48 Port Gigabit Ethernet Routing Switch with 10G Uplink

Switch with 10G Uplink
Configuration Guide 48 Port Gigabit Ethernet Routing Switch Page 2/491
©2017 MICROSENS GmbH & Co. KG, Kueferstr. 16, 59067 Hamm/Germany, www.microsens.com
List of Contents 1 BASIC CONFIGURATION GUIDE .................................................... 16
1.1 Configuring System Management..............................................................16 1.1.1 Overview .........................................................................................16 1.1.2 Configuring a Message-of-the-Day Login Banner ...................................16 1.1.3 Configuring a Login Banner ................................................................16 1.1.4 Configuring an Exec Banner ...............................................................17 1.1.5 Validation Commands ........................................................................17
1.3 Configuring FTP ......................................................................................19 1.3.1 Overview .........................................................................................19 1.3.2 IPv4 Configurations ...........................................................................19 1.3.3 IPv6 Configurations ...........................................................................21
2.1.1 Overview .........................................................................................26 2.1.2 Configuration ...................................................................................26 2.1.3 Validation ........................................................................................27
2.5.4 Configuring Temperature ...................................................................44 2.5.5 Configuring Fan ................................................................................44 2.5.6 Configuring Power .............................................................................45 2.5.7 Configuring Transceiver .....................................................................45 2.5.8 Upgrade bootrom ..............................................................................47 2.5.9 Upgrade EPLD ..................................................................................47
3.1.1 Overview .........................................................................................55 3.1.2 Configuring Interface State ................................................................55 3.1.3 Configuring Interface Speed ...............................................................55 3.1.4 Configuring Interface Duplex ..............................................................56
3.6.2 Configurations ..................................................................................72 3.6.3 Validation ........................................................................................73
3.12 Configuring Layer 2 Protocols Tunneling ....................................................96 3.12.1 Overview .........................................................................................96 3.12.2 Tunnel Designed Layer2 Protocol Packets .............................................96 3.12.3 Tunnel Configured Layer2 Protocol Packets ..........................................99
3.13 Configuring MSTP ................................................................................. 101 3.13.1 Overview ....................................................................................... 101 3.13.2 Topology ....................................................................................... 102 3.13.3 Configurations ................................................................................ 102 3.13.4 Validation ...................................................................................... 104
3.14 Configuring MLAG ................................................................................. 108 3.14.1 Overview ....................................................................................... 108 3.14.2 Topology ....................................................................................... 108 3.14.3 Configuration MLAG ........................................................................ 108 3.14.4 Validation ...................................................................................... 110
4 IP ROUTING CONFIGURATION GUIDE ........................................ 113 4.1 Configuring IP Unicast-Routing ............................................................... 113
4.1.1 Overview ....................................................................................... 113 4.1.2 Topology ....................................................................................... 113 4.1.3 Configuration ................................................................................. 113 4.1.4 Validation ...................................................................................... 115
4.2 Configuring RIP .................................................................................... 116 4.2.1 Overview ....................................................................................... 116 4.2.2 Enabling RIP .................................................................................. 117 4.2.3 Configuring The RIP Version ............................................................. 120 4.2.4 Configuring Metric Parameters .......................................................... 122 4.2.5 Configuring the Administrative Distance ............................................ 124 4.2.6 Configuring Redistribution ................................................................ 127 4.2.7 Configuring Split-horizon Parameters ................................................ 130
4.2.8 Configuring Timers .......................................................................... 131 4.2.9 Configuring RIP Route Distribute Filters ............................................. 132 4.2.10 Configuring RIPv2 authentication (single key) .................................... 134 4.2.11 Configuring RIPv2 MD5 authentication (multiple keys) ......................... 136
4.3 Configuring OSPF .................................................................................. 139 4.3.1 Overview ....................................................................................... 139 4.3.2 References ..................................................................................... 140 4.3.3 Basic OSPF Parameters Configuration ................................................ 140 4.3.4 Enabling OSPF on an Interface ......................................................... 141 4.3.5 Configuring Priority ......................................................................... 142 4.3.6 Configuring OSPF Area Parameters ................................................... 144 4.3.7 Redistributing Routes into OSPF ........................................................ 148 4.3.8 OSPF Cost ...................................................................................... 153 4.3.9 OSPF Authentication ........................................................................ 157 4.3.10 Monitoring OSPF ............................................................................. 162
4.4 Configuring Prefix-list ............................................................................ 163 4.4.1 Overview ....................................................................................... 163 4.4.2 Basic Configuration ......................................................................... 163 4.4.3 Used by rip .................................................................................... 164 4.4.4 Used by Route-map ........................................................................ 164
4.5 Configuring Ipv6 Prefix-list .................................................................... 166 4.5.1 Overview ....................................................................................... 166 4.5.2 Basic Configuration ......................................................................... 166 4.5.3 Used by RIPng ................................................................................ 167 4.5.4 Used by Route-map ........................................................................ 168
4.6 Configuring Route Map .......................................................................... 169 4.6.1 Overview ....................................................................................... 169 4.6.2 Configuring Route-map To OSPF ....................................................... 169 4.6.3 Configuring Route-map And Applying To BGP ..................................... 170
4.7 Configure Policy-Based Routing .............................................................. 172 4.7.1 Overview ....................................................................................... 172 4.7.2 Topology ....................................................................................... 172 4.7.3 Configuration ................................................................................. 172 4.7.4 Validation ...................................................................................... 173
5 IP SERVICE CONFIGURATION GUIDE ......................................... 174 5.1 Configuring ARP ................................................................................... 174
5.1.1 Overview ....................................................................................... 174 5.1.2 Configuring ARP .............................................................................. 174 5.1.3 Validation commands ...................................................................... 175
5.2 Configuring Proxy ARP ........................................................................... 176 5.2.1 Overview ....................................................................................... 176 5.2.2 Configuring ARP Proxy ..................................................................... 177 5.2.3 Configuring Local ARP Proxy ............................................................. 180
5.3 Configuring DHCP Client ........................................................................ 183 5.3.1 Overview ....................................................................................... 183 5.3.2 Topology ....................................................................................... 184 5.3.3 Configuration ................................................................................. 184 5.3.4 Validation ...................................................................................... 184
5.4 Configuring DHCP Relay......................................................................... 185 5.4.1 Overview ....................................................................................... 185 5.4.2 Topology ....................................................................................... 185 5.4.3 Configuration ................................................................................. 186 5.4.4 Validation ...................................................................................... 187
5.5 Configuring DNS ................................................................................... 188
5.5.1 Overview ....................................................................................... 188 5.5.2 Topology ....................................................................................... 188 5.5.3 Configurations ................................................................................ 188 5.5.4 Validation ...................................................................................... 189
6 NETWORK MANAGEMENT CONFIGURATION GUIDE .................... 190 6.1 Configuring Network Diagnosis ............................................................... 190
6.1.1 Overview ....................................................................................... 190 6.1.2 Configurations ................................................................................ 190 6.1.3 Validation ...................................................................................... 191
6.2 Configuring NTP.................................................................................... 191 6.2.1 Overview ....................................................................................... 191 6.2.2 Topology ....................................................................................... 192 6.2.3 Configurations ................................................................................ 192 6.2.4 Validation ...................................................................................... 194
6.3 Configuring Phy Loopback ...................................................................... 195 6.3.1 Overview ....................................................................................... 195 6.3.2 Configuring external phy loopback .................................................... 195 6.3.3 Configuring internal phy loopback ..................................................... 196 6.3.4 Configuring port level loopback ......................................................... 196 6.3.5 Validation ...................................................................................... 197 6.3.6 Configure L2 ping ........................................................................... 197
6.4 Configuring RMON1 ............................................................................... 198 6.4.1 Overview ....................................................................................... 198 6.4.2 Topology ....................................................................................... 199 6.4.3 Configuration ................................................................................. 199 6.4.4 Validation ...................................................................................... 199
6.5 Configuring SNMP ................................................................................. 200 6.5.1 Overview ....................................................................................... 200 6.5.2 References ..................................................................................... 201 6.5.3 Terminology ................................................................................... 201 6.5.4 Topology ....................................................................................... 201 6.5.5 Configuring Enable SNMP ................................................................. 202 6.5.6 Configuring community string ........................................................... 202 6.5.7 Configuring SNMPv3 Groups, Users and Accesses ............................... 203 6.5.8 Configuring SNMPv1 and SNMPv2 notifications ................................... 203 6.5.9 Configuring SNMPv3 notifications ...................................................... 204
6.6 Configuring SFLOW ............................................................................... 205 6.6.1 Overview ....................................................................................... 205 6.6.2 Terminology ................................................................................... 205 6.6.3 Topology ....................................................................................... 205 6.6.4 Configurations ................................................................................ 205 6.6.5 Validation ...................................................................................... 206
6.7 Configuring LLDP .................................................................................. 207 6.7.1 Overview ....................................................................................... 207 6.7.2 Terminology ................................................................................... 207 6.7.3 Topology ....................................................................................... 207 6.7.4 Configurations ................................................................................ 207 6.7.5 Validation ...................................................................................... 208
7 SECURITY CONFIGURATION GUIDE ............................................ 210 7.1 Configuring Port Security ....................................................................... 210
7.1.1 Overview ....................................................................................... 210 7.1.2 Topology ....................................................................................... 210 7.1.3 Configurations ................................................................................ 210 7.1.4 Validation ...................................................................................... 211
7.2 Configuring Vlan Security ...................................................................... 211 7.2.1 Overview ....................................................................................... 211 7.2.2 Configuring vlan mac-limit ............................................................... 212 7.2.3 Configuring vlan mac learning .......................................................... 212 7.2.4 Validation ...................................................................................... 213
7.3 Configuring Time Range ........................................................................ 213 7.3.1 Overview ....................................................................................... 213 7.3.2 Configuration ................................................................................. 213 7.3.3 Validation ...................................................................................... 213
7.4 Configuring ACL .................................................................................... 214 7.4.1 Overview ....................................................................................... 214 7.4.2 Terminology ................................................................................... 214 7.4.3 Limitation ...................................................................................... 214 7.4.4 Configuration ................................................................................. 214 7.4.5 Validation ...................................................................................... 216
7.5 Configuring Extend ACL ......................................................................... 217 7.5.1 Overview ....................................................................................... 217 7.5.2 Terminology ................................................................................... 217 7.5.3 Topology ....................................................................................... 218 7.5.4 Configuration ................................................................................. 218 7.5.5 Validation ...................................................................................... 219
7.6 Configuring Dot1x ................................................................................. 220 7.6.1 Overview ....................................................................................... 220 7.6.2 Topology ....................................................................................... 221 7.6.3 Configuration ................................................................................. 221 7.6.4 Validation ...................................................................................... 226
7.7 Configuring Guest VLAN ........................................................................ 227 7.7.1 Overview ....................................................................................... 227 7.7.2 Topology ....................................................................................... 228 7.7.3 Configuration ................................................................................. 229 7.7.4 Validation ...................................................................................... 230
7.8 Configuring Arp Inspection ..................................................................... 233 7.8.1 Overview ....................................................................................... 233 7.8.2 Terminology ................................................................................... 234 7.8.3 Topology ....................................................................................... 234 7.8.4 Configurations ................................................................................ 235 7.8.5 Validation ...................................................................................... 236
7.9 Configuring DHCP Snooping ................................................................... 237 7.9.1 Overview ....................................................................................... 237 7.9.2 Topology ....................................................................................... 238 7.9.3 Configuration ................................................................................. 238 7.9.4 Validation ...................................................................................... 239
7.10 Configuring IP Source Guard .................................................................. 240 7.10.1 Overview ....................................................................................... 240 7.10.2 Terminology ................................................................................... 241 7.10.3 Topology ....................................................................................... 241 7.10.4 Configuration ................................................................................. 241 7.10.5 Validation ...................................................................................... 243
7.11 Configuring RADIUS Authentication ......................................................... 243 7.11.1 Overview ....................................................................................... 243 7.11.2 Topology ....................................................................................... 243 7.11.3 Configuration ................................................................................. 243 7.11.4 Validation ...................................................................................... 246 7.11.5 Display Results ............................................................................... 247
7.12 Configuring Tacacs+ ............................................................................. 247
7.12.1 Overview ....................................................................................... 247 7.12.2 Topology ....................................................................................... 247 7.12.3 Configuration Steps ......................................................................... 248 7.12.4 Configuration TACACS+ Server ......................................................... 248 7.12.5 Validation ...................................................................................... 249 7.12.6 Display Results ............................................................................... 250
7.13 Configuring Port Isolate ......................................................................... 250 7.13.1 Overview ....................................................................................... 250 7.13.2 Topology ....................................................................................... 250 7.13.3 Configuration ................................................................................. 250 7.13.4 Validation ...................................................................................... 251
7.14 Configuring DDOS ................................................................................. 252 7.14.1 Overview ....................................................................................... 252 7.14.2 Topology ....................................................................................... 252 7.14.3 Configuration ................................................................................. 252 7.14.4 Validation ...................................................................................... 254
7.15 Configuring Key Chain ........................................................................... 255 7.15.1 Overview ....................................................................................... 255 7.15.2 Configurations ................................................................................ 255 7.15.3 Validation ...................................................................................... 256
8 TRAFFIC MANAGEMANT CONFIGURATION GUIDE ....................... 257 8.1 Configuring QoS ................................................................................... 257
8.1.1 Overview ....................................................................................... 257 8.1.2 Terminology ................................................................................... 257 8.1.3 Configuration Guidelines .................................................................. 262 8.1.4 Topology ....................................................................................... 262 8.1.5 Configurations ................................................................................ 262 8.1.6 Enable QoS .................................................................................... 262 8.1.7 Configure egress queue ................................................................... 263 8.1.8 Configure shaping ........................................................................... 270 8.1.9 Configure Policy .............................................................................. 274 8.1.10 Configure QoS Mapping tables .......................................................... 280
9 MULTICAST CONFIGURATION GUIDE ......................................... 301 9.1 Configuring IP Multicast-Routing ............................................................. 301
9.1.1 Overview ....................................................................................... 301 9.1.2 Configuration ................................................................................. 301 9.1.3 Validation ...................................................................................... 301
9.2 Configuring IGMP .................................................................................. 302 9.2.1 Overview ....................................................................................... 302 9.2.2 References ..................................................................................... 302 9.2.3 Configuration ................................................................................. 302 9.2.4 Validation ...................................................................................... 304
9.3 Configuring PIM-SM .............................................................................. 305 9.3.1 Overview ....................................................................................... 305 9.3.2 References ..................................................................................... 305 9.3.3 Terminology ................................................................................... 305 9.3.4 Configuring General PIM Sparse-mode .............................................. 309 9.3.5 Configuring RP dynamically .............................................................. 312 9.3.6 Configuring Boostrap Router ............................................................ 315 9.3.7 Configuring PIM-SSM feature............................................................ 317
9.4 Configuring IGMP Snooping .................................................................... 318 9.4.1 Overview ....................................................................................... 318 9.4.2 Enable Globally Or Per Vlan .............................................................. 318 9.4.3 Configuring Fast Leave .................................................................... 319
9.4.4 Configuring Querior Parameters ........................................................ 320 9.4.5 Configuring Mrouter Port .................................................................. 321 9.4.6 Configuring Querier Tcn ................................................................... 322 9.4.7 Configuring Report Suppression ........................................................ 323 9.4.8 Configuring Static group .................................................................. 323 9.4.9 Limitations And Configuration Guidelines ........................................... 324
9.5 Configuring MVR ................................................................................... 324 9.5.1 Overview ....................................................................................... 324 9.5.2 Terminology ................................................................................... 325 9.5.3 Topology ....................................................................................... 325 9.5.4 Configurations ................................................................................ 325 9.5.5 Validation ...................................................................................... 327
10 IPV6 MULTICAST CONFIGURATION GUIDE ................................. 329 10.1 Configuring IPv6 Multicast-Routing ......................................................... 329
10.2 Configuring MLD ................................................................................... 330 10.2.1 Overview ....................................................................................... 330 10.2.2 References ..................................................................................... 330 10.2.3 Configuration ................................................................................. 330 10.2.4 Validation ...................................................................................... 332
10.3 Configuring PIMv6 ................................................................................ 333 10.3.1 Overview ....................................................................................... 333 10.3.2 References ..................................................................................... 333 10.3.3 Terminology ................................................................................... 333 10.3.4 Configuring General PIMv6 Sparse-mode ........................................... 337 10.3.5 Configuring RP dynamically .............................................................. 340 10.3.6 Configuring Boostrap Router ............................................................ 343 10.3.7 Configuring PIMv6-SSM feature ........................................................ 345
10.4 Configuring MLD Snooping ..................................................................... 346 10.4.1 Overview ....................................................................................... 346 10.4.2 Enable Globally Or Per Vlan .............................................................. 346 10.4.3 Configuring Fast Leave .................................................................... 347 10.4.4 Configuring Querior Parameters ........................................................ 348 10.4.5 Configuring Mrouter Port .................................................................. 349 10.4.6 Configuring Querier Tcn ................................................................... 350 10.4.7 Configuring Report Suppression ........................................................ 351 10.4.8 Configuring Static group .................................................................. 351 10.4.9 Limitations And Configuration Guidelines ........................................... 352
10.5 Configuring MVR6 ................................................................................. 352 10.5.1 Overview ....................................................................................... 352 10.5.2 Terminology ................................................................................... 353 10.5.3 Topology ....................................................................................... 353 10.5.4 Configurations ................................................................................ 353 10.5.5 Validation ...................................................................................... 355
11 IPV6 ROUTING CONFIGURATION GUIDE .................................... 357 11.1 Configuring IPv6 Unicast-Routing ............................................................ 357
11.1.1 Overview ....................................................................................... 357 11.1.2 Topology ....................................................................................... 357 11.1.3 Validation Commands ...................................................................... 359
11.2 Configuring OSPFv3 .............................................................................. 360 11.2.1 Overview ....................................................................................... 360 11.2.2 References ..................................................................................... 360
11.2.3 Basic OSPFv3 Parameters Configuration ............................................ 361 11.2.4 Enabling OSPFv3 on an Interface ...................................................... 361 11.2.5 Configuring Priority ......................................................................... 364 11.2.6 Configuring OSPFv3 Area Parameters ................................................ 367 11.2.7 Redistributing Routes into OSPFv3 .................................................... 375 11.2.8 OSPFv3 Cost .................................................................................. 382 11.2.9 Monitoring OSPFv3 .......................................................................... 388
11.3 Configuring RIPng ................................................................................. 388 11.3.1 Overview ....................................................................................... 388 11.3.2 References ..................................................................................... 389 11.3.3 Enabling RIPng ............................................................................... 389 11.3.4 Configuring Metric Parameters .......................................................... 393 11.3.5 Configuring the Administrative Distance ............................................ 394 11.3.6 Configuring Redistribution ................................................................ 396 11.3.7 Configuring Split-horizon Parameters ................................................ 398 11.3.8 Configuring Timers .......................................................................... 400 11.3.9 Configuring RIPng Route Distribute Filters .......................................... 400
12 IPV6 SECURITY CONFIGURATION GUIDE ................................... 403 12.1 Configuring DHCPv6 Snooping ................................................................ 403
12.1.1 Overview ....................................................................................... 403 12.1.2 Topology ....................................................................................... 403 12.1.3 Configuration ................................................................................. 403 12.1.4 Validation ...................................................................................... 404
12.2 Configuring ACLv6 ................................................................................ 405 12.2.1 Overview ....................................................................................... 405 12.2.2 Terminology ................................................................................... 405 12.2.3 Limitation ...................................................................................... 406 12.2.4 Topology ....................................................................................... 406 12.2.5 Configuration ................................................................................. 406 12.2.6 Validation ...................................................................................... 408
13 IPV6 SERVICE CONFIGURATION GUIDE ..................................... 409 13.1 Configuring IPv6 over IPv4 Tunnel .......................................................... 409
13.1.1 Overview ....................................................................................... 409 13.1.2 Configure Manual Tunnel ................................................................. 412 13.1.3 Configure 6to4 Tunnel ..................................................................... 416 13.1.4 Configure 6to4 relay ....................................................................... 420 13.1.5 Configure ISATAP Tunnel ................................................................. 424
13.2 Configuring NDP ................................................................................... 427 13.2.1 Overview ....................................................................................... 427 13.2.2 Topology ....................................................................................... 428 13.2.3 Configuring NDP ............................................................................. 428 13.2.4 Validation commands ...................................................................... 428
13.3 Configuring DHCPv6 Relay ..................................................................... 429 13.3.1 Overview ....................................................................................... 429 13.3.2 Topology ....................................................................................... 429 13.3.3 Configuration ................................................................................. 429 13.3.4 Validation ...................................................................................... 430
14 RELIABILITY CONFIGURATION GUIDE ....................................... 432 14.1 Configuring BHM ................................................................................... 432
14.1.1 Overview ....................................................................................... 432 14.1.2 Terminology ................................................................................... 432 14.1.3 Configuration ................................................................................. 432 14.1.4 Validation ...................................................................................... 432
14.2 Configuring CPU Traffic Limit .................................................................. 432 14.2.1 Overview ....................................................................................... 432 14.2.2 Terminology ................................................................................... 434 14.2.3 Default Configuration ...................................................................... 434 14.2.4 Limitations ..................................................................................... 434 14.2.5 Configuration ................................................................................. 434 14.2.6 Validation Commands ...................................................................... 435
14.3 Configuring UDLD ................................................................................. 436 14.3.1 Overview ....................................................................................... 436 14.3.2 Topology ....................................................................................... 436 14.3.3 Configuration ................................................................................. 436 14.3.4 Validation ...................................................................................... 437
14.4 Configuring ERPS .................................................................................. 437 14.4.1 Overview ....................................................................................... 437 14.4.2 References ..................................................................................... 438 14.4.3 Configuring ERPS for a Single-Ring Topology ...................................... 438 14.4.4 Configuring a Intersecting-Ring Topology ........................................... 445
14.5 Configuring Smart Link .......................................................................... 456 14.5.1 Overview ....................................................................................... 456 14.5.2 Topology ....................................................................................... 456 14.5.3 Configuration ................................................................................. 457 14.5.4 Validation ...................................................................................... 461
14.6 Configuring Monitor Link ........................................................................ 462 14.6.1 Overview ....................................................................................... 462 14.6.2 Topology ....................................................................................... 462 14.6.3 Configuration ................................................................................. 463 14.6.4 Validation ...................................................................................... 463
14.7 Configuring VRRP .................................................................................. 463 14.7.1 Overview ....................................................................................... 463 14.7.2 References ..................................................................................... 464 14.7.3 Terminology ................................................................................... 464 14.7.4 VRRP Process ................................................................................. 464 14.7.5 Limitations ..................................................................................... 465 14.7.6 Configuring VRRP (One Virtual Router) .............................................. 465 14.7.7 Configuring VRRP (Two Virtual Router) .............................................. 467 14.7.8 VRRP Circuit Failover ....................................................................... 471
14.8 Configuring VRRP Remote Tracking ......................................................... 474 14.8.1 Configuring IP SLA .......................................................................... 474 14.8.2 Configuring TRACK .......................................................................... 480 14.8.3 Configuring VRRP TRACK ................................................................. 485
14.9 Configuring VARP .................................................................................. 486 14.9.1 Overview ....................................................................................... 486 14.9.2 Topology ....................................................................................... 487 14.9.3 Configuring .................................................................................... 487 14.9.4 Validation ...................................................................................... 488
15 VPN CONFIGURATION GUIDE ..................................................... 489 15.1 Configuring VRF .................................................................................... 489
List of Figures Figure 2-1 NTP server-client with authentication topology ..................................... 29 Figure 2-2 Log information on syslog Servers ...................................................... 31 Figure 2-3 Mirror .............................................................................................. 34 Figure 2-4 Remote Mirror .................................................................................. 37 Figure 2-5 Mac Escape ...................................................................................... 41 Figure 2-6 SmartConfig Topology ....................................................................... 53 Figure 3-1 Address Aging Time .......................................................................... 63 Figure 3-2 Static Unicast Address ....................................................................... 64 Figure 3-3 Static Multicast Address ..................................................................... 65 Figure 3-4 MAC filter......................................................................................... 66 Figure 3-5 VLAN Tagged Frame .......................................................................... 67 Figure 3-6 Trunk Link ....................................................................................... 67 Figure 3-7 Access Link ...................................................................................... 68 Figure 3-8 Access Port ...................................................................................... 68 Figure 3-9 Trunk Port ....................................................................................... 69 Figure 3-10 VLAN classification Topology .............................................................. 74 Figure 3-11 VLAN translation ............................................................................... 77 Figure 3-12 802.1Q tunnel .................................................................................. 79 Figure 3-13 Basic 802.1Q tunneling ...................................................................... 80 Figure 3-14 Adding one tag ................................................................................. 81 Figure 3-15 Adding two tags ................................................................................ 83 Figure 3-16 LACP ............................................................................................... 86 Figure 3-17 LACP ............................................................................................... 89 Figure 3-18 Flow Control Configuration Topology ................................................... 92 Figure 3-19 Percentage Storm Control .................................................................. 94 Figure 3-20 PPS Storm Control ............................................................................ 95 Figure 3-21 Layer 2 Tunnel Topology .................................................................... 97 Figure 3-22 Layer 2 Tunnel Topology .................................................................... 99 Figure 3-23 MSTP Topology ............................................................................... 102 Figure 3-24 MLAG Configuration Topology ........................................................... 108 Figure 4-1 Static Routing ................................................................................ 113 Figure 4-2 RIP Topology .................................................................................. 117 Figure 4-3 RIP Topology II .............................................................................. 120 Figure 4-4 RIP Topology III ............................................................................. 123 Figure 4-5 RIP Topology III ............................................................................. 125 Figure 4-6 RIP Topology III ............................................................................. 127 Figure 4-7 RIP Topology III ............................................................................. 130 Figure 4-8 RIP Topology III ............................................................................. 133 Figure 4-9 RIPv2 ............................................................................................ 135 Figure 4-10 RIPv2 MD5 authentication ................................................................ 136 Figure 4-11 OSPF AS ........................................................................................ 141 Figure 4-12 OSPF Priority .................................................................................. 143 Figure 4-13 OSPF Area ..................................................................................... 145 Figure 4-14 OSPF Routes Redistributing .............................................................. 149 Figure 4-15 OSPF Cost ...................................................................................... 153 Figure 4-16 OSPF Authentication ........................................................................ 158 Figure 4-17 Policy-Based Routing Typical Topology .............................................. 172 Figure 5-1 ARP Topology ................................................................................. 174 Figure 5-2 ARP Proxy topology ......................................................................... 177 Figure 5-3 Local ARP Proxy topology ................................................................. 180 Figure 5-4 DHCP Client Topology ...................................................................... 184 Figure 5-5 DHCP Relay Topology ...................................................................... 186
Figure 5-6 DNS Topology ................................................................................ 188 Figure 6-1 NTP server-client with authentication topology ................................... 192 Figure 6-2 External phy topo ........................................................................... 195 Figure 6-3 Internal phy topo ............................................................................ 196 Figure 6-4 Port level loopback topo................................................................... 196 Figure 6-5 L2 pinging a switch port................................................................... 197 Figure 6-6 Rmon1 topo ................................................................................... 199 Figure 6-7 SNMP Network................................................................................ 201 Figure 6-8 Sflow topology................................................................................ 205 Figure 6-9 LLDP topology ............................................................................... 207 Figure 7-1 Port Security topology ..................................................................... 210 Figure 7-2 ACL ............................................................................................... 215 Figure 7-3 Extend ACL .................................................................................... 218 Figure 7-4 Dot1x Basic topology ....................................................................... 221 Figure 7-5 Dot1x Basic topology for mac based .................................................. 221 Figure 7-6 Select "Settings" -> "System" .......................................................... 225 Figure 7-7 Configure the shared-key, authorization port and account port ............. 226 Figure 7-8 Add user name and password on the server ....................................... 226 Figure 7-9 supplicant is not 802.1x capable ....................................................... 228 Figure 7-10 supplicant is 802.1x capable and authenticated .................................. 229 Figure 7-11 ARP Inspection Topology.................................................................. 235 Figure 7-12 DHCP Snooping Topology ................................................................. 238 Figure 7-13 IP Source Guard ............................................................................. 241 Figure 7-14 RADIUS authentication application .................................................... 243 Figure 7-15 Configure IP address ....................................................................... 244 Figure 7-16 Ping test ........................................................................................ 245 Figure 7-17 Open software on server .................................................................. 245 Figure 7-18 Set system..................................................................................... 245 Figure 7-19 Add user ........................................................................................ 246 Figure 7-20 Ping test ........................................................................................ 246 Figure 7-21 Telnet test ..................................................................................... 247 Figure 7-22 TACACS+ authentication application .................................................. 247 Figure 7-23 Ping result ..................................................................................... 249 Figure 7-24 Telnet result ................................................................................... 250 Figure 7-25 Basic topology for port-isolate .......................................................... 250 Figure 7-26 DDos prevent topology .................................................................... 252 Figure 8-1 Bridge 1 ........................................................................................ 262 Figure 9-1 Configuring RP statically .................................................................. 309 Figure 9-2 BSR Topology ................................................................................. 316 Figure 9-3 MVR Topology ................................................................................ 325 Figure 10-1 Configuring RP statically .................................................................. 337 Figure 10-2 BSR Topology ................................................................................. 344 Figure 10-3 MVR6 Topology ............................................................................... 353 Figure 11-1 IPv6 Static Routing Topology Configuration ........................................ 357 Figure 11-2 OSPF AS ........................................................................................ 361 Figure 11-3 OSPFv3 Priority .............................................................................. 365 Figure 11-4 OSPFv3 Area .................................................................................. 368 Figure 11-5 OSPFv3 Routes Redistributing .......................................................... 375 Figure 11-6 OSPFv3 Cost .................................................................................. 382 Figure 12-1 DHCPv6 Snooping Topology ............................................................. 403 Figure 13-1 IPv6 over IPv4 Tunnel ..................................................................... 409 Figure 13-2 6to4 tunnel .................................................................................... 411 Figure 13-3 ISATAP tunnel ................................................................................ 412 Figure 13-4 configure manual tunnel .................................................................. 412 Figure 13-5 configure 6to4 tunnel ...................................................................... 416
Figure 13-6 Configure 6to4 relay ....................................................................... 420 Figure 13-7 Configure ISATAP tunnel .................................................................. 424 Figure 13-8 NDP Topology ................................................................................. 428 Figure 13-9 DHCPv6 Relay Topology ................................................................... 429 Figure 14-1 Typical topology of UDLD ................................................................. 436 Figure 14-2 ERPS Topology ............................................................................... 439 Figure 14-3 Single-Domain Intersecting-Ring Topology ......................................... 447 Figure 14-4 Smart-Link Typical Topology ............................................................ 457 Figure 14-5 Configure monitor link ..................................................................... 463 Figure 14-6 VRRP Process ................................................................................. 465 Figure 14-7 VRRP Protocol ................................................................................ 465 Figure 14-8 One VRRP Router ............................................................................ 466 Figure 14-9 Two Virtual Router .......................................................................... 468 Figure 14-10 VRRP track topology ................................................................... 480 Figure 14-11 Track rtr reachability .................................................................. 481 Figure 14-12 Track rtr state ........................................................................... 483 Figure 14-13 VRRP TRACK .............................................................................. 485 Figure 14-14 VARP Configuration .................................................................... 487
List of Tables Table 2-1 System Message Log Facility Types ......................................................... 28 Table 2-2 Severity Level Definitions ....................................................................... 29 Table 8-1 Enable QoS ........................................................................................ 262 Table 8-2 Configure egress queue for tail drop ...................................................... 263 Table 8-3 Configure egress queue for WRED ......................................................... 265 Table 8-4 Configure egress queue for schedule ..................................................... 267 Table 8-5 Configure port policing ........................................................................ 269 Table 8-6 Configure port shaping ........................................................................ 271 Table 8-7 Configure queue shaping ..................................................................... 273 Table 8-8 Configure IP ACL ................................................................................ 275 Table 8-9 Configure class map ............................................................................ 276 Table 8-10 Configure policy map ....................................................................... 277 Table 8-11 Configure aggregate policing ............................................................ 279 Table 8-12 Configure CoS to Priority-Color mapping table .................................... 280 Table 8-13 Configure IP-Precedence to Priority-Color mapping table ...................... 282 Table 8-14 Configure DSCP to Priority-Color mapping table .................................. 286 Table 8-15 Configure Priority-Color to Queue-Threshold mapping table.................. 289 Table 8-16 Configure Priority-Color to CoS mapping table .................................... 292 Table 8-17 Configure Priority-Color to DSCP mapping table .................................. 296 Table 11-1 Switch1 configuration ...................................................................... 357 Table 11-2 Switch2 configuration ...................................................................... 358 Table 11-3 Switch3 configuration ...................................................................... 358
1 Basic Configuration Guide
1.1 Configuring System Management
1.1.1 Overview
You can configure a message-of-the-day (MOTD) and a login banner. The MOTD banner displays on all connected terminals at login and is useful for sending
messages that affect all network users (such as impending system shutdowns).
The login banner also displays on all connected terminals. It appears after the MOTD banner and before the login prompts.
1.1.2 Configuring a Message-of-the-Day Login Banner
You can create a single or multiline message banner that appears on the screen when someone logs in to the switch.
To enable message logging, follow these steps:
Switch# configure terminal Enter global configuration mode
Switch(config)# banner motd c message c
Specify the message of the day. For c, enter the delimiting character of your choice, for example, a
pound sign (#), and press the Return key. The delimiting character signifies the beginning and end of the banner text. Characters after the ending
delimiter are discarded. For message, enter a banner message up to 255 characters. You cannot
use the delimiting character in the message
Switch(config)# exit Exit the Configure mode
1.1.3 Configuring a Login Banner
You can configure a login banner to be displayed on all connected terminals. This banner appears after the MOTD banner and before the login prompt.
Beginning in privileged EXEC mode, follow these steps to configure a login banner:
Switch(config)# banner
Specify the login message. For c, enter the
delimiting character of your choice, for example, a pound sign (#), and press the Return key. The delimiting character signifies the beginning and
end of the banner text. Characters after the ending delimiter are discarded. For message, enter a login
message up to 255 characters. You cannot use the delimiting character in the message
1.1.4 Configuring an Exec Banner
You can configure an exec banner to be displayed on all connected terminals. This
banner appears when terminal in privileged EXEC mode.
Beginning in privileged EXEC mode, follow these steps to configure a exec banner:
Switch(config)# banner exec c message c
Specify the login message. For c, enter the delimiting character of your choice, for example, a pound sign (#), and press the Return key. The
delimiting character signifies the beginning and end of the banner text. Characters after the ending
delimiter are discarded. For message, enter a login message up to 255 characters. You cannot use the delimiting character in the message
1.1.5 Validation Commands
All current banner configurations can be displayed. To display, follow these steps:
Switch# show running Show the current system configuration
1.2 Configuring User Management
1.2.1 Overview
User management increases the security of the system by keeping the
unauthorized users from guessing the password. The user is limited to a specific number of attempts to successfully log in to the switch.
There are three load modes in the switch. In “no login” mode, anyone can load the switch without authentication. In “login” mode, there is only one default user. In
“login local” mode, if you want to load the switch you need to have a user account.
Local user authentication uses local user accounts and passwords that you create to validate the login attempts of local users. Each switch has a maximum of 32
local user accounts. Before you can enable local user authentication, you must define at least one local user account.
You can set up local user accounts by creating a unique username and password combination for each local user. Each username must be fewer than 32 characters.
You can configure each local user account with a privilege level; the valid privilege
levels are 1 or 4. Once a local user is logged in, only the commands those are available for that privilege level can be displayed.
Privilege1: In this level user only can use basic show command like, “ls”, “dir”, “enable”.
Privilege2: In this level user can use all show command in Exec mode.
Privilege3: In this level user can use command including “all PM configuration commands” in CONFIG mode.
Privilege4: In this level user can use all command including commands that can change one user’s privilege”, “SNMP security commands”, “radius, ssh which
related to security commands” and file management command in Exec mode.
If login type is login local, the privilege is form the privilege in user, other the privilege is form line vty.
1.2.2 Configuring the user management in login local mode
Configurations
Switch(config)# line vty 0 7 Enter line configuration mode, use line console 0 if you want to set console
port access
switch
Switch(config)#username testname
Switch(config)# exit Exit the global configure mode
Validation Command
After the above setting, login the switch will need a username and password, and user can login with the username and password created before. This is a sample output of the login prompt.
Username: testname
The login mode requires the line password without a username.
Configurations
Switch(config)# line vty 0 7 Enter line configuration mode, use
line console 0 if you want to set console port access
Switch(config-line)# login Enable login authentication on the switch
Switch(config-line)# line-password abc Set login password of abc
Switch(config-line)# end Enter the Exec mode
Validation Command
After the above setting, login the switch will need the line password, and user can
login with the password created before. This is a sample output of the login prompt.
Password:
Configurations
If the password is forgotten unfortunately, it can be recovered by following steps.
Step 1 Power on the system. Boot loader will start to run. The follow information will be printed on Console.
CPU: MPC8247 (HiP7 Rev 14, Mask 1.0 1K50M) at 350 MHz
Board: 8247 (PCI Agent Mode)
I2C: ready
Press ctrl+b to stop autoboot: 3
Step 2 Press ctrl+b. stop autoboot.
Step 3 Under boot loader interface, use the following instructions.
Bootrom# boot_flash_nopass Load the device without start-config file under the boot loader mode through Console
Bootrom# Do you want to revert to the default config file ?
[Y|N|E]:
Then system will reboot without loading startup-configuration. No password will be required.
1.3 Configuring FTP
1.3.1 Overview
You can download a switch configuration file from an FTP server or upload the file
from the switch to an FTP server.You download a switch configuration file from a server to upgrade the switch configuration. You can overwrite the current startup
configuration file with the new one. You upload a switch configuration file to a server for backup purposes. You can use this uploaded configuration for future downloads to the switch or another switch of the same type.
1.3.2 IPv4 Configurations
Preparing to download or upload a configuration file by using FTP
You can copy configurations files to or from an FTP server.
The FTP protocol requires a client to send a remote username and password on each FTP request to a server.
Before you begin downloading or uploading a configuration file by using FTP, do these tasks:
Ensure that the switch has a route to the FTP server. The switch and the FTP server must be in the same network if you do not have a router to route traffic between subnets. Check connectivity to the FTP server by using the ping
command.
If you are accessing the switch through the console or a Telnet session and you
do not have a valid username, make sure that the current FTP username is the one that you want to use for the FTP download.
When you upload a configuration file to the FTP server, it must be properly configured to accept the write request from the user on the switch.
For more information, see the documentation for your FTP server.
Downloading a configuration file by using FTP
You can download a new configuration file and overwrite the current configuration or keep the current configuration.
Switch(config)# ftp username test (Optional) Create a user “test”
Switch(config)# ftp password test (Optional) Create a password “test”
Switch(config)# end Return to privileged EXEC mode
Switch#copy mgmt-if
Get a startup configuration file from
remote FTP server. User’s name is “test”; the password is “test”
Switch# show startup-config Verify your entries
Uploading a configuration file by using FTP
You can upload a configuration file from the switch to an FTP server. You can later
download this configuration to the same switch or to another switch of the same type.
Beginning in privileged EXEC mode, follow these steps to upload a configuration file
to an FTP server:
mode
“test”
Switch(config)# end Return to privileged EXEC
mode
Upload a startup configuration file to remote
FTP server User’s name is “test”; the password is “test”
1.3.3 IPv6 Configurations
Switch1
Get a startup configuration file from
remote FTP server. User’s name is “root”; the password is “root”
Uploading a configuration file by using FTP
Switch1
Upload a startup configuration file to
remote FTP server User’s name is “root”; the password is “root”
1.4 Configuring TFTP
1.4.1 Overview
You can download a switch configuration file from a TFTP server or upload the file from the switch to a TFTP server. You download a switch configuration file from a server to upgrade the switch configuration. You can overwrite the current file with
the new one. You upload a switch configuration file to a server for backup purposes; this uploaded file can be used for future downloads to the same or another switch
of the same type.
1.4.2 Configurations
Preparing to download or upload a configuration file by using TFTP
Before you begin downloading or uploading a configuration file by using TFTP, do
these tasks:
Ensure that the workstation acting as the TFTP server is properly configured.
Ensure that the switch has a route to the TFTP server. The switch and the TFTP server must be in the same network if you do not have a router to route traffic between subnets. Check connectivity to the TFTP server by using the ping
Ensure that the configuration to be downloaded is in the correct directory on the TFTP server.
For download operations, ensure that the permissions on the file are set correctly.
During upload operations, if you are overwriting an existing file (including an empty file, if you had to create one) on the server, ensure that the permissions
on the file are set correctly.
Downloading a configuration file by using TFTP
You can download a new configuration file and replace the current file or keep the
current file.
Switch# copy mgmt-if tftp://2001:1000::2/startup-config.conf
Uploading a configuration file by using TFTP
You can upload a configuration file from the switch to a TFTP server. You can later download this file to the switch or to another switch of the same type.
Beginning in privileged EXEC mode, follow these steps to upload a configuration file to a TFTP server.
Switch# copy flash:/startup-config.conf mgmt-if
Switch# copy flash:/startup-config.conf
remote TFTP server
1.5 Configuring Telnet
1.5.1 Overview
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. User data is interspersed in-band with Telnet control
information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).
Telnet was developed in 1969 beginning with RFC 15, extended in RFC 854, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8,
one of the first Internet standards.
Historically, Telnet provided access to a command-line interface (usually, of an operating system) on a remote host. Most network equipment and operating
systems with a TCP/IP stack support a Telnet service for remote configuration (including systems based on Windows NT). Because of security issues with Telnet,
its use for this purpose has waned in favor of SSH.
Switch# telnet 10.10.29.247 Telnet switch 10.10.29.247 with inner port
Switch# telnet 2001:1000::71 Telnet switch 2001:1000::71 with inner
port
Switch# telnet mgmt-if
Switch# configure terminal Enter the Configure mode
Switch(config)# service telnet enable
1.6 Configuring SSH
1.6.1 Overview
The Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH provides more security for remote connections than Telnet does by providing strong encryption when a device is authenticated. SSH supports the Data
Encryption Standard (DES) encryption algorithm, the Triple DES (3DES) encryption algorithm, and password-based user authentication. The SSH feature has an SSH
server and an SSH integrated client, which are applications that run on the switch. You can use an SSH client to connect to a switch running the SSH server. The SSH server works with the SSH client supported in this release and with SSH clients. The
SSH client also works with the SSH server supported in this release and with SSH servers.
1.6.2 Topology
Switch(config)# rsa key a generate Create a key name a
Switch(config)# rsa key a export url flash:/a.pri private ssh2
Create a private key named a.pri with key a and save it to
flash
public ssh2
a.pub with key a and save it to flash
Import the key
Import the key a.pub we created as
importKey
Create a user with name aaa.
Switch(config)# username aaa assign rsa key importKey
Assign the key to use aaa
1.6.4 Validation commands
On SSH client:
[email protected]'s password:
2 Device Management Configuration Guide
2.1 Configuring STM
2.1.1 Overview
Switch Table Management (STM) is used to configure system resources in the switch to optimize support for specific features, depending on how the switch is
used in the network.
You can select a profile to provide maximum system usage for some functions; for example, use the default profile to balance resources and use vlan profile to obtain
max MAC entries.
To allocate ternary content addressable memory (TCAM) resources for different
usages, the switch STM profile prioritize system resources to optimize support for certain features. You can select STM templates to optimize these features:
ipv4—The routing template maximizes system resources for unicast routing, typically required for a router or aggregator in the center of a network.
vlan—The VLAN template supports the maximum number of unicast MAC addresses. It would typically be selected for a Layer 2 switch.
default—The default template gives balance to all functions.
ipv6- The dual IPv4 and IPv6 templates allow the switch to be used in dual
stack environments (supporting both IPv4 and IPv6). Using the dual stack templates results in less TCAM capacity allowed for each resource. Do not use them if you plan to forward only IPv4 traffic. This template includes 2 sub
profile: ipv6 default and ipv6 route. IPv6 default balances IPv6 and IPv4 featues, and IPv6 route template supporting more IPv6 routing entry numbers.
When users configured a profile mode which is not exist in the
next reboot image, then default hardware configure will be used when system up with the next image. The hardware configure
may be different from the default profile.
2.1.2 Configuration
Follow these guidelines when selecting and configuring STM profiles.
You must reload the switch for the configuration to take effect.
Use the stm prefer vlan global configuration command only on switches intended for Layer 2 switching with no routing.
Do not use the ipv4 profile if you do not have routing enabled on your switch. The stm prefer ipv4 global configuration command prevents other features
from using the memory allocated to IPv4 unicast routing in the routing profile.
Switch# configure terminal Enter configuration mode
Switch(config)# stm prefer ipv4 Select ipv4 profile for best supporting
IP unicast routing
Switch(config)# end Return to the EXEC mode
Switch# reload Reload system
2.1.3 Validation
This is an example of an output display for default template.
Switch# show stm prefer
Current profile is :default
the switch to make balance entry number among
route, mac, related tables.
number of Ethernet features:
G.8031 groups : 64
G.8032 rings : 32
IPv4 host routes : 3072
Indirect IPv4 routes : 3032
IPv4 ECMP routes : 128
IPv4 Mcast routes : 508
number of Security features:
The profile stored for use after the next reload
is the ipv4 profile.
number of Ethernet features:
IPv4 host routes : 6144
Indirect IPv4 routes : 8152
IPv4 ECMP routes : 256
IPv4 Mcast routes : 1020
number of Security features:
2.2 Configuring Syslog
This document is intended to give a usage example for system log feature.
2.2.1 Overview
The system message logging software can save messages in a log file or direct the
messages to other devices. The system message logging facility has these features:
Provides you with logging information for monitoring and troubleshooting.
Allows you to select the types of logging information that is captured.
Allows you to select the destination of the captured logging information.
By default, the switch logs normal but significant system messages to its internal buffer and sends these messages to the system console. You can specify which system messages should be saved based on the type of the severity level. The
messages are time-stamped to enhance real-time debugging and management.
You can access the logged system messages using the switch command-line
interface (CLI) or by saving them to a properly configured log server. The switch software saves the log messages in an internal buffer that can store up to 1000 messages. You can monitor the system messages remotely by accessing the switch
through Telnet or the console port, or by viewing the logs on a log server.
2.2.2 Terminology
Facility Name Definition
kern kernel messages
Facility Name Definition
auth security/authorization messages
lpr line printer subsystem
news network news subsystem
Severity Level Definition
critical critical conditions
error error conditions
warning warning conditions
information Informational
Configurations
Switch(config)# logging server enable Enable the logging state for a
Telnet session
Switch(config)# logging server address
log servers
log servers
server messages
Switch(config)# logging server facility mail Set the facility for log server
messages
Validation
And you can check the result by using show logging command:
Switch# show logging
Current logging configuration:
2.2.4 Configuring Logging Buffer Size
By default, the number of messages to log to the logging buffer is 500. If desired,
you can set the number between 10 and 1000.
Configurations
Switch(config)# logging buffer 700
Set the number of messages to log to the logging buffer
Validation
And you can check the result by using show logging command.
Switch# show logging
Current logging configuration:
logging buffer 700
logging timestamp bsd
logging file enable
You can use command to check showing Logging
Information.When configuring the syslog Servers, make sure the cables is linked correctly and two computers can ping each other.Before you can send the system log messages to a log
server, you must configure Syslog Software, at the end you can see the log from your software.
Figure 2-2 Log information on syslog Servers
2.3 Configuring Mirror
2.3.1 Overview
You can analyze network traffic passing through ports or vlans by using mirror function to send a copy of the traffic to another port on the switch that has been
connected to a Switch Probe device or other Remote Monitoring (RMON) probe or security device. Mirrors received or sent (or both) traffic on a source port and
received traffic on one or more source ports or source vlans, to a destination port for analysis.
Only traffic that enters or leaves source ports or traffic that enters source vlans can be monitored by using mirror; traffic that gets routed to ingress source ports or source vlans cannot be monitored. For example, if incoming traffic is being
monitored, traffic that gets routed from another vlans to the source vlans is not monitored; however, traffic that is received on the source vlan and routed to
another vlan is monitored.
Mirror does not affect the switching of network traffic on source ports or source vlans; a copy of the packets received or sent by the source interfaces are sent to
the destination interface.
Mirror Session
A mirror session is an association of a destination port with source ports and source VLANs. You configure mirror sessions by using parameters that specify the source of network traffic to monitor. Both switched and routed ports can be configured as
mirror sources and destinations. You can configure up to 3 mirror sessions.
Mirror sessions do not interfere with the normal operation of the switch. However,
an oversubscribed mirror destination, for example, a 10-Mbps port monitoring a 100-Mbps port, results in dropped or lost packets.
You can configure mirror sessio

Documents

48 Port Gigabit Ethernet Routing Switch with 10G Uplink