS .............................................................................21-32

ONFIGURING ROUTE REFLECTION PARAMETERS .............................................................................21-32

ONFIGURING CONFEDERATIONS ......................................................................................................21-34

GGREGATING ROUTES ADVERTISED TO BGP4 NEIGHBORS .............................................................21-37

ODIFYING REDISTRIBUTION PARAMETERS ..............................................................................................21-37

EDISTRIBUTING CONNECTED ROUTES .............................................................................................21-38

EDISTRIBUTING RIP ROUTES ..........................................................................................................21-38

EDISTRIBUTING OSPF EXTERNAL ROUTES .....................................................................................21-39

EDISTRIBUTING STATIC ROUTES .....................................................................................................21-39

ISABLING OR RE-ENABLING RE-ADVERTISEMENT OF ALL LEARNED

BGP4 R

EDISTRIBUTING IBGP ROUTES INTO RIP AND OSPF ......................................................................21-40

ILTERING ..............................................................................................................................................21-40

ILTERING SPECIFIC IP ADDRESSES .................................................................................................21-40

ILTERING AS-PATHS .......................................................................................................................21-41

ILTERING COMMUNITIES ..................................................................................................................21-45

EFINING IP PREFIX LISTS ...............................................................................................................21-47

EFINING NEIGHBOR DISTRIBUTE LISTS ............................................................................................21-47

EFINING ROUTE MAPS ...................................................................................................................21-48

SING A TABLE MAP TO SET THE TAG VALUE ...................................................................................21-55

ONFIGURING COOPERATIVE BGP4 ROUTE FILTERING .....................................................................21-55

ONFIGURING ROUTE FLAP DAMPENING .................................................................................................21-58

LOBALLY CONFIGURING ROUTE FLAP DAMPENING ..........................................................................21-59

SING A ROUTE MAP TO CONFIGURE ROUTE FLAP DAMPENING FOR SPECIFIC ROUTES ....................21-60

SING A ROUTE MAP TO CONFIGURE ROUTE FLAP DAMPENING FOR A SPECIFIC NEIGHBOR ..............21-60

EMOVING ROUTE DAMPENING FROM A ROUTE ................................................................................21-61

EMOVING ROUTE DAMPENING FROM A NEIGHBOR’S ROUTES SUPPRESSED DUE TO AGGREGATION ..21-61

ISPLAYING AND CLEARING ROUTE FLAP DAMPENING STATISTICS .....................................................21-63

OUTES TO ALL BGP4 NEIGHBORS .................................................................................21-39

xvi © Foundry Networks, Inc. December 2005

Page 17

Contents

GENERATING TRAPS FOR BGP ...............................................................................................................21-64

ISPLAYING BGP4 INFORMATION ............................................................................................................21-65

ISPLAYING SUMMARY BGP4 INFORMATION .....................................................................................21-65

ISPLAYING THE ACTIVE BGP4 CONFIGURATION ..............................................................................21-68

ISPLAYING CPU UTILIZATION STATISTICS ........................................................................................21-68

ISPLAYING SUMMARY NEIGHBOR INFORMATION ...............................................................................21-70

ISPLAYING BGP4 NEIGHBOR INFORMATION .....................................................................................21-73

ISPLAYING PEER GROUP INFORMATION ...........................................................................................21-86

ISPLAYING SUMMARY ROUTE INFORMATION ....................................................................................21-87

ISPLAYING THE BGP4 ROUTE TABLE ..............................................................................................21-88

ISPLAYING BGP4 ROUTE-ATTRIBUTE ENTRIES ................................................................................21-96

ISPLAYING THE ROUTES BGP4 HAS PLACED IN THE IP ROUTE TABLE .............................................21-97

ISPLAYING ROUTE FLAP DAMPENING STATISTICS ............................................................................21-98

ISPLAYING THE ACTIVE ROUTE MAP CONFIGURATION ......................................................................21-99

PDATING ROUTE INFORMATION AND RESETTING A NEIGHBOR SESSION ................................................21-100

SING SOFT RECONFIGURATION .....................................................................................................21-100

YNAMICALLY REQUESTING A ROUTE REFRESH FROM A BGP4 NEIGHBOR ......................................21-102

LOSING OR RESETTING A NEIGHBOR SESSION ..............................................................................21-105

LEARING AND RESETTING BGP4 ROUTES IN THE IP ROUTE TABLE ................................................21-106

LEARING TRAFFIC COUNTERS .............................................................................................................21-106

LEARING ROUTE FLAP DAMPENING STATISTICS ...................................................................................21-106

EMOVING ROUTE FLAP DAMPENING ....................................................................................................21-107

LEARING DIAGNOSTIC BUFFERS ..........................................................................................................21-107

CHAPTER 22

ONFIGURING VRRP AND VRRPE ...........................................................22-1

OVERVIEW ................................................................................................................................................22-2

VERVIEW OF VRRP .........................................................................................................................22-2

VERVIEW OF VRRPE .......................................................................................................................22-6

OMPARISON OF VRRP AND VRRPE .......................................................................................................22-7

VRRP ...............................................................................................................................................22-8

VRRPE .............................................................................................................................................22-8

RCHITECTURAL DIFFERENCES ...........................................................................................................22-8

VRRP

AND VRRPE PARAMETERS ............................................................................................................22-9

ONFIGURING BASIC VRRP PARAMETERS ..............................................................................................22-11

ONFIGURING THE OWNER ...............................................................................................................22-11

ONFIGURING A BACKUP ..................................................................................................................22-12

ONFIGURATION RULES FOR VRRP .................................................................................................22-12

ONFIGURING BASIC VRRPE PARAMETERS ............................................................................................22-12

ONFIGURATION RULES FOR VRRPE ...............................................................................................22-12

OTE REGARDING DISABLING VRRP OR VRRPE ....................................................................................22-12

ONFIGURING ADDITIONAL VRRP AND VRRPE PARAMETERS .................................................................22-13

ORCING A MASTER ROUTER TO ABDICATE TO A STANDBY ROUTER ........................................................22-18

ISPLAYING VRRP AND VRRPE INFORMATION .......................................................................................22-19

ISPLAYING SUMMARY INFORMATION ................................................................................................22-19

ISPLAYING DETAILED INFORMATION ................................................................................................22-20

December 2005 © Foundry Networks, Inc. xvii

Page 18

Foundry Configuration Guide for the FESX, FSX, and FWSX

DISPLAYING STATISTICS ...................................................................................................................22-26

LEARING VRRP OR VRRPE STATISTICS ........................................................................................22-27

ISPLAYING CPU UTILIZATION STATISTICS ........................................................................................22-28

ONFIGURATION EXAMPLES ....................................................................................................................22-29

VRRP E VRRPE E

XAMPLE ..............................................................................................................................22-29

XAMPLE ............................................................................................................................22-30

CHAPTER 23

PDATING SOFTWARE IMAGES AND

CONFIGURATION FILES.............................................................................. 23-1

OVERVIEW ................................................................................................................................................23-1

ETERMINING THE SOFTWARE VERSIONS INSTALLED AND RUNNING ON A DEVICE .......................................23-2

ETERMINING THE FLASH IMAGE VERSION RUNNING ON THE DEVICE ...................................................23-2

ETERMINING THE BOOT IMAGE VERSION RUNNING ON THE DEVICE ....................................................23-3

ETERMINING THE IMAGE VERSIONS INSTALLED IN FLASH MEMORY .....................................................23-4

MAGE FILE TYPES ....................................................................................................................................23-4

PGRADING SOFTWARE ............................................................................................................................23-4

IGRATING TO THE NEW RELEASE .....................................................................................................23-4

PGRADING THE BOOT CODE .............................................................................................................23-5

PGRADING THE FLASH CODE ............................................................................................................23-5

SING SNMP TO UPGRADE SOFTWARE ....................................................................................................23-6

HANGING THE BLOCK SIZE FOR TFTP FILE TRANSFERS ..........................................................................23-7

EBOOTING ..............................................................................................................................................23-7

OADING AND SAVING CONFIGURATION FILES ............................................................................................23-7

EPLACING THE STARTUP CONFIGURATION WITH THE RUNNING CONFIGURATION .................................23-8

EPLACING THE RUNNING CONFIGURATION WITH THE STARTUP CONFIGURATION .................................23-8

OGGING CHANGES TO THE STARTUP-CONFIG FILE ............................................................................23-8

OPYING A CONFIGURATION FILE TO OR FROM A TFTP SERVER .........................................................23-8

YNAMIC CONFIGURATION LOADING ...................................................................................................23-9

AXIMUM FILE SIZES FOR STARTUP-CONFIG FILE AND RUNNING-CONFIG ..........................................23-10

SING SNMP TO SAVE AND LOAD CONFIGURATION INFORMATION .....................................................23-11

RASING IMAGE AND CONFIGURATION FILES .....................................................................................23-12

CHEDULING A SYSTEM RELOAD .............................................................................................................23-12

ELOADING AT A SPECIFIC TIME .......................................................................................................23-12

ELOADING AFTER A SPECIFIC AMOUNT OF TIME ..............................................................................23-12

ISPLAYING THE AMOUNT OF TIME REMAINING BEFORE A SCHEDULED RELOAD .................................23-13

ANCELING A SCHEDULED RELOAD ..................................................................................................23-13

IAGNOSTIC ERROR CODES AND REMEDIES FOR TFTP TRANSFERS ........................................................23-13

APPENDIX A

SING SYSLOG...........................................................................................A-1

OVERVIEW ................................................................................................................................................. A-1

ISPLAYING SYSLOG MESSAGES ................................................................................................................ A-2

ONFIGURING THE SYSLOG SERVICE ......................................................................................................... A-3

ISPLAYING THE SYSLOG CONFIGURATION ........................................................................................... A-4

xviii © Foundry Networks, Inc. December 2005

Page 19

Contents

DISABLING OR RE-ENABLING SYSLOG .................................................................................................. A-7

PECIFYING A SYSLOG SERVER ........................................................................................................... A-7

PECIFYING AN ADDITIONAL SYSLOG SERVER ...................................................................................... A-7

ISABLING LOGGING OF A MESSAGE LEVEL ......................................................................................... A-7

HANGING THE NUMBER OF ENTRIES THE LOCAL BUFFER CAN HOLD ................................................... A-8

HANGING THE LOG FACILITY .............................................................................................................. A-8

ISPLAYING THE INTERFACE NAME IN SYSLOG MESSAGES ................................................................... A-9

LEARING THE SYSLOG MESSAGES FROM THE LOCAL BUFFER ............................................................. A-9

ISPLAYING TCP/UDP PORT NUMBERS IN SYSLOG MESSAGES ........................................................ A-10

YSLOG MESSAGES ................................................................................................................................. A-10

APPENDIX B

EMOTE NETWORK MONITORING ................................................................B-1

BASIC MANAGEMENT ................................................................................................................................. B-1

IEWING SYSTEM INFORMATION ........................................................................................................... B-1

IEWING CONFIGURATION INFORMATION .............................................................................................. B-2

IEWING PORT STATISTICS .................................................................................................................. B-2

IEWING STP STATISTICS ................................................................................................................... B-5

LEARING STATISTICS ......................................................................................................................... B-5

RMON S

SFLOW ...................................................................................................................................................... B-9

ONFIGURING A UTILIZATION LIST FOR AN UPLINK PORT ........................................................................... B-17

UPPORT ...................................................................................................................................... B-5

TATISTICS (RMON GROUP 1) ............................................................................................................ B-6

ISTORY (RMON GROUP 2) ............................................................................................................... B-8

LARM (RMON GROUP 3) .................................................................................................................. B-9

VENT (RMON GROUP 9) ................................................................................................................... B-9

ONFIGURATION CONSIDERATIONS .................................................................................................... B-10

ONFIGURING AND ENABLING SFLOW ................................................................................................ B-11

OMMAND SYNTAX ........................................................................................................................... B-17

ISPLAYING UTILIZATION PERCENTAGES FOR AN UPLINK .................................................................... B-17

APPENDIX C

OLICIES AND FILTERS ...............................................................................C-1

SCOPE ...................................................................................................................................................... C-2

EFAULT FILTER ACTIONS ......................................................................................................................... C-2

OLICY AND FILTER PRECEDENCE .............................................................................................................. C-3

OS ................................................................................................................................................... C-3

RECEDENCE AMONG FILTERS ON DIFFERENT LAYERS ........................................................................ C-3

RECEDENCE AMONG FILTERS ON THE SAME LAYER ........................................................................... C-4

OUNDRY POLICIES ................................................................................................................................... C-4

UALITY-OF-SERVICE POLICIES ........................................................................................................... C-5

AYER 3 POLICIES ...............................................................................................................................C-5

OUNDRY FILTERS ..................................................................................................................................... C-6

AYER 2 FILTERS ................................................................................................................................ C-7

AYER 3 FILTERS ................................................................................................................................ C-9

December 2005 © Foundry Networks, Inc. xix

Page 20

Foundry Configuration Guide for the FESX, FSX, and FWSX

APPENDIX D

OFTWARE FEATURES AND SPECIFICATIONS ...............................................D-1

FEATURE HIGHLIGHTS ................................................................................................................................ D-1

UPPORTED FEATURES ....................................................................................................................... D-2

NSUPPORTED FEATURES ................................................................................................................... D-7

IEEE C RFC S I

NTERNET DRAFTS ................................................................................................................................... D-14

OMPLIANCE .................................................................................................................................... D-8

UPPORT .......................................................................................................................................... D-9

APPENDIX E

AUTIONS AND WARNINGS..........................................................................E-1

CAUTIONS ................................................................................................................................................. E-1

ARNINGS ................................................................................................................................................ E-6

xx © Foundry Networks, Inc. December 2005

Page 21

Chapter 1

About This Guide

Introduction

This guide describes the following product families from Foundry Networks:

• FastIron Edge Switch X-Series (FESX) Layer 2/Layer 3 switch

• FastIron Workgroup Switch X-Series (FWSX) Layer 2 switch

• FastIron SuperX Switch (FSX) Layer 2/Layer 3 switch

This guide includes procedures for configuring the software. The software procedures show how to perform tasks using the CLI. This guide also describes how to monitor Foundry products using statistics and summary screens.

This guide applies to the following products:

• FastIron Edge Switch X-Series products:

• FastIron Edge Switch X424

• FastIron Edge Switch X448

• FastIron SuperX Switch

• FastIron Workgroup Switch X-Series products:

• FastIron Workgroup Switch X424

• FastIron Workgroup Switch X448

December 2005 © Foundry Networks, Inc. 1 - 1

Page 22

Foundry Configuration Guide for the FESX, FSX, and FWSX

NOTE: This guide contains the terms FastIron Edge Switch X-Series (FESX), FastIron SuperX Switch (FSX), and FastIron WorkGroup Switch X-Series (FWSX). Each term refers to a specific set of devices, as shown in Table 1.1.

Table 1.1: FastIron Family of Switches

This Name Refers to These Devices

FastIron Edge Switch X-Series (FESX) FESX424 and FESX448

FastIron SuperX Switch (FSX) FastIron SuperX

FastIron Workgroup Switch X-Series (FWSX)

What’s Included in This Edition?

This edition describes the following software releases:

• For the FastIron Edge Switch X-Series products:

• 02.3.03 (combined FESX/FSX/FWSX release)

• 02.3.02 (combined FESX/FSX/FWSX release)

• 02.3.01 (combined FESX/FSX/FWSX release)

• 02.2.00 (combined FESX/FWSX release)

• 02.1.01

• 02.0.00

• 01.1.00

• 01.0.00

• For the FastIron SuperX Switch

• 02.2.01

FWSX424 and FWSX448

• 02.2.00

• 02.1.00

• 02.0.01

NOTE: Software releases for FSX devices were combined with the FESX software releases starting with FESX release 02.3.01.

• For the FastIron Workgroup Switch X-Series products:

• 02.0.00

NOTE: Software releases for FWSX devices were combined with the FESX software releases starting with FESX release 02.2.00.

1 - 2 © Foundry Networks, Inc. December 2005

Page 23

About This Guide

Audience

This guide is designed for network installers, system administrators, and resellers who will configure the software for the FastIron family of switches. This guide assumes a working knowledge of Layer 2 and Layer 3 switching and routing concepts.

If you are using Layer 3 code, you should be familiar with the following protocols if applicable to your network – IP, RIP, OSPF, BGP4, DVMRP, MBGP, IGMP, PIM, VRRP, and VRRPE.

Nomenclature

This guide uses the following typographical conventions to show information:

Italic highlights the title of another publication and occasionally emphasizes a word or phrase.

Bold highlights a CLI command.

Bold Italic highlights a term that is being defined.

Underline

Capitals highlights field names and buttons that appear in the Web management interface.

NOTE: A note emphasizes an important fact or calls your attention to a dependency.

highlights a link on the Web management interface.

WARNING: A warning calls your attention to a possible hazard that can cause injury or death.

CAUTION: A caution calls your attention to a possible hazard that can damage equipment.

Related Publications

The following Foundry Networks documents supplement the information in this guide.

• Foundry FastIron X-Series Chassis Hardware Installation Guide – provides hardware installation procedures for the FastIron chassis devices (FSX).

• Foundry FastIron Stackable Hardware Installation Guide – provides hardware installation procedures for the FastIron stackable devices (FES, FESX, and FWSX).

• Foundry Security Guide – provides procedures for securing management access to Foundry devices and for protecting against Denial of Service (DoS) attacks.

• Foundry Management Information Base Reference – contains the Simple Network Management Protocol (SNMP) Management Information Base (MIB) objects supported on Foundry devices.

• Release Notes for the FastIron Edge Switch X-Series – describes features introduced in each software release, lists features that are supported on the FESX, and describes how configuration procedures or defaults differ from those on other Foundry devices, due to the FastIron Edge Switch X-Series’ hardware architecture.

• Release Notes for the FastIron SuperX Switch – describes features introduced in each software release, lists features that are supported on the FSX, and describes how configuration procedures or defaults differ from those on other Foundry devices, due to the FSX’s hardware architecture.

• Release Notes for the FastIron Workgroup Switch X-Series – describes features introduced in each software release, lists features that are supported on the FWSX, and describes how configuration procedures or defaults differ from those on other Foundry devices, due to the FastIron Workgroup Switch X-Series’ hardware architecture.

December 2005 © Foundry Networks, Inc. 1 - 3

Page 24

Foundry Configuration Guide for the FESX, FSX, and FWSX

To order additional copies of these manuals, do one of the following:

• Call 1.877.TURBOCALL (887.2622) in the United States or 1.408.586.1881 outside the United States.

• Send email to info@foundrynet.com.

How to Get Help

Foundry Networks technical support will ensure that the fast and easy access that you have come to expect from your Foundry Networks products will be maintained.

Web Access

• http://www.foundrynetworks.com

Email Access

Technical requests can also be sent to the following email address:

• support@foundrynet.com

Telephone Access

• 1.877.TURBOCALL (887.2622) United States

• 1.408.586.1881 Outside the United States

Warranty Coverage

Contact Foundry Networks using any of the methods listed above for information about the standard and extended warranties.

1 - 4 © Foundry Networks, Inc. December 2005

Page 25

Chapter 2

Getting Familiar with Management Applications

This chapter describes how to manage a Foundry device using the various user interfaces listed in Table 2.1.

Table 2.1: Chapter Contents

Description See Page

Command Line Interface (CLI) – a text-based interface accessible through a direct serial connection or a Telnet session.

Web management interface – A GUI-based management interface accessible through an HTTP (web browser) connection.

You can also use the IronView Network Manager, an optional SNMP-based standalone GUI application, to manage the Foundry device. See the Foundry IronView Network Management User’s Guide for information about using IronView Network Manager.

2-1

2-8

2-11

Logging on Through the CLI

Once an IP address is assigned to a Foundry device running Layer 2 software or to an interface on the Foundry device running Layer 3 software, you can access the CLI either through the direct serial connection to the device or through a local or remote Telnet session.

You can initiate a local Telnet or SNMP connection by attaching a cable to a port and specifying the assigned management station IP address.

The commands in the CLI are organized into the following levels:

• User EXEC – Lets you display information and perform basic tasks such as pings and traceroutes.

• Privileged EXEC – Lets you use the same commands as those at the User EXEC level plus configuration commands that do not require saving the changes to the system-config file.

December 2005 © Foundry Networks, Inc. 2 - 1

Page 26

Foundry Configuration Guide for the FESX, FSX, and FWSX

• CONFIG – Lets you make configuration changes to the device. To save the changes across reboots, you need to save them to the system-config file. The CONFIG level contains sub-levels for individual ports, for VLANs, for routing protocols, and other configuration areas.

NOTE: By default, any user who can open a serial or Telnet connection to the Foundry device can access all these CLI levels. To secure access, you can configure Enable passwords or local user accounts, or you can configure the device to use a RADIUS or TACACS/TACACS+ server for authentication. See the Foundry Security Guide.

On-Line Help

To display a list of available commands or command options, enter “?” or press Tab. If you have not entered part of a command at the command prompt, all the commands supported at the current CLI level are listed. If you enter part of a command, then enter “?” or press Tab, the CLI lists the options you can enter at this point in the command string.

If you enter an invalid command followed by ?, a message appears indicating the command was unrecognized. For example:

FESX424 Router(config)# rooter ip Unrecognized command

Command Completion

The CLI supports command completion, so you do not need to enter the entire name of a command or option. As long as you enter enough characters of the command or option name to avoid ambiguity with other commands or options, the CLI understands what you are typing.

Scroll Control

By default, the CLI uses a page mode to paginate displays that are longer than the number of rows in your terminal emulation window. For example, if you display a list of all the commands at the global CONFIG level but your terminal emulation window does not have enough rows to display them all at once, the page mode stops the display and lists your choices for continuing the display.

Here is an example:

aaa all-client appletalk arp boot

some lines omitted for brevity...

ipx lock-address logging mac

--More--, next page: Space, next line:

Return key, quit: Control-c

The software provides the following scrolling options:

• Press the Space bar to display the next page (one screen at a time).

• Press the Return or Enter key to display the next line (one line at a time).

• Press Ctrl-C or Ctrl-Q to cancel the display.

2 - 2 © Foundry Networks, Inc. December 2005

Page 27

Getting Familiar with Management Applications

Line Editing Commands

The CLI supports the following line editing commands. To enter a line-editing command, use the CTRL-key combination for the command by pressing and holding the CTRL key, then pressing the letter associated with the command.

Table 2.2: CLI Line Editing Commands

Ctrl-Key Combination Description

Ctrl-A Moves to the first character on the command line.

Ctrl-B Moves the cursor back one character.

Ctrl-C Escapes and terminates command prompts and ongoing tasks

(such as lengthy displays), and displays a fresh command prompt.

Ctrl-D Deletes the character at the cursor.

Ctrl-E Moves to the end of the current command line.

Ctrl-F Moves the cursor forward one character.

Ctrl-K Deletes all characters from the cursor to the end of the command

line.

Ctrl-L; Ctrl-R Repeats the current command line on a new line.

Ctrl-N Enters the next command line in the history buffer.

Ctrl-P Enters the previous command line in the history buffer.

Ctrl-U; Ctrl-X Deletes all characters from the cursor to the beginning of the

command line.

Ctrl-W Deletes the last word you typed.

Ctrl-Z Moves from any CONFIG level of the CLI to the Privileged EXEC

level; at the Privileged EXEC level, moves to the User EXEC level.

For a complete list of CLI commands and syntax information for each command, see the Foundry Switch and Router Command Line Interface Reference.

Using Slot and Port Numbers with CLI Commands

Many CLI commands and displays use port numbers, or slot numbers with port numbers. The ports are labeled on the front panel of the device.

The FSX uses chassis-based port numbering which consists of a slot number and a port number. When you enter CLI commands on the FSX, you must specify both the slot number and the port number. The FESX and FWSX devices do not use this type of numbering. When you enter commands on these devices, just specify the port number. The slot numbers used in the FSX CLI examples apply only to Chassis devices.

Here is an example. The following commands change the CLI from the global CONFIG level to the configuration level for the first port on the device.

• FSX commands:

FastIron SuperX Switch(config)# interface e 1/1 FastIron SuperX Switch(config-if-1/1)#

December 2005 © Foundry Networks, Inc. 2 - 3

Page 28

Foundry Configuration Guide for the FESX, FSX, and FWSX

• FESX and FWSX commands:

(config)# interface e 1 (config-if-e1000-1)#

Searching and Filtering Output from CLI Commands

You can filter CLI output from show commands and at the --More-- prompt. You can search for individual characters, strings, or construct complex regular expressions to filter the output.

Searching and Filtering Output from show commands

You can filter output from show commands to display lines containing a specified string, lines that do not contain a specified string, or output starting with a line containing a specified string. The search string is a regular expression consisting of a single character or string of characters. You can use special characters to construct complex regular expressions. See “Using Special Characters in Regular Expressions” on page 2-6 for information on special characters used with regular expressions.

Displaying Lines Containing a Specified String

The following command filters the output of the show interface command for port 3/11 so it displays only lines containing the word “Internet”. This command can be used to display the IP address of the interface.

FastIron SuperX Switch# show interface e 3/11 | include Internet Internet address is 192.168.1.11/24, MTU 1518 bytes, encapsulation ethernet

Syntax: <show-command> | include <regular-expression>

NOTE: The vertical bar ( | ) is part of the command.

Note that the regular expression specified as the search string is case sensitive. In the example above, a search string of “Internet” would match the line containing the IP address, but a search string of “internet” would not.

Displaying Lines That Do Not Contain a Specified String

The following command filters the output of the show who command so it displays only lines that do not contain the word “closed”. This command can be used to display open connections to the Foundry device.

FESX424 Switch# show who | exclude closed Console connections: established you are connecting to this session 2 seconds in idle Telnet connections (inbound): 1 established, client ip address 192.168.9.37 27 seconds in idle Telnet connection (outbound): SSH connections:

Syntax: <show-command> | exclude <regular-expression>

2 - 4 © Foundry Networks, Inc. December 2005

Page 29

Getting Familiar with Management Applications

Displaying Lines Starting with a Specified String

The following command filters the output of the show who command so it displays output starting with the first line that contains the word “SSH”. This command can be used to display information about SSH connections to the Foundry device.

FESX424 Switch# show who | begin SSH SSH connections: 1 established, client ip address 192.168.9.210 7 seconds in idle 2 closed 3 closed 4 closed 5 closed

Syntax: <show-command> | begin <regular-expression>

Searching and Filtering Output at the --More-- Prompt

The --More-- prompt displays when output extends beyond a single page. From this prompt, you can press the Space bar to display the next page, the Return or Enter key to display the next line, or Ctrl-C or Q to cancel the display. In addition, you can search and filter output from this prompt.

At the --More-- prompt, you can press the forward slash key ( / ) and then enter a search string. The Foundry device displays output starting from the first line that contains the search string, similar to the begin option for show commands. For example:

--More--, next page: Space, next line: Return key, quit: Control-c /telnet

The results of the search are displayed:

searching... telnet Telnet by name or IP address temperature temperature sensor commands terminal display syslog traceroute TraceRoute to IP node undebug Disable debugging functions (see also 'debug') undelete Undelete flash card files whois WHOIS lookup write Write running configuration to flash or terminal

To display lines containing only a specified search string (similar to the include option for show commands) press the plus sign key ( + ) at the --More-- prompt and then enter the search string.

--More--, next page: Space, next line: Return key, quit: Control-c +telnet

The filtered results are displayed:

filtering... telnet Telnet by name or IP address

December 2005 © Foundry Networks, Inc. 2 - 5

Page 30

Foundry Configuration Guide for the FESX, FSX, and FWSX

To display lines that do not contain a specified search string (similar to the exclude option for show commands) press the minus sign key ( - ) at the --More-- prompt and then enter the search string.

--More--, next page: Space, next line: Return key, quit: Control-c

-telnet

The filtered results are displayed:

filtering... temperature temperature sensor commands terminal display syslog traceroute TraceRoute to IP node undebug Disable debugging functions (see also 'debug') undelete Undelete flash card files whois WHOIS lookup write Write running configuration to flash or terminal

As with the commands for filtering output from show commands, the search string is a regular expression consisting of a single character or string of characters. You can use special characters to construct complex regular expressions. See the next section for information on special characters used with regular expressions.

Using Special Characters in Regular Expressions

You use a regular expression to specify a single character or multiple characters as a search string. In addition, you can include special characters that influence the way the software matches the output against the search string. These special characters are listed in the following table.

Table 2.3: Special Characters for Regular Expressions

Character Operation

. The period matches on any single character, including a blank space.

For example, the following regular expression matches “aaz”, “abz”, “acz”, and so on, but not just “az”:

a.z

* The asterisk matches on zero or more sequential instances of a pattern.

For example, the following regular expression matches output that contains the string “abc”, followed by zero or more Xs:

abcX*

+ The plus sign matches on one or more sequential instances of a pattern.

For example, the following regular expression matches output that contains "de", followed by a sequence of “g”s, such as “deg”, “degg”, “deggg”, and so on:

deg+

2 - 6 © Foundry Networks, Inc. December 2005

Page 31

Getting Familiar with Management Applications

Table 2.3: Special Characters for Regular Expressions (Continued)

Character Operation

? The question mark matches on zero occurrences or one occurrence of a pattern.

For example, the following regular expression matches output that contains "dg" or "deg":

de?g

Note: Normally when you type a question mark, the CLI lists the commands or options at that CLI level that begin with the character or string you entered. However, if you enter CtrlV and then type a question mark, the question mark is inserted into the command line, allowing you to use it as part of a regular expression.

^ A caret (when not used within brackets) matches on the beginning of an input string.

For example, the following regular expression matches output that begins with “deg”:

^deg

$ A dollar sign matches on the end of an input string.

For example, the following regular expression matches output that ends with “deg”:

deg$

_ An underscore matches on one or more of the following:

• , (comma)

• { (left curly brace)

• } (right curly brace)

• ( (left parenthesis)

• ) (right parenthesis)

• The beginning of the input string

• The end of the input string

• A blank space

For example, the following regular expression matches on “100” but not on “1002”, “2100”, and so on.

_100_

[ ] Square brackets enclose a range of single-character patterns.

For example, the following regular expression matches output that contains “1”, “2”, “3”, “4”, or “5”:

[1-5]

You can use the following expression symbols within the brackets. These symbols are allowed only inside the brackets.

• ^ – The caret matches on any characters except the ones in the brackets. For

example, the following regular expression matches output that does not contain “1”, “2”, “3”, “4”, or “5”:

[^1-5]

• - The hyphen separates the beginning and ending of a range of characters. A match

occurs if any of the characters within the range is present. See the example above.

December 2005 © Foundry Networks, Inc. 2 - 7

Page 32

Foundry Configuration Guide for the FESX, FSX, and FWSX

Table 2.3: Special Characters for Regular Expressions (Continued)

Character Operation

| A vertical bar separates two alternative values or sets of values. The output can match one

or the other value.

For example, the following regular expression matches output that contains either “abc” or “defg”:

abc|defg

( ) Parentheses allow you to create complex expressions.

For example, the following complex expression matches on “abc”, “abcabc”, or “defg”, but not on “abcdefgdefg”:

((abc)+)|((defg)?)

If you want to filter for a special character instead of using the special character as described in the table above, enter “\” (backslash) in front of the character. For example, to filter on output containing an asterisk, enter the asterisk portion of the regular expression as “\*”.

FESX424 Router# show ip route bgp | include \*

Logging On Through the Web Management Interface

To use the Web management interface, open a web browser and enter the IP address of the Foundry device’s management port in the Location or Address field. The web browser contacts the Foundry device and displays a Login panel, such as the one shown below for the FESX.

Figure 2.1 Web Management Interface Login Panel

NOTE: If you are unable to connect with the device through a Web browser due to a proxy problem, it may be

necessary to set your Web browser to direct Internet access instead of using a proxy. For information on how to change a proxy setting, refer to the on-line help provided with your Web browser.

To log in, click on the Login link. The following dialog box is displayed.

Figure 2.2 Web management interface login dialog

2 - 8 © Foundry Networks, Inc. December 2005

Page 33

Getting Familiar with Management Applications

The login username and password you enter depends on whether your device is configured with AAA authentication for SNMP. If AAA authentication for SNMP is not configured, you can use the user name “get” and the default read-only password “public” for read-only access. However, for read-write access, you must enter “set” for the user name, and enter a read-write community string you have configured on the device for the password. There is no default read-write community string. You must add one using the CLI. See the Foundry Security Guide.

As an alternative to using the SNMP community strings to log in, you can configure the Foundry device to secure Web management access using local user accounts or Access Control Lists (ACLs). See the Foundry Security Guide.

Navigating the Web Management Interface

When you log into a device, the System configuration panel is displayed. This panel allows you to enable or disable major system features. You can return to this panel from any other panel by selecting the Home link.

The Site Map

Figure 2.3 displays the first Web management interface panel for Layer 3 Switch features, while Figure 2.4 displays the first panel for Layer 2 Switch features. These panels allow you to configure the features supported by the Layer 3 Switch and Layer 2 Switch software.

Figure 2.3 First Panel for Layer 3 Switch Features

link gives you a view of all available options on a single screen.

NOTE: If you are using Internet Explorer 6.0 to view the Web management interface, make sure the version you are running includes the latest service pack(s). Otherwise, the navigation tree (the left-most pane in Figure 2.3) will not display properly. For information on how to load the latest service pack(s), refer to the on-line help provided with your Web browser.

December 2005 © Foundry Networks, Inc. 2 - 9

Page 34

Foundry Configuration Guide for the FESX, FSX, and FWSX

Figure 2.4 First Panel for Layer 2 Switch Features

NOTE: If you are using Internet Explorer 6.0 to view the Web management interface, make sure the version you

are running includes the latest service pack(s). Otherwise, the navigation tree (the left-most pane in Figure 2.3) will not display properly. For information on how to load the latest service pack(s), refer to the on-line help provided with your Web browser.

The left pane of the Web management interface window contains a “tree view,” similar to the one found in Windows Explorer. Configuration options are grouped into folders in the tree view. These folders, when expanded, reveal additional options. To expand a folder, click on the plus sign to the left of the folder icon.

You can configure the appearance of the Web management interface by using one of the following methods.

Using the CLI, you can modify the appearance of the Web management interface with the web-management command.

To cause the Web management interface to display the List view by default:

FESX424 Router(config)# web-management list-menu

To disable the front panel frame:

FESX424 Router(config)# no web-management front-panel

When you save the configuration with the write memory command, the changes will take place the next time you start the Web management interface, or if you are currently running the Web management interface, the changes will take place when you click the Refresh button on your browser.

USING THE WEB MANAGEMENT INTERFACE

1. Click on the plus sign next to Configure in the tree view to expand the list of configuration options.

2. Click on the plus sign next to System in the tree view to expand the list of system configuration links.

3. Click on the plus sign next to Management in the tree view to expand the list of system management links.

4. Click on the Web Preference

link to display the Web Management Preferences panel.

2 - 10 © Foundry Networks, Inc. December 2005

Page 35

Getting Familiar with Management Applications

5. Enable or disable elements on the Web management interface by clicking on the appropriate radio buttons on the panel. The following figure identifies the elements you can change.

Front Panel

Front Panel Frame

Menu Type

(Tree View shown)

Page Menu

Bottom Frame

Menu Frame

NOTE: The tree view is available when you use the Web management interface with Netscape 4.0 or higher or Internet Explorer 4.0 or higher browsers. If you use the Web management interface with an older browser, the Web management interface displays the List view only, and the Web Management Preferences panel does not include an option to display the tree view.

6. When you have finished, click the Apply button on the panel, then click the Refresh button on your browser to activate the changes.

7. To save the configuration, click the plus sign next to the Command folder, then click the Save to Flash

NOTE: The only changes that become permanent are the settings to the Menu Type and the Front Panel Frame. Any other elements you enable or disable will go back to their default settings the next time you start the Web management interface.

Logging on Through IronView Network Manager

See the Foundry IronView Network Management User’s Guide for information about using IronView Network Manager.

link.

December 2005 © Foundry Networks, Inc. 2 - 11

Page 36

Foundry Configuration Guide for the FESX, FSX, and FWSX

2 - 12 © Foundry Networks, Inc. December 2005

Page 37

Chapter 3

Configuring Basic Software Features

This chapter describes how to configure basic, non-protocol features on the FastIron family of switches.

Foundry devices are configured at the factory with default parameters that allow you to begin using the basic features of the system immediately. However, many of the advanced features such as VLANs or routing protocols for the device must first be enabled at the system (global) level before they can be configured. If you use the Command Line Interface (CLI) to configure system parameters, you can find these system level parameters at the Global CONFIG level of the CLI.

This chapter contains procedures for configuring the following parameters:

Table 3.1: Chapter Contents

Description See Page

Basic system parameters – This section lists the basic system parameters and gives instructions for configuring them.

Basic port parameters – This section lists basic port parameters and gives instructions for configuring them.

NOTE: Before assigning or modifying any router parameters, you must assign the IP subnet (interface) addresses for each port.

NOTE: For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, see the chapter “Configuring IP” on page 16-1.

For information about the Syslog buffer and messages, see the Appendix “Using Syslog” on page A-1.

3-2

3-13

December 2005 © Foundry Networks, Inc. 3 - 1

Page 38

Foundry Configuration Guide for the FESX, FSX, and FWSX

Configuring Basic System Parameters

The procedures in this section describe how to configure the basic system parameters listed in Table 3.2.

Table 3.2: Basic System Parameters

Basic System Parameter See Page

System name, contact, and location 3-2

SNMP trap receiver, trap source address, and other parameters

Single source address for all Telnet packets 3-7

Single source address for all TFTP packets 3-7

System time using a Simple Network Time Protocol (SNTP) server or local system counter

Broadcast, multicast, or unknown-unicast limits, if required to support slower third-party devices

Banners that are displayed on users’ terminals when they enter the Privileged EXEC CLI level or access the device through Telnet

NOTE: For information about the Syslog buffer and messages, see “Using Syslog” on page A-1.

3-3

3-8, 3-10

3-11

Entering System Administration Information

You can configure a system name, contact, and location for a Foundry device and save the information locally in the configuration file for future reference. This information is not required for system operation but is suggested. When you configure a system name, the name replaces the default system name in the CLI command prompt.

The name, contact, and location each can be up to 32 alphanumeric characters.

Here is an example of how to configure a system name, system contact, and location:

FastIron SuperX Switch(config)# hostname zappa zappa(config)# snmp-server contact Support Services zappa(config)# snmp-server location Centerville zappa(config)# end zappa# write memory

Syntax: hostname <string>

Syntax: snmp-server contact <string>

Syntax: snmp-server location <string>

The text strings can contain blanks. The SNMP text strings do not require quotation marks when they contain blanks but the host name does.

NOTE: The chassis name command does not change the CLI prompt. Instead, the command assigns an administrative ID to the device.

3 - 2 © Foundry Networks, Inc. December 2005

Page 39

Configuring Basic Software Features

Configuring Simple Network Management Protocol (SNMP) Parameters

Use the procedures in this section to perform the following configuration tasks:

• Specify an SNMP trap receiver.

• Specify a source address and community string for all traps sent by the device.

• Change the holddown time for SNMP traps

• Disable individual SNMP traps. (All traps are enabled by default.)

• Disable traps for CLI access that is authenticated by a local user account, a RADIUS server, or a TACACS/ TACA CS+ se rv er.

NOTE: To add and modify “get” (read-only) and “set” (read-write) community strings, see the Foundry Security Guide.

Specifying an SNMP Trap Receiver

You can specify a trap receiver to ensure that all SNMP traps sent by the Foundry device go to the same SNMP trap receiver or set of receivers, typically one or more host devices on the network. When you specify the host, you also specify a community string. The Foundry device sends all the SNMP traps to the specified host(s) and includes the specified community string. Administrators can therefore filter for traps from a Foundry device based on IP address or community string.

When you add a trap receiver, the software automatically encrypts the community string you associate with the receiver when the string is displayed by the CLI or Web management interface. If you want the software to show the community string in the clear, you must explicitly specify this when you add a trap receiver. In either case, the software does not encrypt the string in the SNMP traps sent to the receiver.

To specify the host to which the device sends all SNMP traps, use one of the following methods.

To add a trap receiver and encrypt the display of the community string, enter commands such as the following:

To specify an SNMP trap receiver and change the UDP port that will be used to receive traps, enter a command such as the following:

FESX424 Switch(config)# snmp-server host 2.2.2.2 0 mypublic port 200 FESX424 Switch(config)# write memory

Syntax: snmp-server host <ip-addr> [0 | 1] <string> [port <value>]

The <ip-addr> parameter specifies the IP address of the trap receiver.

The 0 | 1 parameter specifies whether you want the software to encrypt the string (1) or show the string in the clear (0). The default is 0.

The <string> parameter specifies an SNMP community string configured on the Foundry device. The string can be a read-only string or a read-write string. The string is not used to authenticate access to the trap host but is instead a useful method for filtering traps on the host. For example, if you configure each of your Foundry devices that use the trap host to send a different community string, you can easily distinguish among the traps from different Foundry devices based on the community strings.

The command in the example above adds trap receiver 2.2.2.2 and configures the software to encrypt display of the community string. When you save the new community string to the startup-config file (using the write memory command), the software adds the following command to the file:

snmp-server host 2.2.2.2 1 <encrypted-string>

To add a trap receiver and configure the software to encrypt display of the community string in the CLI and Web management interface, enter commands such as the following:

FESX424 Switch(config)# snmp-server host 2.2.2.2 0 FastIron-12 FESX424 Switch(config)# write memory

The port <value> parameter allows you to specify which UDP port will be used by the trap receiver. This parameter allows you to configure several trap receivers in a system. With this parameter, IronView Network

December 2005 © Foundry Networks, Inc. 3 - 3

Page 40

Foundry Configuration Guide for the FESX, FSX, and FWSX

Manager Network Manager and another network management application can coexist in the same system. Foundry devices can be configured to send copies of traps to more than one network management application.

Specifying a Single Trap Source

You can specify a single trap source to ensure that all SNMP traps sent by the Foundry device use the same source IP address. When you configure the SNMP source address, you specify the Ethernet port, loopback interface, or virtual interface that is the source for the traps. The Foundry device then uses the lowest-numbered IP address configured on the port or interface as the source IP address in the SNMP traps sent by the device.

Identifying a single source IP address for SNMP traps provides the following benefits:

• If your trap receiver is configured to accept traps only from specific links or IP addresses, you can use this feature to simplify configuration of the trap receiver by configuring the Foundry device to always send the traps from the same link or source address.

• If you specify a loopback interface as the single source for SNMP traps, SNMP trap receivers can receive traps regardless of the states of individual links. Thus, if a link to the trap receiver becomes unavailable but the receiver can be reached through another link, the receiver still receives the trap, and the trap still has the source IP address of the loopback interface.

To specify a port, loopback interface, or virtual interface whose lowest-numbered IP address the Foundry device must use as the source for all SNMP traps sent by the device, use the following CLI method.

To configure the device to send all SNMP traps from the first configured IP address on port 4, enter the following commands:

FESX424 Switch(config)# snmp trap-source ethernet 4 FESX424 Switch(config)# write memory

Syntax: snmp-server trap-source loopback <num> | ethernet [<slotnum>/]<portnum> | ve <num>

The <num> parameter is a loopback interface or virtual interface number.

If you specify an Ethernet port, the <portnum> is the port’s number. If you are configuring a chassis device, specify the slot number as well as the port number (<slotnum>/<portnum>).

To specify a loopback interface as the device’s SNMP trap source, enter commands such as the following:

FESX424 Switch(config)# int loopback 1 FESX424 Switch(config-lbif-1)# ip address 10.0.0.1/24 FESX424 Switch(config-lbif-1)# exit FESX424 Switch(config)# snmp-server trap-source loopback 1

The commands in this example configure loopback interface 1, assign IP address 10.00.1/24 to the loopback interface, then designate the interface as the SNMP trap source for this device. Regardless of the port the Foundry device uses to send traps to the receiver, the traps always arrive from the same source IP address.

Setting the SNMP Trap Holddown Time

When a Foundry device starts up, the software waits for Layer 2 convergence (STP) and Layer 3 convergence (OSPF) before beginning to send SNMP traps to external SNMP servers. Until convergence occurs, the device might not be able to reach the servers, in which case the messages are lost.

By default, a Foundry device uses a one-minute holddown time to wait for the convergence to occur before starting to send SNMP traps. After the holddown time expires, the device sends the traps, including traps such as “cold start” or “warm start” that occur before the holddown time expires.

You can change the holddown time to a value from one second to ten minutes.

To change the holddown time for SNMP traps, enter a command such as the following at the global CONFIG level of the CLI:

FESX424 Switch(config)# snmp-server enable traps holddown-time 30

The command in this example changes the holddown time for SNMP traps to 30 seconds. The device waits 30 seconds to allow convergence in STP and OSPF before sending traps to the SNMP trap receiver.

3 - 4 © Foundry Networks, Inc. December 2005

Page 41

Configuring Basic Software Features

Syntax: [no] snmp-server enable traps holddown-time <secs>

The <secs> parameter specifies the number of seconds and can be from 1 – 600 (ten minutes). The default is 60 seconds.

Disabling SNMP Traps

Foundry devices come with SNMP trap generation enabled by default for all traps. You can selectively disable one or more of the following traps.

NOTE: By default, all SNMP traps are enabled at system startup.

Layer 2 Traps

The following traps are generated on devices running Layer 2 software:

• SNMP authentication keys

• Power supply failure

• Fan failure

• Cold start

•Link up

• Link down

• Bridge new root

• Bridge topology change

• Locked address violation

Layer 3 Traps

The following traps are generated on devices running Layer 3 software:

• SNMP authentication key

• Power supply failure

• Fan failure

• Cold start

•Link up

• Link down

• Bridge new root

• Bridge topology change

• Locked address violation

•BGP4

• OSPF

• VRRP

• VRRPE

To stop link down occurrences from being reported, enter the following:

FESX424 Router(config)# no snmp-server enable traps link-down

Syntax: [no] snmp-server enable traps <trap-type>

NOTE: For a list of the trap values, see the Foundry Switch and Router Command Line Interface Reference.

December 2005 © Foundry Networks, Inc. 3 - 5

Page 42

Foundry Configuration Guide for the FESX, FSX, and FWSX

Disabling Syslog Messages and Traps for CLI Access

Foundry devices send Syslog messages and SNMP traps when a user logs into or out of the User EXEC or Privileged EXEC level of the CLI. The feature applies to users whose access is authenticated by an authentication-method list based on a local user account, RADIUS server, or TACACS/TACACS+ server.

NOTE: The Privileged EXEC level is sometimes called the “Enable” level, because the command for accessing this level is enable.

The feature is enabled by default.

Examples of Syslog Messages for CLI Access

When a user whose access is authenticated by a local user account, a RADIUS server, or a TACACS/TACACS+ server logs into or out of the CLI’s User EXEC or Privileged EXEC mode, the software generates a Syslog message and trap containing the following information:

• The time stamp

• The user name

• Whether the user logged in or out

• The CLI level the user logged into or out of (User EXEC or Privileged EXEC level)

NOTE: Messages for accessing the User EXEC level apply only to access through Telnet. The device does not authenticate initial access through serial connections but does authenticate serial access to the Privileged EXEC level. Messages for accessing the Privileged EXEC level apply to access through the serial connection or Telnet.

The following examples show login and logout messages for the User EXEC and Privileged EXEC levels of the CLI:

FESX424 Switch(config)# show logging

Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Buffer logging: level ACDMEINW, 12 messages logged level code: A=alert C=critical D=debugging M=emergency E=error I=informational N=notification W=warning

Static Log Buffer: Dec 15 19:04:14:A:Fan 1, fan on right connector, failed

Dynamic Log Buffer (50 entries): Oct 15 18:01:11:info:dg logout from USER EXEC mode Oct 15 17:59:22:info:dg logout from PRIVILEGE EXEC mode Oct 15 17:38:07:info:dg login to PRIVILEGE EXEC mode Oct 15 17:38:03:info:dg login to USER EXEC mode

Syntax: show logging

The first message (the one on the bottom) indicates that user “dg” logged in to the CLI’s User EXEC level on October 15 at 5:38 PM and 3 seconds (Oct 15 17:38:03). The same user logged into the Privileged EXEC level four seconds later.

The user remained in the Privileged EXEC mode until 5:59 PM and 22 seconds. (The user could have used the CONFIG modes as well. Once you access the Privileged EXEC level, no further authentication is required to access the CONFIG levels.) At 6:01 PM and 11 seconds, the user ended the CLI session.

Disabling the Syslog Messages and Traps

Logging of CLI access is enabled by default. If you want to disable the logging, enter the following commands:

FESX424 Router(config)# no logging enable user-login FESX424 Router(config)# write memory

3 - 6 © Foundry Networks, Inc. December 2005

Page 43

Configuring Basic Software Features

FESX424 Router(config)# end FESX424 Router# reload

Syntax: [no] logging enable user-login

Configuring an Interface as the Source for All Telnet Packets

You can designate the lowest-numbered IP address configured on an interface as the source IP address for all Telnet packets from the device. Identifying a single source IP address for Telnet packets provides the following benefits:

• If your Telnet server is configured to accept packets only from specific links or IP addresses, you can use this feature to simplify configuration of the Telnet server by configuring the Foundry device to always send the Telnet packets from the same link or source address.

• If you specify a loopback interface as the single source for Telnet packets, Telnet servers can receive the packets regardless of the states of individual links. Thus, if a link to the Telnet server becomes unavailable but the client or server can be reached through another link, the client or server still receives the packets, and the packets still have the source IP address of the loopback interface.

The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+, and RADIUS packets. You can configure a source interface for one or more of these types of packets.

To specify an interface as the source for all Telnet packets from the device, use the following CLI method. The software uses the lowest-numbered IP address configured on the interface as the source IP address for Telnet packets originated by the device.

To specify the lowest-numbered IP address configured on a virtual interface as the device’s source for all Telnet packets, enter commands such as the following:

FESX424 Switch(config)# int loopback 2 FESX424 Switch(config-lbif-2)# ip address 10.0.0.2/24 FESX424 Switch(config-lbif-2)# exit FESX424 Switch(config)# ip telnet source-interface loopback 2

The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then designate the interface as the source for all Telnet packets from the device.

Syntax: ip telnet source-interface ethernet [<slotnum>/]<portnum> | loopback <num> | ve <num>

The following commands configure an IP interface on an Ethernet port and designate the address port as the source for all Telnet packets from the device.

FESX424 Switch(config)# interface ethernet 4 FESX424 Switch(config-if-e1000-4)# ip address 209.157.22.110/24 FESX424 Switch(config-if-e1000-4)# exit FESX424 Switch(config)# ip telnet source-interface ethernet 4

Cancelling an Outbound Telnet Session

If you want to cancel a Telnet session from the console to a remote Telnet server (for example, if the connection is frozen), you can terminate the Telnet session by doing the following:

1. At the console, press Ctrl-^ (Ctrl-Shift-6).

2. Press the X key to terminate the Telnet session.

Pressing Ctrl-^ twice in a row causes a single Ctrl-^ character to be sent to the Telnet server. After you press Ctrl-^, pressing any key other than X or Ctrl-^ returns you to the Telnet session.

Configuring an Interface as the Source for All TFTP Packets

You can configure the device to use the lowest-numbered IP address configured on a loopback interface, virtual interface, or Ethernet port as the source for all TFTP packets from the device. The software uses the lowestnumbered IP address configured on the interface as the source IP address for the packets.

December 2005 © Foundry Networks, Inc. 3 - 7

Page 44

Foundry Configuration Guide for the FESX, FSX, and FWSX

For example, to specify the lowest-numbered IP address configured on a virtual interface as the device’s source for all TFTP packets, enter commands such as the following:

FESX424 Switch(config)# int ve 1 FESX424 Switch(config-vif-1)# ip address 10.0.0.3/24 FESX424 Switch(config-vif-1)# exit

FESX424 Switch(config)# ip tftp source-interface ve 1

The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then designate the interface's address as the source address for all TFTP packets.

Syntax: [no] ip tftp source-interface ethernet [<slotnum>/]<portnum> | loopback <num> | ve <num>

The default is the lowest-numbered IP address configured on the port through which the packet is sent. The address therefore changes, by default, depending on the port.

Specifying a Simple Network Time Protocol (SNTP) Server

You can configure Foundry devices to consult SNTP servers for the current system time and date.

NOTE: Foundry devices do not retain time and date information across power cycles. Unless you want to reconfigure the system time counter each time the system is reset, Foundry Networks recommends that you use the SNTP feature.

To identify an SNTP server with IP address 208.99.8.95 to act as the clock reference for a Foundry device, enter the following:

FESX424 Switch(config)# sntp server 208.99.8.95

Syntax: sntp server <ip-addr> | <hostname> [<version>]

The <version> parameter specifies the SNTP version the server is running and can be from 1 – 4. The default is 1. You can configure up to three SNTP servers by entering three separate sntp server commands.

By default, the Foundry device polls its SNTP server every 30 minutes (1800 seconds). To configure the Foundry device to poll for clock updates from a SNTP server every 15 minutes, enter the following:

FESX424 Switch(config)# sntp poll-interval 900

Syntax: [no] sntp poll-interval <1-65535>

To display information about SNTP associations, enter the following command:

FESX424 Switch# show sntp associations address ref clock st when poll delay disp ~207.95.6.102 0.0.0.0 16 202 4 0.0 5.45 ~207.95.6.101 0.0.0.0 16 202 0 0.0 0.0 * synced, ~ configured

Syntax: show sntp associations

3 - 8 © Foundry Networks, Inc. December 2005

Page 45

Configuring Basic Software Features

The following table describes the information displayed by the show sntp associations command.

Table 3.3: Output from the show sntp associations command

This Field... Displays...

(leading character) One or both of the following:

* Synchronized to this peer

~ Peer is statically configured

address IP address of the peer

ref clock IP address of the peer’s reference clock

st NTP stratum level of the peer

when Amount of time since the last NTP packet was received from the peer

poll Poll interval in seconds

delay Round trip delay in milliseconds

disp Dispersion in seconds

To display information about SNTP status, enter the following command:

FESX424 Switch# show sntp status Clock is unsynchronized, stratum = 0, no reference clock precision is 2**0 reference time is 0 .0 clock offset is 0.0 msec, root delay is 0.0 msec root dispersion is 0.0 msec, peer dispersion is 0.0 msec

Syntax: show sntp status

The following table describes the information displayed by the show sntp status command.

Table 3.4: Output from the show sntp status command

This Field... Indicates...

unsynchronized System is not synchronized to an NTP peer.

synchronized System is synchronized to an NTP peer.

stratum NTP stratum level of this system

reference clock IP Address of the peer (if any) to which the unit is synchronized

precision Precision of this system's clock (in Hz)

reference time Reference time stamp

clock offset Offset of clock to synchronized peer

root delay Total delay along the path to the root clock

root dispersion Dispersion of the root path

December 2005 © Foundry Networks, Inc. 3 - 9

Page 46

Foundry Configuration Guide for the FESX, FSX, and FWSX

Table 3.4: Output from the show sntp status command (Continued)

This Field... Indicates...

peer dispersion Dispersion of the synchronized peer

Setting the System Clock

In addition to SNTP support, Foundry switches and routers also allow you to set the system time counter. The time counter setting is not retained across power cycles and is not automatically synchronized with an SNTP server. The counter merely starts the system time and date clock with the time and date you specify.

NOTE: You can synchronize the time counter with your SNTP server time by entering the sntp sync command from the Privileged EXEC level of the CLI.

NOTE: Unless you identify an SNTP server for the system time and date, you will need to re-enter the time and date following each reboot.

For more details about SNTP, see “Specifying a Simple Network Time Protocol (SNTP) Server” on page 3-8.

To set the system time and date to 10:15:05 on October 15, 2003, enter the following command:

FESX424 Switch# clock set 10:15:05 10-15-2003

Syntax: [no] clock set <hh:mm:ss> <mm-dd-yy> | <mm-dd-yyyy>

By default, Foundry switches and routers do not change the system time for daylight savings time. To enable daylight savings time, enter the following command:

FESX424 Switch# clock summer-time

Syntax: clock summer-time

Although SNTP servers typically deliver the time and date in Greenwich Mean Time (GMT), you can configure the Foundry device to adjust the time for any one-hour offset from GMT or for one of the following U.S. time zones:

• US Pacific (default)

• Alaska

• Aleutian

• Arizona

• Central

• East-Indiana

•Eastern

•Hawaii

•Michigan

• Mountain

• Pacific

• Samoa

The default is US Pacific.

To change the time zone to Australian East Coast time (which is normally 10 hours ahead of GMT), enter the following command:

FESX424 Router(config)# clock timezone gmt+10

Syntax: clock timezone gmt | us <time-zone>

3 - 10 © Foundry Networks, Inc. December 2005

Page 47

Configuring Basic Software Features

You can enter one of the following values for <time-zone>:

• US time zones (us): alaska, aleutian, arizona, central, east-indiana, eastern, hawaii, michigan, mountain, pacific, samoa.

• GMT time zones (gmt): gmt+12, gmt+11, gmt+10...gmt+01, gmt+00, gmt-01...gmt-10, gmt-11, gmt-12.

Limiting Broadcast, Multicast, and Unknown Unicast Traffic

FastIron devices can forward all traffic at wire speed. However, some third-party networking devices cannot handle high forwarding rates for broadcast, multicast, or unknown-unicast packets. You can limit the number of broadcast, multicast, or unknown-unicast packets a Foundry device forwards each second using the procedures in this section. You can configure limits on individual ports or groups of ports.

On the FESX, FWSX, and FSX, unknown unicast limiting is independent of broadcast and multicast limiting.

When you configure unknown-unicast limiting, the rate applies to all ports in the port range for which unknown unicast is enabled. On the FESX, FWSX, and FSX, a 1-Gigabit port range consists of 12 ports. For example, the FESX424 has 2 port ranges; ports 1 – 12 are one port range, and ports 13 – 24 are another port range. If you enable unknown unicast limiting on port 2, the configuration applies to the ports from 1 – 12 that have unknown unicast limiting enabled. 10-Gigabit ports are not grouped into ranges. So if your device has two 10-Gigabit uplinks, you can configure different unknown-unicast limits for each 10-Gigabit port.

Command Syntax

To enable broadcast limiting on a group of ports, enter commands such as the following:

FESX424 Switch(config)# interface ethernet 1 to 8 FESX424 Switch(config-mif-e1000-1-8)# broadcast limit 65536

These commands configure broadcast limiting on ports 1 – 8. On each port, the total combined number of broadcasts cannot exceed 65,536.

To include multicasts in the 65536 packets per second limit on each of the ports, enter the following command after enabling broadcast limiting:

FESX424 Switch(config-mif-e1000-1-8)# multicast limit

To enable unknown unicast limiting, enter commands such as the following:

FESX424 Switch# config terminal FESX424 Switch(config)# int e 1 FESX424 Switch(config-if-e1000-1)# unknown unicast limit 65536 The combined number of inbound Unknown Unicast packets permitted for ports 1 to 12 is now set to 65536 FESX424 Switch((config-if-e1000-1)#

Syntax: [no] broadcast limit <num>

Syntax: [no] multicast limit

Syntax: [no]unknown unicast limit <num>

The <num> parameter specifies the maximum number of packets per second and can be any number that is a multiple of 65536, up to a maximum value of 4294967295. If you enter the multicast limit command, multicast packets are included in the limit you specify. If you specify 0, limiting is disabled. If you specify a number that is not a multiple of 65536, the software rounds the number to the next multiple of 65536. Limiting is disabled by default.

Configuring CLI Banners

Foundry devices can be configured to display a greeting message on users’ terminals when they enter the Privileged EXEC CLI level or access the device through Telnet. In addition, a Foundry device can display a message on the Console when an incoming Telnet CLI session is detected.

December 2005 © Foundry Networks, Inc. 3 - 11

Page 48

Foundry Configuration Guide for the FESX, FSX, and FWSX

Setting a Message of the Day Banner

You can configure the Foundry device to display a message on a user’s terminal when he or she establishes a Telnet CLI session. For example, to display the message “Welcome to FESX!” when a Telnet CLI session is established:

FESX424 Switch(config)# banner motd $ (Press Return) Enter TEXT message, End with the character '$'. Welcome to FESX! $

A delimiting character is established on the first line of the banner motd command. You begin and end the message with this delimiting character. The delimiting character can be any character except “ (double-quotation mark) and cannot appear in the banner text. In this example, the delimiting character is $ (dollar sign). The text in between the dollar signs is the contents of the banner. The banner text can be up to 2048 characters long and can consist of multiple lines. To remove the banner, enter the no banner motd command.

Syntax: [no] banner <delimiting-character> | [motd <delimiting-character>]

NOTE: The banner <delimiting-character> command is equivalent to the banner motd <delimiting-character> command.

When you access the Web management interface, the banner is displayed:

Setting a Privileged EXEC CLI Level Banner

You can configure the Foundry device to display a message when a user enters the Privileged EXEC CLI level. For example:

FastIron SuperX Switch(config)# banner exec_mode # (Press Return) Enter TEXT message, End with the character '#'. You are entering Privileged EXEC level Don’t foul anything up! #

As with the banner motd command, you begin and end the message with a delimiting character; in this example, the delimiting character is # (pound sign). To remove the banner, enter the no banner exec_mode command.

Syntax: [no] banner exec_mode <delimiting-character>

Displaying a Message on the Console When an Incoming Telnet Session Is Detected

You can configure the Foundry device to display a message on the Console when a user establishes a Telnet session. This message indicates where the user is connecting from and displays a configurable text message.

For example:

FastIron SuperX Switch(config)# banner incoming $ (Press Return) Enter TEXT message, End with the character '$'. Incoming Telnet Session!! $

When a user connects to the CLI using Telnet, the following message appears on the Console:

Telnet from 209.157.22.63 Incoming Telnet Session!!

Syntax: [no] banner incoming <delimiting-character>

To remove the banner, enter the no banner incoming command.

3 - 12 © Foundry Networks, Inc. December 2005

Page 49

Configuring Basic Software Features

Configuring Basic Port Parameters

The procedures in this section describe how to configure the port parameters shown in Table 3.5

Table 3.5: Basic Port Parameters

Port Parameter See Page

Name 3-13

Speed 3-13

Auto-negotiation Maximum port speed advertisement and Port speed down-shift

Duplex mode 3-15

MDI/MDIX detection 3-16

Port status (enable or disable) 3-16

Flow control 3-17

Gigabit negotiate mode 3-17

QoS priority 3-17

Dynamic configuration of Voice over IP (VoIP) phones

All Foundry ports are pre-configured with default values that allow the device to be fully operational at initial startup without any additional configuration. However, in some cases, changes to the port parameters may be necessary to adjust to attached devices or other network requirements.

3-14

3-17

Assigning a Port Name

A port name can be assigned to help identify interfaces on the network. You can assign a port name to physical ports, virtual interfaces, and loopback interfaces.

To assign a name to a port:

FESX424 Router(config)# interface e 2 FESX424 Router(config-if-e1000-2)# port-name Marsha

Syntax: port-name <text>

The <text> parameter is an alphanumeric string. The name can be up to 64 characters long. The name can contain blanks. You do not need to use quotation marks around the string, even when it contains blanks.

Modifying Port Speed

The Gigabit Ethernet copper ports on the FESX and FWSX are designed to auto-sense and auto-negotiate the speed and mode of the connected device. If the attached device does not support this operation, you can manually enter the port speed to operate at either 10 or 100 Mbps. The default value is 10/100/1000 Auto-sense.

NOTE: You can modify the port speed of copper ports only. This feature does not apply to fiber ports.

December 2005 © Foundry Networks, Inc. 3 - 13

Page 50

Foundry Configuration Guide for the FESX, FSX, and FWSX

Configuration Syntax

To change the port speed of interface 8 from the default of 10/100/1000 auto-sense, to 10 Mbps operating at fullduplex, enter the following:

FESX424 Router(config)# interface e 8 FESX424 Router(config-if-e1000-8)# speed-duplex 10-full

Syntax: speed-duplex <value>

The <value> can be one of the following:

• 10-full

• 10-half

• 100-full

• 100-half

• auto

The default is auto.

Enabling Auto-negotiation Maximum Port Speed Advertisement and Port Speed Down-shift

Maximum Port speed advertisement and Port speed down-shift are enhancements to the auto-negotiation feature, a mechanism for accommodating multi-speed network devices by automatically configuring the highest performance mode of inter-operation between two connected devices.

• Port speed down-shift enables Gigabit copper ports on the Foundry device to establish a link at 1000 Mbps over a 4-pair wire when possible, or to down-shift (reduce the speed) to 100 Mbps if the medium is a 2-pair wire.

• Maximum port speed advertisement enables you to configure an auto-negotiation maximum speed that Gigabit copper ports on the Foundry device will advertise to the connected device. You can configure a port to advertise a maximum speed of either 100 Mbps or 10 Mbps. When the maximum port speed advertisement feature is enabled on a port that is operating at 100 Mbps maximum speed, the port will advertise 10/100 Mbps capability to the connected device. Similarly, if a port is operating at 10 Mbps maximum speed, the port will advertise 10 Mbps capability to the connected device.

The port speed down-shift and maximum port speed advertisement features operate dynamically at the physical link layer between two connected network devices. It examines the cabling conditions and the physical capabilities of the remote link, then configures the speed of the link segment according to the highest physicallayer technology that both devices can accommodate.

The port speed down-shift and maximum port speed advertisement features operate dynamically at the physical link layer, independent of logical trunk group configurations. Although Foundry recommends that you use the same cable types and auto-negotiation configuration on all members of a trunk group, you could utilize the autonegotiation features conducive to your cabling environment. For example, in certain circumstances, you could configure each port in a trunk group to have its own auto-negotiation maximum port speed advertisement or port speed down-shift configuration.

Application Notes

• This feature is available in software release 02.3.01 and later.

• Port speed down-shift and maximum port speed advertisement work only when auto-negotiation is enabled (CLI command speed-duplex auto). If auto-negotiation is OFF, the device will reject the port speed downshift and maximum port speed advertisement configuration.

• When port speed down-shift or maximum port speed advertisement is enabled on a port, the device will reject any configuration attempts to set the port to a forced speed mode (100 Mbps or 1000 Mbps).

• When the port speed down-shift feature is enabled on a combo port, the port will not support true media automatic detection, meaning the device will not be able to detect and select the fiber or copper connector

3 - 14 © Foundry Networks, Inc. December 2005

Page 51

Configuring Basic Software Features

based on link availability.

Enabling Port Speed Down-Shift

To enable port speed down-shift on a port that has auto-negotiation enabled, enter a command such as the following at the Global CONFIG level of the CLI:

FESX424 Switch(config)# link-config gig copper autoneg-control down-shift e 1 e 2

The above command configures Gigabit copper ports 1 and 2 to establish a link at 1000 Mbps over a 4-pair wire when possible, or to down-shift (reduce the speed) to 100 Mbps when the medium is a 2-pair wire.

Syntax: [no] link-config gig copper autoneg-control down-shift ethernet [<slotnum>/]<portnum> [ethernet [<slotnum>/]<portnum>]

You can enable port speed down-shift on one or two ports at a time.

To disable port speed down-shift after it has been enabled, enter the no form of the command.

Configuring Maximum Port Speed Advertisement

To configure a maximum port speed advertisement of 10 Mbps on a port that has auto-negotiation enabled, enter a command such as the following at the Global CONFIG level of the CLI:

FESX424 Switch(config)# link-config gig copper autoneg-control 10m e 1

To configure a maximum port speed advertisement of 100 Mbps on a port that has auto-negotiation enabled, enter the following command at the Global CONFIG level of the CLI:

FESX424 Switch(config)# link-config gig copper autoneg-control 100m e 2

Syntax: [no] link-config gig copper autoneg-control 10m | 100m ethernet [<slotnum>/]<portnum> [ethernet [<slotnum>/]<portnum>]

You can enable maximum port speed advertisement on one or two ports at a time.

To disable maximum port speed advertisement after it has been enabled, enter the no form of the command.

Modifying Port Duplex Mode

You can manually configure a 10/100 Mbps port to accept either full-duplex (bi-directional) or half-duplex (unidirectional) traffic.

NOTE: You can modify the port duplex mode of copper ports only. This feature does not apply to fiber ports.

Port duplex mode and port speed are modified by the same command.

Configuration Syntax

To change the port speed of interface 8 from the default of 10/100/1000 auto-sense to 10 Mbps operating at fullduplex, enter the following:

FESX424 Switch(config)# interface e 8 FESX424 Switch(config-if-e1000-8)# speed-duplex 10-full

Syntax: speed-duplex <value>

The <value> can be one of the following:

• 10-full

• 10-half

• 100-full

• 100-half

• auto

The default is auto.

December 2005 © Foundry Networks, Inc. 3 - 15

Page 52

Foundry Configuration Guide for the FESX, FSX, and FWSX

Configuring MDI/MDIX

The Foundry FastIron devices support automatic Media Dependent Interface (MDI) and Media Dependent Interface Crossover (MDIX) detection on all Gigabit Ethernet Copper ports.

MDI/MDIX is a type of Ethernet port connection using twisted pair cabling. The standard wiring for end stations is MDI, whereas the standard wiring for hubs and switches is MDIX. MDI ports connect to MDIX ports using straightthrough twisted pair cabling. For example, an end station connected to a hub or a switch uses a straight-through cable. MDI-to-MDI and MDIX-to-MDIX connections use crossover twisted pair cabling. So, two end stations connected to each other, or two hubs or switches connected to each other, use crossover cable.

The auto MDI/MDIX detection feature can automatically correct errors in cable selection, making the distinction between a straight-through cable and a crossover cable insignificant.

Configuration Notes

• This feature applies to copper ports only.

•The mdi-mdix auto command works only when auto-negotiation is ON. If auto-negotiation is OFF and you enter the command mdi-mdix auto, the device automatically resets the port to an MDIX only port. In this case, although the Foundry device does not apply the mdi-mdix auto configuration, it accepts and saves it. Consequently, when auto-negotiation is turned back ON, the Foundry device applies the mdi-mdix auto configuration.

•The mdi-mdix mdi and mdi-mdix mdix commands work independently of auto-negotiation. Thus, these commands work whether auto-negotiation is turned ON or OFF.

• Do not use the mdi-mdix commands on ports that are manually configured with a speed/duplex of 100-full. In this case, make sure the other port (remote end of the connection) is also configured to 100-full and a cross-over cable is used if the connected device is another switch, hub, or router, or a straight-through cable if the connected device is a host NIC.

Configuration Syntax

The auto MDI/MDIX detection feature is enabled on all Gigabit copper ports by default. For each port, you can disable auto MDI/MDIX, designate the port as an MDI port, or designate the port as an MDIX port.

To turn off automatic MDI/MDIX detection and define a port as an MDI only port:

FESX424 Router(config-if-e1000-2)# mdi-mdix mdi

To turn off automatic MDI/MDIX detection and define a port as an MDIX only port:

FESX424 Router(config-if-e1000-2)# mdi-mdix mdix

To turn on automatic MDI/MDIX detection on a port that was previously set as an MDI or MDIX port:

FESX424 Router(config-if-e1000-2)# mdi-mdix auto

Syntax: mdi-mdix <mdi | mdix | auto>

After you enter the mdi-mdix command, the Foundry device resets the port and applies the change.

To display the MDI/MDIX settings, including the configured value and the actual resolved setting (for mdi-mdix

auto), enter the command show interface at any level of the CLI.

Disabling or Re-Enabling a Port

A port can be made inactive (disable) or active (enable) by selecting the appropriate status option. The default value for a port is enabled.

To disable port 8 of a Foundry device, enter the following:

FESX424 Switch(config)# interface e 8 FESX424 Switch(config-if-e1000-8)# disable

Syntax: disable

You also can disable or re-enable a virtual interface. To do so, enter commands such as the following:

3 - 16 © Foundry Networks, Inc. December 2005

Page 53

Configuring Basic Software Features

FESX424 Switch(config)# interface ve v1 FESX424 Switch(config-vif-1)# disable

Syntax: disable

To re-enable a virtual interface, enter the enable command at the Interface configuration level. For example, to reenable virtual interface v1, enter the following command:

FESX424 Switch(config-vif-1)# enable

Syntax: enable

Disabling or Re-Enabling Flow Control

You can configure full-duplex ports on a system to operate with or without flow control (802.3x). Flow control is enabled by default.

To disable flow control on full-duplex ports on a system, enter the following:

FESX424 Switch(config)# no flow-control

To turn the feature back on:

FESX424 Switch(config)# flow-control

Syntax: [no] flow-control

Changing the Gigabit Fiber Negotiation Mode

The globally configured Gigabit negotiation mode is the default mode for all Gigabit fiber ports. You can override the globally configured default and set individual ports to the following:

• Negotiate-full-auto – The port first tries to perform a handshake with the other port to exchange capability information. If the other port does not respond to the handshake attempt, the port uses the manually configured configuration information (or the defaults if an administrator has not set the information). This is the default.

• Auto-Gigabit – The port tries to perform a handshake with the other port to exchange capability information.

• Negotiation-off – The port does not try to perform a handshake. Instead, the port uses configuration information manually configured by an administrator.

To change the mode for individual ports, enter commands such as the following:

FESX424 Switch(config)# int ethernet 1 to 4 FESX424 Switch(config-mif-1-4)# gig-default auto-gig

This command overrides the global setting and sets the negotiation mode to auto-Gigabit for ports 1 – 4.

Syntax: gig-default neg-full-auto | auto-gig | neg-off

Modifying Port Priority (QoS)

You can give preference to the inbound traffic on specific ports by changing the Quality of Service (QoS) level on those ports. For information and procedures, see the chapter “Configuring Quality of Service” on page 13-1.

Enabling Dynamic Configuration of Voice over IP (VoIP) Phones

You can configure a FastIron device to automatically detect and re-configure a VoIP phone when it is physically moved from one port to another within the same device. To do so, you must configure a voice VLAN ID on the port to which the VoIP phone is connected. The software stores the voice VLAN ID in the port’s database for retrieval by the VoIP phone.

The dynamic configuration of a VoIP phone works in conjunction with the VoiP phone’s discovery process. Upon installation, and sometimes periodically, a VoIP phone will query the Foundry device for VoIP information and will advertise information about itself, such as, device ID, port ID, and platform. When the Foundry device receives the

December 2005 © Foundry Networks, Inc. 3 - 17

Page 54

Foundry Configuration Guide for the FESX, FSX, and FWSX

VoIP phone’s query, it sends the voice VLAN ID in a reply packet back to the VoIP phone. The VoIP phone then configures itself within the voice VLAN.

As long as the port to which the VoIP phone is connected has a voice VLAN ID, the phone will configure itself into that voice VLAN. If you change the voice VLAN ID, the software will immediately send the new ID to the VoIP phone, and the VoIP phone will re-configure itself with the new voice VLAN.

Configuration Notes

• This feature is supported in software releases 02.2.00 and later for the FESX, FSX, and FWSX devices.

• This feature works with any VoIP phone that:

• Runs CDP

• Sends a VoIP VLAN query message

• Can configure its voice VLAN after receiving the VoIP VLAN reply

• Automatic configuration of a VoIP phone will not work if one of the following applies:

• You do not configure a voice VLAN ID for a port with a VoIP phone

• You remove the configured voice VLAN ID from a port without configuring a new one

• You remove the port from the voice VLAN

• Make sure the port is able to intercept CDP packets (cdp run command).

• Some VoIP phones may require a reboot after configuring or re-configuring a voice VLAN ID. For example, if your VoIP phone queries for VLAN information only once upon boot up, you must reboot the VoIP phone before it can accept the VLAN configuration. If your phone is powered by a PoE device, you can reboot the phone by disabling then re-enabling the port.

Enabling Dynamic Configuration of a Voice over IP (VoIP) phone

You can create a voice VLAN ID for a port, or for a group of ports.

To create a voice VLAN ID for a port, enter commands such as the following:

FESX424 Switch(config)# interface e 2 FESX424 Switch(config-if-e1000-2)# voice-vlan 1001

To create a voice VLAN ID for a group of ports, enter commands such as the following:

FESX424 Switch(config)# interface e 1-8 FESX424 Switch(config-mif-1-8)# voice-vlan 1001

Syntax: [no] voice-vlan <voice-vlan-num>

where <voice-vlan-num> is a valid VLAN ID between 1 – 4095.

To remove a voice VLAN ID, use the no form of the command.

Viewing Voice VLAN Configurations

You can view the configuration of a voice VLAN for a particular port or for all ports.

To view the voice VLAN configuration for a port, use the show voice-vlan <port-num> command. The following example shows the command output results.

FESX424 Switch(config)# show voice-vlan ethernet 2

Voice vlan ID for port 2: 1001

3 - 18 © Foundry Networks, Inc. December 2005

Page 55

Configuring Basic Software Features

The following example shows the message that appears when the port does not have a configured voice VLAN.

FESX424 Switch(config)# show voice-vlan ethernet 2

Voice vlan is not configured for port 2.

To view the voice VLAN for all ports, use the show voice-vlan command. The following example shows the command output results.

FESX424 Switch(config)# show voice-vlan

Port ID Voice-vlan 2 1001 8 150 15 200

Syntax: show voice-vlan [<port-num>]

December 2005 © Foundry Networks, Inc. 3 - 19

Page 56

Foundry Configuration Guide for the FESX, FSX, and FWSX

3 - 20 © Foundry Networks, Inc. December 2005

Page 57

Chapter 4

Configuring Basic Layer 2 Features

The procedures in this chapter describe how to configure basic Layer 2 parameters.

This chapter contains the topics listed in Table 4.1

Table 4.1: List of Basic Layer 2 Features

Basic Layer 2 Feature See Page

About port regions 4-2

Spanning Tree Protocol (STP) 4-2

Aging time for learned MAC address entries 4-3

Static, non-aging MAC address entries 4-3

Port-based VLANs 4-4

MAC address filters 4-5

Por t locks 4-7

System parameters 4-8

Mirror ports (for traffic diagnosis and troubleshooting) 4-12

NOTE:

• Before assigning or modifying any router parameters, you must assign the IP subnet (interface) addresses for each port.

• For information about configuring IP addresses, DNS resolver, DHCP assist, and other IP-related parameters, see the chapter “Configuring IP” on page 16-1.

• For information about the Syslog buffer and messages, see “Using Syslog” on page A-1.

December 2005 © Foundry Networks, Inc. 4 - 1

Page 58

Foundry Configuration Guide for the FESX, FSX, and FWSX

About Port Regions

Ports on the X-Series devices are grouped into regions. For a few features, you will need to know the region to which a port belongs. However, for most features, a port’s region does not affect configuration or operation of the feature.

NOTE: Port regions do not apply to trunk group configurations on the X-Series devices. However, port regions do apply to port monitoring and unknown unicast configurations.

FastIron Edge Switch X424 and X424HF, and FastIron Workgroup Switch X424:

• Ports 1 – 12

• Ports 13 – 24

•Port 25

•Port 26

FastIron Edge Switch X448 and FastIron Workgroup Switch X448:

• Ports 1 – 12

• Ports 13 – 24

• Port 25 – 36

• Port 37 – 48

•Port 49

•Port 50

FastIron SuperX:

• Management Module:

• Ports 1 – 12

• 24-port Gigabit Ethernet Copper Interface Module

• Ports 1 – 12

• Ports 13 – 24

• 24-port Gigabit Ethernet Fiber Interface Module:

• Ports 1 – 12

• Ports 13 – 24

• 2-port 10-Gigabit Ethernet Fiber Interface Module

•Port 1

•Port 2

Enabling or Disabling the Spanning Tree Protocol (STP)

STP (IEEE 802.1d bridge protocol) is supported on all Foundry devices. STP detects and eliminates logical loops in the network. STP also ensures that the least cost path is taken when multiple paths exist between ports or VLANs. If the selected path fails, STP searches for and then establishes an alternate path to prevent or limit retransmission of data.

NOTE: This section provides instructions for enabling and disabling STP. For configuration procedures and information about Foundry’s IronClad STP, see the chapter “Configuring Spanning Tree Protocol (STP) and IronSpan Features” on page 7-1 in this guide.

4 - 2 © Foundry Networks, Inc. December 2005

Page 59

Configuring Basic Layer 2 Features

STP must be enabled at the system level to allow assignment of this capability on the VLAN level. On devices running Layer 2 code, STP is enabled by default. On devices running Layer 3 code, STP is disabled by default.

To enable STP for all ports on a Foundry device:

FESX424 Switch(config)# spanning tree

Syntax: [no] spanning-tree

You can also enable and disable spanning tree on a port-based VLAN and on an individual port basis, and enable advanced STP features. See “Configuring Spanning Tree Protocol (STP) and IronSpan Features” on page 7-1.

Modifying STP Bridge and Port Parameters

You can modify the following STP Parameters:

• Bridge parameters – forward delay, maximum age, hello time, and priority

• Port parameters – priority and path cost

For configuration details, see “Changing STP Bridge and Port Parameters” on page 7-5.

Changing the MAC Age Time

By default, learned MAC entries do not age out until they are unused for 300 – 600 seconds. You can change the MAC age time by entering the following command:

FESX424 Router(config)# mac-age-time 60

Syntax: [no] mac-age-time <secs>

You can configure 0 or a value from 60 – 600 (seconds), in 60-second intervals. If you set the MAC age time to 0, aging is disabled.

NOTE: The actual age time is from one to two times the configured value. For example, if you set the MAC age time to 60 seconds, learned MAC entries age out after remaining unused for between 60 – 120 seconds.

To display the MAC table, enter the following command:

FESX424 Router(config)# show mac-address Total active entries from all ports = 3 Total static entries from all ports = 1 MAC-Address Port Type VLAN

1234.1234.1234 15 Static 1

0004.8038.2f24 14 Dynamic 1

0004.8038.2f00 13 Dynamic 1

0010.5a86.b159 10 Dynamic 1

In the output of the show mac-address command, the Ty pe column indicates whether the MAC entry is static or dynamic. A static entry is one you create using the static-mac-address command. A dynamic entry is one that is learned by the software from network traffic.

The output of the show mac-address command on FESX, FSX, and FWSX devices include an Index column which indicates the index where the entry exists in the hardware MAC table.

Configuring Static MAC Entries

Static MAC addresses can be assigned to Foundry devices.

NOTE: Foundry devices running Layer 3 code also support the assignment of static IP Routes, static ARP, and static RARP entries. For details on configuring these types of static entries, see “Configuring Static Routes” on page 16-32 and “Creating Static ARP Entries” on page 16-28.

December 2005 © Foundry Networks, Inc. 4 - 3

Page 60

Foundry Configuration Guide for the FESX, FSX, and FWSX

You can manually input the MAC address of a device to prevent it from being aged out of the system address table.

This option can be used to prevent traffic for a specific device, such as a server, from flooding the network with traffic when it is down. Additionally, the static MAC address entry is used to assign higher priorities to specific MAC addresses.

You can specify traffic priority (QoS) and VLAN membership (VLAN ID) for the MAC Address as well as specify device type of either router or host.

The default and maximum configurable MAC table sizes can differ depending on the device. To determine the default and maximum MAC table sizes for your device, display the system parameter values. See “Displaying and Modifying System Parameter Default Settings” on page 4-8.

Command Syntax

To add a static entry for a server with a MAC address of 1145.5563.67FF and a priority of 7 to port 2, enter the following command:

FESX424 Switch(config)# static-mac-address 1145.5563.67FF e 2 priority 7

Syntax: [no] static-mac-address <mac-addr> ethernet [<slotnum>/]<portnum> priority <num>

The <slotnum> parameter is required on chassis devices.

The priority <num> can be 0 – 7 (0 is lowest priority and 7 is highest priority). The default priority is 0. The default type is host-type.

NOTE: The location of the static-mac-address command in the CLI depends on whether you configure portbased VLANs on the device. If the device does not have more than one port-based VLAN (VLAN 1, which is the default VLAN that contains all the ports), the static-mac-address command is at the global CONFIG level of the CLI. If the device has more than one port-based VLAN, then the static-mac-address command is not available at the global CONFIG level. In this case, the command is available at the configuration level for each port-based VLAN.

Enabling Port-Based VLANs

When using the CLI, port and protocol-based VLANs are created by entering one of the following commands at the global CONFIG level of the CLI.

To create a port-based VLAN, enter commands such as the following:

FESX424 Router(config)# vlan 222 by port FESX424 Router(config)# vlan 222 name Mktg

Syntax: vlan <num> by port

Syntax: vlan <num> name <string>

The <num> parameter specifies the VLAN ID. The valid range for VLAN IDs starts at 1 on all systems but the upper limit of the range differs depending on the device. In addition, you can change the upper limit on some devices using the system max-vlans... command. See the Foundry Switch and Router Command Line Interface Reference.

The <string> parameter is the VLAN name and can be a string up to 32 characters. You can use blank spaces in the name if you enclose the name in double quotes (for example, “Product Marketing”.)

You can configure up to 4063 port-based VLANs on a device running Layer 2 code or 4061 port-based VLANs on a device running Layer 3 code. Each port-based VLAN can contain either tagged or untagged ports. A port cannot be a member of more than one port-based VLAN unless the port is tagged. On both device types, valid VLAN IDs are 1 – 4095. You can configure up to the maximum number of VLANs within that ID range.

4 - 4 © Foundry Networks, Inc. December 2005

Page 61

Configuring Basic Layer 2 Features

NOTE: VLAN ID 4094 is reserved for use by Single STP. VLAN IDs 4091 and 4092 are reserved for use in the Layer 3 Switch and Base Layer 3 images. You can configure these VLAN IDs in the Layer 2 Switch image.

NOTE: The second command is optional and also creates the VLAN if the VLAN does not already exist. You can enter the first command after you enter the second command if you first exit to the global CONFIG level of the CLI.

Assigning IEEE 802.1Q Tagging to a Port

When a port is tagged, it allows communication among the different VLANs to which it is assigned. A common use for this might be to place an email server that multiple groups may need access to on a tagged port, which in turn, is resident in all VLANs that need access to the server.

NOTE: Tagging does not apply to the default VLAN.

When using the CLI, ports are defined as either tagged or untagged at the VLAN level.

Command Syntax

Suppose you want to make port 5 a member of port-based VLAN 4, a tagged port. To do so, enter the following:

FESX424 Router(config)# vlan 4 FESX424 Router(config-vlan-4)# tagged e 5

Syntax: tagged ethernet [<slotnum>/]<portnum> [to [<slotnum>/]<portnum> [ethernet [<slotnum>/]<portnum>...]]

The <slotnum> parameter is required on chassis devices.

Defining MAC Address Filters

MAC layer filtering enables you to build access lists based on MAC layer headers in the Ethernet/IEEE 802.3 frame. You can filter on the source and destination MAC addresses. The filters apply to incoming traffic only.

You configure MAC filters globally, then apply them to individual interfaces. To apply MAC filters to an interface, you add the filters to that interface’s MAC filter group.

The device takes the action associated with the first matching filter. If the packet does not match any of the filters in the access list, the default action is to drop the packet. If you want the system to permit traffic by default, you must specifically indicate this by making the last entry in the access list a permit filter. Here is an example: mac filter <last-index-number> permit any any

For devices running Layer 3 code, the MAC filter is applied only to those inbound packets that are to be switched. This includes those ports associated with a virtual routing interface. However, the filter is not applied to the virtual routing interface. It is applied to the physical port.

NOTE: Inbound traffic on a port to which a Layer 2 MAC filter is assigned is sent to the CPU for processing.

When you create a MAC filter, it takes effect immediately. You do not need to reset the system. However, you do need to save the configuration to flash memory to retain the filters across system resets.

For complete MAC filter examples, see the Foundry Switch and Router Command Line Interface Reference.

Configuration Notes

• MAC filtering on FastIron devices is performed in hardware.

• Layer 2 MAC filtering on FastIron devices differ from other Foundry devices in that you can only filter on source and destination MAC addresses. Other Foundry devices allow you to also filter on the encapsulation type and frame type.

• Use MAC Layer 2 filters only for switched traffic. If a routing protocol (for example, IP) is configured on an interface, a MAC filter defined on that interface is not applied to inbound packets. If you want to filter inbound

December 2005 © Foundry Networks, Inc. 4 - 5

Page 62

Foundry Configuration Guide for the FESX, FSX, and FWSX

route traffic, configure a route filter.

• Layer 2 MAC filtering on the FESX, FSX, and FWSX differs from the FES and BigIron in that MAC filtering applies to all traffic, including management traffic. To exclude management traffic from being filtered, configure a MAC filter that explicitly permits all traffic headed to the management MAC (destination) address. The MAC address for management traffic is always the MAC address of port 1.

• You cannot use Layer 2 filters to filter Layer 4 information. To filter Layer 4 information, use IP access policies. See the appendix “Policies and Filters” on page C-1.

• MAC Layer 2 filters are not supported on tagged ports in the base Layer 3 and full Layer 3 images.

Command Syntax

To configure and apply a MAC filter, enter commands such as the following:

FESX424 Switch(config)# mac filter 1 deny 3565.3475.3676 ffff.0000.0000 FESX424 Switch(config)# mac filter 1024 permit any any FESX424 Switch(config)# int e 1 FESX424 Switch(config-if-e1000-1)# mac filter-group 1

These commands configure a filter to deny ARP traffic with a source MAC address that begins with “3565” to any destination. The second filter permits all traffic that is not denied by another filter.

NOTE: Once you apply a MAC filter to a port, the device drops all Layer 2 traffic on the port that does not match a MAC permit filter on the port.

Syntax: mac filter <filter-num> permit | deny any | <H.H.H> any | <H.H.H>

The permit | deny argument determines the action the software takes when a match occurs.

The <src-mac> <mask> | any parameter specifies the source MAC address. You can enter a specific address value and a comparison mask or the keyword any to filter on all MAC addresses. Specify the mask using f’s (ones) and zeros. For example, to match on the first two bytes of the address aabb.ccdd.eeff, use the mask ffff.0000.0000. In this case, the filter matches on all MAC addresses that contain "aabb" as the first two bytes. The filter accepts any value for the remaining bytes of the MAC address. If you specify any, do not specify a mask. In this case, the filter matches on all MAC addresses.

The <dest-mac> <mask> | any parameter specifies the destination MAC address. The syntax rules are the same as those for the <src-mac> <mask> | any parameter.

Syntax: mac filter log-enable

Globally enables logging for filtered packets.

Syntax: mac filter-group log-enable

Enables logging for filtered packets on a specific port.

Syntax: mac filter-group <filter-list>

Applies MAC filters to a port.

NOTE: The filters must be applied as a group. For example, if you want to apply four filters to an interface, they must all appear on the same command line.

NOTE: You cannot add or remove individual filters in the group. To add or remove a filter on an interface, apply the filter group again containing all the filters you want to apply to the port.

NOTE: If you apply a filter group to a port that already has a filter group applied, the older filter group is replaced by the new filter group.

4 - 6 © Foundry Networks, Inc. December 2005

Page 63

Configuring Basic Layer 2 Features

Enabling Logging of Packets Denied by MAC Filters

You can configure the Foundry device to generate Syslog entries and SNMP traps for packets that are denied by Layer 2 MAC filters. You can enable logging of denied packets on a global basis or an individual port basis.

The first time an entry in a MAC filter denies a packet and logging is enabled for that entry, the software generates a Syslog message and an SNMP trap. Messages for packets denied by MAC filters are at the warning level of the Syslog.

When the first Syslog entry for a packet denied by a MAC filter is generated, the software starts a five-minute MAC filter timer. After this, the software sends Syslog messages every five minutes. The messages list the number of packets denied by each MAC filter during the previous five-minute interval. If a MAC filter does not deny any packets during the five-minute interval, the software does not generate a Syslog entry for that MAC filter.

NOTE: For a MAC filter to be eligible to generate a Syslog entry for denied packets, logging must be enabled for the filter. The Syslog contains entries only for the MAC filters that deny packets and have logging enabled.

When the software places the first entry in the log, the software also starts the five-minute timer for subsequent log entries. Thus, five minutes after the first log entry, the software generates another log entry and SNMP trap for denied packets.

Configuration Notes

MAC filter logging is supported in the following FastIron configurations:

• FESX devices running software release 02.1.01 or later

• All FSX devices and associated software releases

• All FWSX devices and associated software releases

These releases support MAC filter logging of management traffic only.

Command Syntax

To configure Layer 2 MAC filter logging globally, enter the following CLI commands at the global CONFIG level:

FESX424 Switch(config)# mac filter log-enable FESX424 Switch(config)# write memory

Syntax: [no] mac filter log-enable

To configure Layer 2 MAC filter logging for MAC filters applied to ports 1 and 3, enter the following CLI commands:

FESX424 Switch(config)# int ethernet 1 FESX424 Switch(config-if-e1000-1)# mac filter-group log-enable FESX424 Switch(config-if-e1000-1)# int ethernet 3 FESX424 Switch(config-if-e1000-3)# mac filter-group log-enable FESX424 Switch(config-if-e1000-3)# write memory

Syntax: [no] mac filter-group log-enable

Locking a Port To Restrict Addresses

Address-lock filters allow you to limit the number of devices that have access to a specific port. Access violations are reported as SNMP traps. This feature is disabled by default. A maximum of 2048 entries can be specified for access. The default address count is eight.

Configuration Notes

• Static trunk ports and link-aggregation configured ports on FastIron devices do not support the lock-address option.

• The MAC port security feature is a more robust version of this feature. See “Using the MAC Port Security

December 2005 © Foundry Networks, Inc. 4 - 7

Page 64

Foundry Configuration Guide for the FESX, FSX, and FWSX

Feature” in the Foundry Security Guide.

Command Syntax

To enable address locking for port 2 and place a limit of 15 entries, enter a command such as the following:

FESX424 Switch(config)# lock e 2 addr 15

Syntax: lock-address ethernet [<slotnum>/]<portnum> [addr-count <num>]

The <slotnum> parameter is required on chassis devices.

The <num> parameter is a value from 1 – 2048.

Displaying and Modifying System Parameter Default Settings

Foundry devices have default table sizes for the system parameters shown in the following display outputs. The table sizes determine the maximum number of entries the tables can hold. You can adjust individual table sizes to accommodate your configuration needs.

The tables you can configure, as well the defaults and valid ranges for each table, differ depending on the Foundry device you are configuring. To display the adjustable tables on your Foundry device, use the show default values command. The following shows example outputs on FESX, FSX, and FWSX devices.

NOTE: If you increase the number of configurable subnet addresses on each port, you might also need to increase the total number of subnets that you can configure on the device.

NOTE: Changing the table size for a parameter reconfigures the device’s memory. Whenever you reconfigure the memory on a Foundry device, you must save the change to the startup-config file, then reload the software to place the change into effect.

4 - 8 © Foundry Networks, Inc. December 2005

Page 65

Configuring Basic Layer 2 Features

To display the configurable tables and their defaults and maximum values, enter the following command at any level of the CLI. The following shows an example output on the FESX.

FESX424 Router# show default values sys log buffers:50 mac age time:300 sec telnet sessions:5

ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops ip addr per intf:24

when multicast enabled : igmp group memb.:140 sec igmp query:60 sec

when ospf enabled : ospf dead:40 sec ospf hello:10 sec ospf retrans:5 sec ospf transit delay:1 sec

when bgp enabled : bgp local pref.:100 bgp keep alive:60 sec bgp hold:180 sec bgp metric:10 bgp local as:1 bgp cluster id:0 bgp ext. distance:20 bgp int. distance:200 bgp local distance:200

System Parameters Default Maximum Current

ip-arp 4000 64000 4000 ip-static-arp 512 1024 512 atalk-route 1024 1536 1024 atalk-zone-port 64 255 64 atalk-zone-sys 768 2048 768 multicast-route 64 8192 64 dvmrp-route 2048 32000 2048 dvmrp-mcache 512 4096 512 pim-mcache 1024 4096 1024 igmp-max-group-addr 4096 8192 4096 ip-cache 256000 400000 256000 ip-filter-port 1015 1015 1015 ip-filter-sys 2048 4096 2048 ipx-forward-filter 32 128 32 ipx-rip-entry 2048 8192 2048 ipx-rip-filter 32 128 32 ipx-sap-entry 4096 8192 4096 ipx-sap-filter 32 128 32 l3-vlan 32 1024 32 ip-qos-session 1024 16000 1024 mac 16000 16000 16000 ip-route 80000 128000 80000 ip-static-route 64 1024 64 vlan 64 4095 4095 spanning-tree 32 128 32 mac-filter-port 16 256 16 mac-filter-sys 32 512 32 ip-subnet-port 24 128 24 session-limit 65536 160000 65536 view 10 65535 10 virtual-interface 255 512 255 hw-ip-next-hop 2048 6144 2048 hw-logical-interface4096 4096 4096 hw-ip-mcast-mll 1024 4096 1024

December 2005 © Foundry Networks, Inc. 4 - 9

Page 66

Foundry Configuration Guide for the FESX, FSX, and FWSX

The following shows an example output of the show default values command on the FSX

FastIron SuperX Router# show default values sys log buffers:50 mac age time:300 sec telnet sessions:5

ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops ip addr per intf:24

when multicast enabled : igmp group memb.:140 sec igmp query:60 sec

when ospf enabled : ospf dead:40 sec ospf hello:10 sec ospf retrans:5 sec ospf transit delay:1 sec

when bgp enabled : bgp local pref.:100 bgp keep alive:60 sec bgp hold:180 sec bgp metric:10 bgp local as:1 bgp cluster id:0 bgp ext. distance:20 bgp int. distance:200 bgp local distance:200

System Parameters Default Maximum Current

ip-arp 4000 64000 4000 ip-static-arp 512 1024 512 atalk-route 1024 1536 1024 atalk-zone-port 64 255 64 atalk-zone-sys 768 2048 768 multicast-route 64 8192 64 dvmrp-route 2048 32000 2048 dvmrp-mcache 512 4096 512 pim-mcache 1024 4096 1024 igmp-max-group-addr 4096 8192 4096 ip-cache 256000 400000 256000 ip-filter-port 1015 1015 1015 ip-filter-sys 2048 4096 2048 ipx-forward-filter 32 128 32 ipx-rip-entry 2048 8192 2048 ipx-rip-filter 32 128 32 ipx-sap-entry 4096 8192 4096 ipx-sap-filter 32 128 32 l3-vlan 32 1024 32 ip-qos-session 1024 16000 1024 mac 16000 16000 16000 ip-route 80000 200000 80000 ip-static-route 64 1024 64 vlan 64 4095 4095 spanning-tree 32 255 32 mac-filter-port 16 256 16 mac-filter-sys 32 512 32 ip-subnet-port 24 128 24 session-limit 65536 160000 65536 view 10 65535 10 virtual-interface 255 512 255 hw-ip-next-hop 2048 6144 2048 hw-logical-interface 4096 4096 4096 hw-ip-mcast-mll 1024 4096 1024

4 - 10 © Foundry Networks, Inc. December 2005

Page 67

Configuring Basic Layer 2 Features

The following shows an example output of the show default values command on the FWSX

FWSX Switch# show default values sys log buffers:50 mac age time:300 sec telnet sessions:5

System Parameters Default Maximum Current

igmp-max-group-addr 255 1024 255 l3-vlan 32 1024 32 mac 16000 16000 16000 vlan 64 4095 4095 spanning-tree 32 128 32 mac-filter-port 32 256 32 mac-filter-sys 64 512 64 view 10 65535 10

Information for the configurable tables appears under the columns that are shown in bold type in the above examples. To simplify configuration, the command parameter you enter to configure the table is used for the table name. For example, to increase the capacity of the IP route table, enter the following commands:

FESX424 Switch(config)# system-max ip-route 120000 FESX424 Switch(config)# write memory FESX424 Switch(config)# exit FESX424 Switch# reload

NOTE: If you accidentally enter a value that is not within the valid range of values, the CLI will display the valid range for you.

To increase the number of IP subnet interfaces you can configure on each port on a device running Layer 3 code from 24 to 64, then increase the total number of IP interfaces you can configure on the device from 256 to 512, enter the following commands:

FESX424 Switch(config)# system-max subnet-per-interface 64 FESX424 Switch(config)# write memory FESX424 Switch(config)# exit FESX424 Switch# reload

Syntax: system-max subnet-per-interface <num>

The <num> parameter specifies the maximum number of subnet addresses per port and can be from 1 – 64. The default is 24.

Syntax: system-max subnet-per-system <num>

The <num> parameter specifies the maximum number of subnet addresses for the entire device and can be from 1 – 512. The default is 256.

FESX424 Switch(config)# system-max subnet-per-system 512 FESX424 Switch(config)# write memory FESX424 Switch(config)# exit FESX424 Switch# reload

Page 68

Foundry Configuration Guide for the FESX, FSX, and FWSX

Configuring Port Mirroring and Monitoring

FastIron devices support monitoring of both inbound and outbound traffic on individual ports. To configure port monitoring, specify the mirror port, then enable monitoring on the monitored port.

•The mirror port is the port to which the monitored traffic is copied. Attach your protocol analyzer to the mirror port.

•The monitored port is the port whose traffic you want to monitor.

Configuration Considerations

Refer to the following rules when configuring port mirroring and monitoring:

• FESX and FWSX devices support sFlow and inbound port monitoring together on the same device, however, these devices do not support port monitoring and sFlow together within the same port region. See the section “About Port Regions” on page 4-2 for a list of valid port ranges on these devices.

• FSX devices running software release 02.2.01 or later support sFlow and inbound port monitoring together on the same device; however, both features cannot coexist within the same port region. See the section “About Port Regions” on page 4-2 for a list of valid port ranges on FSX devices.

• You can configure a mirror port specifically as an ingress port, an egress port, or both.

• You can configure multiple ingress and egress mirror ports. For 1-Gigabit ports, ports in groups of 12 share one ingress mirror port and one egress mirror port. So ports 1 and 2 cannot have different mirror ports, but ports 1 and 13 can. Each 10-Gigabit port can have one ingress mirror port and one egress mirror port.

• You can configure up to eight egress monitored ports.

• You can configure any number of ingress monitored ports.

• Mirror ports can run at any speed and are not related to the speed of the ingress or egress monitored ports.

• The same port cannot be both a monitored port and the mirror port.

• The same port can be monitored by one mirror port for ingress traffic and another mirror port for egress traffic.

• The mirror port cannot be a trunk port.

• The monitored port and its mirror port do not need to belong to the same port-based VLAN.

• If the mirror port is in a different VLAN from the monitored port, the packets are tagged with the monitor

port’s VLAN ID.

• If the mirror port is in the same VLAN as the monitored port, the packets are tagged or untagged,

depending on the mirror port’s configuration.

• More than one monitored port can be assigned to the same mirror port.

• If the primary interface of a trunk is enabled for monitoring, the entire trunk will be monitored. You can also enable an individual trunk port for monitoring using the config-trunk-ind command.

Command Syntax

To configure port monitoring, enter commands such as the following:

FESX424 Switch(config)# mirror-port ethernet 4 FESX424 Switch(config)# interface ethernet 11 FESX424 Switch(config-if-e1000-11)# monitor ethernet 4 both|in|out

Syntax: [no] mirror-port ethernet [<slotnum>/]<portnum> [input | output]

Syntax: [no] monitor ethernet [<slotnum>/]<portnum> both | in | out

The <portnum> parameter specifies the mirror port to which the monitored port’s traffic will be copied. If you are configuring a chassis device, specify the slot number as well (<slotnum>/<portnum>).

Page 69

Configuring Basic Layer 2 Features

The [input | output] parameters apply to the FESX, FSX, and FWSX devices only. This parameter configures the mirror port exclusively for ingress or egress traffic. If you do not specify one, both types of traffic apply.

The both | in | out parameters specify the traffic direction you want to monitor on the mirror port. There is no default.

To display the port monitoring configuration, enter the show monitor and show mirror commands.

Page 70

Foundry Configuration Guide for the FESX, FSX, and FWSX

Page 71

Chapter 5

Configuring Base Layer 3

and Enabling Routing Protocols

The Layer 2 with Base Layer 3 software image contains all the system-level features in the Layer 2 images, along with the following:

• Static IP routes

• RIPv1 and RIPv2 (see note, below)

• Routing between directly connected subnets

• RIP advertisements of the directly connected subnets

NOTE:

• Layer 2 with Base Layer 3 images provide static RIP support. The device does not learn RIP routes from other Layer 3 devices. However, the device does advertise directly connected routes. Foundry Networks recommends that you deploy these devices only at the edge of your network, since incoming traffic can learn directly-connected routes advertised by the Foundry device, but outgoing traffic to other devices must use statically configured or default routes.

• The Base Layer 3 images do not support IP multicasting, OSPF, or BGP4.

• The Base Layer 3 images do not support protocol VLANs.

• FWSX devices are Layer 2 switches only. They do not support Base Layer 3 and full Layer 3 features.

The procedures in this chapter describe how to perform the tasks listed in Table 5.1.

Table 5.1: Procedures in This Chapter

Task See Page

Adding a static IP route 5-2

Adding a static entry to the ARP table 5-2

Modifying and displaying Layer 3 system parameter limits (FESX and FSX devices only)

5-3

Configuring RIP in the Base Layer 3 software image 5-4

Enabling or disabling other Layer 3 routing protocols in the full Layer 3 software image

5-7

Page 72

Foundry Configuration Guide for the FESX, FSX, and FWSX

Table 5.1: Procedures in This Chapter (Continued)

Task See Page

Enabling or disabling Layer 2 switching 5-7

Adding a Static IP Route

To add a static IP route, enter a command such as the following at the global CONFIG level of the CLI:

FESX424 Router(config)# ip route 209.157.2.0 255.255.255.0 192.168.2.1

This command adds a static IP route to the 209.157.2.x/24 subnet.

Syntax: [no] ip route <dest-ip-addr> <dest-mask> <next-hop-ip-addr> [<metric>]

Syntax: [no] ip route <dest-ip-addr>/<mask-bits> <next-hop-ip-addr> [<metric>]

The <dest-ip-addr> is the route’s destination. The <dest-mask> is the network mask for the route’s destination IP address. Alternatively, you can specify the network mask information by entering a forward slash followed by the number of bits in the network mask. For example, you can enter 192.0.0.0 255.255.255.0 as 192.0.0.0/.24. To configure a default route, enter 0.0.0.0 for <dest-ip-addr> and 0.0.0.0 for <dest-mask> (or 0 for the <mask-bits> if you specify the address in CIDR format). Specify the IP address of the default gateway using the <next-hop-ipaddr> parameter.

The <next-hop-ip-addr> is the IP address of the next-hop router (gateway) for the route.

The <metric> parameter specifies the cost of the route and can be a number from 1 – 16. The default is 1. The metric is used by RIP. If you do not enable RIP, the metric is not used.

NOTE: You cannot specify null0 or another interface as the next hop in the Base Layer 3 image.

Adding a Static ARP Entry

Static entries are useful in cases where you want to pre-configure an entry for a device that is not connected to the Foundry device, or you want to prevent a particular entry from aging out. The software removes a dynamic entry from the ARP cache if the ARP aging interval expires before the entry is refreshed. Static entries do not age out, regardless of whether the Foundry device receives an ARP request from the device that has the entry’s address. The software places a static ARP entry into the ARP cache as soon as you create the entry.

To add a static ARP entry, enter a command such as the following at the global CONFIG level of the CLI:

FESX424 Router(config)# arp 1 209.157.22.3 aaaa.bbbb.cccc ethernet 3

This command adds a static ARP entry that maps IP address 209.157.22.3 to MAC address aaaa.bbbb.cccc. The entry is for a MAC address connected to FESX424 Router port 3.

Syntax: [no] arp <num> <ip-addr> <mac-addr> ethernet [<slotnum>/]<portnum>

The <num> parameter specifies the entry number. You can specify a number from 1 up to the maximum number of static entries allowed on the device. You can allocate more memory to increase this amount. To do so, enter the system-max ip-static-arp <num> command at the global CONFIG level of the CLI.

The <ip-addr> command specifies the IP address of the device that has the MAC address of the entry.

The <mac-addr> parameter specifies the MAC address of the entry.

The <portnum> command specifies the port number attached to the device that has the MAC address of the entry. If you are configuring a chassis device, specify the slot number as well as the port number (<slotnum>/ <portnum>).

Page 73

Configuring Base Layer 3 and Enabling Routing Protocols

NOTE: The clear arp command clears learned ARP entries but does not remove any static ARP entries.

Modifying and Displaying Layer 3 System Parameter Limits

You can configure the following Layer 3 system parameters:

• number of IP next hops and IP route entries

• number of hardware logical interfaces (physical port and VLAN pairs)

• number of output interfaces (clients)

These parameters are automatically enabled with pre-defined default values. You can however, adjust these

values to conform with your network’s topology.

To display the current settings for the Layer 3 system parameters, use the show default value command. See “Displaying Layer 3 System Parameter Limits” on page 5-4.

To modify the default settings for the Layer 3 system parameters, use the system max command at the Global CONFIG level of the CLI. See “Modifying Layer 3 System Parameter Limits” on page 5-3.

Configuration Note

Changing the system parameters reconfigures the device’s memory. Whenever you reconfigure the memory on a Foundry device, you must save the change to the startup-config file, then reload the software to place the change

into effect.

Modifying Layer 3 System Parameter Limits

The Layer 3 system parameter limits share the same hardware memory space and, by default, consume all of the hardware memory allocated for these Layer 3 limits. Therefore, to increase the limit for one of the parameters, you must first decrease one or both of the other parameters’ limits. If you enter a value that exceeds the memory limit, the CLI will display an error message and the configuration will not take effect.

For example, if the network topology has a smaller number of IP next hops and routes, but has numerous multicast output interfaces, you could decrease the number of IP next hops and routes, then increase the number of multicast output interfaces. To do so, enter commands such as the following:

FESX424 Router(config)# system-max hw-ip-next-hop 1024 FESX424 Router(config)# system-max hw-ip-mcast-mll 2048 FESX424 Router(config)# write mem FESX424 Router(config)# reload

Likewise, if the network topology does not have a large number of VLANs, and the VLANs configured on physical ports are not widely distributed, you could decrease the number of hardware logical interfaces, then increase the number of IP next hops and multicast output interfaces. To do so, enter commands such as the following:

FESX424 Router(config)# system-max hw-logical-interface 2048 FESX424 Router(config)# system-max hw-ip-next-hop 3072 FESX424 Router(config)# system-max hw-ip-mcast-mll 2048 FESX424 Router(config)# write mem FESX424 Router(config)# reload

Syntax: system max hw-ip-next-hop <num>

Syntax: system max hw-logical-interface <num>

Syntax: system max hw-ip-mcast-mll <num>

The hw-ip-next-hop <num> parameter specifies the maximum number of IP next hops and routes supported on the device. Note that the maximum number includes unicast next hops and multicast route entries. Enter a number from 100 to 6144. The default is 2048.

Page 74

Foundry Configuration Guide for the FESX, FSX, and FWSX

The hw-logical-interface <num> parameter specifies the number of hardware logical interface pairs (physical port and VLAN pairs) supported on the device. Enter a number from 0 to 4096. When this parameter is set to 4096 (the maximum), the limit is not enforced. If you enter a number less than 4096, the limit is the total number of physical port and VLAN pairs that are IP-enabled in the system. The default is 4096.

The hw-ip-mcast-mll <num> parameter specifies the maximum number of multicast output interfaces (clients) supported on the device. If a given source or group has clients in n tagged VLANs on the router, then n + 1 mll entries are consumed for that source or group entry. Enter a number from 0 to 4096. The default is 1024.

Displaying Layer 3 System Parameter Limits

To display the Layer 3 system parameter defaults, maximum values, and current values, enter the following command at any level of the CLI:

FESX424 Router# show default value

sys log buffers:50 mac age time:300 sec telnet sessions:5

ip arp age:10 min bootp relay max hops:4 ip ttl:64 hops ip addr per intf:24

igmp group memb.:140 sec igmp query:60 sec

ospf dead:40 sec ospf hello:10 sec ospf retrans:5 sec ospf transit delay:1 sec

System Parameters Default Maximum Current ip-arp 4000 64000 4000 ip-static-arp 512 1024 512

some lines omitted for brevity....

hw-ip-next-hop 2048 6144 2048 hw-logical-interface 4096 4096 4096 hw-ip-mcast-mll 1024 4096 1024

Configuring RIP

RIP is disabled by default. If you want the Foundry device to use RIP, you must enable the protocol globally, then enable RIP on individual ports. When you enable RIP on a port, you also must specify the version (version 1 only, version 2 only, or version 1 compatible with version 2).

Optionally, you also can set or change the following parameters:

• Route redistribution – You can enable the software to redistribute static routes from the IP route table into RIP. Redistribution is disabled by default.

• Learning of default routes – The default is disabled.

• Loop prevention (split horizon or poison reverse) – The default is poison reverse.

Enabling RIP

RIP is disabled by default. To enable it, use the following CLI method. You must enable the protocol both globally and on the ports on which you want to use RIP.

To enable RIP globally, enter the following command:

Page 75

Configuring Base Layer 3 and Enabling Routing Protocols

FESX424 Router(config)# router rip

Syntax: [no] router rip

To enable RIP on a port and specify the RIP version, enter commands such as the following:

FESX424 Router(config-rip-router)# interface ethernet 1 FESX424 Router(config-if-e1000-1)# ip rip v1-only

This command changes the CLI to the configuration level for port 1and enables RIP version 1 on the interface. You must specify the version.

Syntax: interface ethernet [<slotnum>/]<portnum>

Syntax: [no] ip rip v1-only | v1-compatible-v2 | v2-only

Enabling Redistribution of IP Static Routes into RIP

By default, the software does not redistribute the IP static routes in the route table into RIP. To configure redistribution, perform the following tasks:

• Configure redistribution filters (optional). You can configure filters to permit or deny redistribution for a route based on the route’s metric. You also can configure a filter to change the metric. You can configure up to 64 redistribution filters. The software uses the filters in ascending numerical order and immediately takes the action specified by the filter. Thus, if filter 1 denies redistribution of a given route, the software does not redistribute the route, regardless of whether a filter with a higher ID permits redistribution of that route.

NOTE: The default redistribution action is permit, even after you configure and apply a permit or deny filter. To deny redistribution of specific routes, you must configure a deny filter.

NOTE: The option to set the metric is not applicable to static routes.

• Enable redistribution.

NOTE: If you plan to configure redistribution filters, do not enable redistribution until you have configured the filters.

When you enable redistribution, all IP static routes are redistributed by default. If you want to deny certain routes from being redistributed into RIP, configure deny filters for those routes before you enable redistribution. You can configure up to 64 RIP redistribution filters. They are applied in ascending numerical order.

NOTE: The default redistribution action is still permit, even after you configure and apply redistribution filters to the port. If you want to tightly control redistribution, apply a filter to deny all routes as the last filter (filter ID 64), then apply filters with lower filter IDs to allow specific routes.

To configure a redistribution filter, enter a command such as the following:

FESX424 Router(config-rip-router)# deny redistribute 1 static address 207.92.0.0

255.255.0.0

This command denies redistribution of all 207.92.x.x IP static routes.

Syntax: [no] permit | deny redistribute <filter-num> static address <ip-addr> <ip-mask> [match-metric <value> | set-metric <value>]

The <filter-num> specifies the redistribution filter ID. Specify a number from 1 – 64. The software uses the filters in ascending numerical order. Thus, if filter 1 denies a route from being redistributed, the software does not redistribute that route even if a filter with a higher ID permits redistribution of the route.

The address <ip-addr> <ip-mask> parameters apply redistribution to the specified network and subnet address. Use 0 to specify “any”. For example, “207.92.0.0 255.255.0.0“ means “any 207.92.x.x subnet”. However, to specify any subnet (all subnets match the filter), enter “address 255.255.255.255 255.255.255.255”.

Page 76

Foundry Configuration Guide for the FESX, FSX, and FWSX

The match-metric <value> parameter applies redistribution to those routes with a specific metric value; possible values are from 1 – 15.

The set-metric <value> parameter sets the RIP metric value that will be applied to the routes imported into RIP.

NOTE: The set-metric parameter does not apply to static routes.

The following command denies redistribution of a 207.92.x.x IP static route only if the route’s metric is 5.

FESX424 Router(config-rip-router)# deny redistribute 2 static address 207.92.0.0

255.255.0.0 match-metric 5

The following commands deny redistribution of all routes except routes for 10.10.10.x and 20.20.20.x:

FESX424 Router(config-rip-router)# deny redistribute 64 static address

255.255.255.255 255.255.255.255

FESX424 Router(config-rip-router)# permit redistribute 1 static address 10.10.10.0

255.255.255.0

FESX424 Router(config-rip-router)# permit redistribute 2 static address 20.20.20.0

255.255.255.0

Enabling Redistribution

After you configure redistribution parameters, you need to enable redistribution.

To enable RIP redistribution, enter the following command:

FESX424 Router(config-rip-router)# redistribution

Syntax: [no] redistribution

Enabling Learning of Default Routes

By default, the software does not learn RIP default routes.

To enable learning of default RIP routes, enter commands such as the following:

FESX424 Router(config)# interface ethernet 1 FESX424 Router(config-if-e1000-1)# ip rip learn-default

Syntax: interface ethernet [<slotnum>/]<portnum>

Syntax: [no] ip rip learn-default

The <slotnum>/ parameter applies to chassis devices only.

Changing the Route Loop Prevention Method

RIP can use the following methods to prevent routing loops:

• Split horizon – The Foundry device does not advertise a route on the same interface as the one on which it learned the route.

• Poison reverse – The Foundry device assigns a cost of 16 (“infinite” or “unreachable”) to a route before advertising it on the same interface as the one on which it learned the route. This is the default.

NOTE: These methods are in addition to RIP’s maximum valid route cost of 15.

To enable split horizon, enter commands such as the following:

FESX424 Router(config)# interface ethernet 1 FESX424 Router(config-if-e1000-1)# no ip rip poison-reverse

Syntax: [no] ip rip poison-reverse

Page 77

Configuring Base Layer 3 and Enabling Routing Protocols

Other Layer 3 Protocols

For information about other IP configuration commands in the Layer 2 with Base Layer 3 image that are not included in this chapter, see the chapter “Configuring IP” on page 16-1.

For information about enabling or disabling Layer 3 routing protocols, see “Enabling or Disabling Routing Protocols” on page 5-7. For complete configuration information about the routing protocols, see the other chapters in this book.

Enabling or Disabling Routing Protocols

This section describes how to enable or disable routing protocols. For complete configuration information about the routing protocols, see the other chapters in this book.

FESX and FSX devices running full Layer 3 code support the following protocols:

•BGP4

•IGMP

•IP

• IP multicast (DVMRP, PIM-SM, PIM-DM)

• OSPF

• RIPV1 and V2

• VRRP

• VRRPE

• VSRP

IP routing is enabled by default on devices running Layer 3 code. All other protocols are disabled, so you must enable them to configure and use them.

NOTE: The following protocols require a system reset before the protocol will be active on the system: PIM, DVMRP, and RIP. To reset a system, enter the reload command at the privileged level of the CLI.

To enable a protocol on a device running full Layer 3 code, enter router at the global CONFIG level, followed by the protocol to be enabled. The following example shows how to enable OSPF:

FESX424 Router(config)# router ospf FESX424 Router(config)# end FESX424 Router# write memory FESX424 Router# reload

Enabling or Disabling Layer 2 Switching

By default, Foundry Layer 3 Switches support Layer 2 switching. These devices switch the routing protocols that are not supported on the devices. If you want to disable Layer 2 switching, you can do so globally or on individual ports, depending on the version of software your device is running.

Configuration Notes

• Make sure you really want to disable all Layer 2 switching operations before you use this option. Consult your reseller or Foundry Networks for information.

• This feature is supported in the following configurations:

• The FESX running software release 01.1.00 or prior, supports disabling Layer 2 switching on a global

basis only. Starting in release 02.1.01, the FESX supports disabling Layer 2 switching on an individual

Page 78

Foundry Configuration Guide for the FESX, FSX, and FWSX

interface as well as on a global basis.

• The FSX running software release 02.2.00 or later supports disabling Layer 2 switching on an individual

interface as well as on a global basis.

Command Syntax

To globally disable Layer 2 switching on a Layer 3 Switch, enter commands such as the following:

FESX424 Router(config)# route-only FESX424 Router(config)# exit FESX424 Router# write memory FESX424 Router# reload

To re-enable Layer 2 switching on a Layer 3 Switch, enter the following:

FESX424 Router(config)# no route-only FESX424 Router(config)# exit FESX424 Router# write memory FESX424 Router# reload

Syntax: [no] route-only

To disable Layer 2 switching only on a specific interface, go to the Interface configuration level for that interface, then disable the feature. The following commands show how to disable Layer 2 switching on port 2:

FESX424 Router(config)# interface ethernet 2 FESX424 Router(config-if-e1000-2)# route-only

Syntax: [no] route-only

To re-enable Layer 2 switching, enter the command with “no”, as in the following example:

FESX424 Router(config-if-e1000-2)# no route-only

Page 79

Chapter 6

Configuring Power Over Ethernet

This chapter provides an overview of Power over Ethernet (POE) and describes how to enable or disable POE and how to configure POE parameters using CLI commands.

NOTE: This chapter applies to POE devices only.

This chapter contains the topics listed in Table 6.1.

Table 6.1: Chapter Contents

Description See Page

Overview of Power over Ethernet 6-1

Enabling or disabling Power over Ethernet 6-5

Enabling the detection of POE power requirements advertised via CDP

Setting the maximum power level for a POE power consuming device

Specifying the power class for a POE power consuming device

Setting the in-line power priority for a POE port 6-8

Resetting POE parameters 6-9

Displaying Power over Ethernet information 6-10

6-6

6-7

Power over Ethernet Overview

This section provides an overview of the requirements for delivering power over the LAN, as defined by the Institute of Electrical and Electronics Engineers Inc. (IEEE) in the 802.3af specification.

Page 80

Foundry Configuration Guide for the FESX, FSX, and FWSX

Foundry’s FSX (with POE daughter card) provides Power over Ethernet, compliant with the standards described in the IEEE 802.3af specification for delivering in-line power. The 802.3af specification defines the standard for delivering power over existing network cabling infrastructure, enabling multicast-enabled full streaming audio and video applications for converged services, such as, Voice over IP (VoIP), WLAN access points, IP surveillance cameras, and other IP technology devices.

POE technology eliminates the need for an electrical outlet and dedicated UPS near IP powered devices. With power sourcing devices, such as Foundry’s FSX, power is consolidated and centralized in the wiring closets, improving the reliability and resiliency of the network. Because POE can provide power over Ethernet cable, power is continuous, even in the event of a power failure.

Terms Used in This Section

The following terms are introduced in this section:

• Power sourcing device/equipment - This is the source of the power, or the device that integrates the power onto the network. Power sourcing devices/equipment have embedded POE technology. In this case, the power sourcing device is Foundry’s FSX.

• IP powered device or Power consuming device - This is the Ethernet device that requires power and is situated on the other end of the cable opposite the power sourcing equipment.

Methods for Delivering POE

There are two methods for delivering power over the network, as defined in the 802.3af specification:

• Endspan - Power is supplied through the Ethernet ports on a power sourcing device. With the Endspan solution, power can be carried over the two data pairs (Alternative A) or the two spare pairs (Alternative B).

• Midspan - Power is supplied by an intermediate power sourcing device placed between the switch and the powered device. With the Midspan solution, power is carried over the two spare pairs (Alternative B).

With both methods, power is transferred over four conductors, between the two pairs. 802.3af-compliant powered devices are able to accept power from either pairs.

Foundry’s FSX POE devices use the Endspan method, compliant with the 802.3af standard.

The Endspan and Midspan methods are described in more detail in the following sections.

NOTE: All 802.3af-compliant power consuming devices are required to support both application methods defined in the 802.3af specification.

Endspan

The POE Endspan method uses the Ethernet switch ports on power sourcing equipment, such as Foundry’s FSX POE, which has embedded POE technology to deliver power over the network.

With the Endspan solution, there are two supported methods of delivering power. In Alternative A, four wires deliver data and power over the network. Specifically, power is carried over the live wire pairs that deliver data, as illustrated in Figure 6.1. In Alternative B, the four wires of the spare pairs are used to deliver power over the network. Foundry’s POE devices support Alternative A.

The Endspan method is illustrated in Figure 6.1.

Page 81

Figure 6.1 POE Endspan Delivery Method

POE Endspan Delivery Method

Configuring Power Over Ethernet

POWER PS1 PS2

49C

CONSOLE

1234567891011

50C

49F 50F

LINK

ACT

1252 3 4 6 117 8 9 101

FastIron Edge 4802 POE

1314151617181920212223

2526272829303132333435

Switch with Power over Ethernet ports

362926 27 28 30 3531 32 33 3425

3738394041424344454647

484138 39 40 42 4743 44 45 4637

IP phone

Power and data signals travel along the same pairs of wires at different frequencies.

Midspan

The POE Midspan solution uses an intermediate device, usually a powered device, to inject power into the network. The intermediate device is positioned between the switch and the powered device and delivers power over the network using the spare pairs of wires (Alternative B). The intermediate device has multiple channels (typically 6 to 24), and each of the channels has data input and a data plus power RJ-45 output connector.

The Midspan method is illustrated in Figure 6.2.

Figure 6.2 POE Midspan Delivery Method

POE Midspan Delivery Method

484138 39 40 42 4743 44 45 4637

Switch

POWER PS1 PS2

49C

CONSOLE

1234567891011

50C

49F 50F

LINK

ACT

1252 3 4 6 117 8 9 101

FastIron Edge 4802 POE

1314151617181920212223

2526272829303132333435

362926 27 28 30 3531 32 33 3425

3738394041424344454647

Intermediate device

Power travels on unused spare pairs while data travels on other wire pairs.

IP phone

Page 82

Foundry Configuration Guide for the FESX, FSX, and FWSX

Autodiscovery

POE autodiscovery is a detection mechanism that identifies whether or not an installed device is 802.3af compatible. When you plug a device into an Ethernet port that is capable of providing in-line power, the autodiscovery mechanism detects whether or not the device requires power and how much power is needed. The autodiscovery mechanism also has a disconnect protection mechanism that shuts down the power once a powered device has been disconnected from the network or when a faulty powered device has been detected. This feature enables safe installation and prevents high-voltage damage to equipment.

POE autodiscovery is achieved by periodically transmitting current or test voltages that can detect when a powered device is attached to the network. When an 802.3af compatible device is plugged into a POE port, the powered device reflects test voltage back to the power sourcing device (the Foundry device), ultimately causing the power to be switched ON. Non-compatible 802.3af devices do not reflect test voltage back to the power sourcing device.

Power Class

Different power classes determine the amount of power a POE powered device receives. When a valid powered device is detected, the Foundry POE device performs power classification by inducing a specific voltage and measuring the current consumption of the powered device. Depending on the measured current, the Foundry device assigns the appropriate class to the powered device. Powered devices that do not support classification are assigned a class of 0 (zero). Table 6.3 shows the different power classes and their respective power consumption needs.

Table 6.2: Power Classes for Powered Devices

Class Usage Power (Watts)

0 default 15.4

1 optional 4

2 optional 7

3 optional 15.4

4 future class 0

Power Specifications

The actual implementation of the 802.3af standard limits power to 15.4W (44V to 57V) from the power sourcing device. This is in compliance with safety standards and existing wiring limitations. Though limited by the 802.3af standard, 15.4 watts of power is ample, as most powered devices consume an average of 5 to 12 watts of power. IP phones, wireless LAN access points, and network surveillance cameras each consume an average of 3.5 to 9 watts of power.

The FSX’s 48-volt power supply (part number SX-POE-AC-PWR) provides power to the POE daughter card, and ultimately to POE power-consuming devices. The number of POE power-consuming devices that one 48-volt power supply can support depends on the number of watts required by each power-consuming device. Each 48volt power supply can provide 1080 watts of power, and each POE port supports a maximum of 15.4 watts of power per POE power-consuming device. For example, if each POE power-consuming device attached to the FSX consumes 10 watts of power, one 48-volt supply will power up to 108 POE ports. You can install a second 48-volt supply for additional POE power. Power supply specifications are covered in the Foundry FastIron X- Series Chassis Hardware Installation Guide and in the Foundry FastIron Stackable Hardware Installation Guide.

CAUTION: The SX-POE-AC-PWR power supply is designed exclusively for use with the FSX POE devices. The power supply produces extensive power to support 802.3af applications. Installing the power supply in a device other than the FSX POE will cause extensive damage to your equipment.

Page 83

Configuring Power Over Ethernet

Cabling Requirements

The 802.3af standard currently supports POE on 10/100/1000 Mbps Ethernet ports operating over standard Category 5 unshielded twisted pair (UTP) cable or better. If your network uses cabling categories less than 5, you cannot implement POE without first upgrading your cables to CAT 5 UTP or better.

Supported Powered Devices

Foundry’s FSX POE devices support the following types of IP powered devices:

• Voice over IP (VoIP) phones

• Wireless LAN access points

• IP surveillance cameras

The following sections briefly describe these IP powered devices.

VoIP

Voice over IP (VoIP) is the convergence of traditional telephony networks with data networks, utilizing the existing data network infrastructure as the transport system for both services. Traditionally, voice is transported on a network that uses circuit-switching technology, whereas data networks are built on packet-switching technology. To achieve this convergence, technology has been developed to take a voice signal, which originates as an analog signal and transport it within a digital medium. This is done by devices, such as VoIP Telephones, which receive the originating tones and place them in UDP packets, the size and frequency of which is dependant on the Coding / Decoding (CODEC) technology that has been implemented in the VoIP Telephone / device. The VoIP control packets use the TCP/IP format.

Wireless LAN Access Points

Wireless LANs enable you to establish and maintain a wireless network connection within or between buildings, without the constraints of wires or cables as imposed by a wired LAN. Wireless LAN access points provide the link between the wired LAN and the wireless LAN.

Foundry’s IronPoint™ Access Point allows wireless clients to connect to your enterprise network. It is a fullfeatured access point that can be managed as a single device or by IronView Network Manager, a network management tool that manages several Foundry devices on a network. For more information about Foundry’s IronPoint Access Point, see the IronPoint documentation on the Foundry technical support website.

One of the main concerns with wireless LAN access points is the additional protection needed to secure the network. To help ensure continuous security against unauthorized Wireless LAN Access Points deployment, and deliver advanced security for entry-level WLAN Access Points, the Foundry’s POE devices include IEEE 802.1x support for a flexible and dynamic security implementation. All switch ports can be configured as secured, requiring 802.1x authentication, or unsecured, requiring no authentication. For more information about this feature, refer to the Foundry Security Guide.

IP Surveillance Cameras

IP surveillance technology provides digital streaming of video over Ethernet, providing real-time, remote access to video feeds from cameras.

The main benefit of using IP surveillance cameras on the network is that you can view surveillance images from any computer on the network. If you have access to the Internet, you can securely connect from anywhere in the world to view a chosen facility or even a single camera from your surveillance system. By using a Virtual Private Network (VPN) or the company intranet, you can manage password-protected access to images from the surveillance system. Similar to secure payment over the Internet, images and information are kept secure and can be viewed only by approved personnel.

Enabling or Disabling Power over Ethernet

To enable a port to receive in-line power for 802.3af-compliant and non-compliant power consuming devices, enter commands such as the following:

FastIron SuperX Router# config t

Page 84

Foundry Configuration Guide for the FESX, FSX, and FWSX

FastIron SuperX Router(config)# interface e 1/1 FastIron SuperX Router(config-if-e1000-1/1)# inline power

After entering the above commands, the console will display the following message:

FastIron SuperX Router(config-if-e1000-1/1)# PoE Info: Power enabled on port 1/1.

Syntax: [no] inline power

Use the no form of the command to disable the port from receiving in-line power.

NOTE: The FSX with POE can automatically detect whether or not a power consuming device is 802.3afcompliant. Therefore, the CLI command inline power legacy-powerdevice, which is used on FES POE devices to configure 802.3af non-compliant devices, does not apply on the FSX POE.

Enabling the Detection of POE Power Requirements Advertised via CDP

Many power consuming devices, such as Cisco’s VOIP phones and other vendors’ devices, use CDP to advertise their power requirements to power sourcing devices, such as Foundry’s POE devices. Foundry’s power consuming devices are compatible with Cisco’s and other vendors’ power consuming devices, in that they can

detect and process power requirements for these devices automatically.

Configuration Considerations

• This feature is supported in FSX POE devices running software release 02.2.00 or later

• If you configure a port with a maximum power level or a power class for a power consuming device, the power level or power class takes precedence over the CDP power requirement. Therefore, if you want the device to adhere to the CDP power requirement, do not configure a power level or power class on the port.

• The FSX POE will adjust a port’s power only if there are available power resources on the device.

Command Syntax

To enable the Foundry device to detect CDP power requirements, enter the following commands:

FastIron SuperX Switch# config t FastIron SuperX Switch(config)# cdp run

Syntax: [no] cdp run

Use the no form of the command to disable the detection of CDP power requirements.

Setting the Maximum Power Level for a POE Power Consuming Device

When POE is enabled on a port to which a power consuming device is attached, by default, the Foundry POE device will supply 15.4 watts of power at the RJ45 jack, minus any power loss through the cables. For example, a

POE port with a default maximum power level of 15.4 watts will receive a maximum of 12.95 watts of power after

2.45 watts of power loss through the cable. This is compliant with the IEEE 802.3af specification for delivering in-

line power. Devices that are configured to receive less POE power, for example, 4.0 watts of power, will experience a lower rate of power loss through the cable.

If desired, you can manually configure the maximum amount of power that the Foundry the RJ45 jack. You can specify from 1 to 15.4 watts of maximum power for each power consuming device connected to the switch.

Configuration Notes

• This feature is supported in FSX POE devices running release 02.2.00 or later

POE device will supply at

Page 85

Configuring Power Over Ethernet

• There are two ways to configure the power level for a POE power consuming device. The first method is discussed in this section. The other method is provided in the section “Setting the Power Class for a POE Power Consuming Device” on page 6-7. For each POE port, you can configure either a maximum power level or a power class. You cannot configure both. You can, however, configure a maximum power level on one port and a power class on another port.

• The CLI commands for this feature differ on the FSX POE compared to the FES POE. On the FES POE, there are separate CLI commands for 802.3af-compliant versus 802.3-af non-compliant power consuming

devices. On the FSX, there is one command for all power consuming devices. The command syntax is also different on the FSX. To configure your device, refer to the appropriate section, below.

Command Syntax

To configure the maximum power level for a power consuming device, enter commands such as the following:

FastIron SuperX Router# config t FastIron SuperX Router(config)# interface e 1/1 FastIron SuperX Router(config-if-e1000-1/1)# inline power power-limit 14000

These commands enable in-line power on interface e 1 in slot 1 and set the POE power level to 14,000 milliwatts (14 watts).

Syntax: inline power power-limit <power level>

where <power level> is the number of milliwatts, between 1000 and 15400. The default is 15400.

For information about resetting the maximum power level, see “Resetting POE Parameters” on page 6-9.

Setting the Power Class for a POE Power Consuming Device

A power class specifies the maximum amount of power that a Foundry POE device will supply to a power consuming device. Table 6.3 shows the different power classes and their respective maximum power allocations.

Table 6.3: Power Classes for Power Consuming Devices

Class Maximum

Power (Watts)

0 15.4 (default)

315.4

By default, the power class for all power consuming devices is zero (0). As shown in Table 6.3, a power consuming device with a class of 0 receives 15.4 watts of power.

Configuration Notes

• This feature is supported in the FSX POE devices running release 02.2.00 or later

• The power class sets the maximum power level for a power consuming device. Alternatively, you can set the maximum power level as instructed in the section “Setting the Maximum Power Level for a POE Power Consuming Device” on page 6-6. For each POE port, you can configure either a power class or a maximum power level. You cannot configure both. You can, however, configure a power level on one port and power class on another port.

• The power class includes any power loss through the cables. For example, a POE port with a default power

Page 86

Foundry Configuration Guide for the FESX, FSX, and FWSX

class of 0 (15.4 watts) will receive a maximum of 12.95 watts of power after 2.45 watts of power loss through the cable. This is compliant with the IEEE 802.3af specification for delivering in-line power. Devices that are configured to receive less POE power, for example, class 1 devices (4.0 watts), will experience a lower rate of power loss through the cable.

devices. On the FSX, there is one command for all power consuming devices. The command syntax is also different on the FSX.

Command Syntax

To configure the power class for a POE power consuming device, enter commands such as the following:

FastIron SuperX Switch# config t FastIron SuperX Switch(config)# interface e 1/1 FastIron SuperX Switch(config-if-e1000-1/1)# inline power power-by-class 2

These commands enable in-line power on interface e 1 in slot 1 and set the power class to 2.

Syntax: inline power power-by-class <class value>

where <class value> is the power class. Enter a value from 0 – 3. See Table 6.3 for the power classes and their respective maximum power allocations. The default is 0 (15.4 watts).

For information about resetting the power class, see “Resetting POE Parameters” on page 6-9.

Setting the In-line Power Priority for a POE Port

Each FSX POE (48V) power supply provides a maximum of 1080 watts of power, and each POE port receives a default maximum value of 15.4 watts of power, minus any power loss through the cable. The power capacity of

one or two POE power supplies is shared among all POE power consuming devices attached to the FSX POE.

In a configuration where POE power consuming devices collectively have a greater demand for power than the POE power supply or supplies can provide, the FSX must place the POE ports that it cannot power in standby or

denied mode (waiting for power) until the available power increases. The available power increases when one or more POE ports are powered down, or, if applicable, when an additional POE power supply is installed in the FSX.

When POE ports are in standby or denied mode (waiting for power) and the FSX receives additional power resources, by default, the FSX will allocate newly available power to the standby ports in ascending order, by slot

number then by port number, provided enough power is available for the ports. For example, POE port 1/11 should receive power before POE port 2/1. However, if POE port 1/11 needs 12 watts of power and POE port 2/1

needs 10 watts of power, and 11 watts of power become available on the device, the FSX will allocate the power to port 2/1 since it does not have sufficient power for port 1/11.

You can configure an in-line power priority on POE ports, whereby ports with a higher in-line power priority will take precedence over ports with a low in-line power priority. For example, if a new POE port comes on-line and the port is configured with a high priority, if necessary (if power is already fully allocated to power consuming

devices), the FSX will remove power from a POE port or ports that have a lower priority and allocate the power to the POE port that has the higher value.

Ports that are configured with the same in-line power priority are given precedence based on the slot number and port number in ascending order, provided enough power is available for the port. For example, if both POE port 1/ 2 and POE port 2/1 have a high in-line power priority value, POE port 1/2 will receive power before POE port 2/1. However, if POE port 1/2 needs 12 watts of power and POE port 2/1 needs 10 watts of power, and 11 watts of

power become available on the device, the FSX will allocate the power to POE port 2/1 since it does not have sufficient power for port 1/2. By default, all ports are configured with a low in-line power priority.

Page 87

Configuring Power Over Ethernet

Command Syntax

To configure an in-line power priority for a POE port on a FSX, enter commands such as the following:

FastIron SuperX Router# config t FastIron SuperX Router(config)# interface e 1/1 FastIron SuperX Router(config-if-e1000-1/1)# inline power priority 2

These commands enable in-line power on interface e 1 in slot 1 and set the in-line power priority level to high.

Syntax: [no] inline power priority <priority num>

where priority <priority num> is the in-line power priority number. The default is 3 (low priority). You can specify one of the following values:

• 3 – low priority

• 2 – high priority

• 1 – critical priority

Use the inline power command (without a priority number) to reset a port’s priority to the default (low) priority.

Use the no inline power command to disable the port from receiving in-line power.

For information about resetting the in-line power priority, see “Resetting POE Parameters” on page 6-9.

To view the in-line power priority for all POE ports, issue the show inline power command at the Privileged EXEC level of the CLI. See “Displaying POE Operational Status” on page 6-10.

Resetting POE Parameters

NOTE: This feature applies to the FSX POE only.

To override or reset POE port parameters including power priority, power class, and maximum power level, you must specify each POE parameter in the CLI command line. This section provides some examples.

EXAMPLE:

To change a POE port’s power priority from high to low (the default value) and keep the current maximum configured power level of 3000, enter commands such as the following:

FastIron SuperX Router# config t FastIron SuperX Router(config)# interface e 1/1 FastIron SuperX Router(config-if-e1000-1/1)# inline power priority 3 power-limit 3000

Note that you must specify both the inline power priority and the maximum power level (power-limit command), even though you are keeping the current configured maximum power level at 3000. If you do not specify the maximum power level, the device will apply the default value of15400 (15.4 watts). Also, you must specify the inline power priority before specifying the power limit.

EXAMPLE:

To change a port’s power class from 2 (4 watts max) to 3 (7 watts max) and keep the current configured power priority of 2, enter commands such as the following:

FastIron SuperX Router# config t FastIron SuperX Router(config)# interface e 1/1 FastIron SuperX Router(config-if-e1000-1/1)# inline power priority 2 power-by-class 3

Note that you must specify both the power class and the inline power priority, even though you are not changing the power priority. If you do not specify the power priority, the device will apply the default value of 3 (low priority). Also, you must specify the inline power priority before specifying the power class.

Page 88

Foundry Configuration Guide for the FESX, FSX, and FWSX

Displaying Power over Ethernet Information

This section lists the CLI commands for viewing POE information.

Displaying POE Operational Status

The show inline power command displays operational information about Power over Ethernet.

On the FSX, you can view the POE operational status for the entire device, for a specific POE module only, or for a specific interface only. In addition, on the FSX, you can use the show inline power detail command to display in depth information about POE power supplies.

The following shows an example of the show inline power display output on a FSX device.

FastIron SuperX Switch#show inline power

Power Capacity: Total is 2160000 mWatts. Current Free is 18800 mWatts.

Power Allocations: Requests Honored 769 times

... some lines omitted for brevity...

Port Admin Oper ---Power(mWatts)--- PD Type PD Class Pri Fault/ State State Consumed Allocated Error

------------------------------------------------------------------------- 4/1 On On 5070 9500 802.3af n/a 3 n/a 4/2 On On 1784 9500 Legacy n/a 3 n/a 4/3 On On 2347 9500 802.3af n/a 3 n/a 4/4 On On 2441 9500 Legacy n/a 3 n/a 4/5 On On 6667 9500 802.3af Class 3 3 n/a 4/6 On On 2723 9500 802.3af Class 2 3 n/a 4/7 On On 2347 9500 802.3af n/a 3 n/a 4/8 On On 2347 9500 802.3af n/a 3 n/a 4/9 On On 2347 9500 802.3af n/a 3 n/a 4/10 On On 4976 9500 802.3af Class 3 3 n/a 4/11 On On 4882 9500 802.3af Class 3 3 n/a 4/12 On On 4413 9500 802.3af Class 1 3 n/a 4/13 On On 7793 9500 802.3af n/a 3 n/a 4/14 On On 7512 9500 802.3af n/a 3 n/a 4/15 On On 8075 9500 802.3af n/a 3 n/a 4/16 On On 4131 9500 802.3af Class 1 3 n/a 4/17 On On 2347 9500 802.3af n/a 3 n/a 4/18 On Off 0 9500 n/a n/a 3 n/a 4/19 On On 5352 9500 Legacy n/a 3 n/a 4/20 On On 7981 9500 802.3af n/a 3 n/a 4/21 On On 12958 13000 802.3af Class 3 3 n/a 4/22 On On 12958 13000 802.3af Class 3 3 n/a 4/23 On On 13052 13000 802.3af Class 3 3 n/a 4/24 On On 12864 13000 802.3af Class 3 3 n/a

------------------------------------------------------------------------- Total 137367 242000

... some lines omitted for brevity...

Grand Total 1846673 2127400

Page 89

Configuring Power Over Ethernet

Syntax: show inline power [<slot num>] | [<slot num>/<port num>]

Table 6.4 provides definitions for the statistics.

Table 6.4: Field Definitions for the Show Inline Power Command

This Column... Displays...

Power Capacity The total POE power supply capacity and the amount of available power (current

free) for POE power consuming devices. Both values are shown in milliwatts.

Power Allocations The number of times the FSX fulfilled POE requests for power.

Port The slot number and port number.

Admin State Specifies whether or not Power over Ethernet has been enabled on the port. This

value can be one of the following:

•ON – The inline power command was issued on the port.

• OFF – The inline power command has not been issued on the port.

Oper State Shows the status of in-line power on the port. This value can be one of the

following:

• ON – The POE power supply is delivering in-line power to the powered device.

• OFF – The POE power supply is not delivering in-line power to the powered device.

• DENIED – The port is in standby mode (waiting for power) because the FSX does not currently have enough available power for the port.

Power Consumed The number of current, actual milliwatts that the powered device is consuming.

Power Allocated The number of milliwatts allocated to the port. This value is either the default or

configured maximum power level, or the power class that was automatically detected by the FSX.

PD Type The type of powered device connected to the port. This value can be one of the

following:

• 802.3AF-PD – The powered device connected to this port is 802.3afcompliant.

• LEGACY – The powered device connected to this port is a legacy product (not 802.3af-compliant).

• N/A – Power over Ethernet is configured on this port, and one of the following is true:

• The device connected to this port is a non-powered device.

• No device is connected to this port.

• The port is in standby or denied mode (waiting for power).

Page 90

Foundry Configuration Guide for the FESX, FSX, and FWSX

Table 6.4: Field Definitions for the Show Inline Power Command

This Column... Displays...

PD Class Determines the maximum amount of power a powered device receives. This

value can be one of the following:

• Class0 – Receives 15.4 watts maximum.

• Class1 – Receives 4 watts maximum

• Class2 – Receives 7 watts maximum

• Class3 – Receives 15.4 watts maximum

• Unknown – The device attached to the port cannot advertise its class.

Pri The port’s in-line power priority, which determines the order in which the port will

receive power while in standby mode (waiting for power). Ports with a higher priority will receive power before ports with a low priority. This value can be one of the following:

• 3 – low priority

• 2 – high priority

• 1 – critical priority

Total The total power in milliwatts being consumed by all powered devices connected to

the Interface module, and the total power in milliwatts allocated to all powered devices connected to the Interface module.

Grand Total The total number of current, actual milliwatts being consumed by all powered

devices connected to the FSX, and the total number of milliwatts allocated to all powered devices connected to the FSX.

Page 91

Configuring Power Over Ethernet

Displaying Detailed Information About POE Power Supplies

The show inline power detail command displays detailed operational information about the POE power supplies in FSX POE devices.

To display detailed POE statistics, enter the following command:

FastIron SuperX Switch# show inline power detail

Power Supply Data: ++++++++++++++++++

Power Supply #1: Firmware Ver: 0.2 Date: 3/15/5 H/W Status: 807 Max Curr: 26.5 Amps Voltage: 50.0 Volts Capacity: 1325 Watts Consumption: 1144 Watts Power Supply #2: Firmware Ver: 0.2 Date: 3/15/5 H/W Status: 807 Max Curr: 26.5 Amps Voltage: 50.0 Volts Capacity: 1325 Watts Consumption: 949 Watts

General PoE Data: +++++++++++++++++

Slot Firmware Version

-------------1 04.0.0 2 04.0.0 3 04.0.0 4 04.0.0 5 04.0.0 6 04.0.0 7 04.0.0 8 04.0.0

... continued on next page...

Page 92

Foundry Configuration Guide for the FESX, FSX, and FWSX

... continued from previous page...

Cumulative Port State Data: +++++++++++++++++++++++++++

Slot #Ports #Ports #Ports #Ports #Ports #Ports #Ports Admin-On Admin-Off Oper-On Oper-Off Off-Denied Off-No-PD Off-Fault

------------------------------------------------------------------------------1 24 0 24 0 0 0 0 2 24 0 24 0 0 0 0 3 24 0 23 1 0 1 0 4 24 0 23 1 0 1 1 5 24 0 24 0 0 0 0 6 24 0 24 0 0 0 0 7 24 0 24 0 0 0 0 8 24 0 24 0 0 0 0

------------------------------------------------------------------------------Total:192 0 190 2 0 2 1

Cumulative Port Power Data: +++++++++++++++++++++++++++

Slot #Ports #Ports #Ports Power Power Pri: 1 Pri: 2 Pri: 3 Consumption Allocation

----------------------------------------------------1 24 0 0 310.146 W 312.0 W 2 0 0 24 308.454 W 312.0 W 3 0 0 24 108.727 W 172.500 W 4 0 0 24 137.366 W 232.500 W 5 24 0 0 56.991 W 145.400 W 6 0 0 24 309.112 W 312.0 W 7 0 0 24 308.548 W 312.0 W 8 24 0 0 307.796 W 312.0 W

----------------------------------------------------Total:72 0 120 1847.140 W 2110.400 W

Syntax: show inline power detail

Page 93

Configuring Power Over Ethernet

Table 6.4 provides definitions for the statistics displayed in the show inline power detail command.

Table 6.5: Field Definitions for the Show Inline Power Detail Command

This Column... Displays...

Power Supply Data

Firmware ver The POE power supply’s firmware version.

Date The POE power supply’s firmware test date in the format mm/dd/yyyy.

H/W Status

The POE power supply’s hardware status code. This field is used by Foundry Technical Support for troubleshooting.

Max Curr The POE power supply’s maximum current capacity.

Voltage The POE power supply’s current input voltage.

Capacity The POE power supply’s total power capacity (in watts).

Consumption The total number of watts consumed by POE power consuming devices and POE

modules in the system, minus any internal or cable power loss.

General POE Data

Slot The Interface module / slot number

Firmware Version The Interface module’s / slot number’s firmware version.

Cumulative Port State Data

Slot The Interface module / slot number

# Ports Admin-On The number of ports on the Interface module on which the inline power

command was issued.

# Ports Admin-Off The number of ports on the Interface module on which the inline power

command was not issued.

# Ports Oper-On The number of ports on the Interface module that are receiving in-line power from

the POE power supply.

# Ports Oper-Off The number of ports on the Interface module that are not receiving in-line power

# Ports Off-Denied The number of ports on the Interface module that were denied power because of

# Ports Off-No-PD The number of ports on the Interface module to which no powered devices are

# Ports Off-Fault The number of ports on the Interface module that are not receiving power

Total The totals for all of the fields in the Cumulative Port State Data report.

Cumulative Port Power Data

Slot The Interface module / slot number

# Ports Pri: 1 The number of POE ports on the Interface module that have a POE port priority of

from the POE power supply.

insufficient power.

connected.

because of a subscription overload.

Page 94

Foundry Configuration Guide for the FESX, FSX, and FWSX

Table 6.5: Field Definitions for the Show Inline Power Detail Command

This Column... Displays...

# Ports Pri: 2 The number of POE ports on the Interface module that have a POE port priority of

# Ports Pri: 3 The number of POE ports on the Interface module that have a POE port priority of

Power Consumption The total number of watts consumed by both POE power consuming devices and

the POE module (daughter card) attached to the Interface module.

Power Allocation The number of watts allocated to the Interface module’s POE ports. This value is

the sum of the ports’ default or configured maximum power levels, or power classes automatically detected by the FSX.

Total The totals for all of the fields in the Cumulative Port Power Data report.

Page 95

Chapter 7

Configuring Spanning Tree Protocol (STP)

and IronSpan Features

This chapter describes how to configure Spanning Tree Protocol (STP) and IronSpan parameters on Foundry Layer 3 Switches using the CLI. IronSpan features extend the operation of standard STP, enabling you to fine tune standard STP and avoid some of its limitations.

Chapter Contents

Table 7.1: Chapter Contents

Description See Page

Overview of STP 7-2

Configuring standard STP parameters 7-2

STP Parameters and defaults 7-2

Enabling and disabling STP 7-4

Changing STP bridge and port parameters 7-5

STP Protection enhancement 7-6

Displaying STP information 7-8

Configuring IronSpan features 7-16

Fast Port Span 7-16

802.1W Rapid Spanning Tree (RSTP) 7-18

802.1W Draft 3 RSTP (both 802.1W Draft 3 and full

802.1W are supported)

Single-instance STP (SSTP) 7-56

STP per VLAN group 7-58

7-53

Per VLAN Spanning Tree (PVST)/PVST+ compatibility 7-61

Page 96

Foundry Configuration Guide for the FESX, FSX, and FWSX

STP Overview

The Spanning Tree Protocol (STP) eliminates Layer 2 loops in networks, by selectively blocking some ports and allowing other ports to forward traffic, based on global (bridge) and local (port) parameters you can configure.

You can enable or disable STP on a global basis (for the entire device), a port-based VLAN basis (for the individual Layer 2 broadcast domain), or an individual port basis.

Configuration procedures are provided for the standard STP bridge and port parameters as well as Foundry IronSpan parameters.

IronSpan is a set of Layer 2 features that enable you to overcome limitations in the standard 802.1d Spanning Tree Protocol (STP). IronSpan includes the features listed in Table 7.1.

Configuring Standard STP Parameters

Foundry Layer 2 Switches and Layer 3 Switches support standard STP as described in the IEEE 802.1D specification. STP is enabled by default on Layer 2 Switches but disabled by default on Layer 3 Switches.

By default, each port-based VLAN on a Foundry device runs a separate spanning tree (a separate instance of STP). A Foundry device has one port-based VLAN (VLAN 1) by default that contains all the device’s ports. Thus, by default each Foundry device has one spanning tree. However, if you configure additional port-based VLANs on a Foundry device, then each of those VLANs on which STP is enabled and VLAN 1 all run separate spanning trees.

If you configure a port-based VLAN on the device, the VLAN has the same STP state as the default STP state on the device. Thus, on Layer 2 Switches, new VLANs have STP enabled by default. On Layer 3 Switches, new VLANs have STP disabled by default. You can enable or disable STP in each VLAN separately. In addition, you can enable or disable STP on individual ports.

STP Parameters and Defaults

Table 7.2 lists the default STP states for Foundry devices.

Table 7.2: Default STP States

Device Type Default STP Type Default STP State Default STP State

Layer 2 Switch

Layer 3 Switch MSTP Disabled Disabled

a.When you create a port-based VLAN, the new VLAN’s STP state is the same as the default STP state on the device. The new VLAN does not inherit the STP state of the default VLAN. b.MSTP stands for “Multiple Spanning Tree Protocol”. In this type of STP, each port-based VLAN, including the default VLAN, has its own spanning tree. References in this documentation to “STP” apply to MSTP. The Single Spanning Tree Protocol (SSTP) is another type of STP. SSTP includes all VLANs on which STP is enabled in a single spanning tree. See “Single Spanning Tree (SSTP)” on page 7-56.

MSTP

of New VLANs

Enabled Enabled

Page 97

Configuring Spanning Tree Protocol (STP) and IronSpan Features

Table 7.3 lists the default STP bridge parameters. The bridge parameters affect the entire spanning tree. If you are using MSTP, the parameters affect the VLAN. If you are using SSTP, the parameters affect all VLANs that are members of the single spanning tree.

Table 7.3: Default STP Bridge Parameters

Parameter Description Default and Valid Values

Forward Delay The period of time spent by a port in the listening and

learning state before moving on to the learning or forwarding state, respectively.

15 seconds

Possible values: 4 – 30

seconds The forward delay value is also used for the age time of dynamic entries in the filtering database, when a topology change occurs.

Maximum Age The interval a bridge will wait for a configuration BPDU

from the root bridge before initiating a topology change.

20 seconds

Possible values: 6 – 40

seconds

Hello Time The interval of time between each configuration BPDU

sent by the root bridge.

2 seconds

Possible values: 1 – 10

seconds

Priority A parameter used to identify the root bridge in a

spanning tree (instance of STP). The bridge with the lowest value has the highest priority and is the root.

32768

Possible values: 0 – 65535

A higher numerical value means a lower priority; thus, the highest priority is 0.

NOTE: If you plan to change STP bridge timers, Foundry recommends that you stay within the following ranges, from section 8.10.2 of the IEEE STP specification.

2 * (forward_delay -1) >= max_age

max_age >= 2 * (hello_time +1 )

Table 7.4 lists the default STP port parameters. The port parameters affect individual ports and are separately configurable on each port.

Table 7.4: Default STP Port Parameters

Parameter Description Default and Valid Values

Priority The preference that STP gives this port relative to other

ports for forwarding traffic out of the spanning tree.

A higher numerical value means a lower priority; thus, the highest priority is 8.

128

Possible values: 8 – 252

(configurable in increments

of 4)

Page 98

Foundry Configuration Guide for the FESX, FSX, and FWSX

Table 7.4: Default STP Port Parameters (Continued)

Parameter Description Default and Valid Values

Path Cost The cost of using the port to reach the root bridge. When

selecting among multiple links to the root bridge, STP chooses the link with the lowest path cost and blocks the other paths. Each port type has its own default STP path cost.

10 Mbps – 100

100 Mbps – 19

Gigabit – 4

10 Gigabit – 2

Possible values are 0 – 65535

Enabling or Disabling the Spanning Tree Protocol (STP)

STP is enabled by default on devices running Layer 2 code. STP is disabled by default on devices running Layer 3 code.

You can enable or disable STP on the following levels:

• Globally – Affects all ports and port-based VLANs on the device.

• Port-based VLAN – Affects all ports within the specified port-based VLAN. When you enable or disable STP within a port-based VLAN, the setting overrides the global setting. Thus, you can enable STP for the ports within a port-based VLAN even when STP is globally disabled, or disable the ports within a port-based VLAN when STP is globally enabled.

• Individual port – Affects only the individual port. However, if you change the STP state of the primary port in a trunk group, the change affects all ports in the trunk group.

NOTE: The CLI converts the STP groups into topology groups when you save the configuration. For backward compatibility, you can still use the STP group commands. However, the CLI converts the commands into the topology group syntax. Likewise, the show stp-group command displays STP topology groups. See “Topology Groups” on page 1.

Enabling or Disabling STP Globally

Use the following method to enable or disable STP on a device on which you have not configured port-based VLANs.

NOTE: When you configure a VLAN, the VLAN inherits the global STP settings. However, once you begin to define a VLAN, you can no longer configure standard STP parameters globally using the CLI. From that point on, you can configure STP only within individual VLANs.

To enable STP for all ports in all VLANs on a Foundry device, enter the following command:

FESX424 Router(config)# spanning-tree

This command enables a separate spanning tree in each VLAN, including the default VLAN.

Syntax: [no] spanning-tree

Enabling or Disabling STP in a Port-Based VLAN

Use the following procedure to disable or enable STP on a device on which you have configured a port-based VLAN. Changing the STP state in a VLAN affects only that VLAN.

To enable STP for all ports in a port-based VLAN, enter commands such as the following:

FESX424 Router(config)# vlan 10 FESX424 Router(config-vlan-10)# spanning-tree

Syntax: [no] spanning-tree

Page 99

Configuring Spanning Tree Protocol (STP) and IronSpan Features

Enabling or Disabling STP on an Individual Port

Use the following procedure to disable or enable STP on an individual port.

NOTE: If you change the STP state of the primary port in a trunk group, the change affects all ports in the trunk group.

To enable STP on an individual port, enter commands such as the following:

FastIron SuperX Router(config)# interface 1/1 FastIron SuperX Router(config-if-e1000-1/1)# spanning-tree

Syntax: [no] spanning-tree

Changing STP Bridge and Port Parameters

Table 7.3 on page 7-3 and Table 7.4 on page 7-3 list the default STP parameters. If you need to change the default value for an STP parameter, use the following procedures.

Changing STP Bridge Parameters

NOTE: If you plan to change STP bridge timers, Foundry recommends that you stay within the following ranges,

from section 8.10.2 of the IEEE STP specification.

2 * (forward_delay -1) >= max_age

max_age >= 2 * (hello_time +1 )

To change a Foundry device’s STP bridge priority to the highest value to make the device the root bridge, enter the following command:

FESX424 Router(config)# spanning-tree priority 0

The command in this example changes the priority on a device on which you have not configured port-based VLANs. The change applies to the default VLAN. If you have configured a port-based VLAN on the device, you can configure the parameters only at the configuration level for individual VLANs. Enter commands such as the following:

FESX424 Router(config)# vlan 20 FESX424 Router(config-vlan-20)# spanning-tree priority 0

To make this change in the default VLAN, enter the following commands:

FESX424 Router(config)# vlan 1 FESX424 Router(config-vlan-1)# spanning-tree priority 0

Syntax: [no] spanning-tree [forward-delay <value>] | [hello-time <value>] | [maximum-age <value>] | [priority <value>]

The forward-delay <value> parameter specifies the forward delay and can be a value from 4 – 30 seconds. The default is 15 seconds.

NOTE: You can configure a Foundry device for faster convergence (including a shorter forward delay) using Fast Span. See “Configuring IronSpan Features” on page 7-16.

The hello-time <value> parameter specifies the hello time and can be a value from 1 – 10 seconds. The default is 2 seconds.

NOTE: This parameter applies only when this device or VLAN is the root bridge for its spanning tree.

The maximum-age <value> parameter specifies the amount of time the device waits for receipt of a configuration BPDU from the root bridge before initiating a topology change. You can specify from 6 – 40 seconds. The default is 20 seconds.

Page 100

Foundry Configuration Guide for the FESX, FSX, and FWSX

The priority <value> parameter specifies the priority and can be a value from 0 – 65535. A higher numerical value means a lower priority. Thus, the highest priority is 0. The default is 32768.

You can specify some or all of these parameters on the same command line. If you specify more than one parameter, you must specify them in the order shown above, from left to right.

Changing STP Port Parameters

To change the path and priority costs for a port, enter commands such as the following:

FESX424 Router(config)# vlan 10 FESX424 Router(config-vlan-10)# spanning-tree ethernet 5 path-cost 15 priority 64

Syntax: spanning-tree ethernet [<slotnum>/]<portnum> path-cost <value> | priority <value> | disable | enable

The <portnum> parameter specifies the interface. If you are configuring a chassis device, specify the slot number as well as the port number (<slotnum>/<portnum>).

The path-cost <value> parameter specifies the port’s cost as a path to the spanning tree’s root bridge. STP prefers the path with the lowest cost. You can specify a value from 0 – 65535.

The default depends on the port type:

• 10 Mbps – 100

• 100 Mbps – 19

• Gigabit – 4

• 10 Gigabit – 2

The priority <value> parameter specifies the preference that STP gives this port relative to other ports for forwarding traffic out of the spanning tree. You can specify a value from 8 – 252, in increments of 4. If you enter a value that is not divisible by four the software rounds to the nearest value that is. The default is 128. A higher numerical value means a lower priority; thus, the highest priority is 8.

NOTE: If you are upgrading a device that has a configuration saved under an earlier software release, and the configuration contains a value from 0 – 7 for a port’s STP priority, the software changes the priority to the default when you save the configuration while running the new release.

The disable | enable parameter disables or re-enables STP on the port. The STP state change affects only this VLAN. The port’s STP state in other VLANs is not changed.

STP Protection Enhancement

STP protection provides the ability to prohibit an end station from initiating or participating in an STP topology change.

The 802.1W Spanning Tree Protocol (STP) detects and eliminates logical loops in a redundant network by selectively blocking some data paths (ports) and allowing only the best data paths to forward traffic.

In an STP environment, switches, end stations, and other Layer 2 devices use Bridge Protocol Data Units (BPDUs) to exchange information that STP will use to determine the best path for data flow. When a Layer 2 device is powered ON and connected to the network, or when a Layer 2 device goes down, it sends out an STP BPDU, triggering an STP topology change.

In some instances, it is unnecessary for a connected device, such as an end station, to initiate or participate in an STP topology change. In this case, you can enable the STP Protection feature on the Foundry port to which the end station is connected. Foundry’s STP Protection feature disables the connected device’s ability to initiate or participate in an STP topology change, by dropping all BPDUs received from the connected device.

Configuration Notes

This feature is supported in the following configurations:

• FESX devices running software release 02.1.01 or later

• All FSX and FWSX devices and associated software releases

Foundry Networks FESX, FWSX, FSX, FastIron Workgroup Switch X424, FastIron Workgroup Switch X448 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual