Intel 480T User Manual

Intel® NetStructure
Intel
®
NetStructure
480T Routing Switch User Guide
480T Routing Switch
User GuideUser Guide
User Guide
User GuideUser Guide
Copyright © 2001, Intel Corporation. All rights reserved. Intel Corporation, 5200 NE Elam Young Parkway, Hillsboro OR 97124-6497
Intel Corporation assumes no responsibility for errors or omissions in this manual. Nor does Intel make any commitment to update the information contained herein.
* Other names and brands may be claimed as the property of others.
FourthEdition November 2001 A14542-001
Contents
Contents ................................................ i
Preface .................................................1
Introduction ..................................................................... 1
Related Publications .......................................................2
1: Overview .......................................... 3
Summary of Features ..................................................... 3
Full-Duplex Support..................................................... 5
Virtual LANs (VLANs) .................................................. 5
Spanning Tree Protocol (STP) .................................... 5
Quality of Service (QoS).............................................. 6
Unicast Routing ........................................................... 6
IP Multicast Routing .................................................... 6
Load Sharing............................................................... 7
Software Licensing - Router License Keys .................. 7
Basic Functionality ...................................................... 7
Full Layer 3 Functionality ............................................ 8
Verifying the Router License ....................................... 8
Upgrading a Router License........................................ 8
Physical Features ............................................................ 8
Front View ................................................................... 8
Rear View .................................................................... 9
C O N T E N T S
AC Connector ............................................................ 10
Serial Number............................................................ 10
Console Port.............................................................. 10
Management Port ...................................................... 10
MAC Address ............................................................ 10
Switch LEDs .............................................................. 10
Software Factory Defaults ............................................12
Media Types, Distances and Specifications ...............14
Optical Output Power ................................................ 15
2: Installation and Setup ................... 17
Important Safety Information .......................................17
Determining the Switch Location ................................18
Installing the Switch ...................................................... 18
Rack Mounting........................................................... 18
Free-Standing............................................................ 20
Connecting Equipment to the Console Port .............. 20
Turning On the Switch .............................................. 20
Checking the Installation ........................................... 20
Logging In for the First Time ........................................21
Upgrading Your Firmware ............................................22
Installing the Gigabit Interface Connector (GBIC) ......22
3: Using Intel® Device View .............. 23
Installing Intel Device View ..........................................23
To Install Intel Device View ....................................... 24
Starting the Windows§ Version ................................. 25
Starting the Web Version........................................... 25
Installing a New Device ................................................. 26
To Install and Configure a New Switch for Management 26
Using the Device Tree ...................................................26
Device Tree icons...................................................... 27
To Add a Device to the Device Tree.......................... 28
To Refresh the Device Tree ...................................... 28
To Delete a Device from the Device Tree ................. 28
To Find a Device in the Device Tree ......................... 28
Losing Contact with a Device .................................... 29
Managing a Switch ........................................................29
ii
Intel® NetStructure™ 480T Routing Switch User Guide
Viewing RMON Information ..........................................30
To View RMON Statistics .......................................... 31
4: Using Web Device Manager .......... 33
Enabling and Disabling Web Access ...........................33
Setting Up Your Browser ..............................................34
Accessing Web Device Manager ..................................35
Navigating Web Device Manager .................................35
Task Frame ............................................................... 35
Content Frame........................................................... 36
Browser Controls .......................................................36
Status Messages .......................................................37
Stand-alone Buttons ..................................................37
Saving Changes .............................................................37
Filtering Information ......................................................38
Using the
Get Command to Configure a VLAN ............38
TFTP Server ...................................................................38
5: Accessing the Switch .................... 39
Understanding the Command Syntax .........................39
Syntax Helper ............................................................ 40
Command Completion with Syntax Helper................ 40
Abbreviated Syntax ................................................... 40
Command Shortcuts.................................................. 41
Numerical Ranges ..................................................... 41
Names ....................................................................... 41
Symbols ..................................................................... 42
Line-Editing Keys ..........................................................43
Command History .......................................................... 44
Common Commands ....................................................44
Configuring Management Access ................................48
User Account ............................................................. 48
Administrator Account ............................................... 48
Prompt Text ............................................................... 49
Default Accounts ....................................................... 49
Changing the Default Password ................................49
Creating a Management Account .............................. 50
Viewing Accounts ......................................................50
Deleting an Account ..................................................51
iii
C O N T E N T S
Domain Name Service Client ........................................51
Real-time Basic Connectivity Checking ......................52
Ping ........................................................................... 52
Traceroute ................................................................. 53
Methods of Managing the Switch ................................53
Using the Console Interface ...................................... 54
Using the 10/100 UTP Management Port.................. 54
Using Telnet ...................................................................54
Connecting to Another Host Using Telnet ................. 55
Configuring Switch IP Parameters............................. 55
Using a BOOTP Server .............................................55
Manually Configuring the IP Settings ........................56
Disconnecting a Telnet Session ................................ 58
Controlling Telnet Access .......................................... 58
Using Access Profiles ...................................................59
Creating an Access Profile ........................................ 59
Access Profile Rules.................................................. 61
Access Profile Example ............................................. 61
Using Web Device Manager .........................................61
Controlling Web Access ............................................ 62
Simple Network Management Protocol (SNMP) .........62
Accessing Switch Agents .......................................... 63
Supported MIBs......................................................... 63
Configuring SNMP Settings ....................................... 63
Displaying SNMP Settings......................................... 66
Authenticating Users ....................................................66
RADIUS Client........................................................... 66
Per-Command Authentication Using RADIUS ...........67
Configuring RADIUS Client .......................................67
RADIUS RFC 2138 Attributes ...................................70
Configuring TACACS+ .............................................. 70
Simple Network Time Protocol (SNTP) .......................72
Configuring and Using SNTP .................................... 73
SNTP Configuration Commands ............................... 77
SNTP Example .......................................................... 77
iv
Intel® NetStructure 480T Routing Switch User Guide
6: Configuring Ports .......................... 79
Configuring Ports ..........................................................79
Changing Port Speed and Duplex Setting................. 80
Random Early Detection (RED)................................. 80
Turning Off Auto-negotiation for a GBIC Port............ 81
Jumbo Frames ...............................................................81
Enabling Jumbo Frames............................................ 82
Path MTU Discovery.................................................. 82
IP Fragmentation with Jumbo frames ........................ 83
IP Fragmentation within a VLAN ...............................83
Load Sharing ..................................................................84
Load Sharing Algorithms ........................................... 84
Configuring Load Sharing.......................................... 85
Load-Sharing Example .............................................. 86
Verifying the Load Sharing Configuration.................. 86
Port Commands .............................................................86
Port-Mirroring ................................................................90
Mirroring Combined with Load Sharing ..................... 90
Mirroring IP Multicast Traffic ...................................... 91
Mirroring Bandwidth................................................... 91
Mirroring and Flooding............................................... 91
Mirroring and Download Configuration ...................... 91
Port-Mirroring Commands ............................................91
Port-Mirroring Example.............................................. 92
Enterprise Discovery Protocol .....................................92
EDP Commands........................................................ 93
7: Virtual LANs (VLANs) ..................... 95
Overview of Virtual LANs ..............................................95
Benefits...................................................................... 95
VLANs Help to Control Traffic ...................................96
VLANs Provide Extra Security ...................................96
VLANs Ease Device Change and Movement ............96
Bi-directional Rate Shaping for Layer 3 Routed VLANs . 96
Types of VLANs .............................................................97
Port-Based VLANs .................................................... 97
Spanning Switches with Port-Based VLANs .............98
Tagged VLANs .......................................................... 99
Uses of Tagged VLANs ...........................................100
v
C O N T E N T S
Assigning a VLAN Tag ............................................100
Mixing Port-Based and Tagged VLANs ...................102
Protocol-Based VLANs ............................................ 102
Predefined Protocol Filters ......................................103
Defining Protocol Filters ..........................................104
Deleting a Protocol Filter .........................................105
Precedence of Tagged Packets Over Protocol Filters....
105
VLAN Names ................................................................105
Default VLAN........................................................... 106
Renaming a VLAN................................................... 106
Configuring VLANs on the Switch .............................106
VLAN Configuration Examples ................................ 108
Example 1 ................................................................108
Example 2 ................................................................109
Example 3 ................................................................109
Example 4 ................................................................109
Example 5 ................................................................109
Displaying VLAN Settings ..........................................110
VLAN Statistics ............................................................ 111
Deleting VLANs ........................................................... 111
VLAN Tunneling (vMANs) ...........................................111
MAC-Based VLANs .....................................................114
MAC-Based VLAN Guidelines................................. 114
MAC-Based VLAN Limitations................................. 115
MAC-Based VLAN Commands ............................... 116
MAC-Based VLAN Example.................................... 116
Timed Configuration Download, MAC-Based VLANs ....
117
Example ................................................................... 118
8: Forwarding Database (FDB) ......... 119
Overview of the FDB ...................................................119
IP FDB Performance ............................................... 119
FDB Contents .......................................................... 120
FDB Entry Types ..................................................... 120
Dynamic Entries ......................................................120
Non-aging Entries ....................................................120
Permanent Entries ...................................................121
Blackhole Entries ..................................................... 121
vi
Intel® NetStructure 480T Routing Switch User Guide
How FDB Entries Get Added................................... 121
Associating a QoS Profile with an FDB Entry.......... 122
Configuring FDB Entries .............................................122
FDB Configuration Examples 123
Displaying FDB Entries ...............................................124
Removing FDB Entries ................................................124
9: Spanning Tree Protocol (STP) ..... 125
Overview of Spanning Tree Protocol .........................125
Spanning Tree Domains .............................................125
STP Configurations .....................................................126
Configuring STP ...................................................... 129
STP Configuration Example .................................... 132
Displaying STP Settings .............................................132
Disabling and Resetting STP ......................................133
10: Quality of Service (QoS) ............ 135
Overview of Policy-Based Quality of Service ...........135
Random Early Detection.......................................... 136
Policy-Based Routing and Route Load Sharing ...... 136
Performance Impact ....................................................136
Applications and Types of QoS .................................137
Voice Applications ................................................... 137
Video Applications ................................................... 137
Critical Database Applications................................. 138
Web Browsing Applications ..................................... 138
File Server Applications ........................................... 139
Building Blocks ...........................................................139
Assigning QoS Attributes ..........................................139
QoS Profiles .................................................................140
Configuring a QoS Profile ........................................ 142
Modifying a QoS Profile ........................................... 144
Traffic Groupings and Creating a QoS Policy ..........144
IP-Based Traffic Groupings ..................................... 145
MAC-Based Traffic Groupings................................. 145
Permanent MAC Addresses ....................................146
Dynamic MAC Addresses ........................................146
Blackhole MAC Address .......................................... 146
Broadcast/Unknown Rate Limiting MAC Address ...147
Verifying MAC-Based QoS Settings ........................147
vii
C O N T E N T S
Explicit Class of Service Traffic Groupings (802.1p and
DiffServ)................................................................... 147
Configuring 802.1p Priority ......................................148
Observing 802.1p Information .................................148
Replacing 802.1p Priority Information .....................149
802.1p Commands ..................................................150
Configuring DiffServ ................................................ 151
Observing DiffServ Information ...............................152
Changing DiffServ Code Point Assignments in the QoS
Profile ...................................................................... 152
Replacing DiffServ Code Points ..............................153
DiffServ Example .....................................................156
Physical and Logical Groupings .............................. 156
Source Port ..............................................................156
VLAN ....................................................................... 157
Verifying Physical and Logical Groupings ...............157
Verifying Configuration and Performance ................157
QoS Monitor ............................................................ 158
Real-Time Performance Monitoring ......................... 158
Background Performance Monitoring ...................... 159
Displaying QoS Information..................................... 159
Modifying a QoS Policy ..............................................160
QoS Profile Buffer .......................................................160
Maximum QoS Buffer .............................................. 160
Bandwidth Settings and Their Impact...................... 161
Maximum bandwidth settings ..................................161
Minimum bandwidth settings ...................................162
Bi-directional Rate Shaping for Layer 3 Routed VLANs 163
Configuring Bi-Directional Rate Shaping ................. 164
Bi-Directional Rate Shaping Limitations .................. 165
Bi-Directional Rate Shaping Commands ................. 165
11: Enterprise Standby Router Protocol
(ESRP) .............................................. 167
Overview ......................................................................167
ESRP-Aware Switches............................................ 168
ESRP Basics ................................................................168
Multiple ESRP VLANs ............................................. 169
Mixing Clients and Routers on ESRP VLANs.......... 169
viii
Intel® NetStructure 480T Routing Switch User Guide
Ensure that EDP is Enabled .................................... 169
ESRP and Host Attached Ports............................... 169
Open Shortest Path First and ESRP ....................... 169
Determining the ESRP Master ....................................170
ESRP Tracking ........................................................ 171
ESRP VLAN Tracking ..............................................171
ESRP Route Table Tracking ...................................171
ESRP Ping Tracking ................................................171
ESRP Election Algorithms ....................................... 172
Master Switch Behavior........................................... 172
Standby Switch Behavior......................................... 172
Electing the Master Switch ...................................... 173
Failover Time ........................................................... 173
ESRP Options ..............................................................174
ESRP Host Attach ................................................... 174
ESRP Domains........................................................ 175
ESRP Groups .......................................................... 175
Linking ESRP Switches ..............................................177
Configuring ESRP and Multinetting ...........................177
ESRP and Spanning Tree ...........................................177
ESRP and VLAN Aggregation ....................................178
ESRP Commands ........................................................179
ESRP Examples ...................................................... 182
Single VLAN Using Layer 2 and Layer 3 Redundancy .. 182
Multiple VLANs Using Layer 2 Redundancy ............184
Displaying ESRP Information .....................................186
ESRP Environment and Diagnostic Tracking .......... 186
12: IP Unicast Routing .................... 189
Overview of IP Unicast Routing .................................189
Policy-Based Routing and Route Load-Sharing ...... 190
Router Interfaces ..................................................... 191
Populating the Routing Table .................................. 192
Dynamic Routes ...................................................... 192
Static Routes ...........................................................192
Multiple Routes ........................................................193
IP Route Sharing ..................................................... 193
Route Map Support .....................................................193
Route Map Support for OSPF Export ...................... 194
ix
C O N T E N T S
BGP and OSPF Route Map Support for Tagging.... 195
BGP and OSPF Route Map Support for DSB Accounting 195
Proxy ARP ....................................................................196
ARP-Incapable Devices........................................... 196
Proxy ARP Between Subnets.................................. 196
Relative Route Priorities .............................................197
IP Multinetting ..............................................................198
IP Multinetting Operation ......................................... 199
IP Multinetting Examples ......................................... 200
Configuring IP Unicast Routing .................................201
Verifying the IP Unicast Routing Configuration ....... 202
VLAN Aggregation ......................................................202
VLAN Aggregation Properties ................................. 204
VLAN Aggregation Limitations................................. 204
SubVLAN Address Range Checking ....................... 205
Isolation Option for Communication Between subVLANs 205
VLAN Aggregation Commands ............................... 205
VLAN Aggregation Example.................................... 206
Verifying the VLAN Aggregation Configuration ....... 207
Configuring DHCP/BOOTP Relay ..............................207
Verifying the DHCP/BOOTP Relay Configuration ... 208
UDP Forwarding ..........................................................208
Configuring UDP Forwarding................................... 209
UDP-Forwarding Example....................................... 209
ICMP Packet Processing ......................................... 209
UDP-Forwarding Commands .................................. 210
IP Commands ..............................................................211
Routing Configuration Example ................................219
Displaying Router Settings ........................................220
Resetting and Disabling Router Settings ..................221
13: RIP and OSPF ............................ 223
Overview ......................................................................223
Distinguishing RIP and OSPF ................................. 224
Overview of RIP ........................................................... 225
Routing Table .......................................................... 225
Split Horizon ............................................................ 225
Poison Reverse ....................................................... 225
x
Intel® NetStructure 480T Routing Switch User Guide
Triggered Updates................................................... 226
Route Advertisement of VLANs ............................... 226
RIP Version 1 Compared to RIP Version 2 ............. 226
Overview of OSPF .......................................................226
Link-State Database ................................................ 227
Areas ....................................................................... 227
Area 0 ......................................................................228
Stub Areas ...............................................................228
Not-So-Stubby-Areas (NSSAs) ...............................228
Normal Area ............................................................229
Virtual Links .............................................................229
OSPF Database Overflow ....................................... 231
OSPF Passive Interface ..............................................231
Routing with OSPF ......................................................232
Set the RouterID ...................................................... 232
Route Redistribution ...................................................232
Configuring Route Redistribution............................. 233
Redistributing Routes into OSPF ............................. 233
Redistributing Routes into RIP ................................234
OSPF Timers and Authentication ..............................235
OSPF Password Encryption .......................................235
Route Map Support .....................................................235
Route Map Support for OSPF Export ...................... 236
BGP and OSPF Route Map Support for Tagging .... 236
BGP and OSPF Route Map Support for DSB Accounting 237
Configuring RIP ...........................................................237
RIP Configuration Example ........................................240
Displaying RIP Settings ..............................................242
Resetting and Disabling RIP .......................................242
Configuring OSPF .......................................................243
OSPF Configuration Example ................................. 249
Configuration for ABR1............................................ 250
Configuration for IR1 ............................................... 251
Displaying OSPF Settings ..........................................252
Resetting and Disabling OSPF Settings ....................253
xi
C O N T E N T S
14: Border Gateway Protocol (BGP) 255
Overview ......................................................................255
BGP Attributes .............................................................256
BGP Communities ....................................................... 256
BGP Features ...............................................................257
Route Reflectors...................................................... 257
Route Confederations.............................................. 258
Route Confederation Example ................................258
Route Aggregation ......................................................262
Using Route Aggregation ........................................262
Route Map Support ................................................. 262
Interior Gateway Protocol (IGP) Synchronization.... 262
Using the Loopback Interface.................................. 263
OSPF-to-BGP Route Redistribution ........................ 263
BGP Peer Groups.................................................... 263
BGP MD5 Authentication ............................................265
BGP Password Encryption ......................................... 266
Configuring BGP .........................................................266
Displaying BGP Settings ............................................ 271
Resetting and Disabling BGP .....................................272
BGP Route Selection ..................................................273
15: IP Multicast Routing .................. 275
Overview ......................................................................275
DVMRP Overview.................................................... 276
PIM Overview .......................................................... 276
PIM-DM ................................................................... 276
PIM Sparse Mode (PIM-SM) ...................................277
Static Rendezvous Points (RPs) .............................277
PIM Mode Translation ............................................. 277
IP Multicast Cache Display...................................... 278
IGMP Overview ............................................................278
IGMP Snooping ....................................................... 278
IGMP Leave Message .............................................279
IGMP Display ...........................................................279
IGMP Query Interval ................................................280
IGMP Configuration Commands ................................280
Configuring IP Multicasting Routing .........................282
Configuration Examples .......................................... 285
Configuration for IR1 ............................................... 285
xii
Intel® NetStructure 480T Routing Switch User Guide
PIM-SM Configuration Example .............................. 286
Configuration for ABR1............................................ 287
Displaying IP Multicast Routing Settings ..................287
Deleting and Resetting IP Multicast Settings ...........288
16: IPX Routing ............................... 291
Overview of IPX ...........................................................291
Router Interfaces ..................................................... 291
IPX Encapsulation Types ........................................ 293
IPX and IP .....................................................................293
IP and IPX on the Same VLAN................................ 294
Tagged IPX VLAN ................................................... 294
IPX Load Sharing .................................................... 294
Populating the Routing Table .................................. 295
Dynamic Routes ...................................................... 295
Static Routes ...........................................................295
IPX/RIP Routing ...........................................................295
GNS Support ........................................................... 296
Routing SAP Advertisements .................................. 296
Configuring IPX ...........................................................297
Verifying IPX Router Configuration.......................... 297
Protocol-Based VLANs for IPX ................................ 298
Tuning...................................................................... 298
Tagged VLANs and IPX .......................................... 299
IPX and Round-Robin Load Sharing ....................... 299
IPX Performance Testing Using Traffic Generators 299
IPX and Bi-Directional Rate Shaping....................... 299
IPX Commands ............................................................ 300
IPX Configuration Example ........................................304
Displaying IPX Settings ..............................................305
Resetting and Disabling IPX .......................................306
17: Access Policies ......................... 309
Overview of Access Policies ......................................309
IP Access Lists ........................................................ 309
Routing Access Policies .......................................... 310
§
IPX
Routing Access Policies .................................310
Route Maps ............................................................. 311
Using IP Access Lists .................................................311
How IP Access Lists Work....................................... 312
xiii
C O N T E N T S
Precedence Numbers.............................................. 312
Specifying a Default Rule ........................................ 312
The Permit-Established Keyword ............................ 313
Adding and Deleting Access List Entries................. 314
Maximum Entries..................................................... 314
Access Lists for ICMP .................................................314
Security and Access Policies................................... 315
Verifying Access List Configurations ....................... 315
Access List Commands ..............................................315
IP Access List Examples ............................................320
Example 1: Using the Permit-Established Keyword 320
Step 1 – Deny IP Traffic ..........................................320
Step 2 – Allow TCP Traffic ......................................321
Step 3 - Permit-Established Access List ..................322
Example 2: Filtering ICMP Packets......................... 323
Using Routing Access Policies ..................................323
Creating an Access Profile ...................................... 324
Configuring an Access Profile Mode ....................... 324
Adding an Access Profile Entry ............................... 325
Specifying Subnet Masks ........................................325
Sequence Numbering ..............................................326
Permit and Deny Entries ..........................................326
Autonomous System Expressions ...........................326
Deleting an Access Profile Entry .............................327
Applying Access Profiles ......................................... 327
Routing Access Policies for RIP .............................. 327
Examples ................................................................. 328
Routing Access Policies for OSPF .......................... 329
OSPF Access Policy Example .................................330
Routing Access Policies for DVMRP ....................... 331
DVMRP Example ..................................................... 332
Routing Access Policies for PIM.............................. 332
PIM Example ...........................................................333
Routing Access Policies for BGP ............................ 333
Making Changes to a Routing Access Policy ...........334
Removing a Routing Access Policy ..........................334
Routing Access Policy Commands ...........................335
Using Route Maps .......................................................337
Creating a Route Map ............................................. 338
Add Entries to the Route Map ................................. 338
Add Statements to the Route Map Entries .............. 338
xiv
Intel® NetStructure 480T Routing Switch User Guide
Route Map Operation .............................................. 341
Route Map Example ................................................341
Changes to Route Maps.......................................... 342
Route Maps in BGP................................................. 343
Route Map Commands............................................ 343
18: Server Load Balancing (SLB) ..... 347
Overview .......................................................................347
SLB Components ........................................................347
Nodes ...................................................................... 348
Pools........................................................................ 348
Virtual Servers ......................................................... 348
Forwarding Modes .......................................................349
Transparent Mode ................................................... 350
Translational Mode .................................................. 352
Port Translation Mode ............................................. 354
GoGo Mode ............................................................. 355
VIP Network Advertisement ........................................356
Balancing Methods ......................................................357
Round-Robin ........................................................... 357
Ratio ........................................................................ 358
Ratio Weight ............................................................358
Least Connections................................................... 358
Priority ..................................................................... 359
Basic SLB Commands ................................................359
Advanced SLB Application Example .........................363
Health Checking ..........................................................368
Health check definitions........................................... 368
Layer 3 Ping Check .................................................368
Layer 4 Port Check ..................................................368
Layer 7 HTTP Check ...............................................368
Layer 7 FTP Check ..................................................368
Layer 7 NNTP Check ...............................................369
Layer 7 POP3, SMTP, and Telnet Check ................369
Internal Health Checking ......................................... 369
Ping-Check ..............................................................370
TCP-Port-Check ......................................................370
Service-Check .........................................................371
GoGo Mode Health Checking ..................................372
SLB Global Connection Timeout .............................374
xv
C O N T E N T S
External Health Checking ........................................ 374
Health Checks for Web Cache Redirection and Policy
Based Routing......................................................... 375
Layer 4 Flows .......................................................... 376
Policy-Based Routing with Route Load-Sharing...... 376
Layer 4 Destination Port .......................................... 376
Maintenance Mode ......................................................377
Persistence ..................................................................377
Client Persistence.................................................... 377
SLB Proxy Client Persistence .................................. 377
Sticky Persistence ................................................... 378
Server Load Balancing with ESRP ............................378
Configuring the Switches for SLB and ESRP .......... 380
Combined SLB and ESRP failover .......................... 381
Configuration of SLB with ESRP ............................. 382
Web-Server Configuration ....................................... 382
Using High Availability System Features ..................382
Redundant SLB ....................................................... 383
Using Ping-Check.................................................... 383
Configuring Active-Active Operation........................ 383
Sample Active-Active Configuration ........................384
Using Manual Fail-Back........................................... 387
Using SLB High Availability ..................................... 387
Configuring Clients .................................................. 388
Configuring Switches for SLB H/A ...........................388
Notes on Configuring SLB H/A ................................ 390
Web Server configuration ........................................ 391
Advanced SLB Commands ........................................392
Web Cache Redirection ..............................................398
Flow Redirection...................................................... 398
Precedence of Flow Redirection Rules ................... 399
Flow Redirection Commands .................................. 400
Flow Redirection Example....................................... 401
19: Status Monitoring and Statistics .....
403
Status Monitoring ........................................................403
Port Statistics ..............................................................405
Port Errors ...................................................................406
xvi
Intel® NetStructure 480T Routing Switch User Guide
Port Monitoring Display Keys ....................................407
Setting the System Recovery Level......................... 408
Logging ........................................................................408
Local Logging .......................................................... 410
If not specified, info and higher priority messages dis-
play. ......................................................................... 410
Real-Time Display ................................................... 411
Remote Logging ...................................................... 411
Logging Configuration Changes.............................. 412
Logging Commands ................................................ 412
RMON ............................................................................414
RMON Features ...................................................... 415
Statistics ..................................................................415
History ..................................................................... 415
Alarms .....................................................................416
Events ......................................................................416
Configuring RMON .................................................. 416
RMON Probe with Security Features Enabled ........417
Event Actions........................................................... 417
20: Software Upgrade and Boot Options 419
Overview .......................................................................419
Saving Configuration Changes ..................................419
Upgrading Your Switch ...............................................420
Starting a TFTP Server............................................ 420
Upgrading the BootROM ......................................... 421
Upgrading the Firmware .......................................... 422
Downgrading Your Switch ....................................... 422
Using TFTP to Upload the Configuration ..................423
Using TFTP to Download the Configuration .............424
Downloading a Complete Configuration .................. 424
Downloading an Incremental Configuration............. 425
Scheduled Incremental Configuration Download .... 425
Remember to Save ......................................................426
Accessing BootROM ...................................................426
Boot Option Commands .............................................427
xvii
Intel® NetStructure 480T Routing Switch User Guide
A: Technical Specifications and
Supported Limits............................... 431
Technical Specifications .............................................431
Supported Standards, RFCs and Protocols ..............433
Supported Limits .........................................................434
B: Troubleshooting............................ 439
LEDs .............................................................................439
Using the Command-Line Interface ...........................440
Port Configuration .......................................................442
OSPF (Open Shortest Path First) ...............................443
VLANs ...........................................................................444
VLAN Names ...........................................................445
VLANs, IP Addresses and Default Routes ..............445
STP ................................................................................445
ESRP .............................................................................446
Troubleshooting Tools ................................................446
Debug Tracing ......................................................... 446
TOP Command ........................................................ 446
C: Regulatory Information................. 447
Compliance statements ..............................................447
Warnings ......................................................................449
Limited Hardware Warranty ........................................450
D: Intel Customer Support ................ 461
Index ................................................ 465
xviii
Intel
®
NetStructure
480T Routing Switch User Guide
List of Figures
Figure 1.1: Intel® NetStructure™ 480T routing switch
(front) ........................................................................... 9
Figure 1.2: Intel
and without redundant power supply) ......................... 9
Figure 2.1: Fitting the mounting bracket ........................ 19
Figure 2.2: GBIC module (1000 Mbps ports) ................. 22
Figure 7.1: Example of a port-based VLAN on the Intel
NetStructure™ 480T routing switch .......................... 97
Figure 7.2: Single port-based VLAN spanning two switches
98 Figure 7.3: Two port-based VLANs spanning two switches
99 Figure 7.4: Physical diagram of tagged and untagged traffic
101 Figure 7.5: Logical diagram of tagged and untagged traffic
101
Figure 7.6: Protocol-based VLANs .............................. 103
Figure 7.7: vMAN Configuration ................................. 113
Figure 9.1: Multiple Spanning Tree Domains - VLAN tag-
ging for trunk connections ....................................... 127
Figure 9.2: Tag-based STP configuration -Incorrect .... 128
Figure 10.1: Ethernet packet encapsulation .................. 148
Figure 10.2: IP packet header encapsulation ................ 151
Figure 11.1: ESRP host attach ...................................... 175
Figure 11.2: ESRP groups ............................................ 176
Figure 11.3: ESRP example using Layer 2 and Layer 3 re-
dundancy .................................................................. 183
Figure 11.4: ESRP example using Layer 2 redundancy 184
Figure 12.1: Routing between VLANs ......................... 191
Figure 12.2: VLAN aggregation ................................... 203
Figure 12.3: Unicast routing configuration example .... 219
Figure 13.1: Virtual link for stub area .......................... 230
Figure 13.2: Virtual link providing redundancy ........... 230
Figure 13.3: Route redistribution .................................. 233
Figure 13.4: RIP configuration example ....................... 241
Figure 13.5: OSPF configuration example ................... 249
®
NetStructure™ 480T routing switch (with
®
xix
C O N T E N T S
Figure 14.1: Route reflectors ........................................ 257
Figure 14.2: Routing confederation .............................. 258
Figure 15.1: IP multicast routing PIM-DM configuration ex-
ample ........................................................................ 285
Figure 15.2: IP multicast routing using PIM-SM configura-
tion ........................................................................... 286
Figure 16.1: IPX VLAN configuration ......................... 292
Figure 16.2: IPX routing configuration example .......... 304
Figure 17.1: Access list denies all TCP and UDP traffic ....
321
Figure 17.2: Access list allows TCP traffic .................. 321
Figure 17.3: Host A initiates a TCP session to Host B . 322 Figure 17.4: Permit-established access list filters out SYN
packet to destination ................................................ 323
Figure 17.5: ICMP packets are filtered out ................... 323
Figure 17.6: RIP access policy example ....................... 328
Figure 17.7: OSPF access policy example .................... 331
Figure 17.8: Route maps ............................................... 341
Figure 18.1: Transparent mode ..................................... 351
Figure 18.2: Translational mode ................................... 353
Figure 18.3: GoGo mode .............................................. 355
Figure 18.4: Advanced SLB configuration ................... 364
Figure 18.5: SLB using ESRP and dual-attached servers ...
379
Figure 18.6: Active-active configuration ...................... 385
Figure 18.7: SLB failover configuration using SLB H/A ...
388
Figure 18.8: Flow-redirection example ........................ 401
xx
Intel
®
NetStructure
480T Routing Switch User Guide
List of Tables
Table 1.1: Switch LEDs .................................................. 11
Table 1.2: Global Factory Defaults ................................. 12
Table 1.3: Media Types and Distances ........................... 14
Table 1.4: 1000LH Specifications .................................. 15
Table 4.1: Multi-Select List Box Key Definitions .......... 36
Table 5.1: Command Syntax Symbols ........................... 42
Table 5.2: Line-Editing Keys .......................................... 43
Table 5.3: Common Commands ..................................... 44
Table 5.4: Default Accounts ........................................... 49
Table 5.5: DNS Commands ............................................ 51
Table 5.6: Ping Command Parameters ........................... 52
Table 5.7: Access Profile Configuration Commands ..... 59
Table 5.8: SNMP Configuration Commands .................. 64
Table 5.9: RADIUS® Commands ................................... 68
Table 5.10: TACACS+ Commands ................................ 71
Table 5.11: Greenwich Mean Time Offsets .................... 74
Table 5.12: SNTP Configuration Commands ................. 77
Table 6.1: Port Commands ............................................. 87
Table 6.2: Port-Mirroring Configuration Commands ..... 91
Table 6.3: EDP Commands ............................................ 93
Table 7.1: ..................................................................... 105
Table 7.2: VLAN Configuration Commands ............... 107
Table 7.3: VLAN Delete and Reset Commands ........... 111
Table 7.4: MAC-Based VLAN Commands .................. 116
Table 8.1: FDB Configuration Commands ................... 122
Table 8.2: Removing FDB Entry Commands ............... 124
Table 9.3: STP Configuration Commands .................... 130
Table 9.4: STP Disable and Reset Commands ............. 133
Table 10.1: Traffic Type and QoS Guidelines .............. 139
Table 10.2: Default QoS Profile Names and Queues ... 140
Table 10.3: Default QoS Profiles .................................. 142
Table 10.4: QoS Configuration Commands ................. 143
Table 10.5: Traffic Groupings by QoS Mode ............... 144
Table 10.6: 802.1p Priority Value-to-QoS Profile Mapping 149
xxi
C O N T E N T S
Table 10.7: 802.1p Priority Value-to-Hardware Queue Map-
ping ................................................................................ 150
Table 10.8: 802.1p Configuration Commands .............. 150
Table 10.9: Default Code Point-to-QoS Profile Mapping .. 152 Table 10.10: Default 802.1p Priority Value-to-Code Point
Mapping ......................................................................... 154
Table 10.11: DiffServ Configuration Commands ......... 155
Table 10.12: QoS Monitor Commands ......................... 158
Table 10.13: QoS Maximum Bandwidth Settings ........ 161
Table 10.14: QoS Profile Minimum Bandwidth ........... 162
Table 11.1: ESRP Commands ...................................... 179
Table 12.1: Relative Route Priorities ............................ 197
Table 12.2: VLAN Aggregation Commands ................ 206
Table 12.3: UDP-Forwarding Commands .................... 210
Table 12.4: Basic IP Commands ................................... 212
Table 12.5: Route Table Configuration Commands ..... 214
Table 12.6: ICMP Configuration Commands ............... 216
Table 12.7: Router Show Commands ........................... 220
Table 12.8: Router Reset and Disable Commands ....... 221
Table 13.1: LSA Type Numbers ................................... 227
Table 13.2: RIP Configuration Commands .................. 237
Table 13.3: RIP Show Commands ................................ 242
Table 13.4: RIP Reset and Disable Commands ............ 243
Table 13.5: OSPF Configuration Commands ............... 244
Table 13.6: OSPF Show Commands ............................ 252
Table 13.7: OSPF Reset and Disable Commands ......... 253
Table 14.1: BGP Configuration Commands ................. 266
Table 14.2: BGP Show Commands .............................. 271
Table 14.3: BGP Reset and Disable Commands .......... 272
Table 15.1: IGMP Configuration Commands ............... 280
Table 15.2: IP Multicast Routing Configuration Commands 282 Table 15.3: IP Multicast Routing Show Commands ... 287 Table 15.4: IP Multicast Routing Reset and Disable
Commands .................................................................... 288
Table 16.1: IPX§ Encapsulation Types ......................... 293
xxii
Intel
®
NetStructure
480T Routing Switch User Guide
Table 16.2: IPX§ Protocol Filters and Encapsulation Types 298
Table 16.3: Basic IPX§ Commands ............................ 300
Table 16.4: IPX§ /RIP Configuration Commands ........ 301
Table 16.5: IPX Table 16.6: IPX
§
§
Table 16.7: IPX§ Reset and Disable Commands ......... 306
Table 17.1: Access List Configuration Commands ...... 316
Table 17.2: Regular Expression Notation ..................... 326
Table 17.3: Routing Access Policy Configuration Com-
mands ............................................................................. 335
Table 17.4: Match Operation Keywords ....................... 339
Table 17.5: Set Operation Keywords ............................ 340
Table 17.6: Route Map Commands .............................. 344
Table 18.1: Forwarding Mode Feature Summary ......... 350
Table 18.2: Basic SLB Commands ............................... 359
Table 18.3: Service-Check Parameters ......................... 371
Table 18.4: Advanced SLB Commands ....................... 392
Table 18.5: Example #1: Flow Redirection Rules ........ 399
Table 18.6: Example #2: Flow Redirection Rules ........ 400
Table 18.7: Flow Redirection Commands .................... 400
Table 19.1: Status Monitoring Commands .................. 404
Table 19.2: Port Monitoring Display Keys .................. 407
Table 19.3: Fault Levels .............................................. 409
Table 19.4: Fault Log Subsystems ............................... 409
Table 19.5: Logging Commands .................................. 412
Table 19.6: Event Actions ........................................... 417
Table 20.1: Boot Option Commands ........................... 427
Table A.1: Specifications .............................................. 431
Table A.2: Supported Standards, RFCs and Protocols . 433
Table A.3: Supported Limits ........................................ 434
/SAP Configuration Commands ........ 302
Show Commands .............................. 305
xxiii
C O N T E N T S
xxiv
Preface
This preface provides an overview of this user guide, describes guide conventions, and lists other useful publications.
Introduction
Information in the “Late Breaking News” shipped with your switch is more up to date than the information in this guide.
This user guide provides the information you need to configure the Intel® NetStructure
It is intended for use by network administrators who are responsible for installing and setting up network equipment, and assumes a basic working knowledge of:
Local Area Networks (LANs)
Ethernet concepts, including switching and bridging
Routing
Internet Protocol (IP)
Routing Information Protocol (RIP) and Open Shortest Path First
(OSPF)
Border Gateway Protocol (BGP-4)
IP Multicast
Distance Vector Multicast Routing Protocol (DVMRP)
Protocol Independent Multicast (PIM)
480T routing switch.
®
Intel
NetStructure480T Routing Switch User Guide
Internet Packet Exchange (IPX)
Server Load Balancing (SLB)
Simple Network Management Protocol (SNMP)
Related Publications
For further information refer to these publications:
Command Line Interface Reference Guide
Intel
Late Breaking News
Documentation for Intel products is available on the World Wide Web at the Intel support home page:
http://support.intel.com
®
NetStructure™ 480T Routing Switch Quick Start Guide
2
1
Overview
The Intel® NetStructure™ 480T routing switch uses a powerful, full­featured software operating system for local management of the switch. This chapter offers an overview of the switch operation and covers these topics:
Summary of features
Software licensing
Hardware specifications and factory defaults
Media types
Summary of Features
The features of the 480T routing switch include:
Virtual local area networks (VLANs) including support for IEEE
802.1Q and IEEE 802.1p (priority queuing)
VLAN aggregation
Spanning Tree
domains
Protocol (STP) (IEEE 802.1D) with multiple STP
Policy-Based Quality of Service (PB-QoS)
Wire-speed IP routing
®
Intel
NetStructure480T Routing Switch User Guide
IP Multinetting
Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol
(BOOTP) Relay
Enterprise Standby Router Protocol (ESRP)
RIP (Routing Information Protocol) version 1 and version 2
OSPF (Open Shortest Path First) routing protocol
BGP-4
Wire-speed IP multicast routing support
Diffserv (Differentiated Services) protocol support
Access policy support for routing protocols
Access list support for packet filtering
IGMP (Internet Group Management Protocol) snooping to control
IP multicast traffic
DVMRP (Distance Vector Multicast Routing Protocol)
Protocol Independent Multicast-Dense Mode (PIM-DM)
Protocol Independent Multicast-Sparse Mode (PIM-SM)
Wire-speed IPX
(SAP) support
§
, IPX/RIP, and IPX/Service Advertising Protocol
SLB support
Load sharing (link aggregation) on multiple ports
RADIUS (Remote Authorization Dial-In User Service) client and
per-command authentication support
TACACS+ (Terminal Access Controller Access Control System) support
Console command line interface (CLI) connection
Telnet CLI connection
Web-based management interface
Simple Network Management Protocol (SNMP) support
RMON (Remote Monitoring)
Traffic mirroring for all ports
Intel® Device View (IDV) support
4
C H A P T E R 1 Overview
Full-Duplex Support
The 480T routing switch provides full-duplex support for all ports. Full-duplex mode allows frames to be transmitted and received simultaneously and, in effect, doubles the bandwidth available on a link. All 100/1000 Mbps ports on the 480Tswitch autonegotiate for half-duplex or full-duplex operation.
The 1000BASE-SX, 1000BASE-LX and 1000LH ports operate in full-duplex mode only.
Virtual LANs (VLANs)
The local management software has a VLAN feature that enables you to construct your broadcast domains without being restricted by physical connections. A VLAN is a group of location and topology­independent devices that communicate as if they were on the same physical LAN.
Implementing VLANs on your network has three advantages:
Better broadcast traffic control - If a device in VLAN Marketing
transmits a broadcast frame, only VLAN Marketing devices receive the frame.
See Chapter 7, "Virtual LANs (VLANs)" on page 95.
See Chapter 9, "Spanning Tree Protocol (STP)" on page 125.
Extra security - Devices in VLAN Marketing can only
communicate with devices in VLAN Sales using routing services.
Easier to change or move devices on your networks.
Spanning Tree Protocol (STP)
The 480T routing switch supports the IEEE 802.1D Spanning Tree Protocol (STP), a bridge-based method of providing fault tolerance on networks. STP enables you to implement parallel paths for network traffic, and ensure that redundant paths are:
Disabled when the main paths are operational.
Enabled if the main traffic paths fail.
A single spanning tree may span multiple VLANs.
5
®
Intel
NetStructure 480T Routing Switch User Guide
Quality of Service (QoS)
See Chapter 10,"Quality of Service (QoS)" on page 135.
See IP Unicast Routing on page 189.
The local management software has Policy-Based Quality of Service (QoS) features that enable you to specify service levels for different traffic groups. By default, all traffic is assigned a normal QoS policy profile.
You can create other QoS policies and apply them to different traffic types so that they have different guaranteed minimum bandwidth, maximum bandwidth, and priority.
Unicast Routing
The 480T routing switch can route IP or IPX traffic between VLANs that are configured as virtual router interfaces. Both dynamic and static IP routes are maintained in the routing table. The routing protocols supported include:
RIP version 1
RIP version 2
OSPF-2
IPX/RIP
BGP-4
For further information consult these chapters:
"IP Unicast Routing" on page 189
See IP Multicast Routing on page 275.
6
"RIP and OSPF" on page 223
"Border Gateway Protocol (BGP)" on page 255
"IPX Routing" on page 291
IP Multicast Routing
The 480T routing switch enables you to use IP multicasting to allow a single IP host to transmit a packet to a group of IP hosts. It supports multicast routes learned by way of the Distance Vector Multicast Routing Protocol (DVMRP) or Protocol Independent Multicast, dense or sparse mode (PIM-DM or PIM-SM).
C H A P T E R 1 Overview
Load Sharing
See Configuring Ports on page 79.
Load sharing allows you to increase bandwidth and resiliency by using a group of ports to carry traffic in parallel between systems. The switchs sharing algorithm allows you to use multiple ports as a single logical port.
For example, VLANs treat the load-sharing group as a single virtual port.
Software Licensing - Router License Keys
You can expand the feature set of your switch using a license key. The keys are unique to the 480T routing switch and are not transferable. Keys are stored in NVRAM and, once entered, persist through reboots, software upgrades, and later reconfigurations.
In the firmware, routing protocol support is separated into two sets:
Basic
Full Layer 3.
Basic is a subset of Full Layer 3.
Basic Functionality
Basic functionality requires no license key. It includes all switching functions, as well as all available Layer 3 QoS, access list, and ESRP functions.
Basic includes support for these Layer 3 routing functions:
IP routing using RIP version 1, RIP version 2, or both
IP routing between directly attached VLANs
IP routing using static routes
7
®
Intel
NetStructure 480T Routing Switch User Guide
Full Layer 3 Functionality
Switches using a Full Layer 3 license also support other routing protocols and functions in addition to Basic functions, including:
IP routing using OSPF
IP multicast routing using DVMRP
IP multicast routing using PIM (Dense or Sparse Mode)
IPX routing (direct, static, and dynamic using IPX/RIP and IPX/
SAP)
IP routing using BGP
Server load balancing (SLB)
Web cache redirection
Verifying the Router License
To verify the router license, use the show switch command.
Upgrading a Router License
You can upgrade the router license of a switch by purchasing a voucher from Intel. The voucher contains instructions on obtaining a license key from the Intel web site at support.intel.com.
Once a license key is entered, it is not necessary to enter the information again. We recommend keeping the upgrade voucher for your records.
Physical Features
Front View
Figure 1.1 shows the switch front view.
The 480T routing switch has 12 100/1000-Mbps ports, and four 1000 Mbps-only ports. Ports 13 through 16 use modular GBIC connectors.
8
C H A P T E R 1 Overview
®
100/1000 Mbps ports Unit status LEDs
3421
87654321
161514131211109
11 12109
13 161514
Port status LEDs GBIC ports
®
NetStructure™ 480T routing switch (front)
For information on
Figure 1.1: Intel
Rear View
switch LEDs, refer to "Switch LEDs" on page
10.
100-120/200-240
AC Connectors
Primary Power
Figure 1.2 shows two rear view configurations. The second has a redundant power supply.
130116-00 Rev01
7865
N232
MADE IN USA
with partial foreign content
Rx TxRx TxRx TxRx Tx
ResetAC Connector
Management port
Reset
480t_fr
Console port
480t_rr1
Console port
Redundant Power
100-120/200-240
N232
with partial foreign content
130116-00 Rev01
Figure 1.2: Intel
®
NetStructure™ 480T routing switch (with and
without redundant power supply)
MADE IN USA
Management port
480t_rr2
9
®
Intel
NetStructure 480T Routing Switch User Guide
AC Connector
The 480T routing switch automatically adjusts to the supply voltage. The power supply unit (PSU) operates down to 100V, and is suitable for both 110 VAC and 200-240 VAC operation.
Serial Number
Use this serial number for fault-reporting purposes.
Console Port
Use the console port (9-pin, D-type connector) for connecting a terminal and carrying out local out-of-band management.
For information on supported media types and distances, refer to Table 1.3 on page 14.
Management Port
The management port (RJ-45 connector) is a 10/100 Mbps Ethernet connection used for out-of-band management.
MAC Address
This label shows the unique Ethernet MAC address assigned to this device.
Switch LEDs
Table 1.1 describes the light emitting diode (LED) behavior on the 480T routing switch.
10
C H A P T E R 1 Overview
.
Table 1.1: Switch LEDs
LED Color Indicates
1000BASE-X Port Status LEDs (GBIC LEDs)
Link/activity Green
Orange
Green flashing (steady) Off
100/1000BASE-T Port Status LEDs
Link/activity Green
Orange
Green flashing (steady) Off
Speed Status Green
Off
10/100 Management Port Status LEDs
Link/activity Green
Orange Off
Unit Status LEDs
Link is present; port is enabled. Frames are being transmitted/received on this port. Link is present; port is disabled. Link is not present.
Link is present; port is enabled. Frames are being transmitted/received on the port. Link is present; port is disabled. Link is not present.
1000 BASE-T operation. 100 BASE-TX operation.
Link is present. Frames are passing through this port. Link is not present.
Power 1 and
Green
Power 2
Orange
Off
MGMT Green flashing (slow)
Green flashing (fast) Orange
Either or both LEDs green indicates the 480T routing switch is powered up.
An orange power LED indicates a power, overheat, or fan failure on the corresponding power supply unit.
Both LEDs off indicates the switch is powered off.
The 480T routing switch is operating normally. POST is in progress. The switch has failed POST.
11
®
Intel
NetStructure 480T Routing Switch User Guide
Software Factory Defaults
Table 1.2 lists factory defaults for global features.
Table 1.2: Global Factory Defaults
Item Default Setting
Serial or Telnet user account admin with no password and user with no password
Web network management Enabled
Telne t Enabled
SNMP access Enabled
SNMP read community string
SNMP write community string
public
private
RMON Enabled
BOOTP Enabled on the default VLAN
Quality of Service (QoS) Disabled. If enabled, all traffic is part of the default queue
QoS monitoring Automatic roving
802.1p priority Recognition enabled
802.3x flow control Enabled on 1000 Mbps Ethernet ports
CLI idle timeout Enabled (15 minutes)
Virtual LANs Three VLANs pre-defined. VLAN named default
contains all ports and belongs to the STPD named s0.
VLAN mgmt operates on the 10/100 Ethernet management port. The management port is DTE only, and is not capable of switching or routing.
VLAN MacVLanDiscover is active only when using MAC VLAN.
12
C H A P T E R 1 Overview
Table 1.2: Global Factory Defaults (continued)
Item Default Setting
802.1Q tagging Packets are untagged on the default VLAN.
Spanning Tree Protocol Disabled for the Intel® NetStructure™ 480T routing
switch; enabled for each port in the STPD
Forwarding database aging period 300 seconds (5 minutes)
IP Routing Disabled
RIP Disabled
OSPF Disabled
IP multicast routing Disabled
IGMP Enabled
IGMP snooping Enabled
DVMRP Disabled
PIM Disabled
§
IPX
routing Disabled
NTP Disabled
DNS Disabled
Port mirroring Disabled
Server load balancing Disabled
Web Cache Redirection Disabled
ESRP Disabled
BGP-4 Disabled
13
®
Intel
NetStructure 480T Routing Switch User Guide
Media Types, Distances and Specifications
Table 1.3 describes the media types and distances (cable lengths) for the different types of switch ports.
Table 1.3: Media Types and Distances
M Hz/Km
Type Media
1000BASE-SX 50/125 µm Multimode Fiber
50/125 µm Multimode Fiber
62.5/125 µm Multimode Fiber
62.5/125 µm Multimode Fiber
1000BASE-LX 50/125 µm Multimode Fiber
50/125 µm Multimode Fiber
62.5/125 µm Multimode Fiber 10µ Single-mode Fiber
1000LH 10µ Single-mode Fiber 70 Kilometers
1000BASE-T 100BASE-TX 10BASE-T
Category 5 and higher UTP Cable Category 5 and higher UTP Cable Category 3 and higher UTP Cable
Rating
400 500 160 200
400 500 500
Maximum Distance
500 Meters 550 Meters 220 Meters 275 Meters
550 Meters 550 Meters 550 Meters 5 Kilometers
100 Meters 100 Meters 100 Meters
14
C H A P T E R 1 Overview
Table 1.4 describes the specifications for the 1000B-LH interface.
Table 1.4: 1000LH Specifications
Parameter Minimum Typic al Maximum
Transceiver
Optical Output Power 0 dBm 3 dBm 5 dBm
Center Wavelength 1540 nm 1550 nm 1560 nm
Receiver
Optical Input Power Sensitivity -20 dBm
Optical Input Power Maximum -3d Bm
Operating Wavelength 1200nm 1560 nm
The minimum cable length without a 10 dB attenuator is 32 kilometers.
Optical Output Power
The transmitter output power level for the 1000-LH is +5dBm. The maximum allowable receiver input power level is -3dBm. Therefore, there is a minimum of 8dB loss required for the link to operate without errors. You can achieve this minimum required loss using a fiber length of 32km (0.25dB/km provides 8dB loss), or by adding 10dB of fixed optical attenuator at the receiver end.
15
®
Intel
NetStructure 480T Routing Switch User Guide
16
2
Installation and Setup
This chapter describes:
Determining the Switch Location
Installing the Switch
Connecting Equipment to the Console Port
Checking the Installation Using the Power-On Self Test (POST)
Logging In for the First Time
Upgrading Your Firmware
Installing the Gigabit Interface Connector (GBIC)
Important Safety Information
Safety related specifications are provided in Appendix A, "Technical Specifications and Supported Limits" on page
431.
There are no user serviceable parts on the Intel® NetStructure™ 480T routing switch. The switch uses Class 1 laser technology. The ports emit invisible infrared light. Do not look directly into open ports.
®
Intel
NetStructure 480T Routing Switch User Guide
Determining the Switch Location
The 480T routing switch can be free standing or mounted in a standard 19-inch equipment rack. Mounting brackets are supplied with the switch.
When deciding where to install the switch, ensure that:
The switch is accessible and you can connect cables easily.
Water or moisture cannot enter the case of the unit.
Air flow around the unit and through the side vents is not
restricted.
The switch has a minimum of 25 mm (1-inch) clearance.
Units are not stacked more than four high if the switch is free-
standing.
Installing the Switch
You can mount the switch in a rack or place it free-standing on a tabletop.
Caution: Do not suspend the switch from under a table or desk, or attach it to a wall.
18
Rack Mounting
To rack mount the 480T routing switch: 1 Place the switch upright on a hard flat surface, with the front
facing you.
2 Remove the screws (4 each side) from the sides of the chassis
and retain for Step 4.
3 Place the mounting bracket over the mounting holes on one side
of the unit.
C H A P T E R 2 Installation and Setup
®
4 Replace the screws and fully tighten with a screwdriver, as
shown in Figure 2.1.
Figure 2.1: Fitting the mounting bracket
480t_028
5 Repeat the two previous steps for the other side of the switch. 6 Insert the switch into the 19-inch rack. Ensure that ventilation
holes are not obstructed. 7 Secure the switch with rack mount screws (not provided). 8 Remove the label over the AC connector and attach the power
cord. 9 Attach the cables according to your own network configuration.
Many performance problems are caused by improper cabling. Pay careful attention to distance and cable type restrictions. See “Media Types, Distances and Specifications on page 14.
19
®
Intel
NetStructure 480T Routing Switch User Guide
Free-Standing
The 480T routing switch is supplied with four self-adhesive rubber pads.
You can stack up to four switches on top of one another.
1 Apply the pads to the underside of the device by sticking a pad
in the marked area at each corner of the switch.
2 Place the devices on top of one another, ensuring that the cor-
ners align.
Connecting Equipment to the Console Port
For direct local management, connect to the console port. The 480T routing switch console port settings are set as follows:
Baud rate9600
Data bits8
Stop bit1
ParityNone
Flow controlXON/XOFF
Be sure the terminal connected to the console port on the switch is configured with the same settings. This procedure is described in the documentation supplied with the terminal or terminal emulation software.
Turning On the Switch
To turn on power to the switch, connect the AC power cable to the switch and then to the power outlet. The switch has no on/off switch.
Checking the Installation
After plugging in the switch, the device performs a Power-On Self­Test (POST).
During the POST, all ports are temporarily disabled, the packet LED is off and the power LED is on. The MGMT LED flashes quickly until the switch has successfully passed the POST, whereby it returns to the slow flashing state for normal operation.
20
C H A P T E R 2 Installation and Setup
If the switch passes the POST, the MGMT LED blinks at a slow rate (1 blink per second). If the switch fails the POST, the MGMT LED shows a solid orange light.
Logging In for the First Time
After the switch has completed the Power-On Self Test (POST), it is operational. Then you can log in to the switch and configure an IP address for the default VLAN (named default).
To manually configure the IP settings: 1 Connect a terminal or workstation running terminal-emulation
software to the console port. 2 At your terminal, press Enter one or more times until you see
the login prompt. 3 At the login prompt, enter the default user name admin to log in
with administrator privileges.
Administrator capabilities allow you to access all switch functions.
4 At the password prompt, press Enter.
The default name admin has no password assigned. When you
have successfully logged in, the command-line prompt
displays the name of the switch (for example,
Switch480T) in
its prompt. 5 Assign an IP address and subnetwork mask for VLAN default.
Use these commands (example IP addresses are used):
configure vlan default ipaddress 123.45.67.8
255.255.255.0
configure iproute add default <gateway>
123.45.67.8
enable ipforwarding
enable rip
Your changes should take effect immediately.
6 Save your configuration changes so that they are in effect after
the next switch reboot. Use this command to save:
save
7 When you have finished, log out of the switch using this
command:
logout
21
®
Intel
NetStructure 480T Routing Switch User Guide
Upgrading Your Firmware
To upgrade your Intel® NetStructure™ 480T routing switch you must upgrade the BootRom image and firmware. Refer to the Late Breaking News that shipped with your switch for this procedure.
Installing the Gigabit Interface Connector (GBIC)
Ensure that the SC fiber-optic connector is removed from the GBIC prior to removing the GBIC from the I/O module.
Warning: Avoid exposing your eye to Class I laser radiation from open 1000 Mbps ports. Laser radiation is invisible to the human eye. Do not look directly into the 1000 Mbps port when installing or removing GBICs to eliminate any possible harmful effects. Class I lasers are not considered harmful under normal operation.
You can add and remove Gigabit Interface Connectors (GBICs) from the 480T routing switch without powering off the system. Three types of GBIC modules are available:
1000BASE-SX
1000BASE-LX
1000LH
Figure 2.2 illustrates a typical GBIC.
480t_027
Figure 2.2: GBIC module (1000 Mbps ports)
GBICs are a Class 1 laser device. Use only Intel approved modules.
22
3
Using Intel® Device View
Intel® Device View is a graphical user interface that helps you manage the Intel NetStructure networking devices on your network.
Intel Device View provides these features:
The ability to configure new network devices
A graphical device manager for Intel switches, hubs, and routers
Autodiscovery, which finds supported Intel devices on the network
Device Tree, which shows all supported devices detected on your
network
Remote Network Monitoring (RMON)
Web or Windows
Plug-in to HP OpenView
Network Manager
Other useful tools such as a TFTP server
480T routing switch and other supported Intel
§
platform
§
, IBM Tivoli NetView§, and Intel LANDesk®
Installing Intel Device View
Before you install Intel Device View, make sure your PC meets the system recommendations in the Intel Device View User Guide, which is included on the Intel Device View CD-ROM.
®
Intel
NetStructure 480T Routing Switch User Guide
You can install both the Windows and the Web version of Intel Device View.
To Install Intel Device View
If you manage devices with Intel Device View from only one location on the network, install the Windows
§
version.
1. Put the Intel Device View CD-ROM in your computers CD-ROM drive. The Intel Device View installation screen appears. If it does not appear, run autoplay.exe from the CD-ROM (use the log from the
Start menu).
Run dia-
If you want to manage devices from any PC on the network using
Device View,
Intel
install the Web version.
24
2. Choose the version of Intel Device View you want to install:
Click
Install for Windows to install Intel Device View for use
on this PC only.
Click
Install for Web to install Intel Device View on a Web
server. You is able to access the Device View server from any
§
PC on your network with Internet Explorer
Click
Install as Plug-in to install Intel network device support
4.0x or later.
for HP OpenView, IBM Tivoli NetView, or Intel LANDesk Network Manager. This option is not available if you do not have any of these programs installed on the PC.
3. Follow the on-screen instructions in the installation program.
C H A P T E R 3 Using Intel® Device View
Starting the Windows§ Version
We recommend you use the Window version of Intel Device View if you manage devices from only one location on the network.
To start the Windows version: 1 From your desktop, click Start. 2 Point to Programs > Intel Device View > Intel Device View -
Windows.
Intel Device Views main screen appears.
Starting the Web Version
We recommend you use the Web version of Intel Device View if you want to manage devices from any PC on the network Web version:
1. From your desktop, click Start.
2. Point to Programs > Intel Device View > Intel Device View - Web.
Intel Device Views main screen appears.
To view Intel Device View from another PC on your network, enter this URL into the Address field for Internet Explorer:
http://<servername>/devview/main.htm
where <servername> is the IP address or name of the server where Intel Device View is installed. Intel Device Views main screen appears.
. To start the
25
®
Intel
NetStructure 480T Routing Switch User Guide
Installing a New Device
After youve installed a new switch on your network, you can use Intel Device Views Device Install Wizard to configure it for management.
To Install and Configure a New Switch for Management
1. Start Intel Device View. The Device Install Wizard appears. If not, click
Device menu or double-click the appropriate MAC address in the Device Tree under Unconfigured Devices.
2. In the Start screen, click
3. In the MAC Address screen, click the switch, and then click
4. Follow the instructions in the wizard to assign an IP address and a name to the switch.
Next.
MAC address of the new
Next.
Install from the
Using the Device Tree
When you start Intel Device View, the Device Discovery service begins searching for supported Intel network devices on your
26
C H A P T E R 3 Using Intel® Device View
network. As it discovers devices, it adds an icon for each device to the Device Tree on the left side of the screen.
Different states of the 480T routing switch are represented by unique icons in the Device Tree as indicated below.
Device Tree icons
Device Tree root
Subnet
Intel Switch (if non-responding the icon is red)
Unconfigured Intel Switch
Group of Intel Switches
Intel Router
Intel Switch (Layer 3 capable)
Intel Stackable Hub
27
®
Intel
NetStructure 480T Routing Switch User Guide
The Device Tree works much like Windows Explorer:
To expand the root or a subnet, click the (+) next to the icon.
To collapse the view, click the (-) next to the icon.
Double-click a device icon to view the device image.
To Add a Device to the Device Tree
1. Right-click anywhere on the Device Tree.
2. When a menu appears, click
3. In the
4. Fill in the other fields, as appropriate.
5. Click
Add Device dialog box, enter the IP address of the switch
want to add.
you
OK.
Add Device.
The new switchs icon appears in the Device Tree.
To Refresh the Device Tree
1. Right-click anywhere on the Device Tree.
2. When a menu appears, click
Refresh.
Refreshing the Device Tree updates it to show any newly discovered devices and changes in device status.
To Delete a Device from the Device Tree
1. Right-click the device you want to remove from the Device Tree.
2. Click
Deleting a device from the Device Tree does not affect the actual device, but only removes the icon from the tree.
Delete on the menu that appears.
To Find a Device in the Device Tree
1. Right-click anywhere on the Device Tree.
2. When a menu appears, click
28
Find.
C H A P T E R 3 Using Intel® Device View
3. In the Find Device dialog box, enter the IP address of the device
want to find in the tree.
you
4. Click OK.
The devices icon is highlighted in the Device Tree.
Losing Contact with a Device
If Intel Device View loses contact with a switch, it replaces the switch icon with the red non-responding switch icon.
When the red non-responding switch icon appears, you will not be able to manage the device in Intel Device View.
If youre unable to ping the device or start a Telnet session, try accessing the switchs Local Management. See Accessing the Switch on page 39.
Managing a Switch
To manage a 480T routing switch, double-click the switch icon in the Device Tree. In the example shown below, the switch was assigned an IP address of 124.123.122.3.
29
®
Intel
NetStructure 480T Routing Switch User Guide
The Express 480T Web Device Manager appears in the Intel Device View window.
For complete information on using Intel Device View, refer to the programs online help or see the Intel Device View Help file on the installation CD-ROM.
Viewing RMON Information
The remote monitoring (RMON) specification is a feature of Intel Device View that extends Simple Network Management Protocol (SNMP) functionality to look at traffic patterns over the whole network instead of merely for an individual device. The 480T routing switch supports these RMON groups:
Group 1 Statistics—Monitors utilization and error statistics for each network segment (100Mbps or 1000Mbps).
Group 2
variables available in the statistics group.
Group 3 alarm thresholds for statistics. When a threshold is passed, the
30
History—Records periodic statistical samples from
Alarms—Allows you to set a sampling interval and
C H A P T E R 3 Using Intel® Device View
switch creates an event (see below). For example, you might set an alarm if switch utilization exceeds 30%.
Group 9
do when an event occurs on the network. Events can send a trap to a trap-receiving station, place an entry
in the log table, or both. For example, when the switch experiences an RMON event, it sounds an alarm.
The switch also keeps a log that shows a list of the RMON events and RMON alarms that have occurred on the switch.
Events—Provides notification and tells the switch what to
To View RMON Statistics
1. In the Device Tree, right-click the switch’s icon and then point to
RMON.
2. Click the RMON option you want to view.
You can also access RMON features by using LANDesk Network Manager, or an SNMP application that supports RMON, such as OpenView.
For more information about using RMON to monitor the switch, refer to the Intel Device View Help file included on the CD-ROM.
31
®
Intel
NetStructure 480T Routing Switch User Guide
32
4
Using Web Device Manager
Web Device Manager is device-management software running in the
®
NetStructure™ 480T routing switch. It allows you to access the
Intel switch over a TCP/IP network, using a Web browser that supports frames and JavaScript Internet Explorer
Web Device Manager provides a subset of the command-line interface (CLI) commands available for configuring and monitoring the switch. If a particular command is not available using Web Device Manager, use the CLI to access the desired functionality.
To use Web Device Manager, at least one VLAN must be assigned an IP address.
Enabling and Disabling Web Access
By default, Web access is enabled on the switch. You can restrict the use of Web access using an access profile.
§
(such as Netscape Navigator§ 3.0 or later, or Microsoft
§
3.0 or later) to manage the system.
For information on creating an access profile see page
324.
An access profile permits or denies a named list of IP addresses and subnet masks. To configure Web access to use an access profile, use this command:
enable web access-profile [<access-profile> | none] {port <tcp_port_number>}
®
Intel
NetStructure 480T Routing Switch User Guide
Use the none option to remove a configured access profile.
To display the status of Web access, use this command:
show management
To disable Web access, use this command:
disable web
To re-enable Web access, use this command:
enable web {access-profile [<access-profile> | none]} {port <tcp_port_number>]
Reboot the system for these changes to take effect.
Setting Up Your Browser
Your browsers default settings should work well with Web Device Manager. Apply these recommended settings to improve the display features and functionality of Web Device Manager:
After downloading a newer version of the switch image, clear the browser disk and memory cache to see the updated menu screens. It is important to clear the cache while at the main Logon screen, so that all underlying .GIF files are updated.
Check for newer versions of stored pages by setting the
cache options to the every visit setting:
When using Netscape Navigator, configure the cache to
check for changes
When using Microsoft Internet Explorer, configure the
Temporary Internet Files to check for newer versions of stored pages by selecting
Images must be auto-loaded.
Use a high-resolution monitor (1024 x 768 recommended) to
maximize the amount of information displayed in the content frame. You can also use 800 x 600 pixels.
Maximize viewing space by turning off the browser toolbars.
Configure the browser to use these recommended fonts:
Proportional fontTimes New Roman
Fixed-width fontCourier New
34
Every Time you request a page.
Every visit to the page.
C H A P T E R 4 Using Web Device Manager
Accessing Web Device Manager
To access the default home page of the switch, enter this URL in your browser (substituting the actual ip address):
http://<ip_address>
When you access the home page of the system, the Login screen appears. Enter your user name and password and click OK.
If you have entered the name and password of an administrator­level account, you have access to all Web Device Manager pages. If you have used a user-level account name and password, you only have access to the Statistics and Support information.
If multiple people access the same switch using Web Device Manager, you might see this error message:
Web:server busy
To correct this situation, try logging out of the switch and logging in again.
Navigating Web Device Manager
After logging in to the switch, the Web Device Manager home page appears.
Web Device Manager divides the browser screen into these sections:
Task frame
Content frame
Stand-alone buttons
Tas k F ra m e
The task frame has two sections: menu buttons and submenu links. There are four task menu buttons:
Configuration
Statistics
Support
Logout
35
®
Intel
NetStructure 480T Routing Switch User Guide
Below the task buttons are options. Options are specific to the task button that you select. When you select an option, the information displayed in the content frame changes.
However, when you select a new task button, the content frame does not change until you select a new option.
Content Frame
When you submit a configuration page with no change an asterisk (*) will appear at the CLI prompt, even though actual configuration values have not changed.
The content frame contains the main body of information in Web Device Manager. For example, if you select an option from the Configuration task button, enter configuration parameters in the content frame. If you select the Statistics task button, statistics are displayed in the content frame.
Browser Controls
Browser controls include drop-down list boxes, check boxes, and multi-select list boxes. A multi-select list box has a scrollbar on the right side of the box. Using a multi-select list box, you can select a single item, all items, a set of contiguous items, or multiple non­contiguous items. Table 4.1 describes how to make selections from a multi-select list box.
Table 4.1: Multi-Select List Box Key Definitions
Selection Type Key Sequence
Single item Click the item using the mouse.
All items or contiguous items
Click the first item, and drag to the last item.
Contiguous items Click the first item, hold down the Shift
key, and click the last desired item.
Selected non­contiguous items
36
Hold down Ctrl, click the first desired item, click the next desired item, etc.
C H A P T E R 4 Using Web Device Manager
Status Messages
Status messages are displayed at the top of the content frame. There are four types of status messages:
InformationDisplays information that is useful to know prior
to, or as a result of, changing configuration options.
WarningDisplays warnings about the switch configuration.
ErrorDisplays errors caused by incorrectly configured settings.
SuccessDisplays informational messages after you click
Submit. The message displayed reads,
successfully
.
Stand-alone Buttons
At the bottom of some of the content frames is a section that contains stand-alone buttons. Use these buttons to perform tasks that are not associated with a particular configuration option. An example of this is the Reboot Switch button.
Request was submitted
Saving Changes
There are two ways to save your changes in Web Device Manager:
Select Save Configuration from the Configuration task button,
Switch option.
This field contains a drop-down list box that allows you to select either the primary or secondary configuration area. After you select the configuration area, click Submit to save the changes.
Click the
If you attempt to log out without saving your changes,
Device Manager
If you select configuration area.
To change the selected configuration area:
1. Go to the Configuration task button.
2. Select the
Logout button.
Web
prompts you to save your changes.
Yes, the changes are saved to the selected
Switch option.
37
®
Intel
NetStructure 480T Routing Switch User Guide
Filtering Information
On some pages you can click a Filter button to display a subset of information for a page. For example, on the OSPF configuration page, you can configure authentication based on the VLAN, area identifier, or virtual link.
Once you select a filtering option and click the Filter button, the form that provides the configuration options displays the available interfaces in the drop-down menu, based on your filtering selection.
Using the Get Command to Configure a VLAN
When configuring a VLAN using Web Device Manager, prior to editing the VLAN configuration, you must first click the Get button to ensure that subsequent edits are applied to the correct VLAN. If you do not click the Get button and you submit the changes, the changes are made to the VLAN that was previously displayed.
If you configure a VLAN and then delete it, the default VLAN is shown in the VLAN name window, but the VLAN information contained in the lower portion of the page is not updated. Click the Get button to update the display.
TFTP Server
Intel Device View provides a TFTP Server utility on the Tools menu.
38
5
Accessing the Switch
This chapter provides information to help you manage the Intel® NetStructure 480T routing switch, including:
Understanding the Command Syntax
Line-Editing Keys
Command History
Common Commands
Configuring Management Access
Real-time Basic Connectivity Checking
Methods of Managing the Switch
Simple Network Management Protocol (SNMP))
For information on using the save command, see "Software Upgrade and Boot Options" on page
419.
To retain configuration changes through a power cycle or reboot, you must issue a
save command after you have made the change.
Understanding the Command Syntax
This section briefly describes the steps to take when entering a command. The sections that follow give detailed information for using the command-line interface.
®
Intel
NetStructure 480T Routing Switch User Guide
To use the command-line interface (CLI):
Most configuration commands require that you have administrator privileges.
An asterisk (*) in front of the command-line prompt indicates you have made changes that have not been saved.
1. Enter the command name. When entering a command at the prompt, ensure that you have the appropriate privilege level.
2. Enter the parameter name and values, if included. The value (also known as an argument) specifies how you want the parameter to be set. Values include numerics, strings, or addresses, depending on the parameter.
3. After entering the complete command, press Enter.
Syntax Helper
The CLI has a built-in syntax helper. If you are unsure of the complete syntax for a particular command, enter as much of the command as possible and press Enter. The syntax helper provides a list of options for the remainder of the command.
The syntax helper also provides assistance if you have entered an incorrect command.
Command Completion with Syntax Helper
Use the Tab key to access command completion.
1. Enter a partial command.
2. Press the Tab key to post a list of available options.
3. The cursor appears at the end of the command.
Abbreviated Syntax
Abbreviated syntax is the shortest, most unambiguous, allowable abbreviation of a command or parameter. Typically, this is the first three letters of the command. For example, ena is sufficient for the Enable command.
When using abbreviated syntax, you must enter enough characters to make the command unambiguous and distinguishable to the switch.
40
C H A P T E R 5 Accessing the Switch
Command Shortcuts
All component names must be unique. Name components using the
create command. When you enter a command to configure a
named component, you do not need to use the keyword of the component. For example, to create a VLAN, you must enter a unique VLAN name:
create vlan engineering
After you create the VLAN with a unique name, you can eliminate the keyword
vlan from all other commands that require the name
to be entered. For example, instead of entering the command:
configure vlan engineering delete port 1,4
you can enter this shortcut:
configure engineering delete port 1,4
Numerical Ranges
Commands that require you to enter one or more port numbers on a switch use the parameter
<portlist> in the syntax. For example:
port 3
A port list can be a range of numbers, for example:
port 1-3
You can add additional port numbers to the list, separated by a comma:
port 3,4,6
Names
All named components of the switch configuration must:
Have a unique name.
Begin with an alphabetical character.
Be delimited (separated) by a space, unless enclosed in quotation
marks.
41
®
Intel
NetStructure 480T Routing Switch User Guide
Symbols
You may see a variety of symbols shown as part of the command syntax. These symbols explain how to enter the command, and you do not type them as part of the command itself. Table 5.1 summarizes command syntax symbols. Press the Tab key in the command line interface for more command options.
Table 5.1: Command Syntax Symbols
Symbol Description
< > Angle brackets Enclose a variable or value. You must specify the variable or value.
For example, in the syntax:
configure vlan <name> ipaddress <ip_address>
you must supply a VLAN name for <name> and an address for
<ip_address> when entering the command. Do not type the angle
brackets.
[ ] Square brackets Enclose a required value or list of required arguments. You can
specify one or more values or arguments. For example, in the syntax:
use image [primary | secondary]
you must specify either the primary or secondary image when entering the command. Do not type the square brackets.
| Vertical bar Separates mutually exclusive items in a list, one of which must be
entered. For example, in the syntax:
configure snmp community [readonly | readwrite] <string>
you must specify either the read or the write community string in the command. Do not type the vertical bar.
{ } Braces Enclose an optional value or a list of optional arguments. You can
specify one or more values or arguments. For example, in the syntax
reboot {<date> <time> | cancel}
you can specify either a particular date and time combination, or the keyword
cancel to cancel a scheduled reboot. If you do not specify a
value, the system prompt asks if you want to reboot the routing switch now. Do not type the braces.
42
C H A P T E R 5 Accessing the Switch
Line-Editing Keys
Table 5.2 describes the line-editing keys available using the CLI.
Table 5.2: Line-Editing Keys
Key(s) Description
Backspace Deletes characters to the left of the cursor and shifts the remainder
of the line to the left.
Delete or Ctrl + D Deletes character at the cursor position and shifts the remainder of
line to the left.
Ctrl + K Deletes characters from the cursor position to the end of the line.
Ctrl + U Deletes characters from the cursor to the beginning of the line.
Ctrl + W Deletes the previous word.
Left Arrow Moves the cursor to the left.
Right Arrow Moves the cursor to the right.
Home or Ctrl + A Moves the cursor to first character on the line.
End or Ctrl + E Moves the cursor to last character on the line.
Ctrl + L Clears the screen and moves the cursor to the beginning of the line.
Up Arrow or Ctrl + P Displays the previous command in the command history buffer and
places the cursor at the end of the command.
Down Arrow or Ctrl + N Displays the next command in the command history buffer and
places the cursor at the end of the command.
43
®
Intel
NetStructure 480T Routing Switch User Guide
Command History
The local management software stores the last 49 commands you entered. You can display a list of these commands by using this command:
history
Common Commands
Table 5.3 describes common commands used to manage the 480T routing switch. Commands specific to particular features are described in detail throughout the guide. For detailed command information use the Quick Reference Guide that accompanies this user manual. Press the Tab key in the command line interface for more command options.
Table 5.3: Common Commands
Command Description
clear session <number> Terminates a Telnet session from the switch.
configure account <username> {<password>}
configure banner Configures the banner string. You can enter
configure ports [all | mgmt | <portlist>] auto off {speed [100 | 1000]} duplex [half | full]
44
Configures a user account password. Passwords can have no characters up to a maximum of 32 characters. User names and passwords are case-sensitive.
up to 24 rows of 79-column text that is displayed before the login prompt of each session. To terminate the command, apply the banner then press Enter at the beginning of a line . To clear the banner, press Enter at the beginning of the first line.
Manually configures Ethernet port speed and duplex setting of one or more ports on a switch.
C H A P T E R 5 Accessing the Switch
Table 5.3: Common Commands (continued)
Command Description
configure time <date> <time> Configures the system date and time. The
format is as follows:
mm/dd/yyyy hh:mm:ss
The time uses a 24-hour clock format.
configure timezone <gmt_offset> {autodst | noautodst}
Configures the time zone information to the configured offset from Greenwich Mean Time (GMT) time. The format of
gmt_offset is +/- minutes from GMT time.
Specify:
autodst—Enables automatic daylight
saving time change.
noautodst—Disables automatic daylight
saving time change. The default setting is
configure vlan <name> ipaddress <ip_address> {<mask>}
create account [admin | user] <username> {encrypted} {<password>}
Configures an IP address and subnet mask for a VLAN.
Creates a user account. The command is available to admin-level users and users with RADIUS
§
command authorization. The username can be between 1 and 32 characters. The password can be between 0 and 32 characters.
create vlan <name> Creates a VLAN.
delete account <username> Deletes a user account.
autodst.
delete vlan <name> Deletes a VLAN.
disable bootp vlan [<name> | all] Disables BOOTP for one or more VLANs.
disable cli-config-logging Disables logging of CLI commands to the
Syslog.
45
®
Intel
NetStructure 480T Routing Switch User Guide
Table 5.3: Common Commands (continued)
Command Description
disable clipaging Disables pausing of the screen display when
a
show command output reaches the end of
the page.
disable idletimeout Disables the timer that disconnects all
sessions. Once disabled, console sessions remain open until the switch is rebooted or you log off. Telnet sessions remain open until you close the Telnet client.
disable port [all | mgmt | <portlist>] Disables a port on the switch.
disable telnet Disables Telnet access to the switch.
disable web Disables Web access to the switch.
enable bootp vlan [<name> | all] Enables BOOTP for one or more VLANs.
enable cli-config-logging Enables the logging of CLI configuration
commands to the Syslog for auditing purposes. The default setting is enabled.
enable clipaging Enables pausing of the screen display when
show command output reaches the end of the
page. The default setting is enabled.
enable idletimeout Enables a timer that disconnects all sessions
(both Telnet and console) after
20 (in
minutes) of inactivity. The default setting is disabled.
enable license full_L3 <license_key> Enables a particular software feature license.
Specify < The command
license_key> as an integer.
unconfigure switch all
does not clear licensing information. This license cannot be disabled after it is enabled on the switch.
46
C H A P T E R 5 Accessing the Switch
Table 5.3: Common Commands (continued)
Command Description
enable telnet {access-profile [<access_profile> | none]} {port <tcp_port_number>}
Enables Telnet access to the switch. By default, Telnet is enabled with no access profile, and uses Transmission Control Protocol (TCP) port number 23. To cancel a previously configured access profile, use the
none option.
enable web {access-profile [<access_profile> | none]} {port <tcp_port_number>}
Enables Web access to the switch. By default, Web access is enabled with no access profile, using TCP port number 80. Use the
none option to cancel a previously
configured access profile. Reboot the switch for this command to take effect.
history Displays the previous 49 commands entered
on the switch.
show banner Displays the user-configured banner.
unconfigure switch {all} The unconfigure switch command resets
parameters to factory defaults, except defined user accounts, and date and time information. To reset user accounts and date and time, specify the keyword
all which erases the
selected configuration image in flash memory and reboots.
47
®
Intel
NetStructure 480T Routing Switch User Guide
Configuring Management Access
The local management software supports these two levels of management:
User
Administrator
In addition to these management levels, you can optionally use an external RADIUS server to provide CLI command authorization checking for each command.
For more information on RADIUS, refer to "RADIUS Client" on page 66.
A user-level account has viewing access to all manageable parameters, with the exception of these:
User account database
SNMP community strings
User Account
With a user-level account you can use the ping command to test device connectivity, and change the password assigned to the account name. When you log on the command-line prompt ends with a (>) sign. For example:
switch480T:2>
Administrator Account
Using an administrator-level account, you can view and change all routing switch parameters. You can also add and delete users, and change the password associated with any account name.
As an administrator you can also disconnect a management session connected through Telnet. If this happens, the user logged on through the Telnet connection is notified that the session was terminated.
When you log on with administrator capabilities, the command-line prompt ends with a (#) sign. For example:
switch480T:18#
48
C H A P T E R 5 Accessing the Switch
Prompt Text
The prompt text is taken from the SNMP sysname setting (see Table 5.8, SNMP Configuration Commands, on page 64). The number that follows the colon indicates the sequential line/ command number.
If an asterisk (*) appears in front of the command-line prompt, it indicates that you have configuration changes that have not been saved. For example:
*switch480T:19#
Default Accounts
The switch is configured with two default accounts. as shown in Table 5.4.
Table 5.4: Default Accounts
Account Name Access Level
Passwords are case sensitive.
admin This user can access and change all
manageable parameters. The admin account cannot be deleted.
user This user can view (but not change) almost
all manageable parameters. However, this user cannot view the user account database or the SNMP community strings.
Changing the Default Password
Default accounts do not have passwords assigned to them. User­assigned passwords must be between 0 and 32 characters.
To add a password to the default admin account:
1. Log in to the switch using the name admin.
2. At the password prompt, press Enter.
3. Enter this command:
configure account admin
49
®
Intel
NetStructure 480T Routing Switch User Guide
4. Enter the new password at the prompt.
5. Re-enter the password for verification.
To add a password to the default user account:
1. Log in to the switch using the name admin.
2. At the password prompt, press Enter, or enter the password that
3. Add a default user password using this command:
4. Enter the new password at the prompt.
5. Re-enter the new password at the prompt.
Creating a Management Account
you have configured for the
configure account user
admin account.
If you forget your password while logged out of the command-line interface, contact your local technical support representative.
The 480T routing switch can have a total of 16 management accounts. You can use the default names (admin and user), or you can create new names and passwords for the accounts. Account passwords can be between 0 and 32 characters. Do not use Ctrl + key or Alt + key.
To create a management account:
1. Log in to the switch as admin.
2. At the password prompt, press Enter, or enter the password that you have configured for the
3. Add a new user account with this command:
create account [admin | user] <username>
4. Enter the password at the prompt.
5. Re-enter the password for verification.
admin account.
Viewing Accounts
To view the accounts you have created, you must have administrator privileges. Use this command to see the accounts:
show accounts
50
C H A P T E R 5 Accessing the Switch
Deleting an Account
To delete an account, you must have administrator privileges. Use this command to delete an account:
delete account <username>
The account name admin cannot be deleted.
Domain Name Service Client
The Domain Name Service (DNS) client augments these commands, to allow them to accept either IP addresses or host names:
telnet
download [bootrom | configuration | image]
upload configuration
ping
traceroute
Also, you can use the nslookup utility to return the IP address of a host name.
Table 5.5 describes the commands used to configure DNS. Press the Tab key in the command line interface for more command options.
Table 5.5: DNS Commands
Command Description
configure dns-client add <ipaddress> Adds a DNS name server(s) to the available server
list for the DNS client. You can configure up to three name servers.
configure dns-client default-domain <domain_name>
Configures the domain that the DNS client uses if a fully qualified domain name is not entered. For example, if the default domain is configured to be
intel.com, executing ping support searches for
support@intel.com.
configure dns-client delete
Removes a DNS server.
<ipaddress>
nslookup <hostname> Displays the IP address of the requested host.
show dns-client Displays the DNS configuration.
51
®
Intel
NetStructure 480T Routing Switch User Guide
Real-time Basic Connectivity Checking
Use these commands to check basic connectivity:
ping
traceroute
Ping
You can use the ping command to send Internet Control Message Protocol (ICMP) echo messages to a remote IP device. The command is available for both the user and administrator privilege level.
The
ping {continuous} {start-size <start_size> {- end­size <end_size>}} [<ip_address> | <hostname>] {from <src_address>} {with record-route}
ping
ping command syntax is:
Options for the ping command are described in Table 5.6. Press the Tab key in the command line interface for more command options.
Table 5.6: Ping Command Parameters
Parameter Description
continuous
Specifies Internet Control Message Protocol (ICMP) echo messages to be sent continuously. To interrupt this option, press any key.
size <n>
Specifies the size of the ICMP request. If both
start-size and end-size are specified,
ICMP requests are transmitted using increments of 1 byte per packet. If no
size is specified, packets of start-size are
end-
sent.
<ipaddress>
<hostname>
Specifies the IP address of the host.
Specifies the name of the host. To use the
hostname, first configure DNS.
52
C H A P T E R 5 Accessing the Switch
Table 5.6: Ping Command Parameters (continued)
Parameter Description
from
Uses the specified source address in the ICMP packet. If not specified, the address of the transmitting interface is used.
with record­route
Decodes the list of recorded routes and displays them when the ICMP echo reply is received.
Traceroute
The traceroute command enables you to trace the routed path between the switch and a destination endstation. The command syntax is:
traceroute [<ip_address> | <hostname>] {from <src_ipaddress>} {ttl <TTL>} {port <port>}
where:
ip_address is the IP address of the destination endstation.
hostname is the host name of the destination endstation. To use
the host name, first configure DNS.
from uses the specified source address in the ICMP packet. If not
specified, the address of the transmitting interface is used.
traceroute
See "Using Intel® Device View" on page 23.
ttl configures the switch to trace up to the time-to-live number
of the switch.
port uses the specified UDP port number.
Methods of Managing the Switch
You can manage the switch by either connecting a terminal (or workstation with terminal-emulation software) to the console port to access the CLI or by using TCP/IP through one of the switch ports or through the dedicated 10/100 Mbps unshielded twisted pair (UTP) Ethernet management port to access the switch remotely.
53
®
Intel
NetStructure 480T Routing Switch User Guide
You can use Telnet, a Web browser, or an SNMP manager to manage the switch remotely. There can be one console session, one Web session or eight concurrent Telnet sessions.
Using the Console Interface
You can access the built-in CLI of the 480T routing switch through the 9-pin RS-232 port located on the back of the switch.
After the connection is established, the switch prompt appears, so you can log in.
Using the 10/100 UTP Management Port
The 480T routing switch has a dedicated 10/100 Mbps UTP management port. This port provides dedicated remote access to the switch using TCP/IP. It supports these management methods:
Telnet using the CLI interface
Intel Device View access using a Web browser
SNMP access using SNMP manager
The management port is a DTE port, and is not capable of supporting switching or routing functions. The TCP/IP configuration for the management port is done using the same syntax as used for VLAN configuration. The VLAN mgmt comes pre-configured with only the 10/100 Mbps management port as a member.
You can configure the IP address, subnet mask, and default router for the VLAN mgmt, using these commands:
configure vlan mgmt ipaddress <ip_address>/ <subnet_mask>
configure iproute add default <gateway>
Using Telnet
Most workstations with a Telnet facility can communicate with the 480T routing switch over a TCP/IP network.
Up to eight active Telnet sessions can access the switch concurrently. If will time out after 20 minutes of inactivity. If a connection to a
idletimeouts are enabled, the Telnet connection
54
C H A P T E R 5 Accessing the Switch
Telnet session is lost inadvertently, the switch terminates the session within two hours.
Before you can start a Telnet session, you must set up the IP parameters described in the section "Configuring Switch IP Parameters" on page 55.. Telnet is enabled by default.
To open the Telnet session, you must specify the IP address of the device that you want to manage. Check the user manual supplied with the Telnet facility if you are unsure of how to do this.
After the connection is established, you will see the switch prompt and you can log in.
Connecting to Another Host Using Telnet
Use this command to Telnet from the current CLI session to another host:
telnet [<ipaddress> | <hostname>] {<port_number>}
If the TCP port number is not specified, the Telnet session defaults to port 23. Only VT100 emulation is supported.
Find the switchs MAC address on the rear label of the switch.
Configuring Switch IP Parameters
To manage the routing switch through Telnet connection or by using an SNMP Network Manager, you must first configure the switch IP parameters.
Using a BOOTP Server
If you are using IP and you have a Bootstrap Protocol (BOOTP) server set up correctly on your network, you must add the following information to the BOOTP server:
Media Access Control (MAC) address found on the rear label of
the switch (or use the
IP address
Subnet address mask (optional)
After this is done, the IP address and subnet mask for the routing switch is downloaded automatically. You can then start managing the switch without further configuration.
show switch command)
55
®
Intel
NetStructure 480T Routing Switch User Guide
You can enable BOOTP on a per-VLAN basis using this command:
enable bootp vlan [<name> | all]
By default, BOOTP is enabled on the default VLAN.
If you configure the 480T routing switch to use BOOTP, the switch IP address is not retained through a power cycle, even if the configuration is saved. To retain the IP address through a power cycle, you must configure the IP address of the VLAN using the command-line interface, Telnet, or Web interface.
All VLANs within a switch that are configured to use BOOTP to get their IP address use the same MAC address. Therefore, if you are using BOOTP relay through a router, the BOOTP server must be capable of differentiating its relay based on the gateway portion of the BOOTP packet.
Manually Configuring the IP Settings
For more information on DHCP/BOOTP relay, refer to "IP Unicast Routing" on page 189.
For information on creating and configuring VLANs, see "Virtual LANs (VLANs)" on page 95.
If you are using IP without a BOOTP server, you must enter the IP parameters for the switch in order for the SNMP Network Manager, Telnet software, or Web interface to communicate with the device.
IP addresses are always assigned to a VLAN. You can assign multiple IP addresses to the switch.
To assign IP parameters to the switch:
1. Log in to the switch with administrator privileges.
2. Assign an IP address and subnet mask to a VLAN.
The switch comes configured with a default VLAN named default. To use Telnet or an SNMP Network Manager, you must have at least one VLAN on the switch, and it must be assigned an IP address and subnet mask.
To manually configure the IP settings:
1. Connect a terminal or workstation running terminal-emulation software to the console port.
2. At your terminal, press Enter one or more times until you see the login prompt.
3. If you are logging in for the first time, use the default user name
admin to log in with administrator privileges. For example:
56
C H A P T E R 5 Accessing the Switch
login: admin
Administrator capabilities enable you to access all switch functions. The default user names have no passwords assigned.
4. If you have been assigned a user name and password with admin-
istrator privileges, enter them at the login prompt and press Enter. When you have successfully logged in, the command-line
prompt displays the name of the switch.
5. Assign an IP address and subnetwork mask for the default VLAN
using this command:
configure vlan <name> ipaddress <ipaddress> {<subnet_mask>}
For example:
configure vlan default ipaddress 123.45.67.8
255.255.255.0
Your changes take effect immediately. Generally, when configuring any IP addresses for the switch,
you can express a subnet mask using dotted decimal notation, or classless inter-domain routing notation (CIDR).
CIDR uses a forward slash plus the number of bits in the subnet mask. Using CIDR notation, the command identical to the one above would be:
configure vlan default ipaddress 123.45.67.8/24
6. Configure the default route for the switch using this command:
configure iproute add default <gateway> {<metric>}
For example:
configure iproute add default 123.45.67.1
7. Save your configuration changes so that they are in effect after the
next switch reboot, using this command.
save
8. Log out of the switch using the command:
logout or quit
57
®
Intel
NetStructure 480T Routing Switch User Guide
Disconnecting a Telnet Session
An administrator-level account can disconnect a management session that is established through Telnet connection. If this happens, the user logged in through Telnet is notified that the session is terminated.
To terminate a Telnet session:
1. Log in to the switch with administrator privileges.
2. Determine the session number of the session you want to termi-
3. Terminate the session by using this command:
Controlling Telnet Access
nate by using this command:
show session
clear session <session_number>
See "Using Access Profiles" on page 59.
You must be logged in as an administrator to enable or disable Telnet.
By default, Telnet services are enabled on the routing switch. You can restrict Telnet access using an access profile. An access profile permits or denies a named list of IP addresses and subnet masks. To configure Telnet to use an access profile, use this command:
enable telnet {access-profile [<access_profile> | none]} {port <tcp_port_number>}
Use the none option to remove a previously configured access profile.
To display the status of Telnet, use this command:
show management
To disable Telnet, use this command:
disable telnet
To re-enable Telnet on the switch, use this command at the console port:
enable telnet
58
C H A P T E R 5 Accessing the Switch
Using Access Profiles
An access profile permits or denies a named list of IP addresses and subnet masks. To use access profiles, first define the list, and then apply the named list to the desired application.
Access profiles are used by several routing switch features as a way to restrict access. Applications that use access profiles for remotely managing the switch are:
SNMP read-only access
SNMP read-write access
Teln et
Web access
See "Access Policies" on page 309.
Access profiles can also be used in association with access policies that control the flow of traffic.
Creating an Access Profile
Do not confuse access profiles with access policies.
Table 5.7: Access Profile Configuration Commands
Command Description
configure access-profile <access_profile> add {vlan <name> | ipaddress <ipaddress> <mask>}
You can use access profiles to specifically permit or deny users access to an application. You restrict access by assigning an access profile to the service that is being used for remote access.
When you create and name an access profile to restrict access to a certain application, you then need to configure the application to use the named access profile. Otherwise, no restrictions are applied.
Use the commands listed in Table 5.7 to create and configure access profiles. For further access profile commands refer to Table 17.3 on page 335. Press the Tab key in the command line interface for more command options.
Adds an IP address or VLAN name to the access profile. The entry must be of the same type as the access profile (for example, IP address).
59
®
Intel
NetStructure 480T Routing Switch User Guide
Table 5.7: Access Profile Configuration Commands (continued)
Command Description
configure access-profile <access_profile> delete {vlan <name> | ipaddress
Deletes an IP address or VLAN name from the access profile.
<ipaddress> <mask>}
configure access-profile <access_profile> mode [permit | deny | none]
Configures the access profile to one of the following:
permit—Allows the addresses that match the
access profile description.
deny—Denies the addresses that match the
access profile description.
create access-profile <access_profile> type [as-path] [bgp-community] ipaddress | ipxret | ipxnode | ipxsap
The default setting is
Creates an access profile. After the access profile is created, you can add one or more addresses to it, and you can use the profile to
permit.
control a specific routing protocol.
delete access-profile <access_profile> Deletes an access profile.
show access-profile <access_profile> Displays access profile related information for
the switch.
The subnet mask specified in the access profile command is interpreted as a reverse mask. A reverse mask indicates the bits that are significant in the IP address and specifies the part of the address that must match the IP address to which the profile is applied.
If you configure an IP address as an exact match to be specifically denied or permitted, use a mask of /32 (for example, 141.251.24.28/
32).
If the IP address represents a subnet address that you want to deny or permit, then configure the mask to cover only the subnet portion (for example, 141.251.10.0/24).
If you are using classless subnet masking (CIDR), the same logic applies, but the configuration is more complex. For example, the address 141.251.24.128/27 represents any host from subnet
141.251.24.128.
60
C H A P T E R 5 Accessing the Switch
Access Profile Rules
These rules apply when using access profiles:
Only one access profile can be applied to each application.
The access profile can either permit or deny the entries in the
profile.
The same access profile can be applied to more than one
application.
Access Profile Example
The following example creates an access profile named testpro, and denies access for the device with the IP address 192.168.10.10:
create access-profile testpro type ipaddress configure access-profile testpro mode deny configure access-profile testpro add ipaddress
192.168.10.10/32
The following command applies the access profile testpro to Telnet:
For more information, refer to "Using Web Device Manager" on page 33.
enable telnet access-profile testpro
To view the contents of an access profile, use this command:
show access-profile <access_profile>
To view the Telnet configuration, use this command:
show management
Using Web Device Manager
The Intel Web Device Manager is device-management software running in the routing switch that enables you to access the switch over a TCP/IP network using a Web browser.
You should use a Web browser that supports frames (such as Netscape Navigator or later) to manage the switch over a TCP/IP network.
Access the default home page of the switch using this command:
http://<ipaddress>
§
3.0 or later, or Microsoft Internet Explorer§ 3.0
61
®
Intel
NetStructure 480T Routing Switch User Guide
When you access the home page of the switch the Logon screen appears.
Controlling Web Access
By default, Web access is enabled on the routing switch. You can restrict access through the Web Device Manager using an access profile, which permits or denies access to a named list of IP addresses and subnet masks.
For more information on assigning an IP address, refer to "Configuring Switch IP Parameters" on page 55.
You can configure Web access to use an access profile using this command:
enable web {access-profile <access-profile> | none} {port <tcp_port_number>}
Use the none option to remove a previously configured access profile.
To display the status of Web access, use this command:
show management
To disable Web access, use this command:
disable web
To re-enable Web access, use this command:
enable web {access-profile <access-profile> | none} {port <tcp_port_number>}
When you disable or enable Web Device Manager, you must reboot the switch for the changes to take effect. Apply an access profile only when Web Device Manager is enabled.
Simple Network Management Protocol (SNMP)
Any network manager running the Simple Network Management Protocol (SNMP) can manage the 480T routing switch, provided the Management Information Base (MIB) feature of the 480T routing switch is installed correctly on the management station. Each Network Manager provides its own user interface to the management facilities.
62
C H A P T E R 5 Accessing the Switch
Accessing Switch Agents
To have access to the SNMP agent in the routing switch, at least one VLAN must have an IP address assigned to it.
For more information on assigning IP addresses, refer to Table 5.3 on page 44.
Supported MIBs
Along with private MIBs, the routing switch supports the MIBs listed in "Technical Specifications and Supported Limits" on page
431.
Configuring SNMP Settings
You can configure the following SNMP parameters on the routing switch:
Authorized trap receiversAn authorized trap receiver can be
one or more network management stations on your network. The switch sends SNMP traps to all trap receivers. You can have a maximum of 16 trap receivers configured for each switch. .
SNMP read accessThe ability to read SNMP information can
be restricted through the use of an access profile. An access profile permits or denies a named list of IP addresses and subnet masks.
To configure SNMP read access to use an access profile, use the command:
configure snmp access-profile readonly [<access_profile> | none]
Use the none option to remove a previously configured access profile.
SNMP read/write accessThe ability to read and write SNMP
information can be restricted through the use of an access profile. An access profile permits or denies a named list of IP addresses and subnet masks.
To configure SNMP read/write access to use an access profile, use the command:
configure snmp access-profile readwrite [<access_profile> | none]
Use the none option to remove a previously configured access profile.
63
®
Intel
NetStructure480T Routing Switch User Guide
Community stringsAllows a simple method of authentication
System contact (optional)A text field where you can enter the
System nameThe name you have assigned to this switch. The
System location (optional)Use this to enter an optional
Table 5.8 describes SNMP configuration commands. Press the Tab key in the command line interface for more command options.
between the 480T routing switch and the remote Network Manager. There are two types of community strings on the switch. Read community strings provide read-only access to the switch. The default read-only community string is community strings provide read and write access to the switch. The default read-write community string is eight community strings can be configured on the switch. The community string for all authorized trap receivers must be configured on the switch for the trap receiver to receive switch­generated traps. SNMP community strings can contain up to 127 characters.
name of the person(s) responsible for managing the switch.
default name is
location for this switch.
switch480T.
public. Read-write
private. A total of
Table 5.8: SNMP Configuration Commands
Command Description
configure snmp access-profile readonly [<access_profile> | none]
configure snmp access-profile readwrite [<access_profile> | none]
configure snmp add trapreceiver <ipaddress> community <string>
Assigns an access profile that limits which stations have read-only access to the switch.
Assigns an access profile that limits which stations have read-write access to the switch.
Adds the IP address of a specified trap receiver. The IP address can be a unicast, multicast, or broadcast address. A maximum of 16 trap receivers is allowed.
64
C H A P T E R 5 Accessing the Switch
Table 5.8: SNMP Configuration Commands (continued)
Command Description
configure snmp community [readonly | readwrite] {encrypted} <string>
Adds an SNMP read or read/write community string. The default string is
public. The default readwrite
community string is
readonly community
private. Each
community string can have a maximum of 127 characters, and can be enclosed by double quotation marks.
configure snmp delete trapreceiver [<ip_address> community <string> | all]
Deletes the IP address of a specified trap receiver or all authorized trap receivers.
configure snmp syscontact <string> Configures the name of the system contact. A
maximum of 255 characters is allowed.
configure snmp syslocation <string> Configures the location of the switch. A
maximum of 255 characters is allowed.
configure snmp sysname <string> Configures the name of the switch. A
maximum of 32 characters is allowed. The default sysname is the model name of the device (for example,
sysname appears in the switch prompt.
switch480T). The
disable snmp access Disables SNMP access on the switch.
Disabling SNMP access does not affect the SNMP configuration (for example, community strings).
disable snmp traps Prevents SNMP traps from being sent from
the switch. This does not clear the SNMP trap receivers that have been configured.
enable snmp access Enables SNMP support.
enable snmp traps Enables SNMP trap support.
unconfigure management Restores default values to all SNMP-related
entries.
65
®
Intel
NetStructure 480T Routing Switch User Guide
Displaying SNMP Settings
To display the SNMP settings configured on the routing switch, use this command:
show management
This command displays the following information:
Enable/disable state for Telnet, SNMP, and Web access, along
SNMP community strings
Authorized SNMP station list
SNMP trap receiver list
RMON polling configuration
Login statistics
SNMP enhancements allow the ifMIB to display the port number for physical ports and VLAN name for the VLANs index.
with access profile information
You cannot configure RADIUS and TACACS+ at the same time.
66
Authenticating Users
The routing switch uses two methods to authenticate users who login to the switch:
RADIUS§ client
TACACS+ (Terminal Access Controller Access Control System
Plus)
RADIUS Client
Remote Authentication Dial In User Service (RADIUS, RFC 2138) allows you to authenticate and centrally administer access to network nodes. The 480T routing switch RADIUS client implementation enables authentication for Telnet, Web interface, or console access to the switch.
You can define a primary and secondary RADIUS® server for the routing switch to contact.
When a user attempts to log on to the switch using Telnet, HTTP, or the console, the request is relayed to the primary RADIUS server,
C H A P T E R 5 Accessing the Switch
and then to the secondary RADIUS server, if the primary does not respond.
If the RADIUS client is enabled, but access to the RADIUS primary and secondary servers fail, the routing switch uses its local database for authentication.
The privileges assigned to the user (admin versus non-admin) at the RADIUS server take precedence over the configuration in the local switch database.
Per-Command Authentication Using RADIUS
Use RADIUS to perform per-command authentication. Per­command authentication allows you to define several levels of user capabilities that determine which set of commands the user has access to based on the RADIUS username and password.
There is no need to configure any additional switch parameters to take advantage of this capability. The RADIUS server implementation automatically negotiates the per-command authentication capability with the switch.
Configuring RADIUS Client
You can define primary and secondary server communication information. Also for each RADIUS server, you can specify the RADIUS port number to use when talking to the RADIUS server. The default port value is 1645. The client IP address is the IP address used by the RADIUS server for communicating with the 480T routing switch.
RADIUS commands are described in Table 5.9. Press the Tab key in the command line interface for more command options.
67
®
Intel
NetStructure 480T Routing Switch User Guide
Table 5.9: RADIUS® Commands
Command Description
configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress>
configure radius [primary | secondary] shared-secret {encrypted} <string>
configure radius-accounting [primary | secondary] shared-secret {encrypted} <string>
Configures the primary and secondary RADIUS
§
server. Specify the following:
[primary | secondary]Either the primary or secondary RADIUS server.
[<ipaddress> | <hostname>]—The IP
address or host name of the server being configured.
<udp_port>—The UDP port to use to
contact the RADIUS server. The default UDP port setting is 1645.
client-ip <ipaddress>The IP address
used by the switch to identify itself when communicating with the RADIUS server.
The RADIUS server defined by this command is used for user-name authentication and CLI command authentication.
Configures the authentication string used to communicate with the RADIUS server.
Configures the authentication string used to communicate with the RADIUS accounting server.
disable radius Disables the RADIUS client.
disable radius-accounting Disables RADIUS accounting.
68
C H A P T E R 5 Accessing the Switch
Table 5.9: RADIUS® Commands (continued)
Command Description
configure radius-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress>
Configures the RADIUS accounting server. Specify the following:
[primary | secondary]Either the
primary or secondary RADIUS server.
[<ipadress> | <hostname>]—The IP
address or host name of the server being configured.
<udp_port>—The UDP port to use to
contact the RADIUS server. The default UDP port setting is 1646.
client-ip <ipaddress>The IP address
used by the switch to identify itself when communicating with the RADIUS server.
The accounting server and the RADIUS authentication server can be the same.
enable radius Enables the RADIUS client. When enabled, all
Web and CLI logins are sent to the RADIUS servers for authentication. When used with a RADIUS server that supports routing switch CLI authorization, each CLI command is sent to the RADIUS server for authentication before it is executed.
enable radius-accounting Enables RADIUS accounting. The RADIUS
client must also be enabled.
show radius Displays the current RADIUS and RADIUS
accounting client configuration and statistics.
show radius-accounting Displays the current RADIUS accounting
client configuration and statistics.
69
®
Intel
NetStructure 480T Routing Switch User Guide
RADIUS RFC 2138 Attributes
The RADIUS RFC 2138 optional attributes supported are:
User-Name
User-Password
Service-Type
Login-IP-Host
Configuring TACACS+
Terminal Access Controller Access Control System Plus (TACACS+) is a means for providing authentication, authorization, and accounting on a centralized server, similar in function to a RADIUS client.
The routing switch version of TACACS+ is used to authenticate prospective users who are attempting to administer the switch. TACACS+ is used to communicate between the switch and an authentication database.
You cannot use TACACS+ and RADIUS at the same time.
70
You can configure two TACACS+ servers, specifying the primary server address, secondary server address, and UDP port number to be used for TACACS+ sessions.
Table 5.10 describes the commands that are used to configure TACACS+. Press the Tab key in the command line interface for more command options.
C H A P T E R 5 Accessing the Switch
Table 5.10: TACACS+ Commands
Command
configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress>
configure tacacs [primary | secondary] shared-secret {encrypted} <string>
configure tacacs-accounting [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>} client-ip <ipaddress>
Description
Configures the server information for a TACACS+ server. Specify the following:
primary | secondarySpecifies primary or secondary server configuration. To remove a server, use the address
0.0.0.0.
<ipaddress> | <hostname>The IP
address or hostname of the TACACS+ server.
<udp_port>—Optionally specifies the
UDP port to be used.
client-ip—Specifies the IP address used
by the switch to identify itself when communicating with the TACACS+ server.
Configures the shared secret string used to communicate with the TACACS+ server.
Configures the TACACS+ accounting server. You can use the same server for accounting and authentication.
configure tacacs-accounting [primary | secondary] shared-secret {encrypted} <string>
Configures the shared secret string used to communicate with the TACACS+ accounting server.
disable tacacs Disables TACACS+.
disable tacacs-accounting Disables TACACS+ accounting.
disable tacacs-authorization Disables CLI command authorization.
enable tacacs Enables TACACS+. Once enabled, all Web
and CLI logins are sent to one of the two TACACS+ servers for login name authentication and accounting.
71
®
Intel
NetStructure 480T Routing Switch User Guide
Table 5.10: TACACS+ Commands (continued)
Command
enable tacacs-accounting Enables TACACS+ accounting. If accounting
enable tacacs-authorization Enables CLI command authorization. When
show tacacs Displays the current TACACS+ configuration
show tacacs-accounting Displays the current TACACS+ accounting
unconfigure tacacs {server [primary | secondary]}
unconfigure tacacs-accounting {server [primary | secondary]}
Description
is used, the TACACS+ client must also be enabled.
enabled, each command is transmitted to the remote TACACS+ server for authorization before the command is executed.
and statistics.
client configuration and statistics.
Unconfigures the TACACS+ client configuration.
Unconfigures the TACACS+ accounting client configuration.
Simple Network Time Protocol (SNTP)
Therouting switch supports the client portion of the Simple Network Time Protocol (SNTP) Version 3 based on RFC1769. The switch can use SNTP to update and synchronize its internal clock from a Network Time Protocol (NTP) server.
When SNTP is enabled, the switch sends out a periodic query to the indicated NTP server, or the switch listens to broadcast NTP updates. The routing switch also supports the configured setting for Greenwich Mean time (GMT) offset and the use of daylight saving time.
72
C H A P T E R 5 Accessing the Switch
Configuring and Using SNTP
To use SNTP: 1 Identify the host(s) that are configured as NTP server(s). 2 Identify the preferred method for obtaining NTP updates.
The options are for the NTP server to send out broadcasts, or for switches using NTP to query the NTP server(s) directly. A combination of both methods is possible.
3 Configure the Greenwich Mean Time (GMT) offset and day-
light saving time preference. NTP updates are distributed using GMT time.
To properly display the local time in logs and other timestamp information, the switch should be configured with the appropriate offset to GMT based on geographical location. Table 5.11 describes GMT offsets.
The command syntax to configure GMT offset and usage of daylight saving time is as follows:
configure timezone <GMT_offset> {autodst | noautodst}
The GMT_OFFSET is in +/
- minutes from the GMT time. You can enable or disable Automatic daylight saving time (DST) changes. The default setting is enabled.
4 Enable the SNTP client using this command:
enable sntp-client
Once enabled, the switch sends out a periodic query to the NTP servers (if configured) or listens to broadcast NTP updates from the network. The network time information is automatically saved in the on-board real-time clock.
5 If you would like this switch to use a directed query to the
NTP server, configure the switch to use the NTP server(s). If the switch listens to NTP broadcasts, skip this step. To config­ure the 480T routing switch to use a directed query, use this command:
configure sntp-client [primary | secondary] server [<ip_address> | <hostname>]
NTP queries are first sent to the primary server. If the primary server does not respond within one second, or if it is not synchronized, the switch queries the secondary server (if configured).
73
®
Intel
NetStructure 480T Routing Switch User Guide
If the switch cannot obtain the time, it restarts the query process. Otherwise, the switch waits for the
update interval
6 Optionally, you can change the interval for which the SNTP
client updates the real-time clock of the switch using this com­mand:
configure sntp-client update-interval <seconds>
The default sntp-client update-interval value is 64
7 You can verify the configuration using these commands:
show sntp-client
8 This command provides configuration and statistics associ-
ated with SNTP and its connectivity to the NTP server:
show switch
This command indicates the GMT offset, daylight saving time, and the current local time.
Table 5.11: Greenwich Mean Time Offsets
sntp-client
before querying again.
GMT Offset in Hours
+0:00 +0 GMT - Greenwich Mean
GMT Offset in Minutes
Common Time Zone References Geographical Reference
London, England; Dublin, UT or UTC - Universal (Coordinated) WET - Western European
Ireland; Edinburgh, Scotland;
Lisbon, Portugal; Reykjavik,
Iceland; Casablanca, Morocco
-1:00 -60 WAT - West Africa Cape Verde Islands
-2:00 -120 AT - A zore s Mid-Atlantic
-3:00 -180 Brasilia, Brazil; Buenos Aires, Argentina; Georgetown, Guyana;
-4:00 -240 AST - Atlantic Standard Caracas, La Paz
-5:00 -300 EST - Eastern Standard Bogota, Columbia; Lima, Peru; New York, NY, USA;
74
Loading...