Managing Platform Operations

Part No. 317350-C
June 2005
4655 Great America Parkway
Santa Clara, CA 95054
Managing Platform Operations
Ethernet Routing Switch 8300
Software Release 2.2
*317350-C*
2
Copyright © Nortel Networks Limited 2005. All rights reserved.
The information in this document is subject to change without notice. The statements, configurations, technical data, and
recommendations in this document are believed to be accurate and reliable, but are presented without express or implied
warranty. Users must take full responsibility for their applications of any products specified in this document. The
information in this document is proprietary to Nortel Networks Inc.
The software described in this document is furnished under a license agreement and may be used only in accordance
with the terms of that license. The software license agreement is included in this document.
Trademarks
Nortel Networks, the Nortel Networks logo, the Globemark, Unified Networks, Passport, and BayStack are trademarks
of Nortel Networks.
Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated.
Microsoft, Windows, and Windows NT are trademarks of Microsoft Corporation.
The asterisk after a name denotes a trademarked item.
Restricted rights legend
Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph
(c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013.
Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software,
the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the
Commercial Computer Software-Restricted Rights clause at FAR 52.227-19.
Statement of conditions
In the interest of improving internal design, operational function, and/or reliability, Nortel Networks Inc. reserves the
right to make changes to the products described in this document without notice.
Nortel Networks Inc. does not assume any liability that may occur due to the use or application of the product(s) or
circuit layout(s) described herein.
Portions of the code in this software product may be Copyright © 1988, Regents of the University of California. All
rights reserved. Redistribution and use in source and binary forms of such portions are permitted, provided that the above
copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials,
and other materials related to such distribution and use acknowledge that such portions of the software were developed
by the University of California, Berkeley. The name of the University may not be used to endorse or promote products
derived from such portions of the software without specific prior written permission.
SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains
restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third
parties).
317350-C
3
Nortel Networks Inc. software license agreement
This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel
Networks Corporation and its subsidiaries and affiliates (“Nortel Networks”). PLEASE READ THE FOLLOWING
CAREFULLY. YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE
SOFTWARE. USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE
AGREEMENT. If you do not accept these terms and conditions, return the Software, unused and in the original shipping
container, within 30 days of purchase to obtain a credit for the full purchase price.
“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted
and licensed, not sold. Software consists of machine-readable instructions, its components, data, audio-visual content
(such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies. Nortel
Networks grants you a license to use the Software only in the country where you acquired the Software. You obtain no
rights other than those granted to you under this License Agreement. You are responsible for the selection of the
Software and for the installation of, use of, and results obtained from the Software.
1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software
on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable.
To the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”),
Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable. Software
contains trade secrets and Customer agrees to treat Software as confidential information using the same care and
discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate.
Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement.
Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse
assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or
modifications unless expressly authorized; or d) sublicense, rent or lease the Software. Licensors of intellectual property
to Nortel Networks are beneficiaries of this provision. Upon termination or breach of the license by Customer or in the
event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or
certify its destruction. Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s
Software activation or usage levels. If suppliers of third party software included in Software require Nortel Networks to
include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect
to such third party software.
2. Warranty. Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,
Software is provided “AS IS” without any warranties (conditions) of any kind. NORTEL NETWORKS DISCLAIMS
ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING,
BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT. Nortel Networks is not obligated to
provide support of any kind for the Software. Some jurisdictions do not allow exclusion of implied warranties, and, in
such event, the above exclusions may not apply.
3. Limitation of Remedies. IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE
LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF,
OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,
INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS),
WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR
USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN
ADVISED OF THEIR POSSIBILITY. The foregoing limitations of remedies also apply to any developer and/or supplier
of the Software. Such developer and/or supplier is an intended beneficiary of this Section. Some jurisdictions do not
allow these limitations or exclusions and, in such event, they may not apply.
4.
General
a.
If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks
Software available under this License Agreement is commercial computer software and commercial computer
software documentation and, in the event Software is licensed for or on behalf of the United States
Managing Platform Operations
4
Government, the respective rights to the software and software documentation are governed by Nortel
Networks standard commercial license in accordance with U.S. Federal Regulations at 48 C.F.R. Sections
12.212 (for non-DoD entities) and 48 C.F.R. 227.7202 (for DoD entities).
b.
Customer may terminate the license at any time. Nortel Networks may terminate the license if Customer fails
to comply with the terms and conditions of this license. In either event, upon termination, Customer must
either return the Software to Nortel Networks or certify its destruction.
c.
Customer is responsible for payment of any taxes, including personal property taxes, resulting from
Customer’s use of the Software. Customer agrees to comply with all applicable laws including all applicable
export and import laws and regulations.
d.
Neither party may bring an action, regardless of form, more than two years after the cause of the action arose.
e.
The terms and conditions of this License Agreement form the complete and exclusive agreement between
Customer and Nortel Networks.
f.
This License Agreement is governed by the laws of the country in which Customer acquires the Software. If
the Software is acquired in the United States, then this License Agreement is governed by the laws of the state
of New York.
317350-C
5
Contents
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
About the NNCLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
NNCLI command modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Accessing the NNCLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Returning to the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Hard-copy technical manuals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
How to get help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 1: System Platform Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Microsoft Network Load Balancing Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Port mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Guest VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Enabling EAPOL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Enabling Guest VLAN on a port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Multiple EAP Clients and Mix of EAP/non-EAP Clients . . . . . . . . . . . . . . . . . . . . . . . . 28
Enabling Multi Host feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Configuring an allowed non-EAP MAC address . . . . . . . . . . . . . . . . . . . . . . . 30
Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
CLI advanced tracking and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
NTP terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
NTP system implementation model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
How NTP distributes time within a subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Synchronizing with the best available time server . . . . . . . . . . . . . . . . . . . . . . . . . 36
NTP modes of operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
NTP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
BootP/DHCP relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Managing Platform Operations
6 Contents
Differences between DHCP and BootP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Summary of DHCP relay operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Forwarding DHCP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Multiple BootP/DHCP servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Power over Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 2: Configuring CLI advanced tracking and logging using CLI . . 43
Roadmap of CLI logging commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Configuring CLI advanced tracking and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Showing CLI logging information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Showing global CLI logging parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Showing the decrypted CLI log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Saving the CLI log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Chapter 3: Configuring CLI advanced tracking and logging using NNCLI 49
Roadmap of NNCLI logging commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuring CLI advanced tracking and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Enabling CLI advanced tracking and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Disabling CLI advanced tracking and logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Setting the maximum allowable file size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Showing CLI logging information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Saving the CLI log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Chapter 4: Configuring NTP using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . 55
Configuration prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Roadmap of CLI NTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Configuring NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Enabling NTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Creating an NTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Configuring authentication keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Showing NTP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Chapter 5: Configuring NTP using the NNCLI. . . . . . . . . . . . . . . . . . . . . . . 65
Configuration prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Roadmap of NNCLI NTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Configuring NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
317350-C
Contents
7
Creating an NTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Disabling and removing NTP servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Adding authentication keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Removing authentication keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Setting NTP interval times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Enabling NTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Disabling NTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Showing NTP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Showing NTP authentication keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Showing NTP servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Showing NTP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Chapter 6: Configuring NTP using Device Manager. . . . . . . . . . . . . . . . . . 73
Configuration prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuring NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Enabling NTP globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Adding an NTP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Assigning a NTP key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Chapter 7: Configuring BootP/DHCP using Device Manager . . . . . . . . . . 81
Supporting BootP/DHCP relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Configuring BootP/DHCP on VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Configuring forwarding policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Graphing DHCP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Appendix A: Port numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Port numbering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Interface indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Calculating a port interface index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Calculating a VLAN interface index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Calculating an MLT interface index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Managing Platform Operations
8 Contents
317350-C
9
Figures
Figure 1
Guest VLAN architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Figure 2
Security dialog box — EAPOL tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Figure 3
Port dialog box — Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Figure 4
Port dialog box — EAPOL tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Figure 5
Guest VLAN dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Figure 6
Multiple EAP/Mixed client architecture
Figure 7
Multi Host dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Figure 8
Non-EAP MAC dialog box — Non-EAP Config tab . . . . . . . . . . . . . . . . . 31
Figure 9
Non EAPOL dialog box — Allowed Non-EAP MAC tab . . . . . . . . . . . . . . 31
Figure 10
Allowed MAC Address dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Figure 11
NTP time servers forming a synchronization subnet . . . . . . . . . . . . . . . . 35
Figure 12
NTP time servers operating in unicast client mode . . . . . . . . . . . . . . . . . 38
Figure 13
DHCP operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Figure 14
Forwarding DHCP packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
. . . . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 15
Configuring multiple BootP/DHCP servers . . . . . . . . . . . . . . . . . . . . . . . . 42
Figure 16
config cli clilog command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Figure 17
show cli clilog info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Figure 18
show clilog file command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Figure 19
save clilog file command example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Figure 20
clilog enable command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 21
clilog enable command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Figure 22
show clilog command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 23
show clilog file command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Figure 24
save clilog file command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Figure 25
show ntp info command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Figure 26
show ntp server stat command sample output . . . . . . . . . . . . . . . . . . . . . 63
Figure 27
ntp server command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Figure 28
ntp key command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Figure 29
ntp interval command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Managing Platform Operations
10 Figures
Figure 30
ntp enable command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Figure 31
show ntp key command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Figure 32
show ntp server command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Figure 33
show ntp stats command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Figure 34
NTP dialog box—Globals tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Figure 35
Server tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Figure 36
NTP, Insert Server dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Figure 37
NTP dialog box—Key tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Figure 38
NTP, Insert Key dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Figure 39
IP, VLAN dialog box—DHCP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Figure 40
DHCP dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Figure 41
DHCP, Insert Globals dialog box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Figure 42
Graph Port dialog box — Interface tab . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Figure 43
Graph Port dialog box — DHCP tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Figure 44
8010 chassis slots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Figure 45
Port numbers on high-density modules . . . . . . . . . . . . . . . . . . . . . . . . . . 88
317350-C
11
Tables
Table 1
NNCLI command modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Table 2
Global tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Table 3
Server tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Table 4
NTP, Insert Server dialog box fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Table 5
Key tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Table 6
NTP, Insert Key dialog box fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Table 7
DHCP, Insert Globals dialog box fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Table 8
DHCP tab fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Managing Platform Operations
12 Tables
317350-C
13
Preface
The Nortel* Ethernet Routing Switch 8300 is a flexible and multifunctional
Layer 2/Layer 3 switch that supports diverse network architectures and protocols.
The Ethernet Routing Switch 8300 provides security and control features such as
Extensible Authentication Protocol over LAN (EAPoL), Simple Network
Management Protocol, Version 3 (SNMP3), and Secure Shell (SSH). The
Ethernet Routing Switch 8300 provides quality of service (QoS) for a high
number of attached devices and supports future network requirements for QoS for
critical applications, such as Voice over IP (VoIP).
This guide describes a variety of system platform operations and diagnostic tools
available for the Ethernet Routing Switch 8300 Software Release 2.2. The guide
provides instructions for configuring, monitoring, and managing the Ethernet
Routing Switch 8300 Switch using the Nortel Networks* Command Line
Interface (NNCLI), the Ethernet Routing Switch 8300 Command Line Interface
(CLI), and the Java Device Manager (Device Manager).
Device Manager is a graphical user interface (GUI) used to configure and manage
8300 Series switches. You install it on a management station in the network. For
instructions on installing and starting Device Manager on a Windows*, UNIX*,
or Linux* platform, refer to Installing and Using Device Manager (316808-C).
The manual also describes some common startup problems and how to
troubleshoot them.
To learn the basic structure and operation of the NNCLI, refer to NNCLI
Command Line Reference for the Ethernet Routing Switch 8300 (316810-C). This
reference guide describes the function and syntax of each NNCLI command.
To learn the basic structure and operation of the Ethernet Routing Switch 8300
CLI, refer to CLI Command Line Reference for the Ethernet Routing Switch
8300 (317360-C). This reference guide describes the function and syntax of each
CLI command.
Managing Platform Operations
14
Preface
Before you begin
This guide is intended for network administrators who have the following
background:
•
•
•
•
basic knowledge of networks, Ethernet bridging, and IP routing
familiarity with networking concepts and terminology
experience with windowing systems or GUIs
basic knowledge of network topologies
Before using this guide, you must complete the following procedures. For a new
switch:
1
Install the switch.
For installation instructions, see Installing and Maintaining the Ethernet
Routing Switch 8306 and 8310 Chassis (316795-C) and Installing Ethernet
Routing Switch 8300 Series Modules (316796-C).
2
Connect the switch to the network.
For more information, see Getting Started (316799-C).
Ensure that you are running the latest version of Nortel Ethernet Routing
Switch 8300 software. For information about upgrading the Ethernet Routing
Switch 8300, see Upgrading to Ethernet Routing Switch 8300 Software
Release 2.2 (318769-C).
About the NNCLI
This section describes the Nortel Networks Command Line Interface (NNCLI)
command modes you use to configure the Ethernet Routing Switch 8300 and the
commands you use to access the NNCLI. You can access the NNCLI using the
following methods:
•
•
•
317350-C
Telnet session
rlogin
local console port
Preface 15
NNCLI command modes
The NNCLI has four major command modes, listed in order of increasing
privileges:
•
•
•
•
User EXEC
Privileged EXEC
Global configuration
Interface configuration
Each mode provides a specific set of commands. The command set of a
higher-privilege mode is a superset of a lower-privilege mode. That is, all
lower-privilege mode commands are accessible when using a higher-privilege
mode.
The command modes are as follows:
•
User EXEC mode
This is the initial mode of access. By default, the User Access Verification
Password for this mode is empty, and password checking is disabled. The
password can be changed (and password checking enabled) by the system
administrator in Global configuration mode. Once the password is changed, it
is activated immediately.
•
Privileged EXEC mode
This mode is accessed from the User EXEC mode. When accessing this
mode, you are prompted to provide a login name and password. The login
name and password combination determines your access level in the
Privileged EXEC mode and other higher modes.
•
Global configuration mode
This mode allows you to make changes to the running configuration. If the
configuration is saved, these settings survive reboots of the switch.
•
Interface configuration mode
This mode allows you to modify either a logical interface, such as a VLAN, or
a physical interface, such as a port/slot.
Managing Platform Operations
16
Preface
From either the Global configuration mode or the Interface configuration mode,
all the configuration parameters (both global and interface) can be saved to a file.
The default name for the configuration parameters file is config.cfg. Alternative
filenames can also be used.
Table 1 lists the NNCLI command modes, the prompts for each mode, the
abbreviated name for each mode, and how to enter and exit each mode.
Table 1 NNCLI command modes
Command mode Prompt
Mode
name
Command/mode
to enter or exit mode
User EXEC
Passport-8300:5>
exec
Default mode
when NNCLI is started
logout to exit
Privileged EXEC
Passport-8300:5#
privExec
enable to enter
from User EXEC mode
disable to exit
to User EXEC mode
Global
configuration
Passport-8300:5(config)#
config
Interface
configuration
Passport-8300:5(config-if)# config-if
configure to enter
from Privileged EXEC mode
exit to exit
to Privileged EXEC mode
interface to enter from
Global configuration mode
exit to exit
to Global configuration mode
Note: Prompts are expressed in this table using the format Passport-8300:5; however,
prompts returned from your switch typically reflect the specific chassis you use. For
example, if you use the 8310 chassis, the prompts use the format Passport-8310:5.
Prompts can be customized, also, using the NNCLI command snmp-server name
<prompt>. Refer to Getting Started (316799-C) for more information.
Accessing the NNCLI
When you first power up the Ethernet Routing Switch 8300, the default interface
is the Ethernet Routing Switch 8300 CLI. To switch from the CLI to the NNCLI,
you must change the NNCLI boot flag to true and save the boot configuration
file using the following commands:
317350-C
Preface 17
Passport-8310:5# config boot flags nncli true
Passport-8310:5# save boot
You must reboot the switch for this change to take effect. After you reboot the
switch, access the NNCLI using Telnet, rlogin, or the local console port. You can
log in to the switch using your password and the default privilege password
nortel.
Use the following commands to:
•
•
log in to the software using the default user name and password
access Global configuration mode
Login: xxxxx
Password: xxxxx
Passport-8310:5> enable
Password: nortel
Passport-8310:5# configure terminal
Passport-8310:5(config)#
Returning to the CLI
Note: The config.cfg file for the CLI and the config.cfg file for the
NNCLI are not compatible. If you decide to change the CLI mode to
NNCLI, or the reverse, you must use the config.cfg file for the selected
mode.
To switch from the NNCLI to the CLI, enter the following commands:
Passport-8310:5(config)# no boot flags nncli
Passport-8310:5(config)# exit
Passport-8310:5(config)# save boot
You must reboot the switch for this change to take effect.
Managing Platform Operations
18
Preface
Text conventions
This guide uses the following text conventions:
angle brackets (< >)
Indicate that you choose the text to enter based on the
description inside the brackets. Do not type the
brackets when entering the command.
Example: If the command syntax is
ping <ip_address>, you enter
ping 192.32.10.12
bold body text
Indicates objects such as window names, dialog box
names, and icons, as well as user interface objects such
as buttons, tabs, and menu items.
bold Courier text
Indicates command names, options, and text that you
must enter.
Example: Use the dinfo command.
Example: Enter show ip {alerts|routes}.
braces ({})
Indicate required elements in syntax descriptions where
there is more than one option. You must choose only
one of the options. Do not type the braces when
entering the command.
Example: If the command syntax is
show ip {alerts|routes}, you must enter either
show ip alerts or show ip routes, but not both.
brackets ([ ])
Indicate optional elements in syntax descriptions. Do
not type the brackets when entering the command.
Example: If the command syntax is
show ip interfaces [-alerts], you can enter
either show ip interfaces or
show ip interfaces -alerts.
ellipsis points (. . . )
Indicate that you repeat the last element of the
command as needed.
Example: If the command syntax is
ethernet/2/1 [<parameter> <value>]... ,
you enter ethernet/2/1 and as many
parameter-value pairs as needed.
317350-C
Preface 19
italic text
Indicates variables in command syntax descriptions.
Also indicates new terms and book titles. Where a
variable is two or more words, the words are connected
by an underscore.
Example: If the command syntax is
show at <valid_route>,
valid_route is one variable and you substitute one
value for it.
plain Courier
text
Indicates command syntax and system output, for
example, prompts and system messages.
Example: Set Trap Monitor Filters
separator ( > )
Shows menu paths.
Example: Protocols > IP identifies the IP command on
the Protocols menu.
vertical line ( | )
Separates choices for command keywords and
arguments. Enter only one of the choices. Do not type
the vertical line when entering the command.
Example: If the command syntax is
show ip {alerts|routes}, you enter either
show ip alerts or show ip routes, but not
both.
Hard-copy technical manuals
You can download current versions of technical documentation for your Ethernet
Routing Switch 8300 from the Nortel customer support web site at
www.nortel.com/support.
If, for any reason, you cannot find a specific document, use the Search function:
1
Click Search at the top right-hand side of the web page.
The Search page opens.
2
Ensure the Support tab is selected.
3
Enter the title or part number of the document in the Search field.
4
Click Search.
Managing Platform Operations
20
Preface
You can print the technical manuals and release notes free, directly from the
Internet. Use Adobe* Acrobat Reader* to open the manuals and release notes,
search for the sections you need, and print them on most standard printers. Go to
Adobe Systems at the www.adobe.com URL to download a free copy of the
Adobe Acrobat Reader.
How to get help
If you purchased a service contract for your Nortel product from a distributor or
authorized reseller, contact the technical support staff for that distributor or
reseller for assistance.
If you purchased a Nortel service program, contact Nortel Technical Support. To
obtain contact information online, go to the www.nortel.com/contactus web page
and click Technical Support.
Information about the Nortel Technical Solutions Centers is available from the
www.nortel.com/callus web page.
An Express Routing Code (ERC) is available for many Nortel products and
services. When you use an ERC, your call is routed to a technical support person
who specializes in supporting that product or service. To locate the ERC for your
product or service, go to the www.nortel.com/erc web page.
317350-C
21
Chapter 1
System Platform Overview
This chapter provides overview information about a variety of system platform
operations and diagnostic tools. Specifically, it includes information about the
following topics:
•
•
•
•
•
•
•
•
“Microsoft Network Load Balancing Support” on page 21
“Port mirroring” on page 22
“Guest VLANs” on page 23
“Syslog” on page 33
“CLI advanced tracking and logging” on page 33
“Network Time Protocol (NTP)” on page 34
“BootP/DHCP relay” on page 39
“Power over Ethernet” on page 42
Microsoft Network Load Balancing Support
This enhancement is useful if multiple endstations/servers share a multicast MAC
address, as is the case with certain network load balancing applications, wherein
the traffic is forwarded to ports that are members of that multicast MAC address.
Note: This feature is disabled by default.
Managing Platform Operations
22 Chapter 1 System Platform Overview
Port mirroring
Ethernet Routing Switch 8300 switches have a port mirroring feature that helps
you to monitor and analyze network traffic. The port mirroring feature supports
both ingress (incoming traffic) and egress (outgoing traffic) port mirroring. When
port mirroring is enabled, the ingress or egress packets of the mirrored (source)
port are forwarded normally and a copy of the packets is sent out of the mirrored
port to the mirroring (destination) port. Although you can configure Ethernet
Routing Switch 8300 switches to monitor both ingress and egress traffic, some
restrictions apply.
You can configure up to 383 total entries in the port mirroring table for mirroring,
and you can have up to 383 entries active at any given time. This total is the
combination of the maximum number of entries in egress port mirroring (8) and
the number of entries in ingress port mirroring.
For ingress port mirroring, you can configure only one port as the mirroring
(destination) port. You can configure any number of ingress ports as mirrored
(source) ports. Therefore, all ingress mirrored traffic is sent to the single mirroring
(destination) port. Similarly, for egress mirroring, you can configure only one port
as the mirroring (destination) port. You can configure a maximum of eight ports
in egress. For ingress and egress mirroring, you can configure the mirroring port
as the same port for both ingress and egress mirroring.
Egress port mirroring can be enabled separately, allowing you to monitor packets
as they leave specified ports. In addition, you can monitor traffic for MAC
addresses, where traffic with a given MAC source address (SA) or MAC
destination address (DA) is copied to the specified mirroring port.
To avoid seeing unintended traffic, remove mirroring (destination) ports from all
virtual local area networks (VLAN) and spanning tree groups (STG). When
mirroring ports where VLAN tagging is enabled, the VLAN tags are not included
in the packets received at the mirroring (destination) port.
You can observe and analyze packet traffic at the mirroring port using a network
analyzer—a copy of the packet can be captured and analyzed. Unlike other
methods that are used to analyze packet traffic, the packet traffic is uninterrupted
and packets flow normally through the mirrored port.
317350-C
Chapter 1 System Platform Overview 23
For more information about the port mirroring feature, refer to Using Device
Manager Diagnostic Tools (317359-C).
Guest VLANs
The guest VLAN feature allows users connected on Extensible Authentication
Protocol (EAP)-enabled ports to obtain guest network access that is restricted
until port authentication. Users without the EAP stack on their stations are given
access to the network through the guest VLAN. This feature typically applies to
as-yet-unregistered partners who require partial access to the network. Figure 1
shows the guest VLAN architecture.
Figure 1 Guest VLAN architecture
Global default guest VLAN can be configured. The factory default for the global
value is an Invalid VLANId (4095) and, therefore, must be explicitly set to a valid
existing VLAN.
The guest VLAN feature is a per-port option, that is, each guest VLAN is enabled
with a valid Guest VLAN Id per port. If not, the global default value is used. If
neither the global default nor the local Guest VLAN Id specified is valid, the
feature cannot be enabled for that port.
Note: Guest VLANs are port-based.
Managing Platform Operations
24 Chapter 1 System Platform Overview
Settings for the guest VLANs are saved across resets. Upon authentication failure,
the port is put back in the guest VLAN. A log message stating the authentication
failure is displayed.
Note: This feature affects ports in the administrative state (EAP-Auto).
It does not affect ports with force-authorized or force-unauthorized
administrative state.
When a VLAN used by EAP is deleted, the following occurs:
•
•
•
Syslog message is generated.
Port is blocked.
Trap is set.
A Guest VLANId is created (the PVID of the port) when a port and the guest
VLAN are enabled. If the guest VLAN is not enabled, the port services only
EAPOL packets until authentication is successful.
The port may be pre-configured to belong to a VLAN but only EAPOL packets
will be processed. During the EAP authentication:
•
•
If the guest VLAN is enabled, the port remains in the guest VLAN.
If the guest VLAN is disabled, the port services only EAPOL packets.
Upon successful authentication, the port is put in a pre-configured VLAN or a
Radius Assigned VLAN. Only packets with the authenticated MAC (authMAC)
are allowed on that port. Any other packets are dropped.
On authentication failure:
•
•
317350-C
If the guest VLAN is enabled, it is put in a guest VLAN
If the guest VLAN is disabled, the port services only EAPOL packets.
Chapter 1 System Platform Overview 25
Upon explicit log off by the user:
•
•
If the guest VLAN is enabled, it is put in a guest VLAN
If the guest VLAN is disabled, the port services only EAPOL packets.
Note: Reauthentication can be enabled for the authMAC address. If
Reauthentication fails, the port will be put back in the guest VLAN.
When the port is EAP-disabled, the port is put back into the pre-configured
VLANId. Users are not allowed to modify the guest VLANId on an EAP-enabled
port when the guest VLAN is enabled.
Enabling EAPOL
To enable EAPOL on a port,
1
Highlight the desired port.
2
Choose Edit > Security.
The Security dialog box opens with the EAPOL tab displayed (Figure 2).
Figure 2 Security dialog box — EAPOL tab
3
In the SystemAuthControl box, click enabled.
Managing Platform Operations
26 Chapter 1 System Platform Overview
4
Click GuestVlanEnable.
5
In the GuestVlanId field, enter the value of an existing VLAN.
6
Click Apply.
Enabling Guest VLAN on a port
To enable Guest VLAN on a port:
1
Highlight the port, then choose Edit > Port (or double-click on the port).
The Port dialog box opens with the Interface tab displayed (Figure 3).
Figure 3 Port dialog box — Interface tab
2
Click on the EAPOL tab.
The EAPOL tab opens (Figure 4 on page 27).
317350-C
Chapter 1 System Platform Overview 27
Figure 4 Port dialog box — EAPOL tab
3
Click on Guest VLAN.
The Guest VLAN dialog box opens (Figure 5 on page 28).
Managing Platform Operations
28 Chapter 1 System Platform Overview
Figure 5 Guest VLAN dialog box
4
Check GuestVlanEnable.
5
In the GuestVlanId field, enter the value of the desired VLAN.
6
Click Apply.
Multiple EAP Clients and Mix of EAP/non-EAP Clients
Multiple EAP clients on the same port allows the combination of a PC (Windows
2000 or XP) and another device — typically a Nortel Networks IP Phone (IP
Phone 200x - phase 2). The mix of non-EAP and EAP clients on the same port
allows “legacy” stations, typically non-phase 2 phones, to be connected to the
same port. Figure 6 on page 29 shows an example of a mixed architecture with
EAP and non-EAP clients.
317350-C
Chapter 1 System Platform Overview 29
Figure 6 Multiple EAP/Mixed client architecture
1
2
3
4
7
5
8
6
9
*
8
#
PC
IP Phone with internal
3 ports switch
RADIUS
Authentication Server
EAP configured
The number of non-EAP clients allowed is user-configurable and the default value
is 1. If the user authentication fails, the src-discard/dst-discard bits per MAC can
be set to drop the intruder MAC. EAPOL packets can make it to the CPU. A trap
for the intruding MAC is set for that port. When the (n+1)th MAC is seen, the port
is brought down administratively.
The default value for multiple authenticated host supported and for non-EAP
clients is 1.
Enabling Multi Host feature
To enable the Multi Host feature on a port, perform the following steps:
1
Highlight the port, then choose Edit > Port (or double-click on the port).
The Port dialog box opens with the Interface tab displayed (Figure 3 on
page 26).
2
Click the EAPOL tab.
The EAPOL tab opens (Figure 4 on page 27).
3
Click on the Multi Hosts tab.
The Multi Host dialog box opens (Figure 7 on page 30).
Managing Platform Operations
30 Chapter 1 System Platform Overview
Figure 7 Multi Host dialog box
4
In the MultiHostMaxClients field, select the desired maximum number of
clients.
5
Check MultiHostEnable.
Configuring an allowed non-EAP MAC address
To configure a non-EAP MAC address:
1
Highlight the port, then choose Edit > Port (or double-click on the port).
The Port dialog box opens with the Interface tab displayed (Figure 3 on
page 26).
2
Click on the EAPOL tab.
The EAPOL tab opens (Figure 4 on page 27).
3
Click Non EAP MAC.
The Non EAPOL MAC dialog box opens with the Non-EAP Config tab
displayed (Figure 8 on page 31).
317350-C
Chapter 1 System Platform Overview 31
Figure 8 Non-EAP MAC dialog box — Non-EAP Config tab
4
Click AllowNonEapHost.
5
In the NonEapMaxClients field, enter the desired maximum number of
non-EAP clients.
6
Click Apply.
7
Click the Allowed Non-EAP MAC tab.
The Allowed Non-EAP MAC tab opens (Figure 9).
Figure 9 Non EAPOL dialog box — Allowed Non-EAP MAC tab
8
Click Insert.
The Allowed MAC Address dialog box opens (Figure 10 on page 32).
Managing Platform Operations
32 Chapter 1 System Platform Overview
Figure 10 Allowed MAC Address dialog box
9
Insert the desired MAC Address.
10 Click Insert.
11 Click Apply.
Radius VLAN Assignment is disabled for ports in the Multiple Host, Multiple
Authentication mode. Only the pre-configured VLAN assignment for the port is
used. A message is logged when the Radius server returns a VLAN. Upon
successful authentication, the untagged traffic will be put in a VLAN configured
for the port.
Note: The configuration of parameters are per physical port, not per
user session. They are however, used by the individual sessions on the
port.
Note: “Reauthenticate-now/Initialize”, if enabled, causes all sessions on
the port to reauthenticate and re-initialize.
EAP Accounting, if enabled on the port, gives the octet and packet counts per
physical port. The Session Time and Session Terminate Cause is per user session.
The controlled directions state machine is disabled for ports enabled for
multi-host authentication.
317350-C
Chapter 1 System Platform Overview 33
Syslog
On any UNIX*-based management platform, you can use the syslog messaging
feature of the 8300 Series switch to manage event messages. The 8300 Series
syslog software communicates with a server software component named syslogd
on your management workstation. The UNIX daemon syslogd is a software
component that receives and locally logs, displays, prints, and/or forwards
messages that originate from sources internal and external to the workstation. For
example, syslogd on a UNIX workstation concurrently handles messages received
from applications running on the workstation, as well as messages received from a
Passport 8300 Series switch running in a network accessible to the workstation.
Note: Syslog and Trap Log may not capture all log session messages for
the Web Switching Module.
CLI advanced tracking and logging
The CLI advanced tracking and logging feature provides a secured logging
mechanism within the switch. This feature encrypts and logs all CLI and NNCLI
commands that are executed during a session, and stores this information in the
CLI log file (clilog.txt) on the PCMCIA. The following attributes are captured for
each command:
•
•
•
•
•
•
Sequence Number – Each command in a session is numbered automatically.
CPU Slot Number – The CPU slot that logs the command.
Date & Time – The time at which the command is executed on the switch.
Context – The type of session used to connect to the switch. IP addresses are
listed for remote sessions.
User Name – The user name used to log in to the switch.
Command – The actual command entered. Anything typed on the session will
be logged as soon as the enter key is pressed.
You can use CLI and NNCLI commands to save a decrypted version of the file in
a secondary storage device or remote server, delete the existing log file, or decrypt
and view the CLI log file. Only users with full RWA permissions can access these
commands.
Managing Platform Operations
34 Chapter 1 System Platform Overview
Network Time Protocol (NTP)
The Network Time Protocol (NTP) synchronizes the internal clocks of various
network devices across large, diverse networks to universal standard time.
Note: The NTP protocol specification is documented in RFC 1305.
Every network device relies on an internal system clock to maintain accurate time.
On local devices, the internal system clock is usually set manually to within a
minute or two of the actual time and is rarely reset at regular intervals. Many local
clocks are battery-backed devices that use room temperature clock oscillators that
can drift as much as several seconds each day. NTP solves this problem by
automatically adjusting the time of the devices so that they are synchronized
within a millisecond (ms) on LANs and within a few tens of milliseconds on
WANs relative to Coordinated Universal Time (UTC).
The current implementation of NTP supports only unicast client mode. In this
mode, the NTP client, which is tailored to the limitations of the Real Time Clock
(RTC) on the CPU board (Dallas Semiconductors DS1307 series), sends NTP
time requests to a list of user-configurable remote time servers in an asynchronous
fashion. The NTP client collects four samples of time from each remote time
server. A clock selection algorithm determines the best server among the selected
samples based on stratum, delay, dispersion, and the last updated time of the
remote server. The RTC is adjusted to the selected sample from the chosen server.
NTP terms
A peer can be any device that runs NTP software. However, this implementation
of NTP refers to peers as remote time servers that provide time information to
other time servers on the network and to the local NTP client. An NTP client
refers to the local network device — in this case, a Ethernet Routing Switch 8300
switch — that accepts time information from other remote time servers.
317350-C
Chapter 1 System Platform Overview 35
NTP system implementation model
NTP is based on a hierarchical model that consists of a local NTP client that runs
on the Ethernet Routing Switch 8300 switch and on remote time servers. The NTP
client requests and receives time information from one or more remote time
servers. The local NTP client reviews the time information from all available time
servers and synchronizes its internal clock to the time server whose time is most
accurate. The NTP client does not forward time information to other devices
running NTP.
There are two types of time servers in the NTP model: primary time servers and
secondary time servers. A primary time server is directly synchronized to a
primary reference source, usually a wire or radio clock that is synchronized to a
radio station providing a standard time service. The primary time server is the
authoritative time source in the hierarchy, meaning that it is the one true time
source to which the other NTP devices in the subnet synchronize their internal
clocks.
A secondary time server uses a primary time server or one or more secondary time
servers to synchronize its time, forming a synchronization subnet (Figure 11). A
synchronization subnet is a self-organizing, hierarchical master-slave
configuration with the primary servers at the root and secondary servers of
decreasing accuracy at successive levels.
Figure 11 NTP time servers forming a synchronization subnet
Primary
server
Stratum 1
P
S
Secondary
server
S
C
S
C
Stratum 2
Client
TCP0007A
Managing Platform Operations
36 Chapter 1 System Platform Overview
In the NTP model, the synchronization subnet automatically reconfigures in a
hierarchical primary-secondary (master-slave) configuration to produce accurate
and reliable time, even if one or more primary time servers or the path between
them fails. This feature applies in a case in which all the primary servers on a
partitioned subnet fail, but one or more backup primary servers continue to
operate. If all of the primary time servers in the subnet fail, the remaining
secondary servers synchronize among themselves.
How NTP distributes time within a subnet
NTP distributes time through a hierarchy of primary and secondary servers, with
each server adopting a stratum (Figure 11 on page 35). A stratum defines how
many NTP hops away a particular secondary time server is from an authoritative
time source (primary time server) in the synchronization subnet. A “stratum 1”
time server is located at the top of the hierarchy and is directly attached to an
external time source, typically a wire or radio clock; a “stratum 2” time server
receives its time via NTP from a “stratum 1” time server; a “stratum 3” time
server receives its time via NTP from a “stratum 2” time server, and so forth.
Each NTP client in the synchronization subnet chooses as its time source the
server with the lowest stratum number with which it is configured to communicate
via NTP. This strategy effectively builds a self-organizing tree of NTP speakers.
The number of strata is limited to 15 to avoid long synchronization loops.
NTP tries not to synchronize to a remote time server whose time might not be
accurate. It avoids doing this in two ways. First, NTP never synchronizes to a
remote time server that is not itself synchronized. Second, NTP compares the
times reported by several remote time servers.
Synchronizing with the best available time server
Unlike other time synchronization protocols, NTP does not attempt to
synchronize the remote time servers’ internal clocks to each other. Rather, NTP
synchronizes the servers’ clocks to universal standard time, using the “best”
available time source and transmission paths to that time source.
317350-C
Chapter 1 System Platform Overview 37
NTP uses the following criteria to determine the time server whose time is best:
•
•
•
The time server with the lowest stratum
The time server closest in proximity to the primary time server (reduces
network delays)
The time server offering the highest claimed precision
NTP prefers to have access to several (at least three) servers at the lower stratum
level, since it can apply an agreement algorithm to detect a problem on any part of
the time source.
NTP modes of operation
NTP uses unicast client mode to enable time servers and NTP clients to
communicate in the synchronization subnet. The Passport 8300 Series switch
supports only unicast client mode.
When you configure a set of remote time servers (peers), NTP creates a list that
includes each time server’s IP address. The NTP client uses this list to determine
which remote time servers to query for time information.
When the NTP client queries the remote time servers, they respond with various
timestamps, along with information about their clocks, such as stratum, precision,
and time reference (Figure 12 on page 38). The NTP client reviews the list of
responses from all available servers and chooses one as the “best” available time
source from which to synchronize its internal clock.
Managing Platform Operations
38 Chapter 1 System Platform Overview
Figure 12 NTP time servers operating in unicast client mode
A
NTP
clients
NTP
time
servers
B
Server A
Server B
Peer list
C
NTP authentication
You can authenticate time synchronization to ensure that the local time server
obtains its time services only from known sources. NTP authentication adds a
level of security to your NTP configuration. By default, network time
synchronization is not authenticated.
When you select authentication, the Passport 8300 Series switch uses the Message
Digest 5 (MD5) algorithm to produce a message digest of the key. The message
digest is created using the key and the message, but the key itself is not sent. The
MD5 algorithm verifies the integrity of the communication, authenticates the
origin, and checks for timeliness.
To authenticate the message, the client authentication key must match that of the
time server. Therefore, the authentication key must be securely distributed in
advance (the client administrator must get the key from the server administrator
and configure it on the client).
317350-C
Chapter 1 System Platform Overview 39
While a server may know many keys (identified by many key IDs) it is possible to
declare only a subset of these as trusted. This feature allows the time server to
share keys with a client that requires authenticated time and that trusts the server,
but that is not trusted by the time server.
BootP/DHCP relay
The Dynamic Host Configuration Protocol (DHCP) is an extension of the
Bootstrap Protocol (BootP) and provides host configuration information to the
workstations on a dynamic basis. To lower administrative overhead, network
managers prefer to configure a small number of DHCP servers in a central
location. It is necessary for routers to support the BootP/DHCP relay function so
that hosts can access configuration information from servers several router hops
away.
Differences between DHCP and BootP
The following differences between DHCP and BootP are specified in RFC 2131
and include functions that BootP does not address:
•
•
DHCP defines mechanisms through which clients can be assigned a network
address for a finite lease (allowing for reuse of IP addresses).
DHCP provides the mechanism for clients to acquire all of the IP
configuration parameters needed to operate.
DHCP uses the BootP message format defined in RFC 951. A packet is classified
as DHCP if the first four octets in the options field are 99, 130, 83, 99, and the
fifth octet is 53. The first four octets are referred to as the “Magic Cookie,” while
the fifth is the DHCP message type code. The remainder of the options field
consists of a list of tagged parameters that are called “options” (RFC 2131).
Managing Platform Operations
40 Chapter 1 System Platform Overview
Summary of DHCP relay operation
BootP/DHCP clients (workstations) generally use UDP/IP broadcasts to
determine their IP addresses and configuration information. The 8300 Series can
be configured to overcome this issue by forwarding the broadcasts to the server
through virtual router interfaces. The router interfaces can be configured to
forward DHCP broadcasts to other locally connected network segments or
directly to the server’s IP address. DHCP must be enabled on a
per-routable-interface basis.
Figure 13 shows an end station connected to subnet 1, corresponding to VLAN 1.
The 8300 Series connects two subnets by means of the virtual routing function.
When the end station generates a DHCP request as a limited UDP broadcast to the
IP address of all 1s (that is, 255.255.255.255) with the DHCP relay function
configured, the 8300 Series forwards DHCP requests to subnet 2 or to the host
address of the DHCP server, depending on the configuration.
Figure 13 DHCP operation
End
station
DHCP
server
Passport switch
Subnet 1/
VLAN 1
Subnet 2/
VLAN 2
8284EB
Forwarding DHCP packets
In the example shown in Figure 14 on page 41, the agent address is 10.10.1.2. To
configure the 8300 Series to forward DHCP packets from the end station to the
server, use 10.10.2.1 as the server address.
317350-C
Chapter 1 System Platform Overview 41
Figure 14 Forwarding DHCP packets
Passport switch
10.10.2.254/16
10.10.1.254/16
End station
10.10.1.1/16
Subnet 1/
VLAN 1
R
DHCP server
10.10.2.1/16
Subnet 2/
VLAN 2
10.10.3.254/16
DHCP server
10.10.3.1/16
Subnet 3/
VLAN 3
8374EC
All BootP broadcast packets, including DHCP packets that appear on the VLAN 1
router interface (10.10.1.2), will be forwarded to the DHCP server. In this case,
the DHCP packets will be forwarded as unicast to the DHCP server’s IP address.
To forward BootP/DHCP packets as broadcast packets to VLAN 2, specify the IP
address of the switch VLAN 2 router interface (10.10.2.2) as the server address.
Multiple BootP/DHCP servers
Most enterprise networks use multiple BootP/DHCP servers for fault tolerance.
The 8300 Series allows you to configure the switch to forward
BootP/DHCP requests to multiple servers. You can configure up to 10 servers to
receive copies of the forwarded BootP/DHCP messages.
If a DHCP client is connected to a routable interface, to configure DHCP requests
to be sent to 10 different routable interfaces or 10 different server IP addresses,
enable DHCP on the client (agent address) and then enable DHCP from the client
to each of the interfaces or IP addresses (server addresses).
In the example shown in Figure 15 on page 42, two DHCP servers are located on
two different subnets. To configure the 8300 Series to forward the copies of the
BootP/DHCP packets from the end station to both servers, specify the switch
(10.10.1.254) as the agent address. Then enable DHCP to each of the DHCP
servers by entering 10.10.2.1 and 10.10.3.1 as the server addresses.
Managing Platform Operations
42 Chapter 1 System Platform Overview
Figure 15 Configuring multiple BootP/DHCP servers
Passport routing
switch
10.10.2.254/24
10.10.1.254/24
End station
10.10.1.1/24
Subnet 1/
VLAN 1
R
DHCP server
10.10.2.1/24
Subnet 2/
VLAN 2
10.10.3.254/24
DHCP server
10.10.3.1/24
Subnet 3/
VLAN 3
8374EA
Power over Ethernet
Power over Ethernet (PoE) is a technology for wired Ethernet LANs that allows
the electrical current, necessary for the operation of each device, to be carried by
the data cables rather than by power cords. This minimizes the number of wires
that must be strung in order to install the network. The result is lower cost, less
downtime, easier maintenance, and greater installation flexibility than with
traditional wiring.
The Ethernet Routing Switch 8300 supports the IEEE 802.3af specification to
supply DTE power over Ethernet ports on the 8348TX-PWR Module. This allows
you to plug the data cable from PoE enabled access points (APs) directly in to the
Ethernet Routing Switch 8300. The Ethernet Routing Switch 8300 can provide
200 watts of PoE power on each 8348-TX Module and support up to 48 PoE ports
on each 8348TX-PWR Module.
For more information about PoE, refer to Configuring Power over
Ethernet (317337-C).
317350-C
43
Chapter 2
Configuring CLI advanced tracking and logging
using CLI
The CLI advanced tracking and logging feature provides a secured logging
mechanism within the switch. This feature encrypts and logs all NNCLI and CLI
commands issued on the switch from users connected by the following session
types:
•
•
•
•
•
•
Direct console connection
FTP
Telnet
TFTP
rLogin
SSH/SCP
This chapter describes how to configure the CLI advanced tracking and logging
feature using CLI.
This section includes the following topics:
•
•
•
•
“Roadmap of CLI logging commands” on page 44
“Configuring CLI advanced tracking and logging” on page 44
“Showing CLI logging information” on page 45
“Saving the CLI log file” on page 47
Managing Platform Operations
44 Chapter 2 Configuring CLI advanced tracking and logging using CLI
Roadmap of CLI logging commands
The following roadmap lists the commands used for enabling CLI advanced
tracking and logging.
Command
Parameter
config cli clilog
[info]
[enable <true|false>]
[maxfilesize <value>]
show cli clilog info
show clilog file
[tail]
[grep <value>]
save clilog
[file <dest>]
Configuring CLI advanced tracking and logging
Note: If a secondary CPU is present in the chassis, then configuration
commands executed from the primary CPU affect both processors.
When a secondary CPU is inserted, the status and setting of the CLI log
feature is copied from the primary CPU.
The primary CPU and the secondary CPU work as separate CLI logging
mechanisms. Each CPU logs commands independently on the first and
second PCMCIA cards, respectively.
To configure the CLI advanced tracking and logging settings, use the following
command:
config cli clilog
317350-C
Chapter 2 Configuring CLI advanced tracking and logging using CLI 45
This command includes the following options:
config cli clilog
followed by:
[info]
Displays the log file from the bottom.
[enable <true|false>]
Enables CLI logging on the switch.
Use true to enable CLI advanced tracking and
logging, and use false to disable this feature.
[maxfilesize <value>]
Sets the maximum allowable file size for the CLI
log file in kilobytes.
If the maximum file size is changed to be smaller
than the existing log file, then the file is wrapped
at its current size. This also occurs if the log file
exceeds the maximum file size during system
fail over.
• value is the maximum size of the CLI log
file in kilobytes, ranging from 256 to 256000.
Figure 16 shows and example of using the config cli clilog commands to
configure the CLI advanced tracking and logging feature.
Figure 16 config cli clilog command output
Passport-8310:5/config/cli/clilog# maxfilesize 500
Passport-8310:5/config/cli/clilog# enable true
Passport-8310:5/config/cli/clilog# info
Sub-Context:
Current Context:
enable : TRUE
maxfilesize : 500
Showing CLI logging information
This section includes show commands for the following topics:
•
•
“Showing global CLI logging parameters” on page 46
“Showing the decrypted CLI log file” on page 46
Managing Platform Operations
46 Chapter 2 Configuring CLI advanced tracking and logging using CLI
Showing global CLI logging parameters
To display the status of the clilog global parameters, enter the following
command:
show cli clilog info
Figure 17 shows sample output for the show cli clilog info command.
Figure 17 show cli clilog info command output
Passport-8310:5# show cli clilog info
=========================================================================
CLILog Info
=========================================================================
CLI Logging Enable
:
TRUE
CLI Log Max File Size : 500
-------------------------------------------------------------------------
Showing the decrypted CLI log file
To decrypt the CLI log file in the PCMCIA and display the log in a user-readable
form, enter the following command:
show clilog file
This command includes the following options:
show clilog file
followed by:
317350-C
[tail]
Displays the log file from the bottom.
[grep <value>]
Displays only lines from the log that match the
specified text.
• value is the text value to search for.
Chapter 2 Configuring CLI advanced tracking and logging using CLI 47
Figure 18 shows sample output for the show clilog file and show clilog
file tail commands.
Figure 18 show clilog file command output
Passport-8310:5# show clilog file
Slot5
1 [01/27/04 17:15:53] TELNET:192.202.188.174
Slot5
2 [01/27/04 17:15:55] TELNET:192.202.188.174
Slot5
3 [01/27/04 17:17:18] TELNET:192.202.188.174
Slot5
4 [01/27/04 17:18:39] TELNET:192.202.188.174
Passport-8310:5# show clilog file tail
Slot5
21 [01/27/04 17:33:39] TELNET:192.202.188.174
tail
Slot5
20 [01/27/04 17:33:21] TELNET:192.202.188.174
Slot5
19 [01/27/04 17:33:00] TELNET:192.202.188.174
Slot5
18 [01/27/04 17:32:33] TELNET:192.202.188.174
info
rwa
rwa
rwa
rwa
maxfilesize 500
info
maxfile ?
show clilog file
rwa show clilog file
rwa show clilog file
rwa show clilog file ?
rwa show cli clilog
Saving the CLI log file
To save the decrypted log file into the current device (PCMCIA, Flash, or TFTP
server), enter the following command:
save clilog
This command includes the following options:
save clilog
followed by:
[file <dest>]
Specifies a file destination for saving the CLI
advanced tracking and logging information. If no
file destination is entered, the system saves log
information to the default /pcmcia/clilog.txt file.
The destination can be Flash memory, a
PCMCIA card, or a remote TFTP server.
• /flash/<file_name>
• /pcmcia/<file_name>
• <a.b.c.d>:<file_name>
Managing Platform Operations
48 Chapter 2 Configuring CLI advanced tracking and logging using CLI
Figure 19 shows an example of the save clilog file command in use.
Figure 19 save clilog file command example
Passport-8310:5# save clilog file /flash/log-cli_commands.txt
Passport-8310:5#
317350-C
49
Chapter 3
Configuring CLI advanced tracking and logging
using NNCLI
The CLI advanced tracking and logging feature provides a secured logging
mechanism within the switch. This feature encrypts and logs all NNCLI and CLI
commands issued on the switch from users connected by the following session
types:
•
•
•
•
•
•
Direct console connection
FTP
Telnet
TFTP
rLogin
SSH/SCP
This chapter describes how to enable and configure the CLI advanced tracking
and logging feature using NNCLI.
This section includes the following topics:
•
•
•
•
“Roadmap of NNCLI logging commands” on page 50
“Configuring CLI advanced tracking and logging” on page 50
“Showing CLI logging information” on page 53
“Saving the CLI log file” on page 54
Managing Platform Operations
50 Chapter 3 Configuring CLI advanced tracking and logging using NNCLI
Roadmap of NNCLI logging commands
The following roadmap lists the NNCLI commands used to enable and configure
CLI advanced tracking and logging.
Command
Parameter
clilog enable
[maxfilesize <value>]
clilog maxfilesize <value>
no clilog enable
show clilog file
[tail]
[grep <value>]
save clilog
[file <dest>]
Configuring CLI advanced tracking and logging
Note: If a secondary CPU is present in the chassis, then configuration
commands executed from the primary CPU affect both processors.
When a secondary CPU is inserted, the status and setting of the CLI log
feature is copied from the primary CPU.
The primary CPU and the secondary CPU work as separate CLI logging
mechanisms. Each CPU logs commands independently on the first and
second PCMCIA cards, respectively.
This section includes the following topics:
•
•
•
317350-C
“Enabling CLI advanced tracking and logging” on page 51
“Setting the maximum allowable file size” on page 52
“Disabling CLI advanced tracking and logging” on page 51
Chapter 3 Configuring CLI advanced tracking and logging using NNCLI 51
Enabling CLI advanced tracking and logging
To enable CLI logging on the switch, enter the following command in Global
Config mode:
clilog enable
This command includes the following options:
clilog enable
followed by:
[maxfilesize <value>]
Sets the maximum allowable file size for the CLI
log file in kilobytes.
See “Setting the maximum allowable file size” on
page 52 for more information about the
maximum file size parameter.
• value is the maximum size of the CLI log
file in kilobytes, ranging from 256 to 256000.
Figure 20 shows an example of using the clilog enable command.
Figure 20 clilog enable command output
Passport-8300:5(config)# clilog enable
Passport_8300:5(config)#
Disabling CLI advanced tracking and logging
To disable CLI logging on the switch, enter the following command in Global
Config mode:
no clilog enable
Managing Platform Operations
52 Chapter 3 Configuring CLI advanced tracking and logging using NNCLI
Setting the maximum allowable file size
To set the maximum allowable file size for the CLI log file, enter the following
command in Global Config mode:
clilog maxfilesize <value>
where value is the maximum size of the CLI log file in kilobytes, ranging from
256 to 256000.
If the maximum file size is changed to be smaller than the existing log file, then
the file is wrapped at its current size. This also occurs if the log file exceeds the
maximum file size during system fail over.
Figure 21 shows an example of using the clilog enable command.
Figure 21 clilog enable command output
Passport-8300:5(config)# clilog maxfilesize 256000
Passport_8300:5(config)#
317350-C
Chapter 3 Configuring CLI advanced tracking and logging using NNCLI 53
Showing CLI logging information
Show commands provide general information about the CLI advanced tracking
and logging feature, as well as decrypting the CLI log file contents and displaying
information in a user-readable form.
To show the current configuration of the CLI advanced tracking and logging
feature, enter the following command in User EXEC mode:
show clilog file
This command includes the following options:
show clilog file
followed by:
[tail]
Displays the contents of the CLI log file from the
bottom.
[grep <value>]
Displays only lines from the CLI log file that
contain the specified text.
• value is the text value to search for.
Figure 22 shows sample output for the show clilog command.
Figure 22 show clilog command output
Passport_8300:5(config)#show clilog
================================================================================
CLILog Info
================================================================================
CLI Logging Enable
:
CLI Log Max File Size :
FALSE
256
--------------------------------------------------------------------------------
Managing Platform Operations
54 Chapter 3 Configuring CLI advanced tracking and logging using NNCLI
Figure 23 shows sample output for the show clilog file command.
Figure 23 show clilog file command output
Passport_8300:5(config)#show clilog file
Slot5
1 [01/01/98 13:15:18] TELNET:192.177.213.240 rwa clilog enable maxfilesize
Slot5
2 [01/01/98 13:15:29] TELNET:192.177.213.240 rwa clilog enable maxfilesize
Slot5
3 [01/01/98 13:15:39] TELNET:192.177.213.240 rwa clilog enable maxfilesize 256
Slot5
4 [01/01/98 13:18:15] TELNET:192.177.213.240 rwa clilog
Slot5
5 [01/01/98 13:30:18] TELNET:192.177.213.240 rwa end
Saving the CLI log file
To save the decrypted log file into the current device (PCMCIA, Flash, or TFTP
server), enter the following command in Global Config mode:
save clilog
This command includes the following options:
save clilog
followed by:
[file <dest>]
Specifies a file destination for saving the CLI
advanced tracking and logging information. If no
file destination is entered, the system saves log
information to the default /pcmcia/clilog.txt file.
The destination can be Flash memory, a
PCMCIA card, or a remote TFTP server.
• /flash/<file_name>
• /pcmcia/<file_name>
• <a.b.c.d>:<file_name>
Figure 24 shows an example of using the save clilog command.
Figure 24 save clilog file command output
Passport_8300:5(config)#save clilog
Passport_8300:5(config)#
317350-C
55
Chapter 4
Configuring NTP using the CLI
This chapter describes how to configure the Network Time Protocol (NTP) using
the CLI and includes the following topics:
•
•
•
“Configuration prerequisites”
“Roadmap of CLI NTP commands” on page 56
“Configuring NTP” on page 56
Configuration prerequisites
Before you can configure NTP, you must configure an IP interface on the Ethernet
Routing Switch 8300 and be sure that the NTP server is reachable through this
interface.
For more information about configuring IP interfaces, refer to one of the
following documents:
•
•
Configuring IP Routing and Multicast Operations using Device
Manager (317338-B)
Configuring IP Routing and Multicast Operations using the NNCLI and
CLI (316800-B)
Note: NTP server MD5 authentication does not support passwords
(keys) that start with a special character or contain a space between
characters.
Managing Platform Operations
56 Chapter 4 Configuring NTP using the CLI
Roadmap of CLI NTP commands
The following roadmap lists the commands used to enable and configure NTP.
Command
Parameter
config ntp
info
enable <true|false>
interval <value>
config ntp server
info
create <ipaddr> [enable <value>]
[auth <value>] [key <value>]
delete <ipaddr>
set <ipaddr> [enable <value>]
[auth <value>] [key <value>]
config ntp key
info
create <authkey> <secretkey>
delete <authkey>
set <authkey> <secretkey>
show ntp server stat
Configuring NTP
This section includes the following topics:
•
•
•
•
317350-C
“Enabling NTP globally” on page 57
“Creating an NTP server” on page 58
“Configuring authentication keys” on page 61
“Showing NTP statistics” on page 62
Chapter 4 Configuring NTP using the CLI 57
Enabling NTP globally
When you enable NTP, default values are in effect for most parameters. You can
customize NTP by modifying parameters. To enable or disable NTP globally on
the Ethernet Routing Switch 8300, use the following command.
config ntp
The config ntp command includes the following options:
config ntp
followed by:
info
Displays current NTP settings on this NTP server.
enable <true|false>
Globally enables or disables NTP. The default value is
false.
interval <value>
Specifies the time interval (10 to 1440 minutes)
between successive NTP updates. The default is 15
minutes.
• value is the time interval in minutes.
Note: If NTP is already enabled, this setting will not
take effect until you disable and then re-enable NTP.
Configuration example
This configuration example uses the above commands to enable NTP. The
example also uses the show ntp info command to display the NTP global
status.
8310:5# config ntp
8310:5/config/ntp# enable true
8310:5/config/ntp# show ntp info
Sub-Context: key server
Current Context:
enable : true
interval : 15
last ntp update:
8310:5/config/ntp#
Managing Platform Operations
58 Chapter 4 Configuring NTP using the CLI
Figure 25 show ntp info command output
8310:5 show ntp info
Sub-Context: clear config dump monitor show test trace
Current Context:
enable : true
interval : 12
last ntp update:
Latest update time : THU AUG 23 18:09:38 2001 UTC
synchronized to : 10:10.2.13 (Stratum: 5)
As shown in Figure 25, the Latest update time field indicates the most recent
update to the NTP server. The synchronized to field displays the NTP server
address from which the Ethernet Routing Switch 8300 received time information.
The stratum field indicates the current stratum value that the NTP server is on.
Creating an NTP server
To create an NTP server or modify existing NTP server parameters, use the
following command:
config ntp server
Note: You can configure a maximum of 10 time servers.
317350-C
Chapter 4 Configuring NTP using the CLI 59
The config ntp server command includes the following options:
config ntp server
followed by:
info
Displays NTP server configuration settings on the
switch.
create <ipaddr>
[enable <value>]
[auth <value>]
[key <value>]
Adds an NTP server.
• ipaddr is the IP address of the NTP server. NTP
adds this address to a list of servers. The local NTP
client consults this list of servers for time
information.
• enable value enables (true) or disables
(false) the NTP client. The default is enable.
• auth value enables (true) or disables (false)
MD5 authentication to this NTP server. The default
is false (no MD5 authentication).
• key value specifies the key ID value used to
generate the MD5 digest for this NTP server. NTP
keys are configured using the command “config
ntp key” on page 61.
The value range is an integer ranges from 1 to
2147483647. The default value is 1.
delete <ipaddr>
Deletes the IP address of the NTP server.
• ipaddr is the IP address of the NTP server you
want to delete.
set <ipaddr>
[enable <value>]
[auth <value>]
[key <value>]
Allows you to modify NTP server parameters.
• ipaddr is the IP address of the NTP server.
• enable value enables (true) or disables
(false) the NTP client. The default is enable.
• auth value enables (true) or disables (false)
MD5 authentication to this NTP server. The default
is false (no MD5 authentication).
• key value specifies the key ID value used to
generate the MD5 digest for this NTP server.
The value range is an integer ranges from 1 to
2147483647. The default value is 1.
Managing Platform Operations
60 Chapter 4 Configuring NTP using the CLI
Configuration example
This configuration example uses the above commands to create an NTP server,
enable the server, assign authentication, and assign a key. The example also uses
the info command to display information about the NTP server.
8310:5# config ntp server create 10.140.53.187 enable true
8310:5# config ntp server
8310:5/config/ntp/server# info
Sub-Context:
Current Context:
create :
Server Ip
10.140.53.187
Enabled Auth
true
false
Key Id
1
delete : N/A
set : N/A
8310:5/config/ntp/server# set 10.140.53.187 auth true
8310:5/config/ntp/server# set 10.140.53.187 key 15
8310:5/config/ntp/server# info
Sub-Context:
Current Context:
create :
Server Ip
10.140.53.187
Enabled Auth
true
true
Key Id
15
delete : N/A
set : N/A
8310:5/config/ntp/server#
Note: The show ntp server config command displays the same
information as the config ntp server info command.
317350-C
Chapter 4 Configuring NTP using the CLI 61
Configuring authentication keys
To configure NTP authentication keys, use the following command:
config ntp key
The config ntp key command includes the following options:
config ntp key
followed by:
info
Displays NTP authentication key configuration
settings.
create <authkey>
<secretkey>
Adds an MD5 authentication key entry to the
list where:
• authkey is the key ID used to generate
the MD5 digest. Specify a value between 1
and 214743647.
• secretkey is the MD5 key ID used to
generate the MD5 digest. Specify an
alphanumeric string between 0 and 8 in
length.
delete <authkey>
Deletes an MD5 authentication key entry from
the list.
• authkey is the key ID used to generate
the MD5 digest. The value range is an
integer from 1 to 2147483647.
set <authkey> <secretkey>
Modifies an MD5 authentication key value
where:
• authkey is the key ID used to generate
the MD5 digest. The value range is an
integer from 1 to 2147483647.
• secretkey is the MD5 key ID used to
generate the MD5 digest. Specify an
alphanumeric string between 0 and 8 in
length.
Managing Platform Operations
62 Chapter 4 Configuring NTP using the CLI
Configuration example
This configuration example uses the above commands to configure an NTP
authentication key. The example also uses the show ntp key config
command to display information about the NTP key configuration setup.
8310:5# config ntp key
8310:5/config/ntp/key# create 5 18
8310:5/config/ntp/key#
8310:5/config/ntp/server# show ntp key
8310:5/config/ntp/key# info
Sub-Context:
Current Context:
create :
MD5_Key_Id
5
MD5 Key
18
delete : N/A
set : N/A
8310:5/config/ntp/key#
Showing NTP statistics
The show ntp server stat command displays statistics for the NTP server.
This information includes:
•
•
•
•
•
•
•
•
•
317350-C
Number of NTP requests sent to this NTP server
Number of times this NTP server was selected to update the time
Number of times this NTP server was rejected from updating the time
Stratum
Version
Sync Status
Reachability
Root Delay
Precision
Chapter 4 Configuring NTP using the CLI 63
To display the NTP server statistics, use the following command:
show ntp server stat
Figure 26 shows sample output for the show ntp server stat command.
Figure 26 show ntp server stat command sample output
8310:5/config/ntp# show ntp server stat
P3/config/ntp# show ntp server stat
NTP Server : 192.177.216.230
-----------------------------------------Stratum : 5
Version : 3
Sync Status : synchronized
Reachability: reachable
Root Delay : 0.19053647
Precision : 0.00003051
Access Attempts : 1
Server Synch : 1
Server Fail : 0
P3/config/ntp#
Managing Platform Operations
64 Chapter 4 Configuring NTP using the CLI
317350-C
65
Chapter 5
Configuring NTP using the NNCLI
This chapter describes how to configure the Network Time Protocol (NTP) using
the NNCLI and includes the following topics:
•
•
•
•
“Configuration prerequisites
“Roadmap of NNCLI NTP commands” on page 66
“Configuring NTP” on page 66
“Showing NTP information” on page 71
Configuration prerequisites
Before you can configure NTP, you must configure an IP interface on the Ethernet
Routing Switch 8300 and be sure that the NTP server is reachable through this
interface.
For more information about configuring IP interfaces, refer to one of the
following documents:
•
•
Configuring IP Routing and Multicast Operations using Device
Manager (317338-B)
Configuring IP Routing and Multicast Operations using the NNCLI and
CLI (316800-B)
Note: NTP server MD5 authentication does not support passwords
(keys) that start with a special character or contain a space between
characters.
Managing Platform Operations
66 Chapter 5 Configuring NTP using the NNCLI
Roadmap of NNCLI NTP commands
The following roadmap lists the commands used to enable and configure NTP.
Command
Parameter
ntp server
auth-enable
enable
key <authKey>
no ntp server
auth-enable
ntp key <authKey> <secretKey>
no ntp key <authKey>
ntp interval <value>
ntp enable
interval <10-1440>
show ntp key
show ntp server
show ntp stats
Configuring NTP
This section includes the following topics:
•
•
•
•
•
•
•
317350-C
“Creating an NTP server” on page 67
“Disabling and removing NTP servers” on page 68
“Adding authentication keys” on page 68
“Removing authentication keys” on page 69
“Setting NTP interval times” on page 69
“Enabling NTP globally” on page 70
“Disabling NTP globally” on page 70
Chapter 5 Configuring NTP using the NNCLI 67
Creating an NTP server
To create or modify an NTP address that the local server will consult for time
information, use the following command in Global Config mode:
ntp server
The ntp server command includes the following options:
ntp server <ipaddr>
where ipaddr specifies the IP address of an NTP server to add to the list of available
servers, followed by:
auth-enable
Enables MD5 authentication on this NTP client. The
default is no MD5 authentication.
enable
Enables the NTP server.
key <authKey>
Specifies the authentication key ID value used to
generate the MD5 digest for this NTP server.
• authKey is an integer from 1 to 2147483647.
The default value is 1.
Note: You can configure a maximum of 10 time servers.
Figure 27 shows an example of using the ntp server command.
Figure 27 ntp server command output
Passport_8300:5(config)#ntp server 192.32.72.155 auth-enable key 37
Passport_8300:5
Managing Platform Operations
68 Chapter 5 Configuring NTP using the NNCLI
Disabling and removing NTP servers
To disable or remove NTP server parameters from the switch, enter the following
command in Global Config mode:
no ntp server
The no ntp server command includes the following options:
no ntp server <ipaddr>
where ipaddr specifies the NTP server address to be removed or disabled, followed by:
auth-enable
Disables MD5 authentication on the specified NTP
server.
enable
Disables the NTP server specified instead of removing
the entry completely.
Adding authentication keys
To configure NTP authentication keys, use the following command in Global
Config mode:
ntp key <authKey> <secretKey>
where:
•
•
authKey is an integer from 1 to 2147483647 that specifies the unique
authentication key value used to generate the MD5 digest for this NTP server.
The default value is 1.
secretKey is a string of length {0..8} that specifies the secret key value used
by the server to generate the MD5 digest for this NTP server.
Figure 28 shows an example of using the ntp key command.
Figure 28 ntp key command output
Passport_8300:5(config)#ntp key 379 NtpX01
Passport-8300:5
317350-C
Chapter 5 Configuring NTP using the NNCLI 69
Removing authentication keys
To remove NTP authentication keys, enter the following command in Global
Config mode:
no ntp key <authKey>
where authKey is an integer from 1 to 2147483643.
Setting NTP interval times
When you enable NTP, default values are in effect for most parameters. You can
customize NTP by modifying parameters. To enable or disable NTP globally on
the Ethernet Routing Switch 8300, use the following command in Global Config
mode:
ntp interval <value>
where value specifies the time interval in minutes between successive NTP
updates. Allowable values are integers from 10 to 1440.
Figure 29 shows an example of using the ntp interval command.
Figure 29 ntp interval command output
Passport-8300:5(config)# ntp interval 60
Passport-8300:5
Managing Platform Operations
70 Chapter 5 Configuring NTP using the NNCLI
Enabling NTP globally
When you enable NTP, default values are in effect for most parameters. You can
customize NTP by modifying parameters. To enable or disable NTP globally on
the Ethernet Routing Switch 8300, use the following command in Global Config
mode:
ntp enable
This command includes the following options:
ntp enable
followed by:
interval <10-1440>
Specifies the time interval (from 10 to 1440
minutes) between successive NTP updates.
Figure 30 shows an example of using the ntp enable command.
Figure 30 ntp enable command output
Passport-8300:5(config)# ntp enable
Passport-8300:5
Disabling NTP globally
To disable NTP on the switch, enter the following command in Global Config
mode:
no ntp enable
317350-C
Chapter 5 Configuring NTP using the NNCLI 71
Showing NTP information
Show commands provide general information about the NTP feature and display
configuration details for NTP authentication keys and servers.
This section includes the following topics:
•
•
•
“Showing NTP authentication keys
“Showing NTP servers
“Showing NTP statistics” on page 72
Showing NTP authentication keys
To show NTP authentication key details, enter the following command in User
EXEC mode:
show ntp key
Figure 31 shows sample output for the show ntp key command.
Figure 31 show ntp key command output
Passport_8300:5(config)#show ntp key
create :
MD5_Key_Id
379
MD5 Key
PassWord
delete : N/A
set : N/A
Showing NTP servers
To show NTP server configuration settings, enter the following command in User
EXEC mode:
show ntp server
Managing Platform Operations
72 Chapter 5 Configuring NTP using the NNCLI
Figure 32 shows sample output for the show ntp server command.
Figure 32 show ntp server command output
Passport_8300:5(config)#show ntp server
create :
Server Ip
192.32.72.155
Enabled Auth
true
true
Key Id
37
delete : N/A
set : N/A
Showing NTP statistics
To show NTP server statistics, enter the following command in User EXEC
mode:
show ntp stats
Figure 33 shows sample output for the show ntp stats command.
Figure 33 show ntp stats command output
Passport_8300:5(config)#show ntp stats
NTP Server : 192.32.72.155
-----------------------------------------Stratum : unknown
Version : unknown
Sync Status : unknown
Reachability : unknown
Root Delay : unknown
Precision : unknown
Access Attempts : 0
Server Synch : 0
Server Fail : 0
317350-C
73
Chapter 6
Configuring NTP using Device Manager
This chapter describes how to configure the Network Time Protocol (NTP) using
Device Manager. It includes the following topics:
•
•
“Configuration prerequisites”
“Configuring NTP” on page 74
Configuration prerequisites
Before you can configure NTP, you must configure an IP interface on the Ethernet
Routing Switch 8300 and ensure that the NTP server is reachable through this
interface. For more information about configuring IP interfaces, refer to one of the
following documents:
•
•
Configuring IP Routing and Multicast Operations using Device
Manager (317338-B)
Configuring IP Routing and Multicast Operations using the NNCLI and
CLI (316800-B)
Note: NTP server MD5 authentication does not support passwords
(keys) that start with a special character or that contain a space between
characters.
Managing Platform Operations
74 Chapter 6 Configuring NTP using Device Manager
Configuring NTP
This section describes how to use Device Manager to perform the following tasks:
•
•
•
“Enabling NTP globally”
“Adding an NTP server” on page 75
“Assigning a NTP key” on page 78
Enabling NTP globally
When you enable NTP globally on the Ethernet Routing Switch 8300, default
values are in effect for most NTP parameters.
To enable NTP globally:
1
From the Device Manager menu bar, select Edit > NTP...
The NTP dialog box opens with the Global tab is displayed (Figure 34).
Figure 34 NTP dialog box—Globals tab
317350-C
2
Select the Enable check box.
3
Click Apply.
Chapter 6 Configuring NTP using Device Manager 75
Table 2 describes the NTP Globals tab fields.
Table 2 Global tab fields
Field
Description
Enable
Enables (true) or disables (false) NTP. By default, NTP is disabled.
Interval
Specifies the time interval (10 to 1440 minutes) between
successive NTP updates. The default interval is 15 minutes.
Note: If NTP is already enabled, this setting will not take effect
until you disable and then reenable NTP.
Adding an NTP server
After you enable NTP globally on the Ethernet Routing Switch 8300, you can add
a remote NTP server by specifying its IP address. NTP adds this IP address to a
list of servers, which the local NTP client uses when querying remote time servers
for time information. The list of qualified servers is referred to as a peer list.
Note: You can configure a maximum of 10 time servers.
To specify an IP address for an NTP server:
1
From the Device Manager menu bar, select Edit > NTP...
The NTP dialog box opens with the Globals tab displayed (Figure 34 on
page 74).
2
Click the Server tab.
The Server tab opens (Figure 35).
Figure 35 Server tab
Managing Platform Operations
76 Chapter 6 Configuring NTP using Device Manager
Table 3 describes the Server tab fields.
Table 3 Server tab fields
317350-C
Field
Description
ServerAddress
Specifies the IP address of the remote NTP server.
Enable
Enables or disables the remote NTP server.
The default value is enabled.
Authentication
Enables or disables MD5 authentication on this NTP
server. MD5 produces a message digest of the key. MD5
verifies the integrity of the communication, authenticates
the origin, and checks for timeliness.
The default is no MD5 authentication.
KeyId
Displays the key ID used to generate the MD5 digest for
this NTP server. You must specify a number ranging from 1
to 2147483647.
AccessAttempts
Displays the number of NTP requests sent to this NTP
server.
AccessSuccess
Displays the number of times this NTP server was selected
to update the time.
AccessFailure
Displays the number of times this NTP server was rejected
from updating the time.
Stratum
Displays the Stratum of the server.
Version
Displays the NTP version of the server.
RootDelay
Displays the Root Delay of the server.
Precision
Displays the NTP precision of the server in seconds.
Reachable
Displays the NTP reachability of the server.
Synchronized
Displays the status of synchronization with the server.
Chapter 6 Configuring NTP using Device Manager 77
3
Click Insert.
The NTP, Insert Server dialog box opens (Figure 36).
Figure 36 NTP, Insert Server dialog box
4
Type the IP address of the NTP server in the Server Address box.
5
Specify the KeyId to use. (The KeyId value must be changed to an integer
between 1 and 2147483647.)
6
Click Insert.
The IP address of the NTP server that you configured appears in the Server
tab of the NTP dialog box.
Table 4 describes the NTP, Insert Server dialog box dialog box fields.
Table 4 NTP, Insert Server dialog box fields
Field
Description
ServerAddress
The IP address of the remote NTP server.
Enable
Enables or disables the remote NTP server.
The default value is enabled.
Authentication
Enables or disables MD5 authentication on this server. If
you enable authentication on a server but do not specify a
value for the public key, the server is assumed disabled.
The default is no MD5 authentication.
KeyId
Specifies the key ID used to generate the MD5 digest for
this server.
The default key ID value is 1.
Managing Platform Operations
78 Chapter 6 Configuring NTP using Device Manager
Assigning a NTP key
If you enable MD5 authentication on the server, you must assign an NTP key.
To assign an NTP key:
1
From the Device Manager menu bar, select Edit > NTP...
The NTP dialog box opens with the Globals tab displayed (Figure 34 on
page 74).
2
Click the Key tab.
The Key tab opens (Figure 37).
Figure 37 NTP dialog box—Key tab
Table 5 describes Key tab fields.
Table 5 Key tab fields
317350-C
Field
Description
KeyId
This field is the key ID used to generate the MD5 digest.
You must specify a value between 1 and 2147483647. The
default value is 1.
KeySecret
This field is the MD5 key used to generate the MD5 digest.
You must specify an alphanumeric string between 0 and 8
characters in length.
Note: You cannot specify an octothorpe (“#”) as a value in
the KeySecret field. The NTP server interprets the
octothorpe as the beginning of a comment and truncates
all text entered after the octothorpe. This is a limitation of
xntpd version 3 or earlier.
Chapter 6 Configuring NTP using Device Manager 79
3
Click Insert.
The NTP, Insert Key dialog box opens (Figure 38).
Figure 38 NTP, Insert Key dialog box
Table 6 describes the fields in the NTP, Insert Key dialog box.
Table 6 NTP, Insert Key dialog box fields
Field
Description
KeyId
The key ID used to generate the MD5 digest for this NTP
server. You must specify a value ranging from 1 to
2147483647. The default value is 1.
KeySecret
The MD5 key ID used to generate the MD5 digest for this
NTP server.
Note: You cannot specify an octothorpe (“#”) as a value in
the KeySecret field. The NTP server interprets the
octothorpe as the beginning of a comment and truncates
all text entered after the octothorpe. This is a limitation of
xntpd version 3 or earlier.
4
Enter values for the KeyId and KeySecret fields.
5
Click Insert.
The values that you specified for the key ID and the MD5 key ID appear in
the Key tab of the NTP dialog box.
Managing Platform Operations
80 Chapter 6 Configuring NTP using Device Manager
317350-C
81
Chapter 7
Configuring BootP/DHCP using Device Manager
This chapter describes how to use Device Manager for configuration and router
management of BootP/DHCP relay. For conceptual information on DHCP, see
“System Platform Overview” on page 21.
Supporting BootP/DHCP relay
Dynamic Host Configuration Protocol (DHCP), an extension of the Bootstrap
Protocol (BootP), is used to dynamically provide host configuration information
to workstations. To lower administrative overhead, network managers prefer to
configure a small number of DHCP servers in a central location. Using few DHCP
servers requires the routers connecting to the subnets or bridge (or VLANs)
domains to support the BootP/DHCP relay function so that hosts can get the
configuration information from servers several router hops away.
Note: BootP/DHCP relays are supported on only IP routed port-based
VLANs and protocol-based VLANs. BootP/DHCP relays are not
supported on IP subnet-based VLANs.
Configuring BootP/DHCP on VLANs
To configure the DHCP behavior for a routed VLAN:
1
From the Device Manager menu bar, select VLAN > VLANs > Basic.
The VLAN dialog box opens, with the Basic tab displayed.
2
Select a VLAN.
Managing Platform Operations
82 Chapter 7 Configuring BootP/DHCP using Device Manager
3
Click IP.
The IP, VLAN dialog box opens with the IP Address tab displayed.
4
Select the DHCP tab.
The DHCP tab opens (Figure 39).
Figure 39 IP, VLAN dialog box—DHCP tab
5
Select Enable and enter the appropriate values.
6
Click Apply.
Configuring forwarding policies
After configuring the BootP/DHCP relay on an IP interface, you can configure
forwarding policies to indicate where packets are to be forwarded. The forwarding
policies are based on the type of packet and where the packet is received.
To set up a forwarding policy for BootP/DHCP packets received on a virtual
interface (VLAN) enabled for DHCP relaying:
1
From the Device Manager menu bar, choose IP Routing > DHCP.
The DHCP dialog box opens (Figure 40 on page 83).
317350-C
Chapter 7 Configuring BootP/DHCP using Device Manager 83
Figure 40 DHCP dialog box
2
Click Insert.
The DHCP, Insert Globals dialog box opens (Figure 41).
Figure 41 DHCP, Insert Globals dialog box
Table 7 describes the fields in the DHCP, Insert Globals dialog box.
Table 7 DHCP, Insert Globals dialog box fields
Field
Description
AgentAddr
IP address of the input interface (agent) on which the relaying of
received BootP/DHCP packets must be enabled.
ServerAddr
This parameter is either the IP address of the BootP/DHCP server or
the address of another local interface of the switch.
• If it is the address of the BootP/DHCP server, then the request is
unicast to the server’s address.
• If the address is one of the IP addresses of an interface on the
switch, then the BootP/DHCP requests will be broadcast out of
that local interface.
Managing Platform Operations
84 Chapter 7 Configuring BootP/DHCP using Device Manager
Table 7 DHCP, Insert Globals dialog box fields (continued)
Field
Description
Enable
Enables BootP/DHCP relay on the routing switch.
Mode
Specifies the type of messages relayed:
• None
• Only BootP
• Only DHCP
• Both types of packets
3
In the AgentAddr box, type in the agent address.
This parameter specifies the IP address of the IP interface on which the
BootP/DHCP request packets are received for forwarding. This address is
the IP address of either a VLAN for which forwarding is enabled.
4
In the ServerAddr list, type in the server address.
This parameter is either the IP address of the BootP/DHCP server or the
address of another local IP interface of the switch. If it is the address of the
BootP/DHCP server, then the request is unicast to the server’s address. If
the address is one of the IP addresses of an interface on the switch, then the
BootP/DHCP requests will be broadcast out of that local interface.
5
Click Enable to turn on BootP/DHCP relay, or click Enable to clear the
option.
Each agent server forwarding policy can be enabled or disabled. The default is
enabled.
6
In the Mode field, select the type of messages to be relayed.
What determines which packets get forwarded is both, the mode setting for
the DHCP interface and the mode setting for the agent interface. The default
is to forward both BootP and DHCP messages.
7
317350-C
Click Insert.
Chapter 7 Configuring BootP/DHCP using Device Manager 85
Graphing DHCP statistics
To graph DHCP statistics for a port:
1
Select the desired port.
2
From the Device Manager menu bar, select Graph > Port.
The Graph Port dialog box opens with the Interface tab displayed (Figure 42).
Figure 42 Graph Port dialog box — Interface tab
3
Click DHCP.
The DHCP tab opens (Figure 43 on page 86).
Managing Platform Operations
86 Chapter 7 Configuring BootP/DHCP using Device Manager
Figure 43 Graph Port dialog box — DHCP tab
4
Select the statistic(s) you want to graph.
5
In the Poll Interval box, select the polling interval.
6
Click the Graph button (bar, pie, chart, line).
Table 8 describes the DHCP tab fields.
Table 8 DHCP tab fields
317350-C
Field
Description
NumRequests
The total number of DHCP and/or BootP requests seen on
this interface.
NumReplies
The total number of DHCP and/or BootP replies seen on this
interface.
87
Appendix A
Port numbering
This appendix includes information about the following topics:
•
•
“Port numbering”
“Interface indexes” on page 88
Port numbering
A port number includes the slot location of the module in the chassis, as well as
the port’s position in the I/O module. In the 8300 Series switches, slots are
numbered from top to bottom. Figure 44 shows slot numbering for an 8310
chassis.
Figure 44 8010 chassis slots
Slot 1
Slot 2
Slot 3
Fan 1
Slot 4
Slot 5-Switch fabric/CPU
Slot 6-Switch fabric/CPU
Slot 7
Fan 2
Slot 8
Slot 9
Slot 10
Power
Supply
1
Power
Supply
2
Power
Supply
3
9539EA
Managing Platform Operations
88 Appendix A Port numbering
Ports are numbered generally from left to right beginning with 1 for the far left
port. On high-density modules with two rows of ports, such as the 8348TX
module, ports in the top row are assigned sequential odd numbers, and ports in the
bottom row are assigned sequential even numbers (Figure 45).
Figure 45 Port numbers on high-density modules
9494EA
Interface indexes
Interface indexes are used in SNMP to uniquely identify ports, VLANs, and
Multi-Link Trunks (MLT).
Calculating a port interface index
The interface index of a port is calculated using the following formula:
ifIndex = (64 x <SlotNumber>) + (<PortNumber> – 1)
where:
•
•
SlotNumber is a value between 1 and 10, inclusive.
PortNumber is a value between 1 and 48, inclusive.
For example, the interface index of port 1/1 is 64, and the interface index of port
10/48 is 687.
Calculating a VLAN interface index
The interface index of a VLAN is calculated using the following formula:
ifIndex = 2048 + <MGID>
317350-C
Appendix A Port numbering 89
where MGID is the VLAN’s multicast group ID number.
Because the default VLAN always has an MGID value of 1, its interface index is
always 2049.
Calculating an MLT interface index
The interface index of an MLT is calculated using the following formula:
ifIndex = 6143 + <MLTID>
where MLTID is the Multi-Link Trunk ID number.
Managing Platform Operations
90 Appendix A Port numbering
317350-C
91
Index
A
accessing
NNCLI 16
Agent Addr field 84
B
BootP
broadcast packets 41
message format 39
BootP/DHCP relay
overview 81
Bootstrap Protocol. See BootP
C
CLI
returning to, from NNCLI 17
commands, NNCLI
modes 15
virtual router interface 40
DHCP dialog box
accessing 82
fields 83
DHCP, Insert Globals dialog box
accessing 82
fields 83
Dynamic Host Configuration Protocol. See DHCP
E
Enable field
DHCP, Insert Globals dialog box 84
I
interface index 88
K
Key tab 78
conventions, text 18
customer support 20
M
D
Mode field
DHCP, Insert Globals dialog box 84
DHCP
assigning network addresses 39
IP address 41
message type 39
multiple servers 41
packet forwarding 40
relay operation 40
servers 39
UDP/IP broadcasts 40
Multi-Link Trunk interface index 88, 89
N
network management
port mirroring 22
Network Time Protocol. See NTP
NNCLI
accessing 16
Managing Platform Operations
92
Index
MAC addresses 22
VLANs 22
returning to CLI 17
switching from CLI 16
NNCLI commands
modes 15
NTP
AccessAttempts field 76
AccessFailure field 76
AccessSuccess field 76
authentication 38
Authentication field 76, 77
best available time server 36
client device 34
Coordinated Universal Time (UTC) 34
description 34
Enable field 75, 76, 77
hierarchical 35
Insert Key dialog box 79
Insert Server dialog box 77
Interval field 75
KeyID field 76, 77, 78, 79
KeySecret field 78, 79
Message Digest 5 (MD5) 38
modes of operation 37
peer device 34
primary time server 35
Real Time Clock 34
secondary time server 35
ServerAddress field 76, 77
stratum 36
synchronization subnet 35
time distribution 36
unicast client mode 34
NTP dialog box
Global tab 74
Key tab 78
Server tab 75
port numbering 88
ports
interface index 88
numbering 87
product support 20
publications
hard copy 19
S
Server Addr field 84
Server tab 75
ServerAddr field 83
slot numbering 87
support, Nortel 20
switching
to CLI 17
to NNCLI 16
syslog
syslogd daemon 33
UNIX messages 33
T
technical publications 19
technical support 20
text conventions 18
time server
primary 35
U
universal standard time 36
P
port mirroring
description 22
egress 22
ingress 22
317350-C
V
VLAN interface index 88
Download PDF
Similar pages