Switch 5500LAB

Switch 5500 and 5500G

Hands-On Training

Lab Guide

Version 0.7 3Com Switch 5500 and 5500G Hands-On Training Lab Guide 1

Backwards-compatibility with the Switch 4400 family

Many Switch 5500s will be installed as direct replacements for legacy Switch

4400s. There are two special features on the Switch 5500 family that help

customers upgrade their familiar Switch 4400s to the new Switch 5500s.

Converting an existing Switch 4400 configuration

To help customers upgrade an existing Switch 4400 to a new Switch 5500, 3Com

supplies a software utility that converts an existing Switch 4400 configuration to

its Switch 5500 equivalent, and installs this configuration file on the Switch 5500.

We look at this utility in Lab 1.

Configuration files and factory defaults

The current configuration of a Switch 5500 can be saved to the switch filesystem.

When the switch is next rebooted, this configuration file is read, and the switch

configured accordingly. So far, this is just the same as on the modular switches,

the Switch 7700 and Switch 8800 families.

The factory defaults on the legacy Switch 4400s are not the same as on the

Switch 5500s.

To help customers who would like their new Switch 5500 behave more like their

familiar Switch 4400, 3Com supplies Switch 5500s with an extra file installed on

the filesystem, “3comoscfg.def”.

When the Switch 5500 reboots, if no configuration file exists, but the

3comoscfg.def file exists, this .def file will be used to configure the switch. In

effect, the factory defaults will be (as close as possible to) those of the Switch

4400.

When the Switch 5500 reboots, if neither the configuration file nor the

3comoscfg.def file exists, the switch will be at “native” Switch 5500 factory

defaults.

2 3Com Switch 5500 and 5500G Hands-On Training Lab Guide Version 0.7

Requirements in order to complete all of these labs

Preparation of the Switch 5500s for the labs

To simplify the amount of configuration needed, most of these labs start with the

Switch 5500s at native factory defaults.

Before any of the labs, if 3comoscfg.def exists, rename it. Then when any saved

configuration file has been deleted, the switch will reboot to native factory

defaults (and not to Switch 4400 factory defaults,) as required in the labs.

<whatever>dir

Directory of unit1>flash:/

1 -rw- 598009 Apr 14 2000 02:39:57 s4h01_00.web

2 -rw- 10301 Apr 02 2000 00:47:13 3comoscfg.def

3 -rw- 302944 Apr 14 2000 02:42:42 s4e01_00.btm

4 -rw- 4713393 Apr 14 2000 03:06:31 s4b03_01_00s168.app

15367 KB total (9842 KB free)

<whatever>rename 3comoscfg.def 3comoscfg.sve

Rename unit1>flash:/3comoscfg.def to

unit1>flash:/3comoscfg.sve?[Y/N]:y

...

%Renamed file unit1>flash:/3comoscfg.def to

unit1>flash:/3comoscfg.sve.

<whatever>dir

Directory of unit1>flash:/

1 -rw- 598009 Apr 14 2000 02:39:57 s4h01_00.web

2 -rw- 10301 Apr 02 2000 00:47:13 3comoscfg.sve

3 -rw- 302944 Apr 14 2000 02:42:42 s4e01_00.btm

4 -rw- 4713393 Apr 14 2000 03:06:31 s4b03_01_00s168.app

15367 KB total (9842 KB free)

Restoring the Switch 5500s after the labs


When all the labs have been completed, you may wish to rename the

3comoscfg.sve file back to 3comoscfg.def, so the switch will behave as it did

when it was shipped.

<whatever>rename 3comoscfg.sve 3comoscfg.def


Lab

The Configuration Conversion Utility (CCU)

Overview

In this lab, you will:

Install the CCU on your laptop

Initialise a legacy switch

Set the legacy switch to a known configuration

Initialise a Switch 5500

Convert the configuration from the legacy switch to the Switch 5500

Check that the configuration on the Switch 5500 is as expected


Introduction to the Configuration Conversion Utility Lab

Note:

Two 3Com Switches will be needed in this lab. One must be a Switch 5500, the other must be

a supported legacy switch, such as the Switch 4400.

Lab Environment

Figure 1 shows the networking diagram you will use in this lab.

Figure 1. Networking diagram for Configuration Conversion Utility

Lab Procedure

Section A, install the CCU on the PC.

Section B, initialise and configure the legacy switch.

Section C, initialise the Switch 5500.

Section D, check connectivity between the PC and the switches.

Section E, convert the configuration from the legacy switch to the PC.

Section F, upload the converted configuration to the Switch5500.

Section G, check that the configuration on the Switch 5500 is as expected.


Section A: Installation of the Configuration Conversion Utility on the PC

Install the CCU on the PC

1. Ask your instructor for a copy of the CCU, and copy it to the PC desktop.

2. To start the installation, double click on the CCU icon.

Switch 5500 CCU.exe

3. Installation is straightforward. You will see the following screens in turn.

Just follow their instructions.




4. Read the release notes if you want the latest information.


Section B: Initialisation and Configuration of the Legacy Switch

Initialise the legacy switch

1. Connect a console cable to the legacy switch and log in as admin.

2. Initialise the switch, removing all configuration except IP address

information:

Select menu option: system control initialise yes

Configure the legacy switch

3. When the switch has restarted, log in again as admin.

4. Configure IP address, system location, system name, and system contact:

Note: the only purpose of these changes is to allow you to check later that

the CCU has done a good job of converting the configuration.

Select menu option: protocol ip basicConfig

Enter configuration method (auto,manual,none)[manual]: manual

Enter IP address [140.204.1.2 ]: 140.204.1.2

Enter subnet mask [255.255.255.0 ]: 255.255.255.0

Enter gateway IP address [140.204.1.254 ]: 0.0.0.0

Select management VLAN ID(1)[1]: 1

IP address: 140.204.1.2

Subnet mask: 255.255.255.0

Gateway IP address: 0.0.0.0

Management VLAN ID: 1

Select menu option: system management location Training Lab

Select menu option: system management name Legacy Switch

Select menu option: system management contact Chris Tucker

5. You can make other configuration changes if you wish.

6. Logout of the legacy switch:


Select menu option: logout


Section C: Initialisation of the Switch 5500

Initialise the Switch 5500

1. Start a HyperTerminal console session to the Switch 5500, using a serial

cable.

2. Clear the saved configuration on the Switch 5500 and reboot:

<whatever>reset saved-configuration

The saved configuration will be erased.

Are you sure?[Y/N]y

Configuration in flash memory is being cleared.

Please wait ...

....

Configuration in flash memory is cleared.

<whatever>reboot

This will reboot device. Continue? [Y/N] y

Configure an IP interface on the Switch 5500

3. When the Switch 5500 has restarted, restart the console session.

4. Give the Switch 5500 an IP address:

<5500-EI>system-view

[5500-EI]interface vlan 1

[5500-EI-Vlan-interface1]ip address 140.204.1.1 24

[5500-EI-Vlan-interface1]quit

Allow telnet management

5. Allow telnet management:

[5500-EI]user-interface vty 0 4

[5500-EI-ui-vty0-4]set authentication password simple sesame

[5500-EI-ui-vty0-4]quit

[5500-EI]super password simple admin

[5500-EI]quit


<5500-EI>save


Section D: Checking Connectivity Between the PC and the Switches

Configure the IP address of the PC

1. The IP address of the PC should be 140.204.1.11, with subnet mask

255.255.255.0. The address of the default gateway is not important.

Check connectivity

2. Connect the PC and the switches as in the diagram.

3. Check that the PC and the switches can ping each other.


Section E: Configuration Convertion from the Legacy Switch to the PC

Convert configuration from the legacy switch to the PC

The source for the conversion can be either a file on the PC (a backup image of

the legacy switch) or the legacy switch itself (contacted live over the network.)

The result of the conversion is a configuration file for the Switch 5500 on the PC.

Note: you can use either Method 1 or Method 2 below. If you have time, you can

try both.

Method 1: source is a backup image of the legacy switch

1. Start a TFTP server on your PC, so the legacy switch can save a backup of

its current configuration. (If you don’t have a TFTP server installed, ask your

instructor for a copy of 3CDaemon.) Make sure you know where the TFTP

server will save uploaded files.

2. Open a Telnet session to the legacy switch. You can use HyperTerminal or

a CLI in a command window, whichever you prefer.

3. Use the Telnet session to save a backup of the switch configuration to the

PC.

Select menu option: system backupConfig save

WARNING: This command will not save any user and password

information, Ssh keys or Ssh user authentication method.

Enter TFTP server IP address [0.0.0.0]: 140.204.1.11

Enter File Name [4400]: 4400

Backing up: IP address 140.204.1.2, 3Com SuperStack 3, Chris Tucker,

Legacy Switch, Training Lab

Enter User notes: Single 3C17203 unit

Any interruption during save may cause an incomplete configuration

file. In this event, repeat the save command. For more information,

refer to the documentation supplied with your device.

Processing: completed


Number of bytes transferred: 13962 bytes

Save of system configuration successful.

Select menu option:

4. Close the Telnet session to the legacy switch.

Select menu option: logout

5. Shut down the TFTP server on the PC.

6. Start the command window associated with the CCU, by double-clicking on

the shortcut on the PC desktop.

7. Use the CCU to convert the backup file just uploaded to the PC.

Note: Make sure you specify the full file name, which will depend on how the

TFTP server was configured.

C:\Program Files\3Com\Switch 5500 CCU>ccu –file “C:\temp\4400” –target

3CR17161-91

8. You will be prompted for information that will be needed by the Switch 5500,

but which is not in the backup file.

Please Enter IP Address [10.0.0.1]: 140.204.1.2

Please Enter Network Mask [255.255.0.0]: 255.255.255.0

Please Enter Default Gateway [10.0.0.254]: 0.0.0.0

Please Enter Management VLAN [1]: 1

C:\Program Files\3Com\Switch 5500 CCU>

9. A Notepad window will appear, showing the result of the conversion.



10. The default location of the target file is the working directory of the CCU.

Note: this is the file you will upload to the target Switch 5500.

C:\Program Files\3Com\Switch 5500 CCU>dir

13/04/2005 14:57 <DIR> .

13/04/2005 14:57 <DIR> ..

13/04/2005 16:20 7,731 4400_3CR17161-91.cfg

13/04/2005 16:20 785 4400_readme.txt

12/04/2005 15:28 <DIR> backup

18/02/2005 17:28 45,056 ccu.exe

18/02/2005 17:59 336,315 ccu.jar

22/11/2004 17:20 103 ccu_timeouts.properties

12/04/2005 15:28 <DIR> jaxp

12/04/2005 15:28 <DIR> JRE

03/02/2005 18:53 290,816 NetUtil.exe

03/02/2005 18:53 344,064 PingServer.exe

09/02/2005 16:01 319,499 Switch5500CCU.pdf

17/02/2005 15:57 4,155 Switch5500CCUreadme.txt

13 File(s) 1,349,829 bytes

5 Dir(s) 52,866,617,344 bytes free


11. Since the configuration file is just text, you can look at it:

C:\Program Files\3Com\Switch 5500 CCU>more 4400_3CR17161-91.cfg

12. Can you find the parameters you expect?


Method 2: source is the live legacy switch

1. Use the CCU to convert the configuration directly from the legacy switch to

the PC.

C:\Program Files\3Com\Switch 5500 CCU>ccu –ip 140.204.1.2 –community

private –target 3CR17161-91

2. A Notepad window will appear, showing the result of the conversion.


3. The default location of the target file is the working directory of the CCU.

Note: this is the file you will upload to the target Switch 5500.

C:\Program Files\3Com\Switch 5500 CCU>dir

13/04/2005 14:57 <DIR> .

13/04/2005 14:57 <DIR> ..

13/04/2005 16:20 7,731 4400_3CR17161-91.cfg

13/04/2005 16:20 785 4400_readme.txt

12/04/2005 15:28 <DIR> backup

18/02/2005 17:28 45,056 ccu.exe

18/02/2005 17:59 336,315 ccu.jar

22/11/2004 17:20 103 ccu_timeouts.properties

12/04/2005 15:28 <DIR> jaxp

12/04/2005 15:28 <DIR> JRE

03/02/2005 18:53 290,816 NetUtil.exe

03/02/2005 18:53 344,064 PingServer.exe

09/02/2005 16:01 319,499 Switch5500CCU.pdf

17/02/2005 15:57 4,155 Switch5500CCUreadme.txt

13 File(s) 1,349,829 bytes

5 Dir(s) 52,866,617,344 bytes free


4. Since the configuration file is just text, you can look at it:

C:\Program Files\3Com\Switch 5500 CCU>more 4400_3CR17161-91.cfg

5. Can you find the parameters you expect?


Section F: Uploading the Converted Configuration to the Switch 5500

Disconnect the legacy switch from the network

The Switch 5500 will be a complete replacement for the legacy switch, so after

we upload the converted configuration file, the IP address of the Switch 5500 will

be the original IP address of the legacy switch.

To avoid duplicate IP addresses, the legacy switch should be removed from the

network now. It is no longer needed in this lab.

Upload the converted configuration to the Switch 5500

The configuration file resulting from the conversion still has to be uploaded from

the PC to the Switch 5500.

If the target switch already has an IP address, the upload can be done remotely

(using TFTP.) If the target switch has no IP address, the upload must be done

locally (using a serial connection to the console port.) Both methods are

described below.

Note: you can use either Method 1 or Method 2 below. If you have time, you can

try both.


Method 1: upload configuration remotely using TFTP

1. Start a TFTP server on your PC.

2. Copy the converted configuration file to the working directory of the TFTP

server, so the Switch 5500 can upload it:

C:\Program Files\3Com\Switch 5500 CCU>copy 4400_3CR17161-91.cfg C:\

temp

3. Open a Telnet session to the Switch 5500. You can use HyperTerminal or a

CLI in a command window, whichever you prefer.

*********************************************************

* All rights reserved (1997-2005) *

* Without the owner's prior written consent, *

*no decompiling or reverse-engineering shall be allowed.*

*********************************************************

Login authentication

Password:sesame

<5500-EI>

%Apr 2 00:01:19:48 2000 5500-EI SHELL/5/LOGIN:- 1 - VTY(140.204.1.1)

in unit1

login

<5500-EI>super

Password:admin

Now user privilege is 3 level, and only those commands whose level is

equal to or less than this level can be used.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

<5500-EI>

4. Use the Telnet session to command the Switch 5500 to get the converted

configuration file from the TFTP server:

<5500-EI>tftp 140.204.1.11 get 4400_3CR17161-91.cfg

File will be transferred in binary mode.

Downloading file from remote tftp server, please wait.........


TFTP: 7841 bytes received in 0 second(s).

File downloaded successfully.

5. Choose the configuration file to be started at the next reboot:

<5500-EI>startup saved-configuration 4400_3CR17161-91.cfg

6. Reboot the Switch 5500:

<5500-EI>reboot

This command will reboot the device. Continue? [Y/N] y

7. While you wait for the Switch 5500 to reboot, shut down the TFTP server on

the PC, as you will not need it again in this lab.


Method 2: upload configuration locally using Xmodem

1. Start a HyperTerminal console session on your PC, using the serial port to

connect to the Switch 5500.

2. Command the Switch 5500 to get the converted configuration file over the

console connection, using xmodem:

Note: the filename given in this command is the name of the destination file

on the Switch 5500, not the name of the source file on the PC.

<5500-EI>xmodem get unit1>flash:/ccu.cfg

**** WARNING ****

xmodem is a slow transfer protocol limited to the current speed

settings of the auxiliary ports.

During the course of the download no exec input/output will be

available!

---- ******* ----

Proceed?[Y/N]y

Destination filename [unit1>flash:/ccu.cfg]?

Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y

Download with XMODEM protocol....

......C..

3. The Switch 5500 is now waiting for the transfer to begin. In the

HyperTerminal window, click Transfer -> Send file …, browse to the

converted configuration file, choose the Xmodem protocol, and click Send:


4. A progress window will appear:

5. The Switch 5500 should confirm that the transfer completed successfully:

Download successful!

<5500-EI>

6. Choose the configuration file to be started at the next reboot:

<5500-EI>startup saved-configuration ccu.cfg

7. Reboot the Switch 5500:

<5500-EI>reboot

This command will reboot the device. Continue? [Y/N] y


Section G: Checking the Configuration on the Switch 5500

Check the configuration on the Switch 5500 is as expected

1. Start a terminal session to the Switch 5500, using a console connection.

2. What is the IP address of the Switch 5500?

3. Check the other parameters that you configured on the legacy switch.

4. What Ethernet port parameters are configured?

5. What QoS parameters are configured?

6. Is the configuration as you expected? Explain any differences.

****End of Configuration Conversion Utility Lab****


Lab

XRN Stacking

Overview


Initialise all switches

Configure the Switch 5500 units to form an XRN stack

Configure IP interfaces on the XRN stack

Connect the XRN stack to edge switches using LACP

Investigate the behaviour while simulating various faults


Introduction to the XRN Stacking Lab

Note:

In this lab, two switches from the 3Com Switch 5500 family will be needed. They must be of

the same type (either 5500-EI or 5500G) though the number of ports on each is not important.

Two legacy 3Com switches (such as Switch 4400) will also be needed.

Lab Environment

Figure 1 shows the networking diagram you will use in this lab.

Figure 1. Networking diagram for XRN Stacking

Lab Procedure

Section A, initialise all switches.

Section B, configure the Switch 5500 units to form an XRN stack.

Section C, configure IP interfaces on the XRN stack.


Section D, connect the XRN stack to edge switches using LACP.

Section E, investigate the behaviour while simulating various faults.


Section A: Initialising All Switches

Initialise the two Switch 5500-EI or 5500G units

1. Do not connect any of the four switches together yet. Some configuration is

needed before connections can be made.

2. Start a HyperTerminal console session to one of the Switch 5500 units,

using a serial cable.

3. Clear the saved configuration on the unit, and reboot:



Are you sure?[Y/N]y


Please wait ...

....


<whatever>reboot


4. Start a HyperTerminal console session to the second Switch 5500 unit,

using a serial cable.

5. Clear the saved configuration on the unit and reboot:



Are you sure?[Y/N]y


Please wait ...

....


<whatever>reboot


Initialise the two Switch 4400s


6. Start a HyperTerminal console session to one of the Switch 4400s, using a

serial cable, and log in as admin. Initialise the switch:


7. Start a HyperTerminal console session to the other Switch 4400, using a

serial cable, and log in as admin. Initialise the switch:



Section B: Configuring the Switch 5500 Units to form an XRN Stack

Configure the Switch 5500 units to form an XRN stack

1. Do not connect the two units together yet. The units should not have any

connections at this stage.

2. Start a HyperTerminal console session to one of the units, using a serial

cable.

A.Configure a system name:


[5500-EI]sysname fred

B.If you are using Switch 5500-EIs, configure the fabric ports:

Note: this step is not needed if you are using Switch 5500Gs, since they

have dedicated XRN fabric connectors on the rear.

[fred]fabric-port gig 1/0/51 enable

[fred]fabric-port gig 1/0/52 enable

C. Name this unit and make sure it will be unit 1 in the XRN stack:

[fred]set unit 1 name fred1

[fred]change self-unit to 1

D. Save the configuration:

[fred]quit

<fred>fabric save-unit-id

<fred>save


3. Start a HyperTerminal console session to the other unit, using a serial cable.

A.Configure a system name:


[5500-EI]sysname bill

B.If you are using Switch 5500-EIs, configure the fabric ports:

Note: this step is not needed if you are using Switch 5500Gs, since they

have dedicated XRN fabric connectors on the rear.

[bill]fabric-port gig 1/0/27 enable

[bill]fabric-port gig 1/0/28 enable

C. Name this unit and make sure it uses auto-numbering in the XRN stack:

[bill]set unit 1 name bill1

[bill]change self-unit to autonumbering

D. Save the configuration:

[bill]quit

<bill>fabric save-unit-id

<bill>save


4. Connect the two units together as a stack. If the units are Switch 5500-EIs,

then use two Ethernet cables. If they are Switch 5500Gs, then use two of

the special cables in the rear connectors.

Note: be sure to connect the units correctly. Each upstream port must

connect to a downstream port on the next unit.

Note: watch carefully for any console messages as you connect the units.

5. What unit ID numbers do you see on the front of each unit?

6. What do the port LEDs on each of the fabric ports do?

7. Using a console session to the unit you named bill, display the XRN and

fabric topology mapper status:

[bill]display xrn-fabric

[bill]display xrn-fabric port

[bill]display ftm information

8. Can you see what the problem is?

9. Change the system name on the unit you named bill to fred, so that both

units have the same system name:

Note: watch carefully for any console messages as you do this.

[bill]sysname fred

[fred]

10. What unit ID numbers do you see now on the front of each unit?

11. What do the port LEDs on each of the fabric ports do now?

12. Using a console session to either unit, display the XRN and fabric topology

mapper status:

[fred]display xrn-fabric

[fred]display xrn-fabric port

[fred]display ftm information


Section C: Configuring IP Interfaces on the XRN Stack

Configure IP interfaces on the XRN stack

1. Configure two IP interfaces:

Note: VLAN 1 exists by default, with all ports as untagged members. We

need only configure VLAN 2.

[fred]vlan 2

[fred-vlan2]port eth 1/0/2

[fred-vlan2]port eth 2/0/2

[fred-vlan2]quit

[fred]interface vlan 1

[fred-Vlan-interface1]ip address 140.204.1.1 24

[fred-Vlan-interface1]quit

[fred]interface vlan 2

[fred-Vlan-interface2]ip address 140.204.2.1 24

[fred-Vlan-interface2]quit

2. Allow telnet management:

[fred]user-interface vty 0 4

[fred-ui-vty0-4]set authentication password simple sesame

[fred-ui-vty0-4]quit

[fred]super password simple admin

[fred]quit

<fred>save


Section D: Connect the XRN Stack to Edge Switches using LACP

Configure LACP on the XRN stack

1. Enable LACP on the four ports that will form the LACP aggregations:

Note: each IP interface will consist of two physical ports, aggregated using

LACP. The two ports should be on different units, for resilience.

[fred]interface eth 1/0/1

[fred-Ethernet1/0/1]lacp enable

[fred-Ethernet1/0/1]quit










Save the configuration of the XRN stack

2. Save the configuration:

[fred]quit

<fred>save

Configure LACP on the Switch 4400

3. Start a HyperTerminal console session to one of the Switch 4400s, using a

serial cable, and log in as admin. Enable LACP on the two ethernet ports

you will connect to the XRN stack:

Select menu option: bridge port lacp 1:47 enable



4. Start a HyperTerminal console session to the other Switch 4400, using a

serial cable, and log in as admin. Enable LACP on the two ethernet ports

you will connect to the XRN stack:




Connect the edge switches to the XRN stack

5. Connect the switches as in the diagram.

Note: to reduce the amount of equipment needed in this lab, we will use

ethernet ports for the interswitch connections. In live networks, gigabit ports

on the Switch 5500s would probably be connected to gigabit modules in the

Switch 4400s.

Note: make sure you use the correct ports for each LACP aggregation. On

the Switch 5500, ports 1/0/1 and 2/0/1 form one aggregation, and ports 1/0/2

and 2/0/2 form the other aggregation. This gives the best resiliency.

Check LACP connectivity

6. Check that the LACP aggregations formed as you expected:

<fred>display link-aggregation summary

Configure the IP address of the PCs

7. Connect each PC to its edge switch and configure the IP address, subnet

mask and default gateway as in the diagram.

Check IP connectivity

8. Check that the two PCs can ping each other.


Section E: Investigate the Behaviour While Simulating Various Faults

The XRN stack is now providing distributed device management (DDM),

distributed link aggregation (DLA), and distributed resilient routing (DRR). We

will simulate various single points of failure, and investigate the effect on each of

these three functions.

Create continuous pings from each PC to the other

1. On each PC, open a command window and start a continuous ping to the

other, so you can see the effect of the various faults you will simulate.

A.On the PC with IP address 140.204.1.11:

C:\Program Files\3Com\Switch 5500 CCU>ping –t 140.204.2.11

B.On the PC with IP address 140.204.2.11:

C:\Program Files\3Com\Switch 5500 CCU>ping –t 140.204.1.11

Simulate single points of failure

After each of the next steps, verify that the PCs can still ping each other (showing

DLA and DRR are working correctly) and that the XRN stack can be successfully

managed by telnet (showing that DDM is working correctly.)

2. Remove one of the LACP connections between an edge switch and the XRN

stack.

3. Reconnect the missing LACP connection.

4. Remove one of the XRN connections between units in the XRN stack.

5. Reconnect the missing XRN connection.

6. Disconnect the power cord from unit 2 in the XRN stack.

7. Reconnect the missing power cord.

8. Disconnect the power cord from unit 1 in the XRN stack.


9. Reconnect the missing power cord.

****End of XRN Stacking Lab****


Lab

QoS

Overview


Review the QoS commands in the CLI

Implement a basic end-to-end QoS strategy, using .1p

– Classify streams of traffic received the edge of the network, re-marking the

.1p values in each class

– Prioritise traffic streams by .1p value

– Configure Strict Priority Queuing to ensure correct service levels

– Observe the traffic patterns when there is congestion in the network


Notes on the Implementation of QoS on the Switch 5500

The implementation of QoS on the Switch 5500 is similar to that on the modular

switches (the Switch 7700 and Switch 8800) but there are some important

differences.

Similarities

On all these switches, many QoS features are implemented by creating ACLs to

classify packets and then incorporating these ACLs into commands which act on

those classes. For example, an ACL can be created to match all packets from a

given IP address and this ACL can be incorporated into a command that re-

marks all matching packets with a particular DSCP value on egress.

Each ingress packet is given a priority (see Differences below) that determines to

which output queue it will be assigned at the egress port. (There are eight output

queues on each of the switches.) Scheduling mechanisms then determine the

priority of each output queue. With care, an overall strategy can be created to

determine how the switch will prioritise forwarding various classes of traffic.

Differences

By default, the Switch 7700 and Switch 8800 prioritise traffic by the .1p value in

tagged packets or by the priority value assigned to the ingress port in untagged

packets. They can also prioritise packets by DSCP values and by IP

precedence. The prioritisation mechanism is chosen globally for the Switch

7700, but can be chosen per port on the Switch 8800.

By default, the Switch 5500 ignores all prioritisation information carried in

packets, and prioritises all traffic by the priority value assigned to the ingress

port. It can also prioritise tagged packets based on their .1p value. The

prioritisation mechanism can be chosen per port on the Switch 5500.

The queuing mechanisms available differ on each switch. On the Switch 7700,

Strict Priority Queuing (SPQ) is the only mechanism available. On the Switch

8800, SPQ is the default and Weighted Round Robin Queuing (WRRQ) is also

available. On the Switch 5500, WRRQ is the default and SPQ and Weighted Fair

Queuing (WFQ) are also available.

The Switch 5500 has an additional feature, the QoS profile, which consists of a

group of settings (for packet filtering, traffic policing, and priority re-marking) that

can be applied to a port, to simplify configuration. If used in conjunction with


802.1X user authentication, the QoS profile can be used to configure a port

dynamically according to which user connects to it.


Introduction to QoS Lab

Note:

Two 3Com Switch 5500-EI or Switch 5500G units will be needed in this lab.

Lab Environment

There are several sections to this lab. They all use the network diagram shown in Figure 1.

Figure 1. Networking diagram for QoS lab


Lab Procedure

In Section A, you will set the scene by configuring interfaces and OSPF,and

checking basic connectivity.

In Section B, you will install the software utilities to be used, and check that they

work as expected with no QoS configured.

In Section C you will implement the basic QoS strategy.

There will be two levels of service, one of higher priority than the other.

As the traffic from a PC reaches the ingress edge switch, it will be classified

according to source IP address, and each packet will be marked with the .1p

value corresponding to the correct service level.

Note: for this lab, traffic from the VLC streaming video server will be in the higher

priority class, and all other traffic will be in the lower priority class. Of course, in a

real network, a more useful classification might be done on source or destination

address, on TCP/UDP port number (so by application) and so on.

Next, the switches will be configured to allocate each packet to an output queue

according to the .1p value it carries. Strict priority queuing will ensure different

levels of service for the two classes of traffic.

Finally, you will observe the traffic patterns when there is congestion on the

network.

In Section D you will configure a QoS profile and apply it to a port.


Section A: Configuring Basic Connectivity

Reset configurations to default

1. On each switch, clear the saved configuration and reboot:



Are you sure?[Y/N]y


Please wait ...

....


<whatever>reboot


Rename the switches

2. Rename the switch that will receive traffic from the servers:


[5500-EI]sysname toserver

[toserver]

3. Rename the switch that will send that traffic to the client:


[5500-EI]sysname toclient

[toclient]


Configure interfaces and enable OSPF

4. For “toclient”, do the following:

A.Configure the interfaces:

Note: VLAN 1 exists by default, with all ports assigned to it

[toclient]vlan 2

[toclient-vlan2]port eth 1/0/24

[toclient-vlan2]quit

[toclient]interface vlan 1

[toclient-Vlan-interface1]ip address 140.204.1.1 24

[toclient-Vlan-interface1]quit

[toclient]interface vlan 2

[toclient-Vlan-interface2]ip address 140.204.2.1 24

[toclient-Vlan-interface2]quit

[toclient]interface eth 1/0/24

[toclient-Ethernet1/0/24]port link-type trunk

[toclient-Ethernet1/0/24]port trunk permit vlan 2

[toclient-Ethernet1/0/24]quit

B.Enable OSPF:

[toclient]router id 1.1.1.1

[toclient]ospf

[toclient-ospf-1]area 0

[toclient-ospf-1-area-0.0.0.0]network 140.204.1.0 0.0.0.255

[toclient-ospf-1-area-0.0.0.0]network 140.204.2.0 0.0.0.255

[toclient-ospf-1-area-0.0.0.0]quit

[toclient-ospf-1]quit

C. Save the configuration:

Note: Then you can reboot to these basic settings later if you need to.

[toclient]quit

<toclient>save


5. For “toserver”, do the following:

A.Configure the interfaces:

Note: VLAN 1 exists by default, with all ports assigned to it

[toserver]vlan 2

[toserver-vlan2]port eth 1/0/24

[toserver-vlan2]quit

[toserver]vlan 3



[toserver-vlan3]quit

[toserver]interface vlan 2

[toserver-Vlan-interface2]ip address 140.204.2.2 24

[toserver-Vlan-interface2]quit

[toserver]interface vlan 3

[toserver-Vlan-interface3]ip address 140.204.3.1 24

[toserver-Vlan-interface3]quit

[toserver]interface eth 1/0/24

[toserver-Ethernet1/0/24]port link-type trunk

[toserver-Ethernet1/0/24]port trunk permit vlan 2

[toserver-Ethernet1/0/24]quit

[toserver]

B.Enable OSPF:

[toserver]router id 2.2.2.2

[toserver]ospf

[toserver-ospf-1]area 0

[toserver-ospf-1-area-0.0.0.0]network 140.204.2.0 0.0.0.255

[toserver-ospf-1-area-0.0.0.0]network 140.204.3.0 0.0.0.255

[toserver-ospf-1-area-0.0.0.0]quit

[toserver-ospf-1]quit

C. Save the configuration:

Note: Then you can reboot to these basic settings later if you need to.

[toserver]quit

<toserver>save


Check connectivity

6. Connect the PCs as in the diagram. Make sure you use the correct ports, so

VLAN membership and other configuration is correct.

7. Now check that you have configured basic connectivity correctly. Check that

each PC can ping all the other PCs.


Section B: Installing and Checking Software Utilities

Install VLC on the server and client

1. If you don’t have the VLC streaming software yet, ask your instructor. It’s

exactly the same software for server and client.

2. Install VLC on the server and client PCs. It installs just like any other

Windows application.

Start a stream on the server

3. Start the VLC player on the server:

4. Select File -> Wizard …:


5. Select Stream to network, then click Next:

6. Click Choose:


7. Click Browse, then find a .mpg file to use:

8. Click Open:


9. Click OK:

10. Click Next:


11. Click UDP Unicast, enter the IP address of the client PC, then click Next:

12. There is only one available encapsulation format, so just click Next:


13. Enter a TTL figure of 10 (the value is not important here), then click Finish:


Play the stream on the client

14. Start the VLC player on the client:

15. Select File -> Open Network Stream…:


16. Enter the MRL of the VLC server (udp://140.204.3.11) then click OK:

Check that VLC is performing as expected

17. You should see the .mpg file being played in the window.

18. Stop the VLC server and client.


Install the iperf tool on the traffic generator and client PCs

Note: you must have Administrator rights to run iperf on a PC.

19. If you don’t have the iperf software yet, ask your instructor. It’s exactly the

same software for server and client.

20. Iperf is run from the command line, so there is no Windows application to

install. Simply copy iperf into a directory (such as C:\TEMP) on each PC.

Start iperf transmitting on the traffic generator

21. Iperf is run from the command line, so you will need to open a command

window and change directory to where you saved iperf, in order to run it.

22. Start the iperf transmitter:

C:\TEMP>iperf –c 140.204.1.11 –u –b 100M

------------------------------------------------------------

Client connecting to 140.204.1.11, UDP port 5001

Sending 1470 byte datagrams

UDP buffer size: 8.00 KByte (default)

------------------------------------------------------------

[136] local 140.204.1.11 port 1232 connected with 140.204.1.11 port

5001

Start iperf receiving on the client PC

23. Iperf is run from the command line, so you will need to open a command

window and change directory to where you saved iperf, in order to run it.

24. Start the iperf receiver:

C:\TEMP>iperf –s -u

------------------------------------------------------------

Server listening on UDP port 5001

Receiving 1470 byte datagrams

UDP buffer size: 8.00 KByte (default)

------------------------------------------------------------


[120] local 140.204.1.11 port 5001 connected with 140.204.3.11 port

1064

Check that iperf is performing as expected

25. The actual bandwidth indicated depends on the PCs being used.

[ ID] Interval Transfer Bandwidth Jitter Lost/Total

Datagrams

[120] 0.0- 6.9 sec 27.7 MBytes 33.5 Mbits/sec 0.945 ms 9336/29071

(32%)

[120] 0.0- 6.9 sec 80 datagrams received out-of-order


Create some contention for bandwidth in the network

For this lab, we must introduce some artificial contention for bandwidth in the

network. We reduce the bandwidth of the port connected to the client PC to

10Mbps. Traffic from the servers will arrive at the output queues for this port

faster than it can be forwarded to the client PC, so some traffic will be lost.

26. Create contention on output at port 1/0/1 on the toclient switch:


[toclient-Ethernet1/0/1]speed 10


Investigate the behaviour without QoS configuration

27. Now run both iperf and VLC at the same time. What do you notice about the

performance of each of them?


Section C: Implementing the Basic QoS Strategy

Create an ACL to classify the video traffic

We want to remark all the video traffic from the server as high priority. In this lab,

we know that the VLC server sends traffic to UDP destination port 1234. In

practice on a live network, classification could be much more sophisticated,

based on source and destination IP addresses, source and destination UDP/TCP

ports, and so on.

28. On “toserver”, create a basic ACL to match packets sent from the VLC

server:

[toserver]acl number 3001

[toserver-acl-adv-3001]rule permit udp destination-port eq 1234

[toserver-acl-adv-3001]quit

Remark the video traffic as it enters the network

29. Remark the video traffic with a higher .1p value as it enters the network:

[toserver]interface eth 1/0/1

[toserver-Ethernet1/0/1]traffic-priority inbound ip-group 3001 cos

video

[toserver-Ethernet1/0/1]quit

Prioritise traffic by .1p value

30. Prioritise traffic using the .1p it carries, rather than the priority value of the

port at which it arrives:

Note: we don’t need to configure this directly on the ingress port of the

“toserver” switch, since this is implied by remarking .1p values.


[toclient-Ethernet1/0/24]priority trust



Select Strict Priority Queuing

31. To give the greatest difference in priority between different traffic types,

configure Strict Priority Queuing:

A.On the “toserver” switch:

[toserver]queue-scheduler strict-priority

B.On the “toclient” switch:

[toclient]queue-scheduler strict-priority

Investigate the behaviour with QoS configuration

32. Now run both iperf and VLC at the same time. What do you notice about the

performance of each of them?


Section D: Creating and Applying a QoS Profile

QoS profiles are useful in two ways.

First, if a particular QoS configuration needs to be applied to many ports, it’s

much easier to create a single QoS profile and apply it to many ports, than to

apply the QoS commands individually on each port.

Second, the QoS profile can be associated with a user, rather than with a

physical port. It is possible to dynamically apply a QoS profile to a port, when a

user is authenticated using 802.1X. The user’s correct QoS profile name is

stored on the RADIUS server, and given to the switch during the authentication

process.

For simplicity, the example in this lab will only look at the first of these cases.

Create an ACL to match traffic from the client PC

1. Match all traffic from the client PC:

[toclient]acl number 2001

[toclient-acl-basic-2001]rule permit source 140.204.1.11 0.0.0.0

[toclient-acl-basic-2001]quit

Create a QoS profile

2. Create a QoS profile that remarks traffic with a DSCP value, and a .1p value:

[toclient]qos-profile VIP

[toclient-qos-profile-vip]traffic-priority inbound ip-group 2001 dscp

cs3 cos excellent-effort

[toclient-qos-profile-vip]quit

Apply the QoS profile to the client PC port

3. Associate the QoS profile “VIP” with the client PC port:

[toclient]apply qos-profile VIP interface eth 1/0/1


Investigate the effects of the QoS profile

If you have Ethereal (or any other packet capture utility) installed on the server,

you can check that packets sent by the client PC now have a DSCP value of cs3

(decimal 18, hex 18):

4. From the client PC, ping the server:

C:\TEMP>ping 140.204.3.11

****End of QoS Lab****


Lab

Web Interface

Overview


Configure the Switch 5500 for management over the Web interface

Use the Web interface

– Configure and apply a QoS profile, as an example


Notes on the Switch 5500 Web Interface

Accessing the Switch 5500 management interface

Unlike some of 3Com’s legacy switches, the management interface is not limited

to VLAN 1, so if a switch has multiple IP interfaces, a Web browser can use any

of them to connect to the management interface.

If the switch is reset to native factory defaults there is no Web access. A local

user must exist, with the correct access rights, before Web management is

possible. Such a user has already been created in the 3comoscfg.def file

described earlier in this class. Web management is possible immediately if the

switch has been rebooted using this file, with user name “admin” and no

password.

Limitations of the Switch 5500 web interface

At present, the Web interface on the Switch 5500 family is not as comprehensive

as the command line interface (CLI). The Web interface does not support

configuration of layer 3 features such as OSPF and PIM.

The Help facility in the Web Interface gives a complete list of CLI commands and

(where they exist) the Web equivalents.


Introduction to Web Interface Lab

Note:

One 3Com Switch 5500-EI or Switch 5500G unit will be needed in this lab.

Lab Environment

There are several sections to this lab. They all use the network diagram shown in Figure 1.

Figure 1. Networking diagram for PoE lab

Lab Procedure

In Section A, you will configure the Switch 5500 for Web management.

In Section B, you will use the Web interface.


Section A: Configuring the Switch 5500 for Web management

Reset configuration to default

1. Clear the saved configuration and reboot:



Are you sure?[Y/N]y


Please wait ...

....


<whatever>reboot


Configure an IP interface on the Switch 5500

2. When the Switch 5500 has restarted, restart the console session.

3. Give the Switch 5500 an IP address:


[5500-EI]interface vlan 1

[5500-EI-Vlan-interface1]ip address 140.204.1.1 24

[5500-EI-Vlan-interface1]quit

Allow Web management

4. Allow unrestricted Web access to user “admin” with no password:

Note: Web access shares the telnet service-type.

[5500-EI]local-user admin

[5500-EI-luser-admin]service-type telnet

[5500-EI-luser-admin]level 3

[5500-EI-luser-admin]quit

[5500-EI]quit


<5500-EI>save


Configure the IP address of the PC

4. The IP address of the PC should be 140.204.1.11, with subnet mask

255.255.255.0. The address of the default gateway is not important.

Check connectivity

5. Check that the PC can ping the switch.


Section B: Using the Web Management Interface

Log in to the switch

1. Open a browser session to the switch. You will see the login window.

2. Enter a user name “admin” and click Login.


Configuration example

3. Create an ACL to match all traffic going to subnet 140.204.1.0 (hint: wildcard

0.0.0.255.)

4. Create a QoS profile “test_lab” that uses this ACL to remark traffic-priority

with DSCP value 46 (expedited forwarding) and local precedence value 6.

5. Assign the QoS profile to port 1/0/1, inbound.

Explore the web interface

6. Spend as much time as you want exploring the rest of the web interface.


****End of Web Interface Lab****


Documents

Switch 5500LAB