Sun Microsystems Netra CP3240 User Manual

Download

Sun Netra™CP3240 Switch

User’s Guide

Sun Microsystems, Inc. www.sun.com

Part No. 820-3252-11 April 2009, Revision 01

Submit comments about this document at: http://www.sun.com/hwdocs/feedback

This distributionmay includematerials developedby third parties.

Parts ofthe product maybe derivedfrom Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademarkin the U.S.and inother countries,exclusively licensedthrough X/Open Company, Ltd.

Sun, SunMicrosystems, the Sun logo, Netra, Sun Ray, the Netra logo and the Solaris logo are trademarks or registered trademarks of Sun Microsystems, Inc., or its subsidiaries, in the U.S. and other countries.

All SPARC trademarks are usedunder licenseand are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearingSPARC trademarks arebased uponarchitecture developed by Sun Microsystems,Inc.

Use ofany spare orreplacement CPUs is limited to repair or one-for-one replacementof CPUsin products exported in compliance with U.S. export laws.Use ofCPUs asproduct upgrades unless authorized by the U.S. Government is strictly prohibited.

DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Cette distributionpeut comprendre des composants développés par des tierces parties.

Des partiesde ceproduit pourront être dérivées des systèmes Berkeley BSD licenciés par l’Université de Californie. UNIX est une marque déposée auxEtats-Unis etdans d’autres payset licenciéeexclusivement parX/Open Company, Ltd.

Sun, SunMicrosystems, le logo Sun, Netra, Sun Ray, le logo Netra et le logo Solaris sont des marques de fabrique ou des marquesdéposées de Sun Microsystems, Inc.,ou sesﬁliales, auxEtats-Unis etdans d’autres pays.

Toutes les marquesSPARC sont utiliséessous licenceet sontdes marques de fabrique ou des marques déposéesde SPARC International,Inc. aux Etats-Uniset dansd’autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc.

L’utilisationde piecesdetachees oud’unites centralesde remplacement est limitee aux reparationsou al’echange standard d’unites centrales pour lesproduits exportes, conformement a la legislation americaine en matiere d’exportation. Sauf autorisation par les autorites des EtatsUnis, l’utilisationd’unites centralespour proceder ades misesa jourde produits estrigoureusement interdite.

LA DOCUMENTATION EST FOURNIE "EN L’ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEEPAR LA LOIAPPLICABLE, YCOMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU A L’ABSENCE DE CONTREFACON.

Please

Recycle

Please

Recycle

Contents

Preface xxix

1. Getting Started 1

Default Settings 2

Initial Configuration 2

▼ Obtain Configuration Information 3

In-band and Out-of-band Connectivity 3

Initial Access Configuration 3

MGMT Serial Configuration 3

Configuring for In-band Connectivity 4

▼ Using DHCP 5

▼ Using a Static IP 6

Configuring for Out-Of-Band Connectivity 6

▼ Using DHCP 7

▼ Using a Static IP 7

Saving Settings 8

Quick Start 8

System Information and System Setup 9

Quick Startup Software Version Information 10

Quick Startup Physical Port Data 10

Quick Startup User Account Management 11

Quick Startup IP Address 12

Quick Startup Uploading from Networking Device to TFTP Server 13

Quick Startup Downloading from TFTP Server 13

Quick Startup Factory Defaults 14

2. Using the Command-Line Interface 15

Command Syntax 16

Command Conventions 16

Parameter Conventions 17

Parameter Values 18

Slot/Port Naming Convention 19

‘No’ Form of a Command 20

Command Modes 20

Mode-Based Topology 23

Mode-Based Command Hierarchy 25

User Exec Mode 25

Privileged Exec Mode 25

Global Config Mode 25

VLAN Mode 29

Operation Flow 29

Command Completion and Abbreviation 30

CLI Error Messages 31

CLI Line-Editing Conventions 31

Using CLI Help 32

Accessing the CLI 34

Comments 34

3. Using the Web Interface 35

vi Sun Netra CP3240 Switch User’s Guide • April 2009

Configuring for Web Access 36

▼ To Configure for Web Access 36

Starting the Web Interface 37

Web Page Layout 38

Configuring an SNMP V3 User Profile 41

Command Buttons 42

4. Establishing Management Security 43

Certificate Generation 44

Configuring Secure Shell 45

Configuring Secure Socket Layer 46

Using Certificate Generation Scripts 47

SSH sshKeygen.sh 47

SSL pemCreate.sh 47

SSL root.cnf49

SSH server.cnf 51

5. Configuring Virtual LANs 53

VLAN Configuration Example 54

CLI Examples 56

Example 1: Create Two VLANs 56

Example 2: Assign Ports to VLAN2 56

Example 3: Assign Ports to VLAN3 57

Example 4: Assign VLAN3 as the Default VLAN 57

Example 5: Assign IP Addresses to VLAN 2 58

Web Interface 58

Private Edge VLANs 59

CLI Example 59

Example 1: Switchport Protected 59

Contents vii

Example 2: Show Switchport Protected 59

6. Configuring Port Channels by Link Aggregation 61

Using the Link Aggregation Feature 62

Configuring Link Aggregation via CLI 63

CLI Example 1: Create Two Port Channels 64

CLI Example 2: Add Physical Ports to the Port Channels 65

CLI Example 3: Enable Both Port Channels 65

Configuring Link Aggregation via Web Interface 66

7. Configuring Storm Control 67

Understanding Traffic Storms 68

CLI Examples 69

Example 1: Set Broadcast Storm Control for All Interfaces 69

Example 2: Set Multicast Storm Control for All Interfaces 70

Example 3: Set Unicast Storm Control for All Interfaces 70

8. Monitoring IGMP Snooping 71

CLI Examples 72

Example 1: show igmpsnooping 72

Example 2: show ip igmp Interface 73

Example 3: show mac-address-table igmpsnooping 73

Example 4: show ip igmp interface 74

Example 5: (Config) #ip igmp 74

Example 6: #show ip igmp 74

Example 7: (Interface 1/0/2) #ip igmp 75

Web Examples 76

9. Configuring Port Mirroring 85

Configuring Port Mirroring via CLI 86

viii Sun Netra CP3240 Switch User’s Guide • April 2009

Example 1: Set Up a Port Mirroring Session 86

Example 2: Show the Port Mirroring Session 86

Example 4: Show Status of Source and Destination Ports 87

Configuring Port Mirroring via Web Interface 88

10. Configuring Port Security 93

Port Security Benefits 94

Configuring Port Security via CLI 95

Example 1: show port security 95

Example 2: show port security on a Specific Interface 95

Example 3: (Config) port security 96

Configuring Port Security via Web Interfaces 96

11. Configuring Port Description 99

Configuring Port Description via CLI 100

Example 1: Enter a Description for a Port 100

Example 2: Show the Port Description 100

Configuring Port Description via the Web Interface 100

12. Configuring Link Layer Discovery Protocol 105

Configuring LLDP via CLI 106

Example 1: Set Global LLDP Parameters 106

Example 2: Set Interface LLDP Parameters 107

Example 3: Show Global LLDP Parameters 108

Example 4 Show Interface LLDP Parameters 108

Configuring LLDP via Web Interface 109

13. Configuring Denial of Service Attack Protection 113

Configuring Denial of Service via CLI 114

14. Configuring Port Routing 115

Contents ix

Understanding Port Routing 116

Configuring Port Routing via CLI 117

Example 1. Enabling Routing for the Switch 118

Example 2. Enabling Routing for Ports on the Switch 118

Configuring Port Routing via Web Interface 119

15. Configuring Routing Information Protocol 121

Understanding Routing Information Protocol 122

Configuring RIP via CLI 123

Example 1: Enable Routing for the Switch: 123

Example 2: Enable Routing for Ports 124

Example 3. Enable RIP for the Switch 124

Example 4. Enable RIP for Ports 1/0/2 and 1/0/3 125

Configuring RIP via Web Interface 125

16. Configuring Open Shortest Path First (OSPF) 127

Understanding Open Shortest Path First (OSPF) 128

Configuring OSPF via CLI 129

Example 1: Configuring an Inter-Area Router 129

Enable Routing for the Switch 130

Assign IP Addresses for Ports 130

Specify Router ID and Enable OSPF for the Switch 130

Enable and Configure OSPF for the Ports 131

Example 2: Configuring OSPF on a Border Router 131

Enable Routing for the Switch 133

Enable Routing and Assign IP for Ports 1/0/2, 1/0/3, and 1/0/4 133

Specify Router ID and Enable OSPF for the Switch 133

Enable OSPF for the Ports 134

Configuring OSPF via Web Interface 135

x Sun Netra CP3240 Switch User’s Guide • April 2009

Configuring an Inter-Area Router 135

Configuring a Border Router 135

17. Configuring VLAN Routing 137

Understanding VLAN Routing 138

Configuring VLAN Routing via CLI 138

Example 1: Create Two VLANs 139

Example 2: Set Up VLAN Routing for the VLANs and the Switch 140

Configuring VLAN Routing via Web Interface 141

Configuring VLAN Routing With RIP 142

Configuring VLAN With RIP via CLI 143

Example 1: Configuring VLAN Routing with RIP Support 143

Example 2: Enable RIP for the Switch 145

Configuring VLAN Routing with RIP via Web Interface 146

Configuring VLAN Routing With OSPF 146

Configuring VLAN Routing With OSPF via CLI 147

Example 1: OSPF on FASTPATH as an Inter-area Router 147

Example 2: Specify the Router ID and Enable OSPF for the Switch 148

Configuring VLAN Routing via Web Interface 150

18. Configuring Virtual Router Redundancy Protocol 151

Configuring VRRP via CLI 152

Example 1: Configuring VRRP on FASTPATH as a Master Router 153

Example 2: Configuring VRRP on FASTPATH as a Backup Router 154

Configuring VRRP via Web Interface 155

19. Proxy Address Resolution Protocol (ARP) 157

Configuring Proxy ARP via CLI 158

Example 1: show ip interface 158

Example 2: ip proxy-arp 158

Contents xi

Configuring Proxy ARP via Web Interface 159

20. Configuring IGMP Proxy 161

Understanding IGMP Proxy 162

Configuring IGMP Proxy via CLI 163

Example 1: Configuring the Interface 163

Example 2: Set the Unsolicited Report Interval 163

Example 3: Reset the Host Interface Status Parameters 164

Example 4: Show IGMP Proxy Host Interfaces 164

Example 5: Show Detailed Listing of Host Interface Status 164

Example 6: Show IGMP Proxy Groups 165

Example 7: Show Detailed Information about IGMP Proxy Groups 165

21. Configuring Internet Protocol (IPv6) 167

Understanding PPv6 168

Using IPv6 Configurations 169

Configuring IPv6 via CLI 170

22. Configuring Access Control Lists (ACLs) 173

Understanding Access Control Lists 174

Features 174

Limitations 175

MAC ACLs 175

IP ACLs 176

Configuring Access Control Lists 176

▼ To Configure ACLs 176

Setting Up an IP ACL via CLI 177

Example 1: Create ACL 179 and Define an ACL Rule 178

Example 2: Define the Second Rule for ACL 179 178

Example 3: Apply the rule to Inbound Traffic on Port 1/0/2 178

xii Sun Netra CP3240 Switch User’s Guide • April 2009

Setting Up a MAC ACL via CLI 179

Example 1: Set up a MAC Access List 180

Example 2: Specify MAC ACL Attributes 180

Example 3: Configure MAC Access Group 181

Example 4: Set up an ACL with Permit Action 183

Example 5: Show MAC Access Lists 184

Setting Up ACLs via Web Interface 185

23. Configuring Class of Service Queuing 195

Understanding Class of Service (CoS) 196

Ingress Port Configurations 197

Trusted and Untrusted Ports/CoS Mapping Table 197

CoS Mapping Table for Trusted Ports 197

Egress Port Configurations 198

Queue Configurations 198

Configuring CoS Mapping and Queues via CLI 199

Configuring CoS Mapping and Queues via Web Interface 203

24. Configuring Differentiated Services 211

Understanding Differentiated Services (DiffServ) 212

Configuring Differentiated Services via CLI 214

Enabling DiffServ Inbound 215

Configuring DiffServ on FASTPATH Software 216

Configuring Differentiated Services via Web Interface 217

Configuring DiffServ for Voice Over IP (VoIP) 230

25. Configuring Network Access Control 235

Understanding Port-Based Network Access Control 236

Configuring Network Access Control 237

Contents xiii

26. Configuring RADIUS 239

Authenticating Users Through RADIUS 240

Configuring RADIUS 241

27. Configuring Access Control for Networked Devices 243

Understanding the Terminal Access Controller Access Control System 244

Configuring Access Control for Networked Devices 245

28. Configuring DHCP Filtering 247

Understanding Dynamic Host Configuration Protocol (DHCP) Filtering 248

Configuring DHCP Filtering 249

Example 1: Enable DHCP Filtering for the Switch 249

Example 2: Enable DHCP Filtering for an Interface 249

Example 3: Show DHCP Filtering Configuration 250

29. Configuring Traceroute 251

Configuring Traceroute 252

30. Generating Script Files 253

Understanding Configuration Scripting 254

Configuring Scripting 255

Example 1: script 255

Example 2: script list and script delete 255

Example 3: script apply running-config.scr 256

Example 4: show running-config 256

Example 5: copy nvram: script 257

Example 6: script validate running-config.scr 257

Example 7: Validate Another Configuration Script 258

31. Establishing an Outbound Telnet Connection 259

Configuring a Telnet Connection via CLI 260

xiv Sun Netra CP3240 Switch User’s Guide • April 2009

Example 1: show network 260

Example 2: show telnet 261

Example 3: transport output telnet 261

Example 4: session-limit and session-timeout 262

Configuring a Telnet Connection via Web Interface 262

32. Creating a Pre-Login Banner 265

Creating a Pre-login Banner via CLI 266

▼ To Create a Pre-Login Banner 266

Removing a Pre-login Banner via CLI 267

33. Configuring Simple Network Time Protocol (SNTP) 269

Configuring SNTP via CLI 270

Example 1: show sntp 270

Example 2: show sntp client 270

Example 3: show sntp server 271

Example 4: configure sntp 271

Example 5: configure sntp client mode 272

Example 6: configuring sntp server 272

Example 7: configure sntp client port 272

Configuring SNTP via Web Interface 273

34. Storing and Collecting Message Logs with Syslog 277

Configuring Syslog via CLI 278

Example 1: show logging 278

Example 2: show logging buffered 279

Example 3: show logging traplogs 280

Example 4: show logging hosts 280

Example 5: logging port configuration 281

Configuring Syslog via Web Interface 283

Contents xv

Interpreting Log Files 285

Index 287

xvi Sun Netra CP3240 Switch User’s Guide • April 2009

Figures

FIGURE 2-1 Mode-based CLI 24

FIGURE 3-1 Web Interface Panel-Example 37

FIGURE 3-2 Web Interface Panel-Example 39

FIGURE 3-3 Configuring an SNMP V3 User Profile 39

FIGURE 5-1 VLAN Example Network Diagram 55

FIGURE 6-1 LAG Port Channel Example Network Diagram 63

FIGURE 8-1 IGMP Snooping - Global Configuration and Status Page 77

FIGURE 8-2 IGMP Snooping - Interface Configuration Page 77

FIGURE 8-3 IGMP Snooping VLAN Configuration 78

FIGURE 8-4 IGMP Snooping - VLAN Status Page 79

FIGURE 8-5 IGMP Snooping - Multicast Router Statistics Page 79

FIGURE 8-6 IGMP Snooping - Multicast Router Configuration Page 80

FIGURE 8-7 IGMP Snooping - Multicast Router VLAN Statistics Page 81

FIGURE 8-8 IGMP Snooping - Multicast Router VLAN Configuration Page 82

FIGURE 9-1 Multiple Port Mirroring 89

FIGURE 9-2 Multiple Port Mirroring - Add Source Ports 89

FIGURE 9-3 Multiple Port Mirroring 90

FIGURE 9-4 System - Port Summary 91

FIGURE 9-5 92

FIGURE 10-1 Port Security Administration 96

xvii

FIGURE 10-2 Port Security Interface Configuration 96

FIGURE 10-3 Port Security Dynamically Learned MAC Addresses 97

FIGURE 10-4 Port Security Violation Status 97

FIGURE 10-5 98

FIGURE 11-1 Port Security Administration 101

FIGURE 11-2 Port Security Interface Configuration 101

FIGURE 11-3 Port Security Dynamically Learned MAC Addresses 102

FIGURE 11-4 Port Security Violation Status 102

FIGURE 11-5 103

FIGURE 12-1 LLDP Global Configuration 109

FIGURE 12-2 LLDP Interface Configuration 110

FIGURE 12-3 LLDP Interface Summary 111

FIGURE 12-4 LLDP Statistics 111

FIGURE 12-5 112

FIGURE 14-1 Port Routing Example Network Diagram 117

FIGURE 15-1 Port Routing Example Network Diagram 123

FIGURE 16-1 SPF Example Network Diagram: Inter-area Router 129

FIGURE 16-2 OSPF Example Network Diagram: Border Router 132

FIGURE 17-1 VLAN Routing Example Network Diagram 139

FIGURE 17-2 RIP for VLAN Routing Example Network Diagram 143

FIGURE 18-1 VRRP Example Network Configuration 152

FIGURE 19-1 ARP Create 159

FIGURE 19-2 ARP Table Configuration 159

FIGURE 19-3 160

FIGURE 21-1 IPv6 Example 170

FIGURE 22-1 IP ACL Example Network Diagram 177

FIGURE 22-2 MAC ACL Configuration Page - Create New MAC ACL 185

FIGURE 22-3 MAC ACL Configuration Page 185

FIGURE 22-4 MAC ACL Summary 186

FIGURE 22-5 MAC ACL Rule Configuration - Create New Rule 186

xviii Sun Netra CP3240 Switch User’s Guide • April 2009

FIGURE 22-6 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask 187

FIGURE 22-7 MAC ACL Rule Configuration Page - View the Current Settings 188

FIGURE 22-8 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask 188

FIGURE 22-9 MAC ACL Rule Configuration Page - Add Destination MAC and MAC Mask 189

FIGURE 22-10 ACL Interface Configuration 190

FIGURE 22-11 IP ACL Configuration Page - Create a New IP ACL 190

FIGURE 22-12 IP ACL Configuration Page - Create a Rule and Assign an ID 191

FIGURE 22-13 IP ACL Configure IP ACL Rule Properties 191

FIGURE 22-14 IP ACL Rule Configuration Page - Rule with Protocol and Source IP Configuration 192

FIGURE 22-15 Attach IP ACL to an Interface 193

FIGURE 22-16 IP ACL Summary 193

FIGURE 23-1 CoS Mapping and Queue Configuration 200

FIGURE 23-2 CoS Configuration Example System Diagram 201

FIGURE 23-3 CoS Trust Mode Configuration Page 203

FIGURE 23-4 802.1p Priority Mapping Page 203

FIGURE 23-5 IP Precedence Mapping Configuration Page 204

FIGURE 23-6 IP DSCP Mapping Configuration Page 204

FIGURE 23-7 CoS Interface Configuration Page 206

FIGURE 23-8 CoS Interface Queue Configuration Page 207

FIGURE 23-9 CoS Interface Queue Status Page 208

FIGURE 24-1 DiffServ Internet Access Example Network Diagram 214

FIGURE 24-2 DiffServ Configuration 217

FIGURE 24-3 \DiffServ Class Configuration 217

FIGURE 24-4 DiffServ Class Configuration 218

FIGURE 24-5 Source IP Address 219

FIGURE 24-6 DiffServ Class Configuration 220

FIGURE 24-7 DiffServ Class Summary 221

FIGURE 24-8 DiffServ Policy Configuration 222

FIGURE 24-9 DiffServ Policy Configuration 223

FIGURE 24-10 DiffServ Policy Class Definition 224

Figures xix

FIGURE 24-11 Assign Queue 225

FIGURE 24-12 DiffServ Policy Attribute Summary 226

FIGURE 24-13 DiffServ Policy Attribute Summary 227

FIGURE 24-14 DiffServ Service Configuration 228

FIGURE 24-15 DiffServ Service Summary 229

FIGURE 24-16 DiffServ VoIP Example Network Diagram 229

FIGURE 25-1 FASTPATH with 802.1x Network Access Control 237

FIGURE 26-1 RADIUS Servers in a FASTPATH Network 241

FIGURE 27-1 FASTPATH with TACACS+ 245

FIGURE 31-1 Telnet Session Configuration 263

FIGURE 33-1 SNTP Global Configuration Page 273

FIGURE 33-2 SNTP Global Status Page 273

FIGURE 33-3 SNTP Server Configuration Page 274

FIGURE 33-4 SNTP Server Status Page 275

FIGURE 34-1 Log - Syslog Configuration Page 283

FIGURE 34-2 Log - Hosts Configuration Page - Add Host 283

FIGURE 34-3 Log - Hosts Configuration Page 284

xx Sun Netra CP3240 Switch User’s Guide • April 2009

Tables

TABLE 1-1 Quick Startup Software Version Information 10

TABLE 1-2 Quick Startup Physical Port Data 10

TABLE 1-3 Quick Startup User Account Management 11

TABLE 1-4 Quick Startup IP Address 12

TABLE 1-5 Quick Startup Uploading from Networking Device to TFTP Server 13

TABLE 1-6 Quick Startup Downloading from TFTP Server 13

TABLE 1-7 Quick Startup Factory Defaults 14

TABLE 2-1 Parameter Value Types 17

TABLE 2-2 Common Parameter Values 18

TABLE 2-3 Slot Types 19

TABLE 2-4 Port Types 19

TABLE 2-5 CLI Command Modes 21

TABLE 2-6 CLI Error Messages 31

TABLE 2-7 CLI Editing Conventions 31

xxi

xxii Sun Netra CP3240 Switch User’s Guide • April 2009

Code Examples

CODE EXAMPLE 4-1 SSH sshKeygen.sh Example 47

CODE EXAMPLE 4-2 SSL pemCreate.sh Example 47

CODE EXAMPLE 4-3 SSL root.cnf Example 49

CODE EXAMPLE 4-4 SSH server.cnf Example 51

CODE EXAMPLE 5-1 Creating Two VLANs 56

CODE EXAMPLE 5-2 Assigning Ports to VLAN2 56

CODE EXAMPLE 5-3 Assigning Ports to VLAN3 57

CODE EXAMPLE 5-4 Assigning VLAN3 as Default 57

CODE EXAMPLE 5-5 Assigning IP Addresses to VLAN2 58

CODE EXAMPLE 5-6 Protecting the Switchport 59

CODE EXAMPLE 6-1 Creating Two Port Channels 64

CODE EXAMPLE 6-2 Showing Port Channels 64

CODE EXAMPLE 6-3 Adding Ports to the Port Channels 65

CODE EXAMPLE 6-4 Enabling Both Port Channels 65

CODE EXAMPLE 7-1 Set Broadcast Storm Control for All Interfaces 69

CODE EXAMPLE 7-2 Set Multicast Storm Control for All Interfaces 70

CODE EXAMPLE 7-3 Set Unicast Storm Control for All Interfaces 70

CODE EXAMPLE 8-1 show igmpsnooping 72

CODE EXAMPLE 8-2 show ip igmp Interface 73

CODE EXAMPLE 8-3 show mac-address-table igmpsnooping 73

xxiii

CODE EXAMPLE 8-4 show ip igmp interface 74

CODE EXAMPLE 8-5 (Config) #ip igmp 74

CODE EXAMPLE 8-6 #show ip igmp 74

CODE EXAMPLE 8-7 (Interface 1/0/2) #ip igmp 75

CODE EXAMPLE 9-1 Setting Up a Port Mirroring Session 86

CODE EXAMPLE 9-2 Showing the Port Mirroring Session 86

CODE EXAMPLE 9-3 Showing Status of Source and Destination Ports 87

CODE EXAMPLE 10-1 show port security 95

CODE EXAMPLE 10-2 show port security on a Specific Interface 95

CODE EXAMPLE 10-3 (Config) port security 96

CODE EXAMPLE 11-1 Specifying Port Description 100

CODE EXAMPLE 11-2 show port description 100

CODE EXAMPLE 12-1 Setting Global LLDP Parameters 106

CODE EXAMPLE 12-2 Setting Interface LLDP Parameters 107

CODE EXAMPLE 12-3 Showing Global LLDP Parameters 108

CODE EXAMPLE 12-4 Showing Interface LLDP Parameters 108

CODE EXAMPLE 13-1 Configuring DoS via CLI 114

CODE EXAMPLE 14-1 Enabling Routing for the Switch 118

CODE EXAMPLE 14-2 Enabling Routing for Ports on the Switch 118

CODE EXAMPLE 15-1 Enable Routing for the Switch 123

CODE EXAMPLE 15-2 Enable Routing for the Ports 124

CODE EXAMPLE 15-3 Enable RIP for the Switch 124

CODE EXAMPLE 15-4 Enable RIP for Ports 1/0/2 and 1/0/3 125

CODE EXAMPLE 16-1 Enabling Routing for the Switch 130

CODE EXAMPLE 16-2 Assigning IP Addresses for Ports 130

CODE EXAMPLE 16-3 Specifying Router ID and Enabling OSPF for the Switch 130

CODE EXAMPLE 16-4 Enabling and Configuring OSPF for the Ports 131

CODE EXAMPLE 16-5 Enabling Routing for the Switch 133

CODE EXAMPLE 16-6 Enabling Routing and Assigning IP Ports 1/0/2, 1/0/3, and 1/0/4 133

CODE EXAMPLE 16-7 Specifying Router ID and Enabling OSPF for the Switch 133

xxiv Sun Netra CP3240 Switch User’s Guide • April 2009

CODE EXAMPLE 16-8 Enabling OSPF for the Ports 134

CODE EXAMPLE 17-1 Creating Two VLANs 139

CODE EXAMPLE 17-2 Enabling Routing for the VLANs 140

CODE EXAMPLE 17-3 Configuring IP Addresses and Subnet for the VLAN Ports 141

CODE EXAMPLE 17-4 Configuring VLAN Routing with RIP Support 143

CODE EXAMPLE 17-5 Enabling RIP for the Switch 145

CODE EXAMPLE 17-6 Configuring IP Addresses and Subnet Mask for Non-virtual Router Port 145

CODE EXAMPLE 17-7 Enabling RIP for VLAN Router Ports 145

CODE EXAMPLE 17-8 Creating VLANs and Enabling VLAN Routing on an Inter-area Router With

OSPF 147

CODE EXAMPLE 17-9 Speciying Router ID 148

CODE EXAMPLE 17-10 Enabling OSPF for the VLAN and Router Ports 149

CODE EXAMPLE 17-11 Set OSPF Priority and Cost for the VLAN and Router Ports 149

CODE EXAMPLE 18-1 Enabling Routing for the Switch 153

CODE EXAMPLE 18-2 Configuring IP Addresses and Subnet Masks 153

CODE EXAMPLE 18-3 Enabling VRRP for the Switch 153

CODE EXAMPLE 18-4 Assinging a Virtual Router to the Port 153

CODE EXAMPLE 18-5 Specifying IP Address for Virtual Router 153

CODE EXAMPLE 18-6 Enabling VRRP on the Port 154

CODE EXAMPLE 18-7 Enabling Routing for the Switch 154

CODE EXAMPLE 18-8 Configuring IP Addresses and Subnet Masks 154

CODE EXAMPLE 18-9 Enabling VRRP for the Switch 154

CODE EXAMPLE 18-10 Assigning a Virtual Router to the Port 154

CODE EXAMPLE 18-11 Specifying the IP Address for the Virtual Router 155

CODE EXAMPLE 18-12 Setting Port Priority 155

CODE EXAMPLE 18-13 Enabling VRRP on the Port 155

CODE EXAMPLE 19-1 show ip interface 158

CODE EXAMPLE 19-2 ip proxy-arp 158

CODE EXAMPLE 20-1 Configuring the Interface 163

CODE EXAMPLE 20-2 Setting Unsolicited Report Interval 163

Code Examples xxv

CODE EXAMPLE 20-3 Resetting Host Interface Status Parameters 164

CODE EXAMPLE 20-4 Showing IGMP Proxy Host Interfaces 164

CODE EXAMPLE 20-5 Showing Host Interface Status 164

CODE EXAMPLE 20-6 Showing IGMP Proxy Groups 165

CODE EXAMPLE 20-7 Showing Detailed Information About Proxy Groups 165

CODE EXAMPLE 21-1 Device 1 170

CODE EXAMPLE 21-2 Device 2 171

CODE EXAMPLE 22-1 Set Up a MAC Access Label 180

CODE EXAMPLE 22-2 Specify MAC ACL Attributes 180

CODE EXAMPLE 22-3 Configure MAC Access Group 181

CODE EXAMPLE 22-4 Set Up ACL with Permit Action 183

CODE EXAMPLE 22-5 Show MAC Access Lists 184

CODE EXAMPLE 23-1 Configuring Ingress 201

CODE EXAMPLE 23-2 Configuring Egress 202

CODE EXAMPLE 24-1 Creating a Diffserv Class Type All 215

CODE EXAMPLE 24-2 Creating a Diffserv Policy for Inbound Traffic 215

CODE EXAMPLE 24-3 Attaching the Policy to Interfaces 216

CODE EXAMPLE 24-4 Setting CoS Queue for Egress 216

CODE EXAMPLE 24-5 Setting Queue on All Ports 232

CODE EXAMPLE 24-6 Creating a Diffserv Classifier 232

CODE EXAMPLE 24-7 Creating a Second Diffserv Classifier 232

CODE EXAMPLE 24-8 Creating a Diffserv Policy 232

CODE EXAMPLE 24-9 Attaching the Policy to Inbound Interface 234

CODE EXAMPLE 25-1 Configuring 802.1x Port Access Control 238

CODE EXAMPLE 26-1 Configuring RADIUS for Authentication of Users 242

CODE EXAMPLE 27-1 Configuring Access Control for Networked Devices 246

CODE EXAMPLE 29-1 Configuring Traceroute 252

CODE EXAMPLE 30-1 script Command 255

CODE EXAMPLE 30-2 script list and script delete Commands 255

CODE EXAMPLE 30-3 script apply running-config.scr Command 256

xxvi Sun Netra CP3240 Switch User’s Guide • April 2009

CODE EXAMPLE 30-4 show running-config Command 256

CODE EXAMPLE 30-5 copy nvram: script Command 257

CODE EXAMPLE 30-6 script validate running-config.scr Command 257

CODE EXAMPLE 30-7 script validate default.scr Command 258

CODE EXAMPLE 31-1 show network Command 260

CODE EXAMPLE 31-2 show telnet Command 261

CODE EXAMPLE 31-3 transport output telnet Command 261

CODE EXAMPLE 31-4 session-limit and session-timeout Commands 262

CODE EXAMPLE 32-1 Creating a Pre-login Banner 266

CODE EXAMPLE 33-1 show sntp Command 270

CODE EXAMPLE 33-2 show sntp client 270

CODE EXAMPLE 33-3 show sntp server Command 271

CODE EXAMPLE 33-4 Configure sntp Command 271

CODE EXAMPLE 33-5 sntp client mode broadcast Command 272

CODE EXAMPLE 33-6 Configure sntp server Command 272

CODE EXAMPLE 33-7 Configure sntp client port Command 272

CODE EXAMPLE 34-1 show logging Command 278

CODE EXAMPLE 34-2 show logging buffered Command 279

CODE EXAMPLE 34-3 show logging traplogs Command 280

CODE EXAMPLE 34-4 show logging hosts Command 280

CODE EXAMPLE 34-5 Logging Port Configuration Commands 281

Code Examples xxvii

xxviii Sun Netra CP3240 Switch User’s Guide • April 2009

Preface

This document provides information and instructions for using the configuration options of the Netra CP3240 switch. This document shows examples of the use of the Netra CP3240 switch in a typical network. It describes the uses and advantages of functions provided by the switch, and includes information on configuring those functions using CLI and Web interfaces.

The Netra CP3240 switch can operate as a Layer 2 switch, a Layer 3 router, or a combination switch/router. The switch also includes support for network management and Quaility of Service functions such as Access Control Lists and Differientiated Services. The functions you choose to activate will depend on the size and complexity of your network.

This document illustrates configuration for the following functions:

■ switching

■ routing

■ Quality of Service (QoS)

■ management

Before You Read This Document

This document is intended for use by the following users:

■ Experienced system administrators (SAs) who are responsible for configuring and

operating a network using

■ Engineers who will be integrating the Netra CP3240 switch into an

AdvancedTCA system.

■ Level 1 and/or Level 2 support providers.

Netra CP3240 switches.

xxix

Typographic Conventions

Typeface

AaBbCc123 The names of commands, files,

AaBbCc123 What you type, when contrasted

AaBbCc123 Book titles, new words or terms,

* The settings on your browser might differ from these settings.

Meaning Examples

and directories; on-screen computer output

with on-screen computer output

words to be emphasized. Replace command-line variables with real names or values.

Edit your.login file. Use ls -a to list all files. % You have mail.

% Password:

Read Chapter 6 in the User’s Guide.

These are called class options.

You must be superuser to do this. To delete a file, type rm filename.

xxx Sun Netra CP3240 Switch User’s Guide • April 2009

Related Documentation

The following table lists the documentation for this product. The online documentation is available at:

http://docs.sun.com/app/docs/prod/cp3240.switch?l=en#hic

Application Title Part Number Format Location

Latest information

Ponter doc Sun Netra CP3240 Switch Getting

Installation Sun Netra CP3240 Switch

Reference Sun Netra CP3240 Switch Software

Safety Sun Netra CP3x40 Switch Safety

Sun Netra CP3x40 Switch Product Notes

Started Guide

Installation Guide

Reference Manual

and Compliance Manual

820-3260-xx PDF Online

820-3254-xx Printed Shipping Kit

820-3251-xx PDF Online

820-3253-xx PDF Online

820-3505-xx PDF Online

The following table lists the documentation that is related to this product. The online documentation is available at:

http://docs.sun.com/app/docs/prod/n900.srvr#hic

Application Title Part Number Format Location

Latest information

Pointer Doc Netra CT 900 Server Getting Started

Netra CT 900 Server Product Notes 819-1180-xx PDF Online

819-1173-xx Printed Shipping kit

Guide

Overview Netra CT 900 Server Overview 819-1174-xx PDF Online

Installation Netra CT 900 Server Installation

Guide

Service Netra CT 900 Server Service Manual 819-1176-xx PDF Online

Administration Netra CT 900 Server Administration

and Reference Manual

Programming Netra CT 900 Software Developer’s

Guide

819-1175-xx PDF Online

819-1177-xx PDF Online

819-1178-xx PDF Online

Preface xxxi

Application Title Part Number Format Location

Safety Netra CT 900 Server Safety and

Compliance Guide

Setup Netra CT 900 Server Hardware

Setup Guide

Safety Important Safety Information for

Sun Hardware Systems

Third-Party Web Sites

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

819-1179-xx PDF Online

819-1647-xx PDF Online

816-7190-xx Printed Shipping kit

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. You can submit your comments by going to:

http://www.sun.com/hwdocs/feedback

Please include the title and part number of your document with your feedback:

Sun Netra CP3240 Switch User’s Guide, part number 820-3252-11

xxxii Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Getting Started

This chapter provides information and instructions for configuring the switch. You must connect a serial console to the switch to begin configuration.

This chapter contains the following topics:

■ Section , “Default Settings” on page 1-2

■ Section , “Initial Configuration” on page 1-2

■ Section , “In-band and Out-of-band Connectivity” on page 1-3

■ Section , “Quick Start” on page 1-8

Default Settings

■ The switch is configured with all ports enabled, set to auto-negotiate, mtu of 1518,

and in Layer 2 MAC switching mode

■ All ports are in VLAN 1

■ DHCP client is enabled on the out-of-band management port

■ Telnet acess enabled

■ HTTP access enabled

■ SNMP read-only community “public”

■ SNMP read-write community “private”

Initial Configuration

By default, DHCP on OOB management port is enabled, and it’s possible to directly telnet into the OOB management interface to configure the switch, if DHCP server is running. You can use a DHCP server, switch serial console, or SNMP discovery to determine which IP address it reports, and use that address to telnet.

The initial configuration procedure is based on the following assumptions:

■ The switch was not configured before and is in the same state as when you

received it.

■ The switch booted successfully.

■ The console connection was established, and the console prompt appeared on the

screen of a VT100 terminal or terminal equivalent.

The initial switch configuration is performed through the console port. After the initial configuration, you can manage the switch either from the already-connected console port or remotely through an interface defined during the initial configuration.

Note – The switch is not configured with a default user name and password.

Note – All of the settings that follow are necessary to allow remote management of

the switch through Telnet (Telnet client) or HTTP (Web browser).

2 Sun Netra CP3240 Switch User’s Guide • April 2009

▼ Obtain Configuration Information

● Before setting up the initial configuration of the switch, obtain the following

information from your network administrator:

■ The IP address to be assigned to the management interface through which the

switch is managed.

■ The IP subnet mask for the network.

■ The IP address of the default gateway.

In-band and Out-of-band Connectivity

Ask the system administrator to determine whether you will configure the switch for in-band or out-of-band connectivity.

Initial Access Configuration

Initial configuration of the Netra CP3240 switch must be done either through the serial console port or though the out-of-band Ethernet management port.

MGMT Serial Configuration

You can use a locally or remotely attached terminal to configure in-band and out-ofband management through the MGMT serial port.

1. To use a locally attached terminal, attach one end of a null-modem serial cable to the MGMT serial port of the switch and the other end to the COM port of the terminal or workstation.

2. For remote attachment, attach one end of the serial cable to the MGMT serial port of the switch and the other end to the modem.

Chapter 1 Getting Started 3

3. Set up the terminal for VT100 terminal emulation.

a. Set the terminal ON.

b. Launch the VT100 application.

c. Configure the COM port as follows:

i. Set the data rate to 9600 baud.

ii. Set the data format to 8 data bits, 1 stop bit, and no parity.

iii. Set the flow control to none.

iv. Select the proper mode under Properties.

v. Select Terminal keys.

The Log-in User prompt displays when the terminal interface initializes.

4. Enter an approved user name and password.

The default is admin for the user name and the password is blank.

The switch is installed and loaded with the default configuration.

Configuring for In-band Connectivity

In-band connectivity allows you to access the switch from a remote workstation. To use in-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).

4 Sun Netra CP3240 Switch User’s Guide • April 2009

▼ Using DHCP

1. Enter the following command over the MGMT serial port to enable DHCP client:

network protocol dhcp

You can assign IP information over the network through BootP or DHCP. Check with your system administrator to determine whether BootP or DHCP is enabled.

You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the

show network command. Set up the server with the following values.

Value Description

IP address Unique IP address for the switch. Each IP parameter is made up of four

decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).

Subnet Subnet mask for the LAN

Gateway IP address of the default router, if the switch is a node outside the IP

range of the LAN

MAC address MAC address of the switch

When you connect the switch to the network for the first time after setting up the BootP or DHCP server, it is configured with the information supplied above. The switch is ready for in-band connectivity over the switched network.

If you do not use BootP or DHCP, access the switch through the EIA-232 port, and configure the network information as described below.

Chapter 1 Getting Started 5

▼ Using a Static IP

1. Enter the following command to allow a static IP:

network protocol none

2. Set the IP address, subnet mask, and gateway address by issuing the following command:

network IP <ipaddress> <netmask> [<gateway>]

Value Description

IP address Unique IP address for the switch. Each IP parameter is made up of four

decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).

Subnet Subnet mask for the LAN

Gateway IP address of the default router, if the switch is a node outside the IP

range of the LAN

Configuring for Out-Of-Band Connectivity

Out-of-band connectivity allows you to access the switch from a remote workstation using the Ethernet network over a private network. To use Out-of-band connectivity, you must configure the switch with IP information (IP address, subnet mask, and default gateway).

6 Sun Netra CP3240 Switch User’s Guide • April 2009

▼ Using DHCP

DHCP is enabled by default on the Netra CP3240 switch.

You need to configure the BootP or DHCP server with information about the switch —obtain this information through the serial port connection using the

serviceport

Value Description

IP address Unique IP address for the switch. Each IP parameter is made up of four

Subnet Subnet mask for the LAN

Gateway IP address of the default router, if the switch is a node outside the IP

MAC address MAC address of the switch

command. Set up the server with the following values:

decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).

range of the LAN

show

If you do not use BootP or DHCP, access the switch through the MGMT Serial port, and configure the network information as described below.

▼ Using a Static IP

1. Enter the following command to allow a static IP:

serviceport protocol none

2. Set the IP address, subnet mask, and gateway address by issue the following command:I

serviceport IP <ipaddress> <netmask> [<gateway>]

Chapter 1 Getting Started 7

Value Description

IP address Unique IP address for the switch. Each IP parameter is made up of four

decimal numbers, ranging from 0 to 255. The default for all IP parameters is zeroes (0.0.0.0).

Subnet Subnet mask for the LAN

Gateway IP address of the default router, if the switch is a node outside the IP

range of the LAN

MAC address MAC address of the switch

Saving Settings

1. To enable these changes to be retained during a reset of the switch, type

CTRL+Z to return to the main prompt, type save config at the main menu

prompt, and type

2. To view the changes and verify out-of-band information, issue the command:

show network.

3. The switch is configured for out-of-band connectivity and ready for Web-based and remote console management.

y to confirm the changes.

Quick Start

1. Turn the Power ON.

2. Allow the device to load the software until the login prompt appears. The device initial state is called the default mode.

3. When the prompt asks for operator login, do the following steps:

a. Type

b. The CLI User EXEC prompt is displayed.

8 Sun Netra CP3240 Switch User’s Guide • April 2009

admin at the login prompt.

Because a number of the Quick Setup commands require administrator account rights, log into an administrator account.

Do not enter a password because the default mode does not use a password after typing

i. Type

admin, press Enter two times.

enable to switch to the Privileged EXEC mode from User EXEC.

ii. Type configure to switch to the Global Config mode from Privileged

EXEC.

iii. Type

iv. Enter

exit to return to the previous mode.

? to show a list of commands that are available in the current

mode.

4. If you want to access the switch remotely, configure the switch for In-band or Out-of-Band connectivity.

You must configure the device with IP information (IP address, subnet mask, and default gateway).

System Information and System Setup

This section describes the commands you use to view system information and to setup the network device. The tables below contain the Quick Start commands that allow you to view or configure the following information:

■ Software versions

■ Physical port data

■ User account management

■ IP address configuration

■ Uploading from Networking Device to Out-of-Band PC

■ Downloading from Out-of-Band PC to Networking Device

■ Downloading from TFTP Server

■ Restoring factory defaults

For each of these tasks, a table shows the command syntax, the mode you must be in to execute the command, and the purpose and output of the command. If you configure any network parameters, you should execute the following command:

copy system:running-config nvram:startup-config

This command saves the changes to the configuration file. You must be in the correct mode to execute the command. If you do not save the configuration, all changes are lost when you power down or reset the networking device. In a stacking environment, the running configuration is saved in all units of the stack.

Chapter 1 Getting Started 9

Quick Startup Software Version Information

TABLE 1-1 Quick Startup Software Version Information

Command Details

show hardware

(Privileged EXEC Mode)

Display System Information

System Description

Serial Number

MAC Address

Software Version

Quick Startup Physical Port Data

TABLE 1-2 Quick Startup Physical Port Data

Command Details

show port all

(Privileged EXEC Mode)

Displays the ports

Interface - slot/port, See the FASTPATH 2000 Command Reference for more information about naming conventions.

Type - Indicates if the port is a special type of port.

Admin Mode - Selects the Port Control Administration State.

Physical Mode - Selects the desired port speed and duplex mode.

Physical Status - Indicates the port speed and duplex mode.

Link Status - Indicates whether the link is up or down.

Link Trap - Determines whether or not to send a trap when link status changes.

LACP Mode - Displays whether LACP is enabled or disabled on this port.

10 Sun Netra CP3240 Switch User’s Guide • April 2009

Quick Startup User Account Management

TABLE 1-3 Quick Startup User Account Management

Command Details

show users

(Privileged EXEC Mode)

show loginsession

(User EXEC Mode)

users passwd

(Global Config Mode)

copy system:runningconfig nvram:startupconfig

(Privileged EXEC Mode)

logout

(User EXEC and Privileged EXEC Modes)

Displays all of the users who are allowed to access the networking device

Access Mode - Shows whether the user is able to change parameters on the networking device(Read/Write) or is only able to view them (Read Only).

As a factory default, the admin user has Read/Write access and the guest user has Read Only access. There can only be one Read/Write user and up to five Read Only users.

Displays all of the login session information.

Allows the user to set passwords or change passwords needed to login

A prompt appears after the command is entered requesting the user’s old password. In the absence of an old password, leave the area blank. The user must press command.

The system then prompts the user for a new password; then a prompt to confirm the new password. If the new password and the confirmed password match, a confirmation message is displayed.

A user password should not be more than eight characters in length.

This command saves passwords and all other changes to the device.

If you do not save the configuration by entering this command, all configurations are lost when a power cycle is performed on the networking device or when the networking device is reset.

In a stacking environment, the running configuration is saved in all units of the stack.

Logs the user out of the networking device.

Enter to execute the

Chapter 1 Getting Started 11

Quick Startup IP Address

To view the network parameters the operator can access the device by the following three methods.

■ Simple Network Management Protocol - SNMP

■ Telnet

■ Web Browser

Note – Helpful Hint: The user should do a ‘copy system:running-config

nvram:startup-config’ after configuring the network parameters so that the configurations are not lost.

TABLE 1-4 Quick Startup IP Address

Command Details

show network

(User EXEC Mode)

network parms

<ipaddr> <netmask> [gateway]

(Privileged EXEC Mode)

Displays the Network Configurations

IP Address - IP Address of the interface

Default IP is 0.0.0.0

Subnet Mask - IP Subnet Mask for the interface

Default is 0.0.0.0

Default Gateway - The default Gateway for this interface

Default value is 0.0.0.0

Burned in MAC Address - The Burned in MAC Address used for in-band connectivity

Locally Administered MAC Address - Can be configured to allow a locally administered MAC address

MAC Address Type - Specifies which MAC address should be used for in-band connectivity

Network Configurations Protocol Current - Indicates which network protocol is being used

Default is none

Management VLAN Id - Specifies VLAN id

Web Mode - Indicates whether HTTP/Web is enabled

Java Mode - Indicates whether java mode is enabled.

Sets the IP Address, subnet mask, and gateway of the router. The IP Address and the gateway must be on the same subnet.

IP Address range from 0.0.0.0 to 255.255.255.255

Subnet Mask range from 0.0.0.0 to 255.255.255.255

Gateway Address range from 0.0.0.0 to 255.255.255.255

12 Sun Netra CP3240 Switch User’s Guide • April 2009

Quick Startup Uploading from Networking Device to TFTP Server

TABLE 1-5 Quick Startup Uploading from Networking Device to TFTP Server

Command Details

copy nvram:startup-config

<tftp://<ipaddress>/<filepath>/<f ilename>>

(Privileged EXEC Mode)

copy nvram:errorlog

<tftp://<ipaddress>/<filepath>/<f ilename>>

(Privileged EXEC Mode)

copy nvram:msglog

<tftp://<ipaddress>/<filepath>/<f ilename>>

(Privileged EXEC Mode)

copy nvram:traplog

<tftp://<ipaddress>/<filepath>/<f ilename>>

(Privileged EXEC Mode)

Starts the upload, displays the mode and type of upload, and confirms the upload is progressing.

The types are:

config - configuration file

errorlog - error log

msglog- message log

traplog - trap log

The URL must be specified as:

xmodem:<filepath>/<filename>

For example:

If you are using HyperTerminal, you must specify where the file is to be received by the PC.

Quick Startup Downloading from TFTP Server

Before starting a TFTP server download, the operator must complete the Quick Start up for the IP Address

TABLE 1-6 Quick Startup Downloading from TFTP Server

Command Details

copy

<tftp://<ipaddress>/<filepath>/<filename >> nvram:startup-config

(Privileged EXEC Mode)

copy

<tftp://<ipaddress>/<filepath>/<filename >> system:image

(Privileged EXEC Mode)

Sets the destination (download) datatype to be an image (system:image) or a configuration file (nvram:startup-config).

The URL must be specified as:

tftp://<ipaddress>/<filepath>/< filename>.

The nvram:startup-config option downloads the configuration file using tftp and system:image option downloads the code file.

Chapter 1 Getting Started 13

Quick Startup Factory Defaults

TABLE 1-7 Quick Startup Factory Defaults

Command Details

clear config

(Privileged EXEC Mode)

copy system:running-config nvram:startup-config

reload (or cold boot the

networking device)

(Privileged EXEC Mode)

Enter yes when the prompt pops up to clear all the configurations made to the networking device.

Enter yes when the prompt pops up that asks if you want to save the configurations made to the networking device.

Enter yes when the prompt pops up that asks if you want to reset the system.

You can reset the networking device or cold start the networking device. Both work effectively.

14 Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Using the Command-Line Interface

The command-line interface (CLI) is a text-based way to manage and monitor the switch and system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH.

For detailed information about using the CLI with the switch’s software commands, refer to the Sun Netra CP3240 Switch Software Reference Manual (820-3253).

This chapter describes the CLI syntax, conventions, and modes. It contains the following sections:

■ “Command Syntax” on page 16

■ “Command Conventions” on page 16

■ “Parameter Conventions” on page 17

■ “Parameter Values” on page 18

■ “Slot/Port Naming Convention” on page 19

■ “‘No’ Form of a Command” on page 20

■ “Command Modes” on page 20

■ “Command Completion and Abbreviation” on page 30

■ “CLI Error Messages” on page 31

■ “CLI Line-Editing Conventions” on page 31

■ “Using CLI Help” on page 32

■ “Accessing the CLI” on page 34

Command Syntax

A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values.

Some commands, such as show network or clear vlan, do not require parameters. Other commands, such as network parms, have parameters for which you must supply a value. Parameters are positional—you must type the values in the correct order. Optional parameters will follow required parameters. Following are two examples.

network parms <ipaddr> <netmask> [gateway]

In the preceding example, <ipaddr> and <netmask> are the required values for the command, and [gateway] is the optional value for the command.

snmp-server location <loc>

In the second example, <loc> is the required parameter for the command.

Command Conventions

The following conventions apply to the command name:

■ The command name is displayed in this document in monospace font and must

be typed exactly as shown.

■ Once you have entered enough letters of a command name to uniquely identify

the command, pressing the spacebar or Tab key causes the system to complete the word.

■ Pressing Ctrl-Z returns you to the root-level command prompt.

This reference manual lists each command by the command name and provides a brief description of the command. Each command entry contains the following information:

■ Format shows the command keywords and parameters (required and optional).

■ Mode identifies the command mode you must be in to access the command.

■ Default shows the default value, if any, of a configurable setting on the device.

16 Sun Netra CP3240 Switch User’s Guide • April 2009

The show commands also contain a description of the information that the command shows.

Parameter Conventions

The following conventions apply to parameters:

■ Parameters are order dependent.

■ Variables are displayed in this document in italic font, and must be replaced with

a name or number.

■ To use spaces as part of a name parameter, enclose it in double quotes. For

example, the expression “System Name with Spaces” forces the system to accept the spaces.

■ Empty strings (““) are not valid user-defined strings.

■ Parameters might be mandatory values, optional values, choices, or a

combination. Parameter values might be names (strings) or numbers.

Table 2-1 describes the conventions this document uses to distinguish between value

types.

TABLE 2-1 Parameter Value Types

Symbol Example Description

<> angle brackets

[] square brackets

{} curly braces

| Vertical bars

[{}] Braces within square brackets

<value>

[value]

{choice1 | choice2} Indicates that you must select a parameter

choice1 | choice2 Separates the mutually exclusive choices.

[{choice1 | choice2}]

Indicates that you must enter a value in place of the brackets and text inside them.

Indicates an optional parameter that you can enter in place of the brackets and text inside them.

from the list of choices.

Indicates a choice within an optional element.

Chapter 2 Using the Command-Line Interface 17

Parameter Values

The following conventions apply to the values of the common parameters. Table 2-2 describes common parameter values and formatting.

TABLE 2-2 Common Parameter Values

Parameter Description

ipaddr This parameter is a valid IP address. You can enter the IP address in the

following formats:

• a (32 bits)

• a.b (8.24 bits)

• a.b.c (8.8.16 bits)

• a.b.c.d (8.8.8.8)

In addition to these formats, the CLI accepts decimal, hexidecimal and octal formats through the following input formats (where n is any valid hexidecimal, octal or decimal number):

•0xn (CLI assumes hexidecimal format)

•0n (CLI assumes octal format with leading zeros)

• n (CLI assumes decimal format)

ipv6-address FE80:0000:0000:0000:020F:24FF:FEBF

DBCB,or FE80:0:0:0:20F:24FF:FEBF:DBCB,or FE80::20F24FF:FEBF:DBCB,or FE80:0:0:0:20F:24FF:128:141:49:32

For additional information, refer to RFC 3513.

areaid Enter area IDs in dotted-decimal notation (for example, 0.0.0.1).

• An area ID of 0.0.0.0 is reserved for the backbone.

• Area IDs have the same format as IP addresses but are distinct from IP addresses.

• You can use the IP network number of the sub-netted network for the area ID.

routerid Enter the value of

A router ID of 0.0.0.0 is invalid.

Interface or slot/port

Logical Interface

Character strings

Valid slot and port number separated by forward slashes. For example, 0/1 represents slot number 0 and port number 1.

Represents a Logical slot and port number.. This is applicable in the case of a port-channel (LAG). You can use the logical slot/port to configure the port-channel.

Use double quotation marks to identify character strings, for example, “System Name with Spaces.” An empty string (“”) is not valid.

<routerid> in dotted-decimal notation, such as 0.0.0.1.

18 Sun Netra CP3240 Switch User’s Guide • April 2009

Slot/Port Naming Convention

Sun Netra CP3240 switch software references physical entities such as cards and ports by using a slot/port naming convention. The Sun Netra CP3240 switch software also uses this convention to identify certain logical entities, such as PortChannel interfaces.

The slot number has two uses. In the case of physical ports, it identifies the card containing the ports. In the case of logical and CPU ports, it also identifies the type of interface or port.

TABLE 2-3 Slot Types

Slot Type Description

Physical slot numbers

Logical slot numbers

CPU slot numbers

The port identifies the specific physical port or logical interface being managed on a given slot.

Physical slot numbers begin with zero, and are allocated up to the maximum number of physical slots.

Logical slots immediately follow physical slots and identify portchannel (LAG) or router interfaces.

The CPU slots immediately follow the logical slots.

TABLE 2-4 Port Types

Port Type Description

Physical Ports The physical ports for each slot are numbered sequentially starting

from zero.

Logical Interfaces

CPU ports CPU ports are handled by the driver as one or more physical entities

Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces that are only used for bridging functions.

VLAN routing interfaces are only used for routing functions.

Loopback interfaces are logical interfaces that are always up.

Tunnel interfaces are logical point-to-point links that carry encapsulated packets.

located on physical slots.

Note – In the CLI, loopback and tunnel interfaces do not use the slot/port format.

To specify a loopback interface, you use the loopback ID. To specify a tunnel interface, you use the tunnel ID.

Chapter 2 Using the Command-Line Interface 19

‘No’ Form of a Command

The no keyword is a specific form of an existing command and does not represent a new or distinct command. Almost every configuration command has a no form.

In general, use the no form to reverse the action of a command or reset a value back to the default. For example, the no shutdown configuration command reverses the shutdown of an interface.

Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default.

The behavior of the “?” and the help text are the same for the no keyword:

■ The help message is the same for all forms of the command. The help string might

be augmented with details about the no form behavior.

■ For the (no interface?) and (no inte?) cases, the help options displayed are

identical to the case when the no token is not specified, as in ( (

inte?).

interface?) and

Command Modes

The CLI groups commands into modes according to the command function. Each of the command modes supports specific Sun Netra CP3240 switch software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands. You can execute the User EXEC mode commands in the Privileged EXEC mode.

For detailed information about using the CLI with the switch’s software commands and modes, refer to the Sun Netra CP3240 Switch Software Reference Manual (820-

3253).

The command prompt changes in each command mode to help you identify the current mode.

TABLE 2-5 lists the command modes, the prompts visible in each mode, and the exit

method from that mode.

Topology is described in “Mode-Based Topology” on page 23.

Descriptions and hierarchy of each mode are in “Mode-Based Command Hierarchy”

on page 25.

20 Sun Netra CP3240 Switch User’s Guide • April 2009

TABLE 2-5 CLI Command Modes

Command Mode Access Method Prompt Exit or Access Previous Mode

User Exec This is the first level of access

for performing basic tasks and listing system information.

Privileged Exec From the User Exec mode,

enter the enable command.

Global Config From the Privileged Exec

mode, enter the configure command.

VLAN Config From the Privileged Exec

mode, enter the vlan database command.

Interface Config From the Global Config mode,

enter the interface <slot/port> command.

Switch> Enter logout command

Switch# Type exit or press Ctrl-Z to

exit to the User Exec mode.

Switch(Config)# Type exit to exit to the

Privileged Exec mode, or press Ctrl-Z to switch to the User Exec mode.

Switch(Vlan)# Type exit to exit to the

Privileged Exec mode, or press Ctrl-Z to switch to the User Exec mode.

Switch (Interface <slot/port>)#

Type exit to exit to the Global Config mode, or press Ctrl-Z to switch to the User Exec

Switch (Inter-

mode.

face Loopback <id>)#

Switch (Interface Tunnel <id>)#

Line Config From the Global Config mode,

enter the lineconfig command.

Policy Map Config

From the Global Config mode, enter the policy-map <policy-name> command.

Policy Class Config

From the Policy Map mode, enter the class command.

Class Map Config From the Global Config mode,

enter the class-map

<class-map-name>

command.

Switch (line)# Type exit to exit to the Global

Config mode, or press Ctrl-Z to switch to the User Exec mode.

Switch (Configpolicy-map)#

Type exit to exit to the Global Config mode, or press Ctrl-Z to switch to the User Exec mode.

Switch (Configpolicy-class-map)#

Type exit to exit to the Policy Map mode, or press Ctrl-Z to switch to the User Exec mode.

Switch (Configclass-map)#

Type exit to exit to the Global Config mode, or press Ctrl-Z to switch to the User Exec mode.

Chapter 2 Using the Command-Line Interface 21

TABLE 2-5 CLI Command Modes (Continued)

Command Mode Access Method Prompt Exit or Access Previous Mode

Router OSPF Config

From the Global Config mode, enter the router ospf command.

Router OSPFv3 Config

From the Global Config mode, enter the

ipv6 router ospf

command.

Router RIP Config

From the Global Config mode, enter the router rip command.

Router BGP Config

From the Global Config mode, enter the router bgp <asnumber> command.

MAC Access-list Config

From the Global Config mode, enter mac access-list

extended

<name>.

TACACS Config From the Global Config mode,

tacacs-server host

enter

<ip-addr> addr>

, where <ip-

is the IP address of the TACACS server on your network.

Switch (Configrouter)#

Switch (Configrtr)#

Switch (Configrouter)#

Switch (Configmac-access-list)#

Switch (Tacacs)#

Type exit to exit to the Global Config mode, or press Ctrl-Z to switch to the User Exec mode.

Type exit to exit to the Global Config mode, or press Ctrl-Z to switch to the Privileged EXEC mode.

DHCP Pool Config

From the Global Config mode, enter the ip dhcp pool

Switch (Configdhcp-pool)#

<pool-name> command.

DHCPv6 Pool Config

From the Global Config mode, enter the ip dhcp pool

Switch (Configdhcp6-pool)#

<pool-name> command.

22 Sun Netra CP3240 Switch User’s Guide • April 2009

Type exit to exit to the Global Config mode, or press Ctrl-Z to switch to the Privileged EXEC mode.

Mode-Based Topology

The CLI tree is built on a mode concept in which the commands are available according to the interface. Some of the modes in the mode-based CLI are depicted in

FIGURE 2-1.

Note – The User Exec commands are also accessible in the Privileged Exec Mode.

Note – Access to all commands in the Privileged Exec mode and below is restricted

through a password.

Chapter 2 Using the Command-Line Interface 23

FIGURE 2-1 Mode-based CLI

Root

User Exec

Enable

Passwd

Correct

Yes

Privileged

Exec

Return to the

User prompt

Exec prompt

Bwp

bwallocation

VLAN

Policy MapBwprovisioning

Class Map Line Config

Policy Class

Bwp

traffic class

Global Config

Interface

Config

Router BGP

Config

DHCP Pool

Config

Router OSPF

Config

Router RIP

Config

Stacking

Config

24 Sun Netra CP3240 Switch User’s Guide • April 2009

Mode-Based Command Hierarchy

The commands in one mode are not available until the operator switches to that particular mode, with the exception of the User Exec mode commands. The User Exec mode commands can also be executed in the Privileged Exec mode.

The commands available to the operator at any time depend upon the mode. Entering a question mark (?) at the CLI prompt displays a list of the currently available commands and descriptions of the commands.

User Exec Mode

When the operator logs in to the CLI, the User Exec mode is the initial mode. The User Exec mode contains a limited set of commands. The command prompt shown at this level is $ Switch>

Privileged Exec Mode

To have access to the full suite of commands, the operator must enter the Privileged Exec mode. The Privileged Exec mode requires password authentication. From Privileged Exec mode, the operator can issue any Exec command, enter the VLAN mode or enter the Global Config mode. The command prompt shown at this level is

$ Switch#

Global Config Mode

This mode permits the operator to make modifications to the running configuration. General setup commands are grouped in this mode. From the Global Config mode, the operator can enter the System Config mode, the Physical Port Config mode, the Interface Config mode, or the protocol-specific modes. The command prompt at this level is $ Switch (Config)#

From the Global Config mode, the operator can enter the following protocol-specific modes configuration modes.

Chapter 2 Using the Command-Line Interface 25

Interface Config

Many features are enabled for a particular interface. The Interface commands enable or modify the operation of an interface.

This mode allows you to enable or modify the operation of an interface and provides access to the router interface configuration commands.

Use this mode to set up a physical port for a specific logical connection operation.

In this mode, a physical port is set up for a specific logical connection operation. The Interface Config mode provides access to the router interface configuration commands. The command prompt at this level is $ Switch (Interface

<slot/port>)#

The resulting prompt for the interface configuration command entered in the Global Configuration mode is $ Switch (Interface Loopback <id> and $ Switch (Interface Tunnel <id>.

Line Config

This mode allows the operator to configure the console interface. The operator can configure the interface from the directly connected console or the virtual terminal used with Telnet. The command prompt at this level is $ Switch(line)#

Policy Map Config

Use the policy-map <policy-name> command to access the QoS policy map configuration mode to configure the QoS policy map.

$ Switch (Config)# policy map <policy-name>

$ Switch (Config-policy-map)#

Policy Class Config

Use the class <class-name> command to access the QoS policy-classmap mode to attach or remove a diffserv class to a policy and to configure the QoS policy class.

$ Switch (Config policy-map)# class <class-name>

$ Switch (Config-policy-classmap)#

26 Sun Netra CP3240 Switch User’s Guide • April 2009

Class Map Config

This mode consists of class creation, deletion, and matching commands. The class match commands specify layer 2, layer 3, and general match criteria. Use the class-map <class-map-name> commands to access the QoS class map configuration mode to configure QoS class maps.

$ Switch (Config)# class-map <class-map-name>

$ Switch (Config class-map)#

Router OSPF Config

In this mode, the operator is allowed to access the router OSPF configuration commands. The command prompt at this level is:

$ Switch (Config)# router ospf

$ Switch (Config-router) #

Router OSPFv3 Config

In this mode, the operator is allowed to access the router OSPFv3 configuration commands. The command prompt at this level is:

$ Switch (Config)# rtr ospf

$ Switch (Config-rtr) #

Router RIP Config

In this mode, the operator is allowed to access the router RIP configuration commands. The command prompt at this level is:

$ Switch (Config)# router rip

$ Switch (Config router)#

Chapter 2 Using the Command-Line Interface 27

Router BGP Config

In this mode, the operator is allowed to access the router BGP-4 configuration commands. The command prompt at this level is:

$ Switch (Config)# router bgp <1-65535>

$ Switch (Config-routerbgp)#

MAC Access-list Config

In this mode, the operator is allowed to create a MAC Access-list and to enter the mode containing Mac Access-list configuration commands. The command prompt at this level is:

$ Switch (Config)#

$ Switch (Config-mac-access-list) #

mac access-list extended <name>

TACACS Config

In this mode, the operator is allowed to configure properties for the TACACS servers. The command prompt at this level is:

$ Switch (Config)# tacacs-server host

$ Switch (Tacacs) #

<ip-addr>

DHCP Pool Config

Use the ip dhcp pool <pool-name> command to access the DHCP Pool Config mode.

$ Switch (Config)# ip dhcp pool <pool-name>

$ Switch (Config-dhcp-pool)#

28 Sun Netra CP3240 Switch User’s Guide • April 2009

DHCPv6 Pool Config

Use the ip dhcp pool <pool-name> command to access the DHCP Pool Config mode.

$ Switch (Config)# ip dhcpv6 pool <pool-name>

$ Switch (Config-dhcp6-pool)#

VLAN Mode

This mode groups all the commands pertaining to VLANs. The command prompt shown at this level is $ Switch (Vlan)#

Operation Flow

This section captures the flow of operation for the CLI.

1. The operator logs in to the CLI session and enters the User Exec mode. In the

User Exec mode, the $(exec)> prompt is displayed on the screen.

The parsing process is initiated whenever the operator types a command and presses Enter. The command tree is searched for the command of interest. If the command is not found, the output message indicates where the offending entry begins. For instance, if command node A has the command but the operator attempts to execute the command show arpp brief, the output message is $(exec)> show arpp brief^. $%Invalid input detected

at '^' marker.

If the operator has given an invalid input parameter in the command, the message conveys to the operator that an invalid input was detected. The layout of the output is:

(exec) #show arpp brief

%Invalid input detected at ‘^’ marker.

After all the mandatory parameters are entered, any additional parameters entered are treated as optional parameters. If any of the parameters are not recognized, a syntax error message is displayed.

2. After the command is successfully parsed and validated, the control of execution goes to the corresponding CLI callback function.

show arp brief

Chapter 2 Using the Command-Line Interface 29

3. For mandatory parameters, the command tree extends until the mandatory parameters make the leaf of the branch. The callback function is invoked only when all the mandatory parameters are provided. For optional parameters, the command tree extends until the mandatory parameters and the optional parameters make the leaf of the branch. However, the callback function is associated with the node where the mandatory parameters are fetched. The callback function then takes care of the optional parameters.

4. Once the control has reached the callback function, the callback function has complete information about the parameters entered by the operator.

Command Completion and Abbreviation

Command completion finishes spelling the command when you have typed enough letters of a command to uniquely identify the command word. You can execute the command by pressing the Enter key (command abbreviation) or you can complete the command word by pressing the Tab or spacebar keys (command completion).

The value “Er” designates that the requested value was not internally accessible. This should not happen and indicates that the software is not handling this instance correctly.

The value of “-----” designates that the value is unknown

30 Sun Netra CP3240 Switch User’s Guide • April 2009

CLI Error Messages

If you enter a command and the system is unable to execute it, an error message appears. Table 2-6 describes the most common CLI error messages.

TABLE 2-6 CLI Error Messages

Message Text Description

% Invalid input detected at '^' marker.

Command not found / Incomplete command. Use ? to list commands.

Ambiguous command

Indicates that you entered an incorrect or unavailable command. The carat (^) shows where the invalid text is detected. This message also appears if any of the parameters or values are not recognized.

Indicates that you did not enter the required keywords or values.

Indicates that you did not enter enough letters to uniquely identify the command.

CLI Line-Editing Conventions

Table 2-7 describes the key combinations you can use to edit commands or increase

the speed of command entry. You can access this list from the CLI by entering

help

from the User or Privileged EXEC modes.

TABLE 2-7 CLI Editing Conventions

Key Sequence Description

DEL or Backspace Delete previous character

Ctrl-A Go to beginning of line

Ctrl-E Go to end of line

Ctrl-F Go forward one character

Ctrl-B Go backward one character

Ctrl-D Delete current character

Ctrl-U, X Delete to beginning of line

Ctrl-K Delete to end of line

Ctrl-W Delete previous word

Ctrl-T Transpose previous character

Chapter 2 Using the Command-Line Interface 31

TABLE 2-7 CLI Editing Conventions (Continued)

Key Sequence Description

Ctrl-P Go to previous line in history buffer

Ctrl-R Rewrites or pastes the line

Ctrl-N Go to next line in history buffer

Ctrl-Y Prints last deleted character

Ctrl-Q Enables serial flow

Ctrl-S Disables serial flow

Ctrl-Z Return to root command prompt

Tab, <SPACE> Command-line completion

Exit Go to next lower command prompt

? List available commands, keywords, or parameters

Using CLI Help

Enter a question mark (?) at the command prompt to display the commands available in the current mode.

(switch) >?

enable Enter into user privilege mode. help Display help for various special keys. logout Exit this session. Any unsaved changes are lost. ping Send ICMP echo packets to a specified IP address. quit Exit this session. Any unsaved changes are lost. show Display Switch Options and Settings. telnet Telnet to a remote host.

32 Sun Netra CP3240 Switch User’s Guide • April 2009

Enter a question mark (?) after each word you enter to display available command keywords or parameters.

(switch) #network ?

javamode Enable/Disable. mgmt_vlan Configure the Management VLAN ID of the switch. parms Configure Network Parameters of the router. protocol Select DHCP, BootP, or None as the network config protocol.

If the help output shows a parameter in angle brackets, you must replace the parameter with a value.

(switch) #network parms ?

<ipaddr> Enter the IP Address.

If there are no additional command keywords or parameters, or if additional parameters are optional, the following message appears in the output:

<cr> Press Enter to execute the command

You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example:

(switch) #show m?

mac-addr-table mac-address-table monitor

Chapter 2 Using the Command-Line Interface 33

Accessing the CLI

You can access the CLI by using a direct-console connection or by using a telnet or SSH connection from a remote management host.

For the initial connection, you must use a direct connection to the console port. You cannot access the system remotely until the system has an IP address, subnet mask, and default gateway. You can set the network configuration information manually, or you can configure the system to accept these settings from a BOOTP or DHCP server on your network. For more information, see “Network Interface Commands”

on page 472.

Comments

The CLI enables the user to type single-line annotations at the command prompt for use when writing test or configuration scripts and for better readability. The exclamation point (!) character flags the beginning of a comment. The comment flag character can begin a word anywhere on the command line and all input following this character is ignored. Any command line that begins with the character ! is recognized as a comment line and ignored by the parser.

Some examples of comments are provided in the following code.

! Script file for displaying the ip interface ! Display information about interfaces show ip interface 0/1 !Displays the information about the first interface ! Display information about the next interface show ip interface 0/2 ! End of the script file

34 Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Using the Web Interface

This chapter is a brief introduction to the Web interface. This chapter explains how to access the Web-based management panels to configure and manage the system.

This chapter contains the following topics:

■ Section , “Configuring for Web Access” on page 3-36

■ Section , “Starting the Web Interface” on page 3-37

Configuring for Web Access

You can manage your switch through a Web browser and Internet connection. This is referred to as Web-based management. To use Web-based management, the system must be set up for network connectivity.

To access the switch, the Web browser must support:

■ HTML version 4.0, or later

■ HTTP version 1.1, or later

■ JavaScript

■ Java

There are equivalent functions in the Web interface and the terminal interface—both applications usually employ the same menus to accomplish a task. For example, when you log in, there is a Main Menu with the same functions available, etc.

There are several differences between the Web and terminal interfaces. For example, on the Web interface the entire forwarding database can be displayed, while the terminal interface only displays 10 entries starting at specified addresses.

To terminate the Web interface session, close the web browser.

version 1.2, or later

Runtime Plug-in 1.50-06 or later

▼ To Configure for Web Access

1. Configure the switch for network connectivity. (See Chapter 1 for instructions.)

2. Connect the switch to the network.

3. Use the

By default, the web server is enabled.

36 Sun Netra CP3240 Switch User’s Guide • April 2009

ip http server command to verify the web server is enabled.

Starting the Web Interface

1. Enter the IP address of the switch in the Web browser address field.

2. Click Login when the Login panel (Figure ) displays.

FIGURE 3-1 Web Interface Panel-Example

3. Enter the appropriate User Name and Password.

The User Name and associated Password are the same as those used for the terminal interface.

4. Click on the Login button.

The System Description Menu displays as shown in Figure 3-2, with the navigation tree appearing to the left of the screen.

5. Make a selection by clicking on the appropriate item in the navigation tree.

Web Page Layout

A Web interface panel for the switch Web page consists of three areas (Figure 3-2).

■ A banner graphic of the switch appears across the top of the panel.

■ A hierarchical-tree view appears to the left of the panel. The tree consists of a

combination of folders, subfolders, and configuration and status HTML pages. You can think of the folders and subfolders as branches and the configuration and status HTML pages as leaves. Only the selection of a leaf (not a folder or subfolder) will cause the display of a new HTML page. A folder or subfolder has no corresponding HTML page.

Chapter 3 Using the Web Interface 37

■ At the bottom-right of the panel display, the currently selected device

configuration status and/or the user configurable information that you have selected from the tree view.

FIGURE 3-2 Web Interface Panel-Example

FIGURE 3-3 Configuring an SNMP V3 User Profile

38 Sun Netra CP3240 Switch User’s Guide • April 2009

Chapter 3 Using the Web Interface 39

Configuring an SNMP V3 User Profile

Configuring an SNMP V3 user profile is a part of user configuration. Any user can connect to the switch using the SNMPv3 protocol, but for authentication and encryption, additional steps are needed. Use the following steps to configure an SNMP V3 new user profile.

1. Select System-->Configuration-->User Accounts from the hierarchical tree on

the left side of the web interface (see Figure 3-3).

2. Using the User pull-down menu, select Create to create a new user.

3. Enter a new user name in the User Name field.

4. Enter a new user password in the Password field and then retype it in the

Confirm Password field.

Note – If SNMPv3 Authentication is to be implemented for this user, set a password

of eight or more alphanumeric characters.

5. If you do not need authentication, go to Step 9.

6. To enable authentication, use the Authentication Protocol pull-down menu to

select either MD5 or SHA for the authentication protocol.

7. If you do not need encryption, go to Step 9.

8. To enable encryption, use the Encryption Protocol pull-down menu to select

DES for the encryption scheme. Then, enter an encryption code of eight or more alphanumeric characters in the Encryption Key field.

9. Click Submit.

40 Sun Netra CP3240 Switch User’s Guide • April 2009

Command Buttons

The following command buttons are used throughout the Web interface panels for the switch:

Command Button Description

Save Pressing the Save button implements and saves the changes you just

made. Some settings may require you to reset the system in order for them to take effect.

Refresh Pressing the Refresh button that appears next to the Apply button in Web

interface panels refreshes the data on the panel.

Submit Pressing the Submit button sends the updated configuration to the

switch. Configuration changes take effect immediately, but these changes are not retained across a power cycle unless a save is performed.

Chapter 3 Using the Web Interface 41

42 Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Establishing Management Security

This chapter describes how to enable management security. Enabling management security is a two-step process. The first step involves generating and loading appropriate authentication keys (SSH) and security certificates (SSL). Optionally a reputable third party such as RSA Security, Inc. or Entrust, Inc. can validate these certificates and keys but for evaluation purposes validation is unnecessary. The second step involves enabling either SSL or SSH and optionally disabling the insecure versions of telnet and web management. Once enabled, subsequent management connections may be made in a secure manner.

This chapter contains the following topics:

■ Section , “Certificate Generation” on page 4-44

■ Section , “Configuring Secure Shell” on page 4-45

■ Section , “Configuring Secure Socket Layer” on page 4-46

■ Section , “Using Certificate Generation Scripts” on page 4-47

Certificate Generation

To generate self-signed credentials, the open source applications ssh-keygen and openssl can be used to create the seven files used to form the security certificates and authentication keys. Both of these applications are well documented by the open source community. Detailed descriptions will not be repeated here as the user can check the man pages for detailed help. Two scripts are included at the end of thischapter along with some helper files. This set of files can be freely modified and used to generate the appropriate self-signed credentials. Generation of these credentials has been verified using both cygwin and Linux.

Once the component files are created, the credentials must be loaded onto the Sun Netra CP3240 switch. This is accomplished using the "copy" command from a tftp server. From privileged EXEC mode, issue the following command:

copy tftp://192.168.77.122/rsa1.key nvram:sshkey-rsa1

where the IP address of the tftp server should be substituted as appropriate. This copy command is repeated for all the authentication components:

■ rsa1.key nvram:sshkey-rsa1

■ rsa2.key nvram:sshkey-rsa2

■ dsa.key nvram:sshkey-dsa

■ dh512.pem nvram:sslpem-dhweak

■ dh1024.pem nvram:sslpem-dhstrong

■ server.pem nvram:sslpem-server

■ rootcert.pem nvram:sslpem-root

The SSL and SSH credentials may be uploaded separately as needed but as it is likely that if security is required for one access method it would be required for all access methods, it is recommended that the certificates and authentication key be created simultaneously.

44 Sun Netra CP3240 Switch User’s Guide • April 2009

Configuring Secure Shell

Once the authentication credentials are loaded and the certificates and authentication keys are formed, management security may be configured on the FASTPATH device. From privileged EXEC mode, issue the command:

ip ssh

This will allow secure shell sessions to be instantiated on the Sun Netra CP3240 switch. The message log should be checked for errors if a secure connection cannot be established. Entries such as the following indicate the nature of the problem.

0 days 02:30:30 File: ssh_sys_fastpath.c : Line: 584 : tid 40052584, context 0x0x157dba0, deleting 40052584, retval = 1

0 days 02:30:30 File: ssh_sys_fastpath.c : Line: 401 : SSHD: exiting global context 0x0x157dba0

0 days 02:30:30 File: sshd_main.c : Line: 550 : SSHD: host key is corrupt (did not decode).

In this case, the authentication credentials were invalid and should be regenerated. Messages indicating successful start of the ssh service look like the following example.

0 days 00:17:07 Unit: 1 : File: sshd_main.c : Line: 349 : SSHD: Done generating server key 0 days 00:17:06 Unit: 1 : File: sshd_main.c : Line: 639 : SSHD: successfully loaded RSA2 key 0 days 00:17:06 Unit: 1 : File: sshd_main.c : Line: 627 : SSHD: successfully opened file ssh_host_rsa_key 0 days 00:17:06 Unit: 1 : File: sshd_main.c : Line: 605 : SSHD: successfully loaded DSA key 0 days 00:17:06 Unit: 1 : File: sshd_main.c : Line: 592 : SSHD: successfully opened file ssh_host_dsa_key 0 days 00:17:06 Unit: 1 : File: sshd_control.c : Line: 400 : SSHD: sshdListenTask started

To disable insecure access, issue the commands:

lineconfig no transport input telnet

Chapter 4 Establishing Management Security 45

Note – Issuing this command terminates all active telnet sessions, and no new telnet

sessions will be allowed. Refer to the (820-3253) for more information on configuring remote sessions.

Sun Netra CP3240 Switch Command Reference Manual

Configuring Secure Socket Layer

Optionally or in concert with SSH, SSL may be enabled. Once again the message log is the best source of feedback for problem determination. To enable SSL, issue the privileged EXEC mode command:

ip http secure-server

Success may be determined by attempting secure web access using https. Once again, consult the message log for failure information. Valid certificates are indicated by a message log entry that looks like the following:

0 days 01:25:29 Unit: 1 : File: sslt_util.c : Line: 303 : SSLT: Successfully loaded all required SSL PEM files

Certificate information may be accessed using browser-specific methods. With Internet Explorer, the lock icon along the bottom message line can be checked for certificate details. Additionally, when connecting to a Sun Netra CP3240 switch that uses self-generated credentials, Explorer will warn the user about the authenticity of the certificate. When secure certificates are acquired from a third party this warning will no longer occur. Insecure web sessions may be prevented by disabling the http server using the privileged EXEC mode command:

no ip http server

As with secure shell, the best guide for information on FASTPATH commands controlling http and https access is the Sun Netra CP3240 Switch Software Reference

Manual (

820-3253).

46 Sun Netra CP3240 Switch User’s Guide • April 2009

Using Certificate Generation Scripts

The following four scripts and helper files can be used to generate self-signed certificates and authentication keys.

SSH sshKeygen.sh

CODE EXAMPLE 4-1 SSH sshKeygen.sh Example

#!/bin/sh ################################################################# #### # # Generate key files for rsa and dsa # ################################################################# #### # RSA V1 /usr/bin/ssh-keygen -q -t rsa1 -f rsa1.key -C '' -N '' # RSA V2 /usr/bin/ssh-keygen -q -t rsa -f rsa2.key -C '' -N '' # DSA for V2 /usr/bin/ssh-keygen -q -t dsa -f dsa.key -C '' -N ''

SSL pemCreate.sh

CODE EXAMPLE 4-2 SSL pemCreate.sh Example

#!/bin/sh # Ensure that OpenSSL is installed and set the location correctly OPENSSL=/usr/bin/openssl # Set the password to something unique PASSWORD=FASTPATH # Set the number of days the certs will be valid for VALID_NUM_DAYS=3650 ################################################################# #### # # Generate the Self Signed Trusted Root Certification Authority (CA) and

Chapter 4 Establishing Management Security 47

CODE EXAMPLE 4-2 SSL pemCreate.sh Example (Continued)

# Private Key # ################################################################# ####

${OPENSSL} req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem -config root.cnf -passout pass:${PASSWORD} ${OPENSSL} x509 -req -days ${VALID_NUM_DAYS} -in rootreq.pem -sha1

-extfile root.cnf -extensions certificate_extensions -signkey rootkey.pem -out rootcert.pem -passin pass:${PASSWORD} cat rootcert.pem rootkey.pem > root.pem rm rootkey.pem rootreq.pem

################################################################# #### # # Generate the Trusted Server Certificate signed by the Root CA # ################################################################# #### ${OPENSSL} req -newkey rsa:1024 -sha1 -keyout serverkey.pem -nodes

-out serverreq.pem -config server.cnf -reqexts req_extensions passout pass:${PASSWORD} ${OPENSSL} x509 -req -days ${VALID_NUM_DAYS} -in serverreq.pem sha1 -extfile server.cnf -extensions certificate_extensions -CA root.pem -CAkey root.pem -CAcreateserial -out servercert.pem passin pass:${PASSWORD} cat servercert.pem serverkey.pem rootcert.pem > server.pem rm root.pem root.srl serverkey.pem servercert.pem serverreq.pem

################################################################# #### # # Generate the Diffie-Hellman weak and strong parameters # ################################################################# #### ${OPENSSL} dhparam -check -text -5 512 -out dh512.pem ${OPENSSL} dhparam -check -text -5 1024 -out dh1024.pem

48 Sun Netra CP3240 Switch User’s Guide • April 2009

SSL root.cnf

CODE EXAMPLE 4-3 SSL root.cnf Example

# default settings for example. [ ca ] default_ca = ca [ ca ] dir = /opt/ca certificate = $dir/cacert.pem database = $dir/index.txt new_certs_dir = $dir/certs private_key = $dir/private/cakey.pem serial = $dir/serial default_crl_days = 7 default_days = 365 default_md = sha1 policy = ca_policy x509_extensions = certificate_extensions [ ca_policy ] commonName = supplied stateOrProvinceName = supplied countryName = supplied emailAddress = supplied organizationName = supplied organizationalUnitName = supplied [ req ] default_bits = 2048 default_keyfile = privkey.pem default_md = sha1 prompt = no distinguished_name = req_distinguished_name x509_extensions = req_extensions # the following sections are specific to the request being built [ certificate_extensions ] basicConstraints = CA:true subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always [ req_distinguished_name ] countryName = US stateOrProvinceName = Mississippi localityName = Ridgeland organizationName = Diversified Technology, Inc. organizationalUnitName = Support commonName = Root CA emailAddress = tech@ms.com

Chapter 4 Establishing Management Security 49

CODE EXAMPLE 4-3 SSL root.cnf Example (Continued)

[ req_extensions ] basicConstraints = CA:true

50 Sun Netra CP3240 Switch User’s Guide • April 2009

SSH server.cnf

CODE EXAMPLE 4-4 SSH server.cnf Example

# default settings for example. [ ca ] default_ca = ca [ ca ] dir = /opt/eca certificate = $dir/cacert.pem database = $dir/index.txt new_certs_dir = $dir/certs private_key = $dir/private/cakey.pem serial = $dir/serial default_crl_days = 7 default_days = 365 default_md = sha1 policy = ca_policy x509_extensions = certificate_extensions [ ca_policy ] countryName = supplied stateOrProvinceName = supplied localityName = supplied organizationName = supplied organizationalUnitName = supplied commonName = supplied emailAddress = supplied [ req ] default_bits = 2048 default_keyfile = privkey.pem default_md = sha1 prompt = no distinguished_name = req_distinguished_name x509_extensions = req_extensions # the following sections are specific to the request being built [ certificate_extensions ] basicConstraints = CA:false subjectAltName = DNS:localhost [ req_distinguished_name ] countryName = US stateOrProvinceName = Mississippi localityName = ridgeland organizationName = Diversified Technology, Inc. organizationalUnitName = Support commonName = localhost emailAddress = tech@ms.com

Chapter 4 Establishing Management Security 51

CODE EXAMPLE 4-4 SSH server.cnf Example (Continued)

[ req_extensions ] basicConstraints = CA:true subjectAltName = DNS:localhost

52 Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Configuring Virtual LANs

This chapter provides examples for configuring LANS.

This chapter contains the following topics:

■ Section , “VLAN Configuration Example” on page 5-54

■ Section , “CLI Examples” on page 5-56

■ Section , “Web Interface” on page 5-58

■ Section , “Private Edge VLANs” on page 5-59

VLAN Configuration Example

Each VLAN in a network has an associated VLAN ID, which appears in the IEEE

802.1Q tag in the Layer 2 header of packets transmitted on a VLAN. An end station

may omit the tag, or the VLAN portion of the tag, in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID. A given port may handle traffic for more than one VLAN, but it can only support one default VLAN ID.

Two features let you define packet filters that the switch uses as the matching criteria to determine if a particular packet belongs to a particular VLAN.

■ The IP-subnet Based VLAN feature lets you map IP addresses to VLANs by

specifying a source IP address, network mask, and the desired VLAN ID.

■ The MAC-based VLAN feature let packets originating from end stations become

part of a VLAN according to source MAC address. To configure the feature, you specify a source MAC address and a VLAN ID.

The Private Edge VLAN feature lets you set protection between ports located on the switch. This means that a protected port cannot forward traffic to another protected port on the same switch.

The feature does not provide protection between ports located on different switches.

The diagram in this section shows a switch with four ports configured to handle the traffic for two VLANs. Port 0/2 handles traffic for both VLANs, while port 0/1 is a member of VLAN 2 only, and ports 0/3 and 0/4 are members of VLAN 3 only. The script following the diagram shows the commands you would use to configure the switch as shown in the diagram.

54 Sun Netra CP3240 Switch User’s Guide • April 2009

FIGURE 5-1 VLAN Example Network Diagram

Layer 3 Switch

VLAN 2

Port 1/0/1

VLAN 2

Port 1/0/2

VLANs 2 & 3

Port 1/0/4

VLAN 3

Port 1/0/3

VLAN 3

Chapter 5 Configuring Virtual LANs 55

CLI Examples

The following examples show how to create VLANs, assign ports to the VLANs, and assign a VLAN as the default VLAN to a port.

Example 1: Create Two VLANs

Use the following commands to create two VLANs and to assign the VLAN IDs while leaving the names blank.

CODE EXAMPLE 5-1 Creating Two VLANs

(DTI SWITCH) #vlan database (DTI SWITCH) (Vlan)#vlan 2 (DTI SWITCH) (Vlan)#vlan 3 (DTI SWITCH) (Vlan)#exit

Example 2: Assign Ports to VLAN2

This sequence shows how to assign ports to VLAN2, specify that frames will always be transmitted tagged from all member ports, and that untagged frames will be rejected on receipt.

CODE EXAMPLE 5-2 Assigning Ports to VLAN2

(DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/1 (DTI SWITCH) (Interface 0/1)#vlan participation include 2 (DTI SWITCH) (Interface 0/1)#vlan acceptframe vlanonly (DTI SWITCH) (Interface 0/1)#exit (DTI SWITCH) (Config)#interface 0/2 (DTI SWITCH) (Interface 0/2)#vlan participation include 2 (DTI SWITCH) (Interface 0/2)#vlan acceptframe vlanonly (DTI SWITCH) (Interface 0/2)#exit (DTI SWITCH) (Config)#exit

(DTI SWITCH) #config (DTI SWITCH) (Config)#vlan port tagging all 2 (DTI SWITCH) (Config)#exit

56 Sun Netra CP3240 Switch User’s Guide • April 2009

Example 3: Assign Ports to VLAN3

This example shows how to assign the ports that will belong to VLAN 3, and to specify that untagged frames will be accepted on port 0/4.

Note that port 0/2 belongs to both VLANs and that port 0/1 can never belong to VLAN 3.

CODE EXAMPLE 5-3 Assigning Ports to VLAN3

(DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/2 (DTI SWITCH) (Interface 0/2)#vlan participation include 3 (DTI SWITCH) (Interface 0/2)#exit (DTI SWITCH) (Config)#interface 0/3 (DTI SWITCH) (Interface 0/3)#vlan participation include 3 (DTI SWITCH) (Interface 0/3)#exit (DTI SWITCH) (Config)#interface 0/4 (DTI SWITCH) (Interface 0/4)#vlan participation include 3 (DTI SWITCH) (Interface 0/4)#exit (DTI SWITCH) (Config)# (DTI SWITCH) (Config)#exit (DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/4 (DTI SWITCH) (Interface 0/4)#vlan acceptframe all (DTI SWITCH) (Interface 0/4)#exit (DTI SWITCH) (Config)#exit

Example 4: Assign VLAN3 as the Default VLAN

This example shows how to assign VLAN 3 as the default VLAN for port 0/2.

CODE EXAMPLE 5-4 Assigning VLAN3 as Default

(DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/2 (DTI SWITCH) (Interface 0/2)#vlan pvid 3 (DTI SWITCH) (Interface 0/2)#exit (DTI SWITCH) (Config)#exit

Chapter 5 Configuring Virtual LANs 57

Example 5: Assign IP Addresses to VLAN 2

CODE EXAMPLE 5-5 Assigning IP Addresses to VLAN2

(DTI SWITCH) #vlan database

(DTI SWITCH) (Vlan)#vlan association subnet 192.168.10.10

255.255.255.0 2 (DTI SWITCH) (Vlan)#exit (DTI SWITCH) #show vlan association subnet

IP Address IP Mask VLAN ID

---------------- ---------------- -------

192.168.10.10 255.255.255.0 2

(DTI SWITCH) #

Web Interface

Use the following screens to perform the same configurations described in the previous sections, but using the Web interface instead of the CLI:

■ Switching --> VLAN--> Configuration. To create VLANs and specify port

participation.

■ Switching --> VLAN --> Port Configuration. To specify the handling of untagged

frames on receipt, and whether frames will be transmitted tagged or untagged.

58 Sun Netra CP3240 Switch User’s Guide • April 2009

Private Edge VLANs

Use the Private Edge VLAN feature to prevent ports on the switch from forwarding traffic to each other even if they are on the same VLAN.

■ Protected ports cannot forward traffic to other protected ports in the same group,

even if they have the same VLAN membership. Protected ports can forward traffic to unprotected ports.

■ Unprotected ports can forward traffic to both protected and unprotected ports.

You can also configure groups of protected ports, but unprotected ports are independent and cannot be added to a group. Each group’s configuration consists of a name and a mask of ports. A port can belong to only one set of protected ports, but an unprotected port can be added to a group as a protected port.

The group name is configurable by the network administrator.

Use the switchport protected command to designate a port as protected. Use the show switchport protected command to display a listing of the protected ports.

CLI Example

Example 1: Switchport Protected

CODE EXAMPLE 5-6 Protecting the Switchport

(DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/1 (DTI SWITCH) (Interface 0/1)#switchport protected ? <cr> Press Enter to execute the command. (DTI SWITCH) (Interface 0/1)#switchport protected

Example 2: Show Switchport Protected

(DTI SWITCH) #show switchport protected 0/1

Chapter 5 Configuring Virtual LANs 59

60 Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Configuring Port Channels by Link Aggregation

This chapter describes how to use the Link Aggregation feature to configure portchannels via the CLI and the Graphical User Interface.

This chapter contains the following topics:

■ Section , “Using the Link Aggregation Feature” on page 6-62

■ Section , “Configuring Link Aggregation via CLI” on page 6-63

■ Section , “Configuring Link Aggregation via Web Interface” on page 6-66

Using the Link Aggregation Feature

The Link Aggregation (LAG) feature allows the switch to treat multiple physical links between two end-points as a single logical link called a port-channel. All of the physical links in a given port-channel must operate in full-duplex mode at the same speed.

You can use the feature to directly connect two switches when the traffic between them requires high bandwidth and reliability, or to provide a higher bandwidth connection to a public network.

You can configure the port-channels as either dynamic or static. Dynamic configuration uses the IEEE 802.3ad standard, which provides for the periodic exchanges of LACPDUs. Static configuration is used when connecting the switch to an external switch that does not support the exchange of LACPDUs.

The feature offers the following benefits:

■ Increased reliability and availability -- if one of the physical links in the port-

channel goes down, traffic is dynamically and transparently reassigned to one of the other physical links.

■ Increased bandwidth -- the aggregated physical links deliver higher bandwidth

than each individual link.

■ Incremental increase in bandwidth -- A physical upgrade could produce a 10-

times increase in bandwidth; LAG produces a two- or five-times increase, useful if only a small increase is needed.

Management functions treat a port-channel as if it were a single physical port.

You can include a port-channel in a VLAN. You can configure more than one portchannel for a given switch.

62 Sun Netra CP3240 Switch User’s Guide • April 2009

Configuring Link Aggregation via CLI

The following Figure 6-1 shows an example of configuring the software to support Link Aggregation (LAG) to a server and to a Layer 3 switch.

FIGURE 6-1 LAG Port Channel Example Network Diagram

Server

Port 1/0/2

LAG_10

Port 1/0/3

LAG_10

Port 1/0/8

LAG_20

Subnet

Layer 3 Switch

Port 1/0/9

LAG_20

Layer 2 Switch

Subnet 3Subnet 2

Chapter 6 Configuring Port Channels by Link Aggregation 63

CLI Example 1: Create Two Port Channels

CODE EXAMPLE 6-1 Creating Two Port Channels

(DTI SWITCH) #config (DTI SWITCH) (Config)#port-channel lag_10 (DTI SWITCH) (Config)#port-channel lag_20 (DTI SWITCH) (Config)#exit

Use the show port-channel all command to show the logical interface ids you will use to identify the port-channels in subsequent commands. Assume that lag_10 is assigned id 1/1 and lag_20 is assigned id 1/2.

CODE EXAMPLE 6-2 Showing Port Channels

(DTI SWITCH) #show port-channel all

Port- Link Log. Channel Adm. Trap STP Mbr Port Port Intf Name Link Mode Mode Mode Type Ports Speed Active

------ ------------- ----- ---- ---- ------ ------- ------ ------

--- -----1/1lag_10 Down En. En. Dis. Dynamic 1/2lag_20 Down En. En. Dis. Dynamic

64 Sun Netra CP3240 Switch User’s Guide • April 2009

CLI Example 2: Add Physical Ports to the Port Channels

CODE EXAMPLE 6-3 Adding Ports to the Port Channels

(DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/2 (DTI SWITCH) (Interface 0/2)#addport 1/1 (DTI SWITCH) (Interface 0/2)#exit (DTI SWITCH) (Config)#interface 0/3 (DTI SWITCH) (Interface 0/3)#addport 1/1 (DTI SWITCH) (Interface 0/3)#exit (DTI SWITCH) (Config)#exit

(DTI SWITCH) #config (DTI SWITCH) (Config)#interface 0/8 (DTI SWITCH) (Interface 0/8)#addport 1/2 (DTI SWITCH) (Interface 0/8)#exit (DTI SWITCH) (Config)#interface 0/9 (DTI SWITCH) (Interface 0/9)#addport 1/2 (DTI SWITCH) (Interface 0/9)#exit (DTI SWITCH) (Config)#exit

CLI Example 3: Enable Both Port Channels

By default, the system enables link trap notification.

CODE EXAMPLE 6-4 Enabling Both Port Channels

(DTI SWITCH) #config (DTI SWITCH) (Config)#port-channel adminmode all (DTI SWITCH) (Config)#exit

At this point, the LAGs could be added to the default management VLAN.

Chapter 6 Configuring Port Channels by Link Aggregation 65

Configuring Link Aggregation via Web Interface

To perform the same configuration as described in the previous CLI sections, use: Switching --> Link Aggregation --> Configuration on the Web interface.

To create the port-channels, specify port participation and enable Link Aggregation (LAG) support on the switch.

66 Sun Netra CP3240 Switch User’s Guide • April 2009

CHAPTER

Configuring Storm Control

This chapter describes how to configure storm control on the switch.

This chapter contains the following topics:

■ Section , “Understanding Traffic Storms” on page 7-68

■ Section , “CLI Examples” on page 7-69

Understanding Traffic Storms

A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degradation in the network. FASTPATH’s Storm Control feature protects against this condition.

FASTPATH provides broadcast, multicast, and unicast storm recovery for individual interfaces or for all interfaces, depending on forwarding-plane silicon. If the silicon supports configuration for all interfaces, you will not be able to configure individual interfaces.

Unicast Storm Control protects against traffic whose MAC addresses are not known by the system.

For broadcast, multicast, and unicast storm control, if the rate of traffic ingressing on an interface increases beyond the configured threshold for that type, the traffic is dropped.

To configure storm control, you’ll enable the feature for all interfaces or for individual interfaces, and you’ll set the threshold (storm control level) beyond which the broadcast, multicast, or unicast traffic will be dropped.

Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using the “no” version of the command) sets the storm-control level back to default value and disables that form of storm-control. Using the “no” version of the “storm-control” command (not stating a “level”) disables that form of storm-control but maintains the configured “level” (to be active next time that form of storm-control is enabled).

68 Sun Netra CP3240 Switch User’s Guide • April 2009

Sun Microsystems Netra CP3240 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual