Service Manual Info

  Une communauté de partage de manuel de service en ligne.







Brocade FastIron

Tags : BrocadeFastIron 
Brocade FastIron Guide de configuration

TéléchargerObtenez le fichier PDF

Description

Brocade FastIron Configuration Guide
Publication number ; 53-1002190-01 Release 07.2.02
Date : 18 February 2011   1878 pages

About This Document
Introduction .xlix
Device nomenclature .xlix
Audience . l
What’s new in this document. l
Summary of enhancements in FSX R07.2.02 . li
Summary of enhancements in FCX R07.2.02 .lii
Summary of enhancements in FGS R07.2.02 liii
Unsupported features . liv
Document conventionsliv
Text formatting . liv
Command syntax conventions . lv
Notes, cautions, and danger notices lv
Notice to the reader lvi
Related publications lvi
Getting technical help or reporting errors . lvi
Web access . lvi
E-mail and telephone access . lvi
Chapter 1 Getting Familiar with Management Applications
Using the management port 1
How the management port works. 2
CLI Commands for use with the management port. 2
Logging on through the CLI4
On-line help 4
Command completion 5
Scroll control5
Line editing commands . 5
Using stack-unit, slot number, and port number
with CLI commands6
CLI nomenclature on Chassis-based models6
CLI nomenclature on FESX Compact devices . 6
CLI nomenclature on Stackable devices . 7
Searching and filtering output from CLI commands 8
Using special characters in regular expressions . .11
Creating an alias for a CLI command .12
Logging on through the Web Management Interface. .13
Navigating the Web Management Interface .14
Logging on through IronView Network Manager 17
Chapter 2 Configuring Basic Software Features
Configuring basic system parameters . .20
Entering system administration information . 21
Configuring Simple Network Management Protocol (SNMP)
parameters 21
Displaying virtual routing interface statistics. 24
Disabling Syslog messages and traps for CLI access 24
Cancelling an outbound Telnet session .26
Specifying a Simple Network Time Protocol (SNTP) server. .26
Setting the system clock .28
Limiting broadcast, multicast, and unknown unicast traffic.29
Configuring CLI banners .34
Configuring a local MAC address for Layer 2
management traffic .36
Configuring basic port parameters 37
Assigning a port name. 37
Modifying port speed and duplex mode. 37
Enabling auto-negotiation maximum port speed
advertisement and down-shift . .38
Modifying port duplex mode 41
Configuring MDI/MDIX. 41
Disabling or re-enabling a port . .42
Configuring flow control. .43
Configuring symmetric flow control on FCX devices .45
Configuring PHY FIFO Rx and Tx depth. .49
Configuring the Interpacket Gap (IPG) on a FastIron X Series
switch . .49
Configuring the IPG on FastIron Stackable devices. .50
Enabling and disabling support for 100BaseTX 51
Enabling and disabling support for 100BaseFX . .52
Changing the Gbps fiber negotiation mode . .53
Modifying port priority (QoS) . .54
Dynamic configuration of Voice over IP (VoIP) phones .54
Configuring port flap dampening . .56
Port loop detection. .59
Chapter 3 Operations, Administration, and Maintenance
Overview .66
Determining the software versions installed
and running on a device .66
Determining the flash image version running on the device . .66
Determining the boot image version running on the device .68
Determining the image versions installed in flash memory .68
Flash image verification .69
Image file types . .70
Upgrading software. 71
Boot code synchronization feature 71
Viewing the contents of flash files . 71
Using SNMP to upgrade software .72
Changing the block size for TFTP file transfers .73
Rebooting. 74
Configuration notes . 74
Displaying the boot preference .75
Loading and saving configuration files .75
Replacing the startup configuration with the
running configuration . 76
Replacing the running configuration with the
startup configuration 76
Logging changes to the startup-config file . 76
Copying a configuration file to or from a TFTP server . .77
Dynamic configuration loading . .77
Maximum file sizes for startup-config file and running-config .80
Loading and saving configuration files with IPv6 .80
Using the IPv6 copy command . .80
Copying a file from an IPv6 TFTP server. 81
Using the IPv6 ncopy command .82
Uploading files from an IPv6 TFTP server .83
Using SNMP to save and load configuration information .84
Erasing image and configuration files . .85
Scheduling a system reload . .85
Reloading at a specific time . .86
Reloading after a specific amount of time.86
Displaying the amount of time remaining before
a scheduled reload .86
Canceling a scheduled reload.86
Diagnostic error codes and remedies for TFTP transfers.86
Testing network connectivity .88
Pinging an IPv4 address .88
Tracing an IPv4 route. .89
Hitless management on the FSX 800 and FSX 1600. .90
Benefits of Hitless management 91
Supported protocols and services .92
Configuration notes and feature limitations .94
What happens during a Hitless switchover or failover .94
Enabling hitless failover on the FSX 800 and
FSX 1600 .96
Executing a hitless switchover on the FSX 800 and
FSX 1600 .96
Hitless OS upgrade on the FSX 800 and FSX 1600 . 97
Syslog message for Hitless management events .99
Displaying diagnostic information. .99
Chapter 4 Software-based Licensing
Software license terminology . .101
Software-based licensing overview .102
How software-based licensing works . .102
Seamless transition for legacy devices . .103
License types .103
Non-licensed features. .104
Licensed features and part numbers .104
Licensing rules . .106
Configuration tasks. .108
Obtaining a license . .108
Installing a license file . .113
Verifying the license file installation .113
Using a trial license. .113
Deleting a license .114
Other licensing options available from the
Brocade Software Portal. .115
Viewing software license information. .115
Transferring a license . .116
Special replacement instructions for legacy devices .116
Syslog messages and trap information . .117
Viewing information about software licenses .117
Viewing the License ID (LID) .117
Viewing the license database . .118
Viewing software packages installed in the device .120
Chapter 5 Brocade Stackable Devices
Brocade IronStack overview.121
IronStack technology features .121
Brocade stackable models . .122
Brocade IronStack terminology.122
Building an IronStack . .124
Brocade IronStack topologies . .124
Software requirements .128
IronStack construction methods. .128
Scenario 1 - Configuring a three-member IronStack
in a ring topology using secure-setup. .129
Scenario 2 - Configuring a three-member IronStack
in a ring topology using the automatic setup process.133
Scenario 3 - Configuring a three-member IronStack
in a ring topology using the manual configuration process . .137
Configuring an FCX IronStack . .138
Configuring FCX stacking ports.138
Configuring a default stacking port to function as
a data port .144
Verifying an IronStack configuration.144
Managing your Brocade IronStack. .147
Logging in through the CLI.147
Logging in through IronView Network Manager . .148
Logging in through the console port .148
IronStack management MAC address .150
Removing MAC address entries . .151
CLI command syntax .153
IronStack CLI commands .153
Important notes about software images .155
Copying the flash image to a stack unit from
the Active Controller. .157
Reloading a stack unit . .158
Controlling stack topology .158
Managing IronStack partitioning. .159
MIB support for the IronStack. .160
Persistent MAC address . .160
Unconfiguring an IronStack. .162
Displaying IronStack information .163
Adding, removing, or replacing units in an IronStack .179
Renumbering stack units .181
Syslog, SNMP, and traps . .183
Troubleshooting an IronStack. .184
Troubleshooting an unsuccessful stack build .184
Troubleshooting a stacking upgrade.186
Troubleshooting image copy issues .186
Stack mismatches.187
Image mismatches . .187
Advanced feature privileges (FCX devices only). .187
Configuration mismatch . .188
Memory allocation failure .189
Recovering from a mismatch . .189
Troubleshooting secure-setup. .190
Troubleshooting unit replacement issues . .191
More about IronStack technology . .191
Configuration, startup configuration files and stacking flash.191
Flexible stacking ports. .192
IronStack topologies .192
Port down and aging .193
Device roles and elections . .193
FCX hitless stacking .195
Supported events. .196
Non-supported events . .196
Supported protocols and services . .196
Configuration notes and feature limitations . .198
What happens during a hitless stacking switchover or
failover . .199
Standby Controller role in hitless stacking. .200
Support during stack formation, stack merge,
and stack split . .202
Hitless stacking default behavior .206
Hitless stacking failover.208
Hitless stacking switchover . .209
Displaying information about hitless stacking .216
Syslog messages for hitless stacking failover and switchover216
Displaying hitless stacking diagnostic information .217
Chapter 6 Monitoring Hardware Components
Virtual cable testing .219
Configuration notes . .219
Command syntax . .219
Viewing the results of the cable analysis .220
Supported Fiber Optic Transceivers.221
Digital optical monitoring .223
Configuration limitations . .223
Enabling digital optical monitoring . .223
Setting the alarm interval .223
Displaying information about installed media .224
Viewing optical monitoring information . .225
Syslog messages . .227
Chapter 7 Configuring IPv6 Management on
FastIron GS, LS, WS, and CX Series Switches
IPv6 management overview .230
IPv6 addressing.230
Enabling and disabling IPv6 .231
IPv6 management features .231
IPv6 management ACLs . .231
IPv6 debug .231
IPv6 Web management using HTTP and HTTPS .232
IPv6 logging . .233
Name-to-IPv6 address resolution using IPv6 DNS server . .233
Defining an IPv6 DNS entry. .233
IPv6 ping.234
SNTP over IPv6. .235
SNMP3 over IPv6 . .235
Specifying an IPv6 SNMP trap receiver . .235
Secure Shell, SCP, and IPv6 .236
IPv6 Telnet .236
IPv6 traceroute. .236
IPv6 management commands.237
Chapter 8 Configuring IPv6 on FastIron X Series Switches
Full Layer 3 IPv6 feature support.240
IPv6 addressing overview.241
IPv6 address types.241
IPv6 stateless autoconfiguration .243
IPv6 CLI command support .243
Configuring an IPv6 host address on a Layer 2 switch. .245
Configuring a global or site-local IPv6 address
with a manually configured interface ID .246
Configuring a link-local IPv6 address as a system-wide
address for a switch. .246
Configuring the management port for an
IPv6 automatic address configuration.247
Configuring basic IPv6 connectivity on
a Layer 3 switch.247
Enabling IPv6 routing.247
Configuring IPv6 on each router interface . .247
Configuring IPv4 and IPv6 protocol stacks. .250
IPv6 management on FastIron X Series devices
(IPv6 host support) . .251
IPv6 management ACLs . .251
Restricting SNMP access to an IPv6 node . .252
Specifying an IPv6 SNMP trap receiver . .252
SNMP V3 over IPv6 . .252
SNTP over IPv6. .252
Secure Shell, SCP, and IPv6 .252
IPv6 Telnet .253
IPv6 Traceroute .253
IPv6 Web management using HTTP and HTTPS .254
Restricting Web management access .254
Configuring name-to-IPv6 address resolution using
IPv6 DNS resolver .255
Defining an IPv6 DNS entry. .255
IPv6 ping.255
Configuring an IPv6 Syslog server . .257
Viewing IPv6 SNMP server addresses .257
Disabling router advertisement and solicitation messages . .258
IPv6 debug .258
Disabling IPv6 on a Layer 2 switch . .258
Configuring a static IPv6 route.259
IPv6 over IPv4 tunnels .261
Configuration notes . .261
Configuring a manual IPv6 tunnel . .262
Clearing IPv6 tunnel statistics .263
Displaying IPv6 tunnel information. .263
ECMP load sharing for IPv6 .266
Disabling or re-enabling ECMP load sharing for IPv6 .266
Changing the maximum load sharing paths for IPv6 .266
Enabling support for network-based ECMP
load sharing for IPv6 .267
Displaying ECMP load-sharing information for IPv6 . .267
Configuring IPv6 ICMP features . .267
Configuring ICMP rate limiting .267
Enabling IPv6 ICMP redirect messages . .268
Configuring IPv6 neighbor discovery . .269
Configuration notes . .269
Neighbor solicitation and advertisement messages. .270
Router advertisement and solicitation messages . .270
Neighbor redirect messages . 271
Setting neighbor solicitation parameters for
duplicate address detection . 271
Setting IPv6 router advertisement parameters . .272
Controlling prefixes advertised in IPv6 router
advertisement messages .273
Setting flags in IPv6 router advertisement messages. 274
Enabling and disabling IPv6 router advertisements . .275
Configuring reachable time for remote IPv6 nodes.275
IPv6 MTU . .275
Configuration Notes and Feature Limitations .276
Changing the IPv6 MTU .276
Configuring static neighbor entries .276
Limiting the number of hops an IPv6 packet can traverse . .277
Clearing global IPv6 information .277
Clearing the IPv6 cache.277
Clearing IPv6 neighbor information .278
Clearing IPv6 routes from the IPv6 route table . .278
Clearing IPv6 traffic statistics . .279
Displaying global IPv6 information. .279
Displaying IPv6 cache information . .279
Displaying IPv6 interface information. .280
Displaying IPv6 neighbor information. .282
Displaying the IPv6 route table .283
Displaying local IPv6 routers .285
Displaying IPv6 TCP information . .286
Displaying IPv6 traffic statistics . .290
Chapter 9 Configuring Spanning Tree Protocol (STP) Related Features
STP overview .295
Configuring standard STP parameters.296
STP parameters and defaults . .296
Enabling or disabling the Spanning Tree Protocol (STP) .297
Changing STP bridge and port parameters .298
STP protection enhancement . .300
Displaying STP information . .302
Configuring STP related features .311
Fast port span . .311
Fast Uplink Span . .313
802.1W Rapid Spanning Tree (RSTP) . .316
802.1W Draft 3 .354
Single Spanning Tree (SSTP) .358
STP per VLAN group . .360
PVST/PVST+ compatibility . .365
Overview of PVST and PVST+ . .365
VLAN tags and dual mode .366
Configuring PVST+ support . .367
Displaying PVST+ support information .367
Configuration examples.368
PVRST compatibility . 371
BPDU guard 371
Enabling BPDU protection by port. 371
Re-enabling ports disabled by BPDU guard .372
Displaying the BPDU guard status . .372
Example console messages . 374
Root guard . 374
Enabling STP root guard . .375
Displaying the STP root guard . .375
Displaying the root guard by VLAN . .375
Error disable recovery . .376
Enabling error disable recovery . .376
Setting the recovery interval .376
Displaying the error disable recovery state by interface .377
Displaying the recovery state for all conditions . .377
Displaying the recovery state by port number and cause. .378
Errdisable Syslog messages .378
802.1s Multiple Spanning Tree Protocol .378
Multiple spanning-tree regions .378
Configuration notes . .380
Configuring MSTP mode and scope .380
Reduced occurrences of MSTP reconvergence . .381
Configuring additional MSTP parameters . .383
Chapter 10 Configuring Basic Layer 2 Features
About port regions.396
FastIron X Series device port regions . .396
FCX, FGS, FLS, and FWS device port regions. .397
Enabling or disabling the Spanning Tree Protocol (STP).398
Modifying STP bridge and port parameters .398
Management MAC address for stackable devices .398
MAC learning rate control .399
Changing the MAC age time and disabling MAC
address learning . .399
Disabling the automatic learning of MAC addresses .399
Displaying the MAC address table . .400
Configuring static MAC entries .400
Multi-port static MAC address. .401
Configuring VLAN-based static MAC entries . .402
Clearing MAC address entries .402
Flow-based MAC address learning. .403
Feature overview . .403
The benefits of flow-based learning .403
How flow-based learning works . .404
Configuration considerations . .404
Configuring flow-based MAC address learning . .405
Displaying information about flow-based MACs. .406
Clearing flow-based MAC address entries . .406
Enabling port-based VLANs .406
Assigning IEEE 802.1Q tagging to a port .407
Defining MAC address filters . .408
Configuration notes and limitations .408
Command syntax . .408
Enabling logging of management traffic
permitted by MAC address filters .410
MAC address filter override for 802.1X-enabled ports . .411
Locking a port to restrict addresses . .412
Configuration notes . .412
Command syntax . .413
Displaying and modifying system parameter default settings . .413
Configuration considerations . .413
Displaying system parameter default values . .413
Modifying system parameter default values . .419
Dynamic buffer allocation for QoS priorities for
FastIron X Series devices .419
Default queue depth limits for FastIron X Series devices . .420
Configuring the total transmit queue depth limit
for FastIron X Series devices .420
Configuring the transmit queue depth limit for
a given traffic class on FastIron X Series devices . .421
Removing buffer allocation limits on
FastIron X Series devices .422
Configuring buffer profiles on the SX-FI48GPP
Interface module . .422
Dynamic Buffer Allocation for FastIron GS, LS, WS, and CX Series devices
424
Configuring buffer profiles.424
Remote Fault Notification (RFN) on 1G fiber connections .433
Enabling and disabling remote fault notification.434
Link Fault Signaling (LFS) for 10G . .434
Jumbo frame support . .435
Chapter 11 Configuring Metro Features
Topology groups.437
Master VLAN and member VLANs . .438
Control ports and free ports .438
Configuration considerations . .438
Configuring a topology group . .439
Displaying topology group information .440
Metro Ring Protocol (MRP) . .441
Configuration notes . .443
MRP rings without shared interfaces (MRP Phase 1) .443
MRP rings with shared interfaces (MRP Phase 2). .444
Ring initialization . .446
How ring breaks are detected and healed . .450
Master VLANs and customer VLANs.452
Configuring MRP . .453
Using MRP diagnostics .456
Displaying MRP information .457
MRP CLI example . .459
Virtual Switch Redundancy Protocol (VSRP) . .461
Configuration notes and feature limitations . .462
Layer 2 and Layer 3 redundancy .463
Master election and failover .463
VSRP-Aware security features . .468
VSRP parameters . .468
Configuring basic VSRP parameters. 471
Configuring optional VSRP parameters . .472
Displaying VSRP information.480
VSRP fast start . .482
VSRP and MRP signaling . .484
Chapter 12 Configuring Power over Ethernet
Power over Ethernet overview .487
Terms used in this chapter . .488
Methods for delivering PoE . .488
Autodiscovery .490
Power class.490
Power specifications .491
Dynamic upgrade of PoE power supplies .491
Cabling requirements . .493
Supported powered devices .493
Installing PoE Firmware .494
PoE and CPU utilization .497
Enabling and disabling Power over Ethernet. .497
Disabling support for PoE legacy power-consuming devices .498
Enabling the detection of PoE power requirements
advertised through CDP . .498
Command syntax . .499
Setting the maximum power level for a PoE powerconsuming
device .499
Configuration note .499
Command syntax . .499
Setting the power class for a PoE powerconsuming
device .500
Configuration notes . .500
Command syntax . .501
Setting the power budget for a PoE interface module . .501
Setting the inline power priority for a PoE port . .502
Command syntax . .502
Resetting PoE parameters . .503
Displaying Power over Ethernet information . .503
Displaying PoE operational status . .504
Displaying detailed information about PoE power supplies . .506
Chapter 13 Configuring Uni-Directional Link Detection (UDLD) and Protected
Link Groups
UDLD overview .513
UDLD for tagged ports . .514
Configuration notes and feature limitations . .514
Enabling UDLD . .514
Enabling UDLD for tagged ports . .515
Changing the Keepalive interval . .515
Changing the Keepalive retries .516
Displaying UDLD information . .516
Clearing UDLD statistics . .518
Protected link groups . .518
About active ports .519
Using UDLD with protected link groups . .519
Configuration notes . .519
Creating a protected link group and assigning
an active port .520
Chapter 14 Configuring Trunk Groups and Dynamic Link Aggregation
Trunk group overview . .523
Trunk group connectivity to a server.524
Trunk group rules . .525
Trunk group configuration examples . .527
Support for flexible trunk group membership .528
Trunk group load sharing. .529
Configuring a trunk group.531
CLI syntax for configuring consecutive ports in a trunk group531
CLI syntax for configuring non-consecutive ports in a trunk
group. .532
Example 1: Configuring the trunk groups shown
in Figure 87 . .532
Example 2: Configuring a trunk group that spans
two Gbps Ethernet modules in a chassis device .533
Example 3: Configuring a multi-slot trunk group
with one port per module .533
Example 4: Configuring a trunk group of 10 Gbps
Ethernet ports . .534
Additional trunking options . .535
Displaying trunk group configuration information .540
Viewing the first and last ports in a trunk group .541
Dynamic link aggregation .541
IronStack LACP trunk group configuration example . .542
Examples of valid LACP trunk groups . .543
Configuration notes and limitations .544
Adaptation to trunk disappearance .546
Flexible trunk eligibility .546
Enabling dynamic link aggregation. .547
How changing the VLAN membership of a port
affects trunk groups and dynamic keys . .549
Additional trunking options for LACP trunk ports.549
Link aggregation parameters . .549
Displaying and determining the status of aggregate links .554
Events that affect the status of ports in an aggregate link.555
Displaying link aggregation and port status information . .555
Displaying LACP status information .558
Clearing the negotiated aggregate links table . .558
Configuring single link LACP.558
Configuration notes . .558
CLI syntax . .558
Chapter 15 Configuring Virtual LANs (VLANs)
VLAN overview. .561
Types of VLANs . .561
Modifying a port-based VLAN . .568
Default VLAN .578
802.1Q tagging .579
Spanning Tree Protocol (STP) . .581
Virtual routing interfaces. .582
VLAN and virtual routing interface groups . .583
Dynamic, static, and excluded port membership . .584
Super aggregated VLANs. .586
Trunk group ports and VLAN membership . .586
Summary of VLAN configuration rules .587
Routing between VLANs . .588
Virtual routing interfaces (Layer 3 Switches only) . .588
Routing between VLANs using virtual routing interfaces
(Layer 3 Switches only) .588
Dynamic port assignment (Layer 2 Switches and
Layer 3 Switches). .589
Assigning a different VLAN ID to the default VLAN .589
Assigning different VLAN IDs to reserved VLANs
4091 and 4092 .590
Assigning trunk group ports .591
Enable spanning tree on a VLAN .591
Configuring IP subnet, IPX network and
protocol-based VLANs . .592
Configuration example. .592
Configuring IP subnet, IPX network, and protocol-based
VLANs within port-based VLANs. .594
Configuring an IPv6 protocol VLAN .598
Routing between VLANs using virtual routing
interfaces (Layer 3 Switches only) . .598
Configuring protocol VLANs with dynamic ports .604
Aging of dynamic ports .605
Configuration guidelines . .606
Configuring an IP, IPX, or AppleTalk Protocol
VLAN with Dynamic Ports .606
Configuring an IP subnet VLAN with dynamic ports . .606
Configuring an IPX network VLAN with dynamic ports . .607
Configuring uplink ports within a port-based VLAN . .608
Configuration considerations . .608
Configuration syntax .608
Configuring the same IP subnet address on
multiple port-based VLANs. .609
Configuring VLAN groups and virtual routing interface groups .612
Configuring a VLAN group .612
Configuring a virtual routing interface group . .614
Displaying the VLAN group and virtual routing
interface group information .615
Allocating memory for more VLANs or virtual
routing interfaces. .616
Configuring super aggregated VLANs .617
Configuration notes . .620
Configuring aggregated VLANs .620
Verifying the configuration.622
Complete CLI examples .622
Configuring 802.1Q-in-Q tagging .625
Configuration rules . .625
Enabling 802.1Q-in-Q tagging . .626
Example configuration. .627
Configuring 802.1Q-in-Q tag profiles . .627
Configuring private VLANs . .628
Configuration notes . .631
Enabling broadcast or unknown unicast traffic
to the PVLAN. .635
CLI example for a general PVLAN network . .636
CLI example for a PVLAN network with switch-switch
link ports.636
Dual-mode VLAN ports .637
Displaying VLAN information . .640
Displaying VLANs in alphanumeric order .640
Displaying system-wide VLAN information . .641
Displaying global VLAN information .642
Displaying VLAN information for specific ports . .642
Displaying a port VLAN membership . .643
Displaying a port dual-mode VLAN membership .643
Displaying port default VLAN IDs (PVIDs) .643
Displaying PVLAN information. .644
Chapter 16 Configuring GARP VLAN Registration Protocol (GVRP)
GVRP overview. .645
Application examples . .646
Dynamic core and fixed edge . .646
Dynamic core and dynamic edge .647
Fixed core and dynamic edge . .648
Fixed core and fixed edge .648
VLAN names .648
Configuration notes. .648
Configuring GVRP .650
Changing the GVRP base VLAN ID . .650
Increasing the maximum configurable value
of the Leaveall timer .650
Enabling GVRP . .651
Disabling VLAN advertising . .651
Disabling VLAN learning . .652
Changing the GVRP timers . .652
Converting a VLAN created by GVRP into a
statically-configured VLAN . .654
Displaying GVRP information . .655
Displaying GVRP configuration information .655
Displaying GVRP VLAN information. .657
Displaying GVRP statistics .659
Displaying CPU utilization statistics .660
Displaying GVRP diagnostic information .662
Clearing GVRP statistics . .662
CLI examples .662
Dynamic core and fixed edge . .663
Dynamic core and dynamic edge .664
Fixed core and dynamic edge . .664
Fixed core and fixed edge .665
Chapter 17 Configuring MAC-based VLANs
Overview . .667
Static and dynamic hosts .667
MAC-based VLAN feature structure .668
Dynamic MAC-based VLAN . .668
Configuration notes and feature limitations . .669
Configuration example. .670
Configuring MAC-based VLANs.671
Using MAC-based VLANs and 802.1X security
on the same port . .671
Configuring generic and Brocade vendor-specific
attributes on the RADIUS server . .672
Aging for MAC-based VLAN . .673
Disabling aging for MAC-based VLAN sessions . .674
Configuring the maximum MAC addresses per port . .675
Configuring a MAC-based VLAN for a static host .675
Configuring MAC-based VLAN for a dynamic host . .676
Configuring dynamic MAC-based VLAN . .676
Configuring MAC-based VLANs using SNMP . .677
Displaying Information about MAC-based VLANs . .677
Displaying the MAC-VLAN table.677
Displaying the MAC-VLAN table for a specific MAC address . .677
Displaying allowed MAC addresses .678
Displaying denied MAC addresses . .678
Displaying detailed MAC-VLAN data .679
Displaying MAC-VLAN information for a specific interface .681
Displaying MAC addresses in a MAC-based VLAN . .682
Displaying MAC-based VLAN logging . .683
Clearing MAC-VLAN information . .683
Sample application . .683
Chapter 18 Configuring Rule-Based IP Access Control Lists (ACLs)
ACL overview .688
Types of IP ACLs .688
ACL IDs and entries . .689
Numbered and named ACLs .689
Default ACL action .690
How hardware-based ACLs work .690
How fragmented packets are processed .690
Hardware aging of Layer 4 CAM entries . .691
Configuration considerations . .691
Configuring standard numbered ACLs.692
Standard numbered ACL syntax . .692
Configuration example for standard numbered ACLs .693
Configuring standard named ACLs .693
Standard named ACL syntax .694
Configuration example for standard named ACLs . .695
Configuring extended numbered ACLs . .696
Extended numbered ACL syntax . .696
Configuration examples for extended numbered ACLs . .700
Configuring extended named ACLs .702
Extended named ACL syntax.703
Configuration example for extended named ACLs. .706
Preserving user input for ACL TCP/UDP port numbers. .707
Managing ACL comment text . .707
Adding a comment to an entry in a numbered ACL.707
Adding a comment to an entry in a named ACL. .708
Deleting a comment from an ACL entry . .709
Viewing comments in an ACL . .709
Applying an ACL to a virtual interface in a protocolor
subnet-based VLAN .710
Enabling ACL logging.710
Enabling strict control of ACL filtering of fragmented packets. .713
Enabling ACL support for switched traffic in the router image .714
Enabling ACL filtering based on VLAN membership or VE port
membership .715
Configuration notes . .715
Applying an IPv4 ACL to specific VLAN members on
a port (Layer 2 devices only) .715
Applying an IPv4 ACL to a subset of ports on a virtual
interface (Layer 3 devices only) . .716
Using ACLs to filter ARP packets . 717
Configuration considerations . .718
Configuring ACLs for ARP filtering .718
Displaying ACL filters for ARP . .719
Clearing the filter count .719
Filtering on IP precedence and ToS values .719
TCP flags - edge port security . .720
QoS options for IP ACLs . .720
Configuration notes for FGS, FLS, FGS-STK, FLS-STK
and FCX devices.721
Using an ACL to map the DSCP value (DSCP CoS mapping). .721
Using an IP ACL to mark DSCP values (DSCP marking). .722
DSCP matching .724
ACL-based rate limiting .724
ACL statistics .724
Using ACLs to control multicast features.725
Enabling and viewing hardware usage statistics for an ACL .725
Displaying ACL information. .726
Troubleshooting ACLs . .727
Policy-based routing (PBR) . .727
Chapter 19 Configuring IPv6 Access Control Lists (ACLs)
ACL overview .735
Configuration notes. .736
Configuring an IPv6 ACL . .737
Example configurations .737
Default and implicit IPv6 ACL action.739
ACL syntax .740
Applying an IPv6 ACL to an interface . .745
Adding a comment to an IPv6 ACL entry .745
Deleting a comment from an IPv6 ACL entry .746
Support for ACL logging . .746
Displaying IPv6 ACLs.746
Chapter 20 Configuring Quality of Service
Classification .749
Processing of classified traffic .750
QoS for Brocade stackable devices .756
QoS profile restrictions in an IronStack . .756
QoS behavior for trusting Layer 2 (802.1p) in an IronStack . .757
QoS behavior for trusting Layer 3 (DSCP) in an IronStack .757
QoS behavior on port priority and VLAN priority
in an IronStack . .757
QoS behavior for 802.1p marking in an IronStack .757
QoS queues . .757
QoS queues for the SX-FI48GPP interface module .758
User-configurable scheduler profile on FLS, FGS and FCX .758
Assigning QoS priorities to traffic.760
Changing a port priority .760
Assigning static MAC entries to priority queues. .761
Buffer allocation/threshold for QoS queues . .761
802.1p priority override . .761
Configuration notes and feature limitations . .762
Enabling 802.1p priority override .762
Marking .762
Configuring DSCP-based QoS. .763
Application notes . .763
Using ACLs to honor DSCP-based QoS .763
Trust DSCP for the SX-FI48GPP module . .764
Configuring the QoS mappings.764
Default DSCP to internal forwarding priority mappings. .764
Changing the DSCP to internal forwarding
priority mappings . .765
Changing the VLAN priority 802.1p to hardware
forwarding queue mappings .766
8 to 4 queue mapping for the SX-FI48GPP module . .767
Scheduling.768
Scheduling for the SX-FI48GPP module . .768
QoS queuing methods . .768
Selecting the QoS queuing method .770
Configuring the QoS queues .770
Viewing QoS settings.773
Viewing DSCP-based QoS settings . .773
Chapter 21 Configuring Traffic Policies
Traffic policies overview . .777
Configuration notes and feature limitations . .778
Maximum number of traffic policies supported on a device .779
Setting the maximum number of traffic policies
supported on a Layer 3 device .779
ACL-based rate limiting using traffic policies. .780
Support for fixed rate limiting and adaptive rate limiting . .780
Configuring ACL-based fixed rate limiting.780
Configuring ACL-based adaptive rate limiting .782
Specifying the action to be taken for packets that are
over the limit. .784
ACL statistics and rate limit counting .785
Enabling ACL statistics .785
Enabling ACL statistics with rate limiting traffic policies.786
Viewing ACL and rate limit counters .787
Clearing ACL and rate limit counters . .788
Viewing traffic policies .788
Chapter 22 Configuring Base Layer 3 and Enabling Routing Protocols
TCAM entries in FWS devices . .792
Adding a static IP route.792
Adding a static ARP entry .792
Modifying and displaying layer 3 system parameter limits . .793
Configuration notes . .793
FGS, FLS, and FWS with base Layer 3 .793
FastIron IPv4 models .794
FastIron IPv6 models .796
Displaying Layer 3 system parameter limits . .796
Configuring RIP .797
Enabling RIP . .798
Enabling redistribution of IP static routes into RIP .798
Enabling redistribution .800
Enabling learning of default routes .800
Changing the route loop prevention method . .800
Other layer 3 protocols .800
Enabling or disabling routing protocols . .801
Enabling or disabling layer 2 switching . .801
Configuration Notes and Feature Limitations .801
Command syntax . .802
Chapter 23 Configuring Port Mirroring and Monitoring
Overview . .803
Configuring port mirroring and monitoring .803
Configuration notes . .804
Command syntax . .806
Configuring mirroring on an Ironstack .808
Configuration notes . .808
ACL-based inbound mirroring . .809
Creating an ACL-based inbound mirror clause for FGS,
FGS-STK, FLS, FLS-STK, FWS , and FCX devices .809
Creating an ACL-based inbound mirror clause for
FastIron X Series devices .809
MAC address filter-based mirroring .813
Configuring MAC address filter-based mirroring .813
VLAN-based mirroring . .814
Chapter 24 Configuring Rate Limiting and Rate Shaping on
FastIron X Series and CX Series Switches
Rate limiting overview. .817
Rate limiting in hardware .818
How Fixed rate limiting works . .818
Configuration notes . .819
Configuring a port-based rate limiting policy . .819
Configuring an ACL-based rate limiting policy .819
Displaying the fixed rate limiting configuration . .819
Rate shaping overview .820
Configuration notes . .820
Configuring outbound rate shaping for a port .821
Configuring outbound rate shaping for a specific priority . .821
Configuring outbound rate shaping for a trunk port . .822
Displaying rate shaping configurations . .822
Chapter 25 Configuring Rate Limiting on FastIron GS, LS, and WS Series
Switches
Overview . .823
Rate limiting in hardware .824
How fixed rate limiting works . .824
Configuring fixed rate limiting on inbound ports.825
Minimum and maximum rates .825
Configuration notes . .825
Configuration syntax .825
Configuring fixed rate limiting on outbound ports .826
Minimum and maximum rates .826
Configuration notes . .826
Port-based rate limiting .827
Port- and priority-based rate limiting . .827
Configuring an ACL-based rate limiting policy .828
Displaying the fixed rate limiting configuration. .828
Inbound ports.828
Outbound ports .829
Chapter 26 Configuring IP Multicast Traffic Reduction for
FastIron GS, LS, WS, and CX Series Switches
IGMP snooping overview. .831
Configuration notes . .833
Configuring queriers and non-queriers.834
VLAN specific configuration .835
Using IGMPv2 with IGMPv3. .835
PIM SM traffic snooping overview . .835
Application example. .835
Configuring IGMP snooping .837
Displaying IGMP snooping information . .845
Displaying querier information .850
Clear IGMP snooping commands .853
Chapter 27 Configuring IP Multicast Traffic Reduction for FastIron X Series
Switches
IGMP snooping overview. .855
MAC-based implementation on FastIron X Series devices .856
Queriers and non-queriers . .857
VLAN-specific configuration .857
Tracking and fast leave .857
Support for IGMP snooping and layer 3 multicast routing
together on the same device . .858
Configuration notes and feature limitations . .858
PIM SM traffic snooping overview . .859
Application examples.859
Configuration notes and limitations .860
Configuring IGMP snooping .861
Enabling IGMP snooping globally on the device .863
Configuring the IGMP mode .863
Configuring the IGMP version . .864
Disabling IGMP snooping on a VLAN . .865
Disabling transmission and receipt of IGMP packets
on a port .865
Modifying the age interval for group membership entries .865
Modifying the query interval (active IGMP snooping
mode only) .866
Modifying the maximum response time. .866
Configuring report control .866
Modifying the wait time before stopping traffic when
receiving a leave message . .867
Modifying the multicast cache age time .867
Enabling or disabling error and warning messages . .867
Configuring static router ports .867
Turning off static group proxy . .868
Enabling IGMP V3 membership tracking and fast leave
for the VLAN . .868
Enabling fast leave for IGMP V2 . .869
Enabling fast convergence . .869
Configuring PIM SM snooping .869
Enabling or disabling PIM SM snooping. .870
Enabling PIM SM snooping on a VLAN .870
Disabling PIM SM snooping on a VLAN . .870
IGMP snooping show commands. 871
Displaying the IGMP snooping configuration 871
Displaying IGMP snooping errors .872
Displaying IGMP group information .872
Displaying IGMP snooping mcache information .873
Displaying usage of hardware resource by
multicast groups 874
Displaying software resource usage for VLANs . .875
Displaying the status of IGMP snooping traffic . .876
Displaying querier information .877
PIM SM snooping show commands.880
Displaying PIM SM snooping information.880
Displaying PIM SM snooping information on a
Layer 2 switch . .881
Displaying PIM SM snooping information for a specific
group or source group pair . .882
Clear commands for IGMP snooping . .883
Clearing the IGMP mcache . .883
Clearing the mcache on a specific VLAN .883
Clearing traffic on a specific VLAN . .883
Clearing IGMP counters on VLANs . .883
Chapter 28 Enabling the Foundry Discovery Protocol (FDP) and Reading Cisco
Discovery Protocol (CDP) Packets
Using FDP .885
Configuring FDP .886
Displaying FDP information . .887
Clearing FDP and CDP information. .890
Reading CDP packets . .890
Enabling interception of CDP packets globally . .891
Enabling interception of CDP packets on an interface . .891
Displaying CDP information. .891
Clearing CDP information .893
Chapter 29 Configuring LLDP and LLDP-MED
Terms used in this chapter . .896
LLDP overview . .896
Benefits of LLDP . .897
LLDP-MED overview .898
Benefits of LLDP-MED . .899
LLDP-MED class .899
General operating principles . .899
Operating modes . .900
LLDP packets .900
TLV support.901
MIB support . .904
Syslog messages. .904
Configuring LLDP. .904
Configuration notes and considerations .905
Enabling and disabling LLDP.905
Enabling support for tagged LLDP packets .906
Changing a port LLDP operating mode . .906
Specifying the maximum number of LLDP neighbors .908
Enabling LLDP SNMP notifications and syslog messages .909
Changing the minimum time between LLDP transmissions . .910
Changing the interval between regular LLDP transmissions .910
Changing the holdtime multiplier for transmit TTL .911
Changing the minimum time between port reinitializations. .911
LLDP TLVs advertised by the Brocade device .912
Configuring LLDP-MED .920
Enabling LLDP-MED . .921
Enabling SNMP notifications and syslog messages
for LLDP-MED topology changes. .921
Changing the fast start repeat count . .922
Defining a location id.922
Defining an LLDP-MED network policy .929
LLDP-MED attributes advertised by the Brocade device . .931
Extended power-via-MDI information . .932
Displaying LLDP statistics and configuration settings.934
LLDP configuration summary . .934
LLDP statistics . .935
LLDP neighbors .937
LLDP neighbors detail . .938
LLDP configuration details . .939
Resetting LLDP statistics .941
Clearing cached LLDP neighbor information. .941
Chapter 30 Configuring IP Multicast Protocols
Overview of IP multicasting .944
IPv4 multicast group addresses . .944
Mapping of IPv4 Multicast group addresses to
Ethernet MAC addresses. .944
Supported Layer 3 multicast routing protocols . .945
Suppression of unregistered multicast packets .945
Multicast terms .945
Changing global IP multicast parameters . .946
Changing dynamic memory allocation for IP
multicast groups . .946
Changing IGMP V1 and V2 parameters . .948
Adding an interface to a multicast group . .949
IP multicast boundaries . .950
Configuration considerations . .950
Configuring multicast boundaries.950
Displaying multicast boundaries. .950
PIM Dense .951
Initiating PIM multicasts on a network .952
Pruning a multicast tree . .952
Grafts to a multicast Tree .954
PIM DM versions . .954
Configuring PIM DM. .955
Failover time in a multi-path topology .959
Modifying the TTL. .959
Displaying basic PIM Dense configuration
information .960
Displaying all multicast cache entries in a
pruned state. .961
PIM Sparse . .961
PIM Sparse switch types . .962
RP paths and SPT paths . .963
Configuring PIM Sparse.963
ACL based RP assignment . .969
Anycast RP .970
Displaying PIM Sparse configuration information
and statistics .973
PIM Passive . .987
Multicast Source Discovery Protocol (MSDP) .987
Peer Reverse Path Forwarding (RPF) flooding .989
Source active caching . .989
Configuring MSDP .990
Designating an interface IP address as
the RP IP address .991
Filtering MSDP source-group pairs . .991
MSDP mesh groups . .994
Displaying MSDP information .1001
Clearing MSDP information1005
Passive multicast route insertion. 1006
DVMRP overview .1007
Initiating DVMRP multicasts on a network .1007
Pruning a multicast tree 1008
Grafts to a multicast tree . 1009
Configuring DVMRP.1010
Enabling DVMRP on the Layer 3 Switch and interface .1010
Modifying DVMRP global parameters .1010
Modifying DVMRP interface parameters . .1013
Displaying information about an upstream neighbor device 1014
Configuring an IP tunnel .1014
Using ACLs to control multicast features. .1015
Using ACLs to limit static RP groups . .1015
Using ACLs to limit PIM RP candidate advertisement . .1017
Disabling CPU processing for select multicast groups .1018
CLI command syntax . .1018
Viewing disabled multicast addresses . .1019
Configuring a static multicast route. .1019
Tracing a multicast route . .1021
Displaying the multicast configuration for
another multicast router1022
IGMP V3 . 1023
Default IGMP version . .1024
Compatibility with IGMP V1 and V2 . .1024
Globally enabling the IGMP version . 1025
Enabling the IGMP version per interface setting . 1025
Enabling the IGMP version on a physical port within
a virtual routing interface . 1025
Enabling membership tracking and fast leave 1026
Setting the query interval . .1027
Setting the group membership time. .1027
Setting the maximum response time .1027
IGMP V3 and source specific multicast protocols .1027
Displaying IGMP V3 information on Layer 3 Switches. 1028
Clearing IGMP statistics 1032
IGMP Proxy. 1032
Configuration notes 1032
Configuring IGMP Proxy . 1033
Displaying IGMP Proxy traffic 1033
IP multicast protocols and IGMP snooping on the same device 1033
Configuration example1034
CLI commands 1035
Chapter 31 Configuring IP
Basic configuration 1038
Overview 1039
Edge Layer 3 support. 1039
Full Layer 3 support 1039
IP interfaces 1040
IP packet flow through a Layer 3 Switch.1041
IP route exchange protocols . 1045
IP multicast protocols 1046
IP interface redundancy protocols 1046
Access Control Lists and IP access policies. 1046
Basic IP parameters and defaults – Layer 3 Switches.1047
When parameter changes take effect . .1047
IP global parameters – Layer 3 Switches. 1048
IP interface parameters – Layer 3 Switches .1051
Basic IP parameters and defaults – Layer 2 Switches1052
IP global parameters – Layer 2 Switches. 1053
Interface IP parameters – Layer 2 Switches 1054
Configuring IP parameters – Layer 3 Switches 1054
Configuring IP addresses1055
Configuring Domain Name Server (DNS) resolver1058
Configuring packet parameters .1061
Changing the router ID1064
Specifying a single source interface for specified
packet types 1065
Configuring ARP parameters . 1069
Configuring forwarding parameters . .1074
Disabling ICMP messages . .1077
Disabling ICMP Redirect Messages . .1078
Configuring static routes .1079
Configuring a default network route . .1087
Configuring IP load sharing 1088
Configuring IRDP 1092
Configuring RARP1094
Configuring UDP broadcast and IP helper parameters 1096
Configuring BootP/DHCP relay parameters . 1098
DHCP Server1100
Displaying DHCP server information. 1111
DHCP Client-Based Auto-Configuration and Flash
image update . .1114
Configuring IP parameters – Layer 2 Switches 1122
Configuring the management IP address and specifying
the default gateway 1123
Configuring Domain Name Server (DNS) resolver1123
Changing the TTL threshold . 1125
Configuring DHCP Assist 1125
IPv4 point-to-point GRE tunnels 1129
Overview . 1129
GRE packet structure and header format 1130
Path MTU Discovery (PMTUD) support . 1130
Tunnel loopback ports for GRE tunnels .1131
Support for IPv4 multicast routing over GRE tunnels . 1132
GRE support with other features . 1132
Configuration considerations 1133
Configuration tasks 1135
Example point-to-point GRE tunnel configuration 1142
Displaying GRE tunneling information . 1143
Clearing GRE statistics . .1147
Displaying IP configuration information and statistics .1147
Changing the network mask display to prefix format . 1148
Displaying IP information – Layer 3 Switches . 1148
Displaying IP information – Layer 2 Switches . 1162
Disabling IP checksum check1166
Chapter 32 Configuring Multicast Listening Discovery (MLD) Snooping on
FastIron GS, LS, WS, and CX Series Switches
Overview 1169
Configuration notes .1171
Configuring queriers and non-queriers. .1172
VLAN specific configuration . .1173
Using MLDv1 with MLDv2 . .1173
Configuring MLD snooping .1173
Configuring the hardware and software resource limits . .1174
Disabling transmission and receipt of MLD packets
on a port . .1174
Configuring the global MLD mode .1174
Modifying the age interval . .1175
Modifying the query interval (Active MLD snooping
mode only) . .1175
Configuring the global MLD version . .1175
Configuring report control . .1175
Modifying the wait time before stopping traffic when
receiving a leave message .1176
Modifying the multicast cache (mcache) aging time.1176
Disabling error and warning messages .1176
Configuring the MLD mode for a VLAN. .1177
Disabling MLD snooping for the VLAN . .1177
Configuring the MLD version for the VLAN.1177
Configuring the MLD version for individual ports .1177
Configuring static groups to the entire VLAN or to
individual ports . .1178
Configuring static router ports . .1178
Turning off static group proxy .1178
Enabling MLDv2 membership tracking and fast leave
for the VLAN .1179
Configuring fast leave for MLDv1 . .1179
Enabling fast convergence 1180
Displaying MLD snooping information . 1180
Clear MLD snooping commands1185
Chapter 33 Configuring Multicast Listening Discovery (MLD) Snooping on
FastIron X Series Switches
Overview .1187
How MLD snooping uses MAC addresses to forward
multicast packets1188
Configuration notes and feature limitations 1189
Queriers and non-queriers 1190
VLAN specific configuration . .1191
Using MLDv1 with MLDv2 . .1191
Configuring MLD snooping .1191
Configuring the hardware and software resource limits . 1192
Disabling transmission and receipt of MLD packets
on a port . 1192
Configuring the global MLD mode 1193
Modifying the age interval . 1193
Modifying the query interval (active MLD snooping
mode only) . 1193
Configuring the global MLD version . 1194
Configuring report control . 1194
Modifying the wait time before stopping traffic when
receiving a leave message 1194
Modifying the multicast cache (mcache) aging time1195
Disabling error and warning messages 1195
Configuring the MLD mode for a VLAN. 1195
Disabling MLD snooping for the VLAN . 1196
Configuring the MLD version for the VLAN1196
Configuring the MLD version for individual ports 1196
Configuring static groups to the entire VLAN or to
individual ports . 1196
Configuring static router ports . .1197
Disabling static group proxy . .1197
Enabling MLDv2 membership tracking and fast leave
for the VLAN .1197
Configuring fast leave for MLDv1 . 1198
Enabling fast convergence 1198
Displaying MLD snooping information . 1199
Clearing MLD snooping counters and mcache 1204
Chapter 34 Configuring RIP (IPv4)
RIP overview . 1205
ICMP host unreachable message for undeliverable ARPs . 1206
RIP parameters and defaults 1206
RIP global parameters 1206
RIP interface parameters . 1207
Configuring RIP parameters . 1208
Enabling RIP 1208
Configuring metric parameters . 1209
Changing the administrative distance. .1210
Configuring redistribution . .1210
Configuring route learning and advertising parameters . 1213
Changing the route loop prevention method .1214
Suppressing RIP route advertisement on a VRRP or
VRRPE backup interface 1215
Configuring RIP route filters . 1215
Displaying RIP filters . .1216
Displaying CPU utilization statistics . .1217
Chapter 35 Configuring RIPng (IPv6)
RIPng overview . 1219
Summary of configuration tasks . 1220
Enabling RIPng . 1220
Configuring RIPng timers . 1221
Configuring route learning and advertising parameters. 1222
Configuring default route learning and advertising . 1222
Advertising IPv6 address summaries 1222
Changing the metric of routes learned and
advertised on an interface 1223
Redistributing routes into RIPng . 1223
Controlling distribution of routes through RIPng. 1224
Configuring poison reverse parameters . 1224
Clearing RIPng routes from the IPv6 route table. 1225
Displaying RIPng information 1225
Displaying RIPng configuration . 1225
Displaying RIPng routing table . 1226
Chapter 36 Configuring OSPF Version 2 (IPv4)
Overview of OSPF . 1230
OSPF point-to-point links 1232
Designated routers in multi-access networks . 1232
Designated router election in multi-access networks . 1232
OSPF RFC 1583 and 2178 compliance 1234
Reduction of equivalent AS External LSAs 1234
Support for OSPF RFC 2328 Appendix E . 1236
Dynamic OSPF activation and configuration 1237
Dynamic OSPF memory . 1238
OSPF graceful restart 1238
Configuring OSPF . 1238
Configuration rules 1239
OSPF parameters 1239
Enabling OSPF on the router . 1240
Assigning OSPF areas .1241
Assigning an area range (optional) 1245
Assigning interfaces to an area 1245
Modifying interface defaults . 1245
Changing the timer for OSPF authentication changes 1248
Block flooding of outbound LSAs on specific
OSPF interfaces . 1249
Configuring an OSPF non-broadcast interface. 1249
Assigning virtual links 1250
Modifying virtual link parameters . 1252
Changing the reference bandwidth for the cost
on OSPF interfaces 1254
Defining redistribution filters 1255
Preventing specific OSPF routes from being installed
in the IP route table 1258
Modifying the default metric for redistribution 1261
Enabling route redistribution. 1261
Disabling or re-enabling load sharing1263
Configuring external route summarization1264
Configuring default route origination 1265
Modifying SPF timers . 1266
Modifying the redistribution metric type . 1267
Modifying the administrative distance . 1267
Configuring OSPF group Link State Advertisement
(LSA) pacing 1268
Modifying OSPF traps generated . 1269
Specifying the types of OSPF Syslog messages to log 1270
Modifying the OSPF standard compliance setting1270
Modifying the exit overflow interval . .1271
Configuring an OSPF point-to-point link .1271
Configuring OSPF graceful restart 1272
Clearing OSPF information 1272
Clearing OSPF neighbor information 1273
Clearing OSPF topology information . 1273
Clearing redistributed routes from the OSPF routing table . .1274
Clearing information for OSPF areas .1274
Displaying OSPF information .1274
Displaying general OSPF configuration information 1275
Displaying CPU utilization statistics . .1276
Displaying OSPF area information .1277
Displaying OSPF neighbor information . .1277
Displaying OSPF interface information. 1279
Displaying OSPF route information 1281
Displaying OSPF external link state information . 1283
Displaying OSPF link state information 1284
Displaying the data in an LSA 1284
Displaying OSPF virtual neighbor information . 1285
Displaying OSPF virtual link information . 1285
Displaying OSPF ABR and ASBR information 1285
Displaying OSPF trap status . 1286
Displaying OSPF graceful restart information . 1286
Chapter 37 Configuring OSPF Version 3 (IPv6)
Overview 1289
Differences between OSPF V2 and OSPF V3 . 1290
Link state advertisement types for OSPF V31290
Configuring OSPF V3. 1290
Enabling OSPF V3 . 1291
Assigning OSPF V3 areas . 1292
Assigning interfaces to an area 1293
Configuring virtual links. 1293
Changing the reference bandwidth for the cost on
OSPF V3 interfaces 1295
Redistributing routes into OSPF V3 . 1297
Filtering OSPF V3 routes 1300
Configuring default route origination 1303
Modifying shortest path first timers . 1304
Modifying administrative distance 1305
Configuring the OSPF V3 LSA pacing interval . 1306
Modifying exit overflow interval. .1307
Modifying external link state database limit .1307
Modifying OSPF V3 interface defaults . .1307
Disabling or re-enabling event logging . 1308
Displaying OSPF V3 Information . 1308
Displaying OSPF V3 area information1309
Displaying OSPF V3 database information.1310
Displaying OSPF V3 interface information .1315
Displaying OSPF V3 memory usage . 1318
Displaying OSPF V3 neighbor information .1319
Displaying routes redistributed into OSPF V3 . 1321
Displaying OSPF V3 route information . 1322
Displaying OSPF V3 SPF information 1324
Displaying IPv6 OSPF virtual link information . 1326
Displaying OSPF V3 virtual neighbor information 1327
Chapter 38 Configuring VRRP and VRRPE
Overview 1330
Overview of VRRP1330
Overview of VRRPE. 1334
Configuration note . 1337
Comparison of VRRP and VRRPE. 1337
VRRP 1337
VRRPE. 1337
Architectural differences 1337
VRRP and VRRPE parameters . 1338
Configuring basic VRRP parameters .1341
Configuring the Owner .1341
Configuring a Backup. .1341
Configuration rules for VRRP. .1341
Configuring basic VRRPE parameters . .1341
Configuration rules for VRRPE . 1342
Note regarding disabling VRRP or VRRPE 1342
Configuring additional VRRP and VRRPE parameters 1342
Forcing a Master router to abdicate to a standby router 1349
Displaying VRRP and VRRPE information 1350
Displaying summary information . 1350
Displaying detailed information 1352
Displaying statistics 1357
Clearing VRRP or VRRPE statistics 1358
Displaying CPU utilization statistics . 1359
Configuration examples 1360
VRRP example 1360
VRRPE example . 1361
Chapter 39 Configuring BGP4 (IPv4)
Overview of BGP4 . 1366
Relationship between the BGP4 route table and
the IP route table 1367
How BGP4 selects a path for a route 1367
BGP4 message types. 1369
BGP4 graceful restart .1371
Basic configuration and activation for BGP4 . .1371
Note regarding disabling BGP4. 1372
BGP4 parameters . 1372
When parameter changes take effect . 1373
Memory considerations 1375
Memory configuration options obsoleted by
dynamic memory 1375
Basic configuration tasks . .1376
Enabling BGP4 on the router .1376
Changing the router ID.1376
Setting the local AS number . .1377
Adding a loopback interface . .1377
Adding BGP4 neighbors. 1378
Adding a BGP4 peer group 1384
Optional configuration tasks 1388
Changing the Keep Alive Time and Hold Time. 1388
Changing the BGP4 next-hop update timer . 1389
Enabling fast external fallover1389
Changing the maximum number of paths for
BGP4 load sharing . 1390
Customizing BGP4 load sharing 1391
Specifying a list of networks to advertise. 1392
Changing the default local preference . 1393
Using the IP default route as a valid next hop for
a BGP4 route . 1394
Advertising the default route. 1394
Changing the default MED (Metric) used for
route redistribution 1394
Enabling next-hop recursion . 1395
Changing administrative distances . 1398
Requiring the first AS to be the neighbor AS 1399
Disabling or re-enabling comparison of the AS-Path length 1399
Enabling or disabling comparison of the router IDs 1400
Configuring the Layer 3 Switch to always compare
Multi-Exit Discriminators (MEDs) . 1400
Treating missing MEDs as the worst MEDs . .1401
Configuring route reflection parameters . .1401
Configuration notes 1405
Aggregating routes advertised to BGP4 neighbors . 1408
Configuring BGP4 graceful restart 1409
Configuring BGP4 graceful restart 1409
Configuring timers for BGP4 graceful restart (optional) . 1409
BGP null0 routing . .1410
Configuration steps .1411
Configuration examples. .1412
Show commands .1413
Modifying redistribution parameters .1414
Redistributing connected routes.1415
Redistributing RIP routes.1415
Redistributing OSPF external routes. .1415
Redistributing static routes .1416
Disabling or re-enabling re-advertisement of all learned
BGP4 routes to all BGP4 neighbors . .1416
Redistributing IBGP routes into RIP and OSPF. .1417
Filtering . .1417
Filtering specific IP addresses . .1417
Filtering AS-paths .1419
Filtering communities 1422
Defining IP prefix lists 1425
Defining neighbor distribute lists . 1426
Defining route maps . 1426
Using a table map to set the rag value. 1434
Configuring cooperative BGP4 route filtering1435
Configuring route flap dampening 1438
Globally configuring route flap dampening . 1439
Using a route map to configure route flap dampening
for specific routes . 1440
Using a route map to configure route flap dampening for
a specific neighbor. 1440
Removing route dampening from a route. .1441
Removing route dampening from a neighbor routes
suppressed due to aggregation 1442
Displaying and clearing route flap dampening statistics 1443
Generating traps for BGP . 1444
Displaying BGP4 information 1445
Displaying summary BGP4 information 1445
Displaying the active BGP4 configuration 1448
Displaying CPU utilization statistics . 1448
Displaying summary neighbor information . 1450
Displaying BGP4 neighbor information. .1451
Displaying peer group information 1462
Displaying summary route information 1463
Displaying the BGP4 route table 1464
Displaying BGP4 route-attribute entries .1470
Displaying the routes BGP4 has placed in the
IP route table . .1471
Displaying route flap dampening statistics . .1472
Displaying the active route map configuration .1473
Displaying BGP4 graceful restart neighbor information . .1474
Updating route information and resetting a neighbor session . .1474
Using soft reconfiguration . .1475
Dynamically requesting a route refresh from
a BGP4 neighbor .1477
Closing or resetting a neighbor session 1480
Clearing and resetting BGP4 routes in the IP route table .1481
Clearing traffic counters .1481
Clearing route flap dampening statistics. 1482
Removing route flap dampening . 1482
Clearing diagnostic buffers1482
Chapter 40 Securing Access to Management Functions
Securing access methods 1485
Restricting remote access to management functions .1487
Using ACLs to restrict remote access 1488
Defining the console idle time . 1490
Restricting remote access to the device to
specific IP addresses. .1491
Restricting access to the device based on IP or
MAC address . 1492
Defining the Telnet idle time . 1493
Changing the login timeout period for Telnet sessions 1493
Specifying the maximum number of login attempts
for Telnet access 1494
Changing the login timeout period for Telnet sessions 1494
Restricting remote access to the device to
specific VLAN IDs 1494
Designated VLAN for Telnet management sessions
to a Layer 2 Switch. 1495
Device management security 1496
Disabling specific access methods1498
Setting passwords. 1499
Setting a Telnet password . 1500
Setting passwords for management privilege levels 1500
Recovering from a lost password . 1503
Displaying the SNMP community string 1503
Disabling password encryption . 1503
Specifying a minimum password length1504
Setting up local user accounts. 1504
Enhancements to username and password 1505
Configuring a local user account . 1508
Create password option. .1510
Changing a local user password .1511
Configuring SSL security for the Web Management Interface.1511
Enabling the SSL server on the Brocade device . .1512
Changing the SSL server certificate key size .1512
Support for SSL digital certificates larger than 2048 bits . .1512
Importing digital certificates and RSA private key files.1513
Generating an SSL certificate .1513
Configuring TACACS/TACACS+ security .1514
How TACACS+ differs from TACACS.1514
TACACS/TACACS+ authentication, authorization,
and accounting . .1514
TACACS authentication . .1517
TACACS/TACACS+ configuration considerations . 1520
Enabling TACACS 1521
Identifying the TACACS/TACACS+ servers. 1521
Specifying different servers for individual AAA functions 1522
Setting optional TACACS/TACACS+ parameters 1522
Configuring authentication-method lists for
TACACS/TACACS+1524
Configuring TACACS+ authorization . 1526
Configuring TACACS+ accounting . 1529
Configuring an interface as the source for all
TACACS/TACACS+ packets. 1530
Displaying TACACS/TACACS+ statistics and
configuration information . 1531
Configuring RADIUS security 1532
RADIUS authentication, authorization, and accounting . 1532
RADIUS configuration considerations1535
RADIUS configuration procedure . 1536
Configuring Brocade-specific attributes on the
RADIUS server 1536
Enabling SNMP to configure RADIUS 1538
Identifying the RADIUS server to the Brocade device . 1539
Specifying different servers for individual AAA functions 1539
Configuring a RADIUS server per port . 1540
Mapping a RADIUS server to individual ports . .1541
Setting RADIUS parameters . .1541
Configuring authentication-method lists for RADIUS1543
Configuring RADIUS authorization 1545
Configuring RADIUS accounting 1546
Configuring an interface as the source for all
RADIUS packets . .1547
Displaying RADIUS configuration information . .1547
Configuring authentication-method lists . 1549
Configuration considerations for authenticationmethod
lists 1550
Examples of authentication-method lists. 1550
TCP Flags - edge port security . 1552
Using TCP Flags in combination with other ACL features 1553
Chapter 41 Configuring SSH2 and SCP
SSH version 2 support . 1555
Tested SSH2 clients1556
Supported features 1556
Unsupported features 1556
AES encryption for SSH2 . 1557
Configuring SSH2 . 1557
Recreating SSH keys . 1559
Generating a host key pair 1559
Configuring DSA challenge-response authentication . 1561
Setting optional parameters. 1563
Setting the number of SSH authentication retries . 1564
Deactivating user authentication . 1564
Enabling empty password logins1564
Setting the SSH port number 1565
Setting the SSH login timeout value. 1565
Designating an interface as the source for all SSH packets 1565
Configuring the maximum idle time for SSH sessions 1565
Filtering SSH access using ACLs . 1565
Terminating an active SSH connection 1566
Displaying SSH connection information . 1566
Using Secure copy with SSH2 . 1567
Enabling and disabling SCP . 1567
Configuration notes 1568
Example file transfers using SCP . 1568
Chapter 42 Configuring 802.1X Port Security
IETF RFC support.1571
How 802.1X port security works . 1572
Device roles in an 802.1X configuration . 1572
Communication between the devices . 1573
Controlled and uncontrolled ports 1573
Message exchange during authentication .1574
Authenticating multiple hosts connected to the same port .1577
802.1X port security and sFlow 1580
802.1X accounting. 1580
Configuring 802.1X port security . 1581
Configuring an authentication method list for 802.1X 1581
Setting RADIUS parameters . 1582
Configuring dynamic VLAN assignment for 802.1X ports 1584
Dynamically applying IP ACLs and MAC address filters
to 802.1X ports . 1588
Enabling 802.1X port security1591
Setting the port control . 1592
Configuring periodic re-authentication . 1593
Re-authenticating a port manually 1594
Setting the quiet period . 1594
Specifying the wait interval and number of EAP-request/
identity frame retransmissions from the Brocade device 1594
Specifying the wait interval and number of EAP-request/
identity frame retransmissions from the RADIUS server 1595
Specifying a timeout for retransmission of messages
to the authentication server . 1596
Initializing 802.1X on a port . 1596
Allowing access to multiple hosts . 1596
Defining MAC address filters for EAP frames1599
Configuring VLAN access for non-EAP-capable clients 1599
Configuring 802.1X accounting 1600
802.1X Accounting attributes for RADIUS 1600
Enabling 802.1X accounting . .1601
Displaying 802.1X information. .1601
Displaying 802.1X configuration information . .1601
Displaying 802.1X statistics . 1604
Clearing 802.1X statistics . 1605
Displaying dynamically assigned VLAN information 1605
Displaying information about dynamically applied
MAC address filters and IP ACLs1606
Displaying 802.1X multiple-host authentication information1609
Sample 802.1X configurations. .1613
Point-to-point configuration.1613
Hub configuration . .1614
802.1X Authentication with dynamic VLAN assignment . .1615
Using multi-device port authentication and 802.1X
security on the same port. .1616
Chapter 43 Using the MAC Port Security Feature
Overview .1619
Local and global resources 1620
Configuration notes and feature limitations 1620
Configuring the MAC port security feature . 1620
Enabling the MAC port security feature .1621
Setting the maximum number of secure MAC addresses
for an interface.1621
Setting the port security age timer .1621
Specifying secure MAC addresses 1622
Autosaving secure MAC addresses to the
startup-config file 1622
Specifying the action taken when a security
violation occurs . 1623
Clearing port security statistics .1624
Clearing restricted MAC addresses.1624
Clearing violation statistics .1624
Displaying port security information 1625
Displaying port security settings 1625
Displaying the secure MAC addresses . 1625
Displaying port security statistics . 1626
Displaying restricted MAC addresses on a port .1627
Chapter 44 Configuring Multi-Device Port Authentication
How multi-device port authentication works1630
RADIUS authentication . 1630
Authentication-failure actions .1631
Supported RADIUS attributes .1631
Support for dynamic VLAN assignment .1631
Support for dynamic ACLs . 1632
Support for authenticating multiple MAC addresses
on an interface1632
Support for dynamic ARP inspection with dynamic ACLs 1632
Support for DHCP snooping with dynamic ACLs . 1632
Support for source guard protection. 1632
Using multi-device port authentication and 802.1X
security on the same port. 1633
Configuring Brocade-specific attributes on the
RADIUS server 1633
Configuring multi-device port authentication . 1634
Enabling multi-device port authentication 1635
Specifying the format of the MAC addresses sent to the
RADIUS server 1636
Specifying the authentication-failure action 1636
Generating traps for multi-device port authentication .1637
Defining MAC address filters. .1637
Configuring dynamic VLAN assignment .1637
Dynamically applying IP ACLs to authenticated
MAC addresses . .1641
Enabling denial of service attack protection 1643
Enabling source guard protection . 1644
Clearing authenticated MAC addresses 1645
Disabling aging for authenticated MAC addresses . 1646
Changing the hardware aging period for blocked
MAC addresses . .1647
Specifying the aging time for blocked MAC addresses .1647
Specifying the RADIUS timeout action . 1648
Multi-device port authentication password override 1649
Limiting the number of authenticated MAC addresses1649
Displaying multi-device port authentication information 1650
Displaying authenticated MAC address information 1650
Displaying multi-device port authentication
configuration information . 1650
Displaying multi-device port authentication information
for a specific MAC address or port .1651
Displaying the authenticated MAC addresses . 1652
Displaying the non-authenticated MAC addresses . 1652
Displaying multi-device port authentication information
for a port . 1653
Displaying multi-device port authentication settings
and authenticated MAC addresses . 1654
Displaying the MAC authentication table for FCX devices1656
Example configurations 1658
Multi-device port authentication with dynamic
VLAN assignment1658
Examples of multi-device port authentication and 802.1X
authentication configuration on the same port1660
Chapter 45 Configuring Web Authentication
Overview 1665
Configuration considerations 1666
Configuration tasks1667
Enabling and disabling web authentication 1669
Configuring the web authentication mode . 1669
Using local user databases 1670
Using passcodes 1673
Using automatic authentication 1678
Configuring web authentication options . 1678
Enabling RADIUS accounting for web authentication . 1678
Changing the login mode (HTTPS or HTTP) . 1679
Specifying trusted ports. 1679
Specifying hosts that are permanently authenticated 1679
Configuring the re-authentication period . 1680
Defining the web authentication cycle . 1680
Limiting the number of web authentication attempts. .1681
Clearing authenticated hosts from the web
authentication table . .1681
Setting and clearing the block duration for web
authentication attempts .1681
Manually blocking and unblocking a specific host . 1682
Limiting the number of authenticated hosts 1682
Filtering DNS queries. 1682
Forcing re-authentication when ports are down . 1683
Forcing re-authentication after an inactive period . 1683
Defining the web authorization redirect address 1683
Deleting a web authentication VLAN 1684
Web authentication pages 1684
Displaying web authentication information. .1691
Displaying the web authentication configuration .1691
Displaying a list of authenticated hosts 1693
Displaying a list of hosts attempting to authenticate . 1694
Displaying a list of blocked hosts . 1694
Displaying a list of local user databases . 1695
Displaying a list of users in a local user database . 1695
Displaying passcodes 1696
Chapter 46 Protecting Against Denial of Service Attacks
Protecting against Smurf attacks. .1697
Avoiding being an intermediary in a Smurf attack1698
Avoiding being a victim in a Smurf attack 1698
Protecting against TCP SYN attacks. 1699
TCP security enhancement .1700
Displaying statistics about packets dropped
because of DoS attacks .1702
Chapter 47 Inspecting and Tracking DHCP Packets
Dynamic ARP inspection.1703
ARP poisoning .1703
How DAI works .1704
Configuration notes and feature limitations .1705
Configuring DAI.1705
Displaying ARP inspection status and ports .1707
Displaying the ARP table .1707
DHCP snooping . .1707
How DHCP snooping works .1708
System reboot and the binding database .1709
Configuration notes and feature limitations .1709
Configuring DHCP snooping . .1709
Clearing the DHCP binding database .1710
Displaying DHCP snooping status and ports .1711
Displaying the DHCP snooping binding database .1711
Displaying DHCP binding entry and status.1711
DHCP snooping configuration example .1711
DHCP relay agent information (DHCP Option 82) .1712
Configuration notes .1713
DHCP Option 82 sub-options .1713
Configuring DHCP option 82 . .1715
Viewing information about DHCP option 82 processing 1717
IP source guard . .1718
Configuration notes and feature limitations .1719
Enabling IP source guard on a port . .1720
Defining static IP source bindings .1720
Enabling IP source guard per-port-per-VLAN .1721
Enabling IP source guard on a VE . .1721
Displaying learned IP addresses.1721
Chapter 48 Securing SNMP Access
SNMP overview . .1723
Establishing SNMP community strings .1724
Encryption of SNMP community strings .1724
Adding an SNMP community string . .1725
Displaying the SNMP community strings . .1726
Using the user-based security model.1727
Configuring your NMS .1727
Configuring SNMP version 3 on Brocade devices .1728
Defining the engine id .1728
Defining an SNMP group .1729
Defining an SNMP user account.1730
Defining SNMP views .1731
SNMP version 3 traps .1732
Defining an SNMP group and specifying which
view is notified of traps . .1732
Defining the UDP port for SNMP v3 traps .1733
Trap MIB changes . .1734
Specifying an IPv6 host as an SNMP trap receiver . .1734
SNMP v3 over IPv6 .1735
Specifying an IPv6 host as an SNMP trap receiver . .1735
Viewing IPv6 SNMP server addresses . .1735
Displaying SNMP Information.1736
Displaying the Engine ID .1736
Displaying SNMP groups .1736
Displaying user information.1737
Interpreting varbinds in report packets .1737
SNMP v3 Configuration examples .1738
Simple SNMP v3 configuration . .1738
More detailed SNMP v3 configuration . .1738
Appendix A Using Syslog
Overview .1740
Displaying Syslog messages. .1740
Enabling real-time display of Syslog messages . 1741
Enabling real-time display for a Telnet or SSH session . 1741
Show log on all terminals . .1742
Configuring the Syslog service . .1742
Displaying the Syslog configuration . .1742
Disabling or re-enabling Syslog. .1746
Specifying a Syslog server. .1746
Specifying an additional Syslog server . .1746
Disabling logging of a message level . 1747
Changing the number of entries the local buffer can hold 1747
Changing the log facility .1748
Displaying Interface names in Syslog messages. .1748
Displaying TCP or UDP port numbers in Syslog messages . .1749
Retaining Syslog messages after a soft reboot .1749
Clearing the Syslog messages from the local buffer .1750
Syslog messages for hardware errors . .1750
Syslog messages.1751
Appendix B Network Monitoring
Basic management .1777
Viewing system information . .1777
Viewing configuration information .1778
Viewing port statistics .1779
Viewing STP statistics .1781
Clearing statistics.1781
Traffic counters for outbound traffic. .1782
Viewing egress queue counters on FCX devices . .1786
RMON support.1787
Maximum number of entries allowed in the
RMON control table .1787
Statistics (RMON group 1). .1788
History (RMON group 2). .1790
Alarm (RMON group 3).1790
Event (RMON group 9).1791
sFlow . .1791
sFlow version 5 . .1792
sFlow support for IPv6 packets. .1792
Configuration considerations .1793
Configuring and enabling sFlow .1794
Configuring sFlow version 5 features 1800
Displaying sFlow information 1803
Configuring a utilization list for an uplink port 1806
Command syntax 1807
Displaying utilization percentages for an uplink . 1807
Appendix C Software Specifications
IEEE compliance 1809
RFC support1809
Internet drafts .1817
Appendix D NIAP-CCEVS Certification
NIAP-CCEVS certified Brocade equipment and
Ironware releases . 1819
Web-Management access to NIAP-CCEVS certified
Brocade equipment1820
Local user password changes . 1820




Commentaires


Envoyer un commentaire

Vous devez être connecté pour soumettre des commentaires. Cliquez ici pour vous connecter.





Documents connexes